The Cyber Defense eMagazine November Edition for 2023

Cyber Defense eMagazine November Edition for 2023 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! 196 page November Edition fully packed with some of our best content. Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES

Cyber Defense eMagazine November Edition for 2023 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! 196 page November Edition fully packed with some of our best content. Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES


You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

Artificial Deception: <strong>The</strong> State Of “AI”<br />

In <strong>Defense</strong> and Offense<br />

Master Security by Building on<br />

Compliance With A Risk-Centric<br />

Approach<br />

Charting a Trustworthy AI Journey<br />

…and much more…<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 1<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

`<br />


Welcome to CDM’s <strong>November</strong> <strong>2023</strong> Issue------------------------------------------------------------------------- 8<br />

Artificial Deception: <strong>The</strong> State Of “AI” In <strong>Defense</strong> and Offense --------------------------------------------------- 21<br />

By Ken Westin, Field CISO, Panther Labs<br />

Master Security by Building on Compliance with A Risk-Centric Approach ------------------------------------ 24<br />

By Meghan Maneval, Vice President of Product Strategy and Evangelism, RiskOptics<br />

Charting a Trustworthy AI Journey ---------------------------------------------------------------------------------------- 28<br />

By Lisa O’Connor, Managing Director—Accenture Security, <strong>Cyber</strong>security R&D, Accenture Labs<br />

An Age-by-Age Guide to Online Safety <strong>for</strong> Kids ------------------------------------------------------------------------ 31<br />

By Chelsea Hopkins, Social Media Manager, Fasthosts<br />

Overcoming Multi-Cloud Security Challenges: <strong>The</strong> Power of a Unified Configuration of Clouds -------- 36<br />

By Michael Rostov, Entrepreneur and Co-Founder at Oasis Defender<br />

AI And Ad Fraud: Growing Risks <strong>for</strong> Marketers Using Google’s AI-Based Advertising Campaigns ----- 39<br />

By Mathew Ratty, CEO, TrafficGuard<br />

Bolster an Organizational <strong>Cyber</strong>security Strategy with External Data Privacy ------------------------------- 43<br />

By Harry Maugans, CEO, Privacy Bee<br />

<strong>The</strong> Crucial Need <strong>for</strong> a Secure Software Development Lifecycle (SSDLC) in Today's Digital Landscape46<br />

By John Riley III, <strong>Cyber</strong> Business Development, Alan B. Levan | NSU Broward Center of Innovation.<br />

Beyond Passwords: AI-Enhanced Authentication in <strong>Cyber</strong> <strong>Defense</strong>---------------------------------------------- 51<br />

By Kathleen Dcruz<br />

7 Steps to Build a <strong>Defense</strong> in Depth Strategy <strong>for</strong> Your Home ------------------------------------------------------ 55<br />

Roger Spears – <strong>Cyber</strong>security Project Manager, Schneider Downs<br />

Zombie APIs: <strong>The</strong> Scariest Threat Lurking in <strong>The</strong> Shadows?-------------------------------------------------------- 60<br />

By Dan Hopkins, VP of Engineering at StackHawk<br />

How To Combat the Mounting ‘Hacktivist’ Threat -------------------------------------------------------------------- 63<br />

By Manish Gohil, Senior Associate, Dragonfly<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 2<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

OT <strong>Cyber</strong>security: Safeguarding Building Operations in a Digitized World ------------------------------------ 66<br />

By Mirel Sehic, Global Director of <strong>Cyber</strong> Security, Honeywell<br />

<strong>The</strong> <strong>Cyber</strong> Risk Nightmare and Financial Risk Disaster Of Using Personal Messaging Apps In <strong>The</strong><br />

Workplace ------------------------------------------------------------------------------------------------------------------------- 69<br />

By Anurag Lal, President and CEO of NetSfere<br />

DevOps’ Big Challenge: Limiting Risk Without Impacting Velocity----------------------------------------------- 73<br />

By Asaf Karas, CTO <strong>for</strong> JFrog Security<br />

ChatGPT For Enterprises Is Here – But CEOs First Want Data Protections ------------------------------------- 77<br />

By Apu Pavithran, CEO and Founder, Hexnode<br />

Chromecast End-of-Life Announcement Highlights Urgent Need <strong>for</strong> Patch Management Re<strong>for</strong>m<br />

Among Hybrid Workers ------------------------------------------------------------------------------------------------------- 81<br />

By Joao Correia, Technical Evangelist <strong>for</strong> Tuxcare<br />

Common Pitfalls of Running On-Premises SIEM Solutions ---------------------------------------------------------- 84<br />

By Vinaya Sheshadri, Practice Leader <strong>Cyber</strong> Security at RiverSafe<br />

Fostering Total Trust with A ‘Zero-Trust’ Approach in Financial Services -------------------------------------- 88<br />

By Stefan Auerbach, CEO, Utimaco<br />

<strong>Cyber</strong>security in Digital Afterlife ------------------------------------------------------------------------------------------- 92<br />

By Chahak Mittal, GRC Manager, Universal Logistics<br />

When the Enemy Is DDoS, Holistic Protection Is a Must------------------------------------------------------------- 96<br />

By Sean Newman, VP/Product Management, Corero<br />

Data Sanitization <strong>for</strong> End-Of-Use Assets ------------------------------------------------------------------------------- 100<br />

By Roger Gagnon, President & CEO, Extreme Protocol Solutions<br />

Developers Hold the New Crown Jewels. Are <strong>The</strong>y Properly Protected? ------------------------------------- 103<br />

By Aaron Bray, CEO. Phylum<br />

Expect to Fail: How Organizations Can Benefit from a Breach -------------------------------------------------- 107<br />

By Tyler Farrar, CISO, Exabeam<br />

How to Create a Threat Hunting Program <strong>for</strong> Your Business ---------------------------------------------------- 111<br />

By Zac Amos, Features Editor, ReHack<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 3<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

How To Improve Security Capacities of <strong>The</strong> Internet of Things? ------------------------------------------------ 115<br />

By Milica D. Djekic<br />

In Pursuit of a Passwordless Future ------------------------------------------------------------------------------------- 119<br />

By Rob Jenks, Senior Vice President of Corporate Strategy, Tanium<br />

Insights from Billington <strong>Cyber</strong>security Summit <strong>2023</strong>: <strong>The</strong> Enhanced Threat Surface of 5G/6G & IOT 122<br />

By Dr. Torsten Staab, PhD, RTX Principal Technical Fellow<br />

It’s Time to Tear Down the Barriers Preventing Effective Threat Intelligence ------------------------------ 125<br />

By Denny LeCompte, CEO, Portnox<br />

Building For a More Secure Future: How Developers Can Prioritize <strong>Cyber</strong>security ------------------------ 129<br />

By Jeremy Butteriss, EGM Ecosystem and Partnerships, Xero<br />

What the Government Can Learn from the Private Sector in Pursuit of Zero Trust ----------------------- 134<br />

By Kevin Kirkwood, Deputy CISO, LogRhythm<br />

Protecting Your Business and Personal Data ------------------------------------------------------------------------- 137<br />

By Brian Lonergan, VP of Product Strategy, Identity Digital<br />

Navigating Secure Adoption of AI Across Government and Connected Infrastructure ------------------- 142<br />

By Gaurav (G.P.) Pal, Founder and CEO, stackArmor<br />

North Korea–Russia Summit ----------------------------------------------------------------------------------------------- 145<br />

By Stan Vitek, Resident Geopolitical Analyst, Cyfirma<br />

Protecting Critical Infrastructure from <strong>Cyber</strong> Attack --------------------------------------------------------------- 151<br />

By Richard Staynings, Chief Security Strategist <strong>for</strong> Cylera<br />

Ruthless Prioritization Is a Myth: Aim For Risk-Less Prioritization Instead ---------------------------------- 156<br />

By Craig Burland, CISO, Inversion6<br />

Ditch the Worry - Switch to Secure WhatsApp Alternative ------------------------------------------------------- 159<br />

By Nicole Allen, Senior Marketing Executive at Salt Communications<br />

Shifting Left Means Shifting Smart: Managing Software Risk With ASPM ---------------------------------- 163<br />

By Natasha Gupta, Senior Security Solutions Manager, Synopsys Software Integrity Group<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 4<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>The</strong> Crumbling Castle -------------------------------------------------------------------------------------------------------- 166<br />

By Jaye Tillson, Director of Strategy, Axis Securit<br />

<strong>The</strong> <strong>Cyber</strong>security Bridge: A Necessary Connection <strong>for</strong> IT and Communications --------------------------- 170<br />

By Jeff Hahn, principal of Hahn, and Kenneth Holley, Principal and Chairman of Silent Quadrant<br />

Three Things to Know About the New SEC Rules on Sharing In<strong>for</strong>mation and Breach Disclosure<br />

Deadlines ------------------------------------------------------------------------------------------------------------------------ 173<br />

By Meghan Maneval, Director of Technical Product Management at RiskOptics<br />

Striking <strong>The</strong> Right Balance: Cloud and <strong>Cyber</strong> Priorities <strong>for</strong> SMEs ----------------------------------------------- 176<br />

By Mark Allen, Head of <strong>Cyber</strong>, CloudCoCo<br />

<strong>The</strong> Tech Jobs That AI Will Not Disrupt --------------------------------------------------------------------------------- 179<br />

By Michael Gibbs, CEO — Go Cloud Careers<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 5<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.


From the<br />

Publisher…<br />

As we publish the <strong>November</strong> issue of <strong>Cyber</strong> <strong>Defense</strong> Magazine, I’m pleased to note that we have just completed our annual<br />

<strong>Cyber</strong><strong>Defense</strong>Con. Our very successful <strong>2023</strong> event was top shelf. Featuring CISOs, Innovators, and Black Unicorns in our topof-the-industry<br />

lineup of professionals, we presented and exchanged much valuable and actionable in<strong>for</strong>mation <strong>for</strong> our<br />

participants. <strong>The</strong>re is more in<strong>for</strong>mation at https://cyberdefenseconferences.com/. .<br />

We would also like to draw your attention to the CDMG Global Awards program at https://cyberdefenseawards.com/ , and the<br />

many participating professionals who have earned this important recognition <strong>for</strong> their contributions to the cybersecurity industry.<br />

From our perspective, it’s never too early to build on the success of this conference, and prepare to meet the next challenges in<br />

cyber sustainability. We do this monthly with the publication of <strong>Cyber</strong> <strong>Defense</strong> Magazine. Looking ahead, we are also putting<br />

out our call <strong>for</strong> speakers <strong>for</strong> the 2024 conference. CISOs can participate in this program by responding at this website:<br />

https://<strong>for</strong>m.jot<strong>for</strong>m.com/230036762118147<br />

We continue to strive to be the best and most reliable set of resources <strong>for</strong> the CISO community in discharging these<br />

responsibilities. With appreciation <strong>for</strong> the support of our contributors and readers, we continue to pursue our role as the premier<br />

publication in cybersecurity.<br />

Warmest regards,<br />

Gary S.Miliefsky, CISSP®, fmDHS<br />

CEO, <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />

Publisher, <strong>Cyber</strong> <strong>Defense</strong> Magazine<br />

P.S. When you share a story or an article or<br />

in<strong>for</strong>mation about CDM, please use #CDM and<br />

@<strong>Cyber</strong><strong>Defense</strong>Mag and @Miliefsky – it helps spread<br />

the word about our free resources even more quickly<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 6<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.



Published monthly by the team at <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />

and distributed electronically via opt-in Email, HTML, PDF and<br />

Online Flipbook <strong>for</strong>mats.<br />


Yan Ross, JD<br />

yan.ross@cyberdefensemagazine.com<br />


Marketing Team<br />

marketing@cyberdefensemagazine.com<br />


<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />

Toll Free: 1-833-844-9468<br />

International: +1-603-280-4451<br />

http://www.cyberdefensemagazine.com<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of<br />


1717 Pennsylvania Avenue NW, Suite 1025<br />

Washington, D.C. 20006 USA<br />

EIN: 454-18-8465, DUNS# 078358935.<br />

All rights reserved worldwide.<br />


Gary S. Miliefsky, CISSP®<br />

Learn more about our founder & publisher at:<br />

https://www.cyberdefensemagazine.com/about-our-founder/<br />


Providing free in<strong>for</strong>mation, best practices, tips, and techniques<br />

on cybersecurity since 2012, <strong>Cyber</strong> <strong>Defense</strong> Magazine is your<br />

go-to-source <strong>for</strong> In<strong>for</strong>mation Security. We’re a proud division.<br />

of <strong>Cyber</strong> <strong>Defense</strong> Media Group:<br />





<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 7<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Welcome to CDM’s <strong>November</strong> <strong>2023</strong> Issue<br />

From the Editor-in-Chief<br />

In my capacity as Editor-in-Chief of <strong>Cyber</strong> <strong>Defense</strong> Magazine, I am delighted to offer this note of congratulations to<br />

the winners and finalists of the Black Unicorn Awards including Top Global CISOs and InfoSec Innovators. In that<br />

vein, we especially celebrate the amazing women in cyber who have received awards. I encourage all our readers<br />

and contributors to join us in this recognition.<br />

As you will know, the Black Unicorn Awards process is an annual activity to identify and recognize leadership and<br />

accomplishment in the realm of cybersecurity. You may not be aware that many of our award recipients have also<br />

been contributors to <strong>Cyber</strong> <strong>Defense</strong> Magazine.<br />

Looking back over my many years of editing <strong>Cyber</strong> <strong>Defense</strong> Magazine, including review and elaboration of<br />

thousands of well written articles, I am pleased to observe that we always welcome submission of new and important<br />

articles on the current challenges and responses in cybersecurity.<br />

May I take this moment to remind readers that CDM is not a political <strong>for</strong>um, but a place to notify colleagues of<br />

important developments in the cybersecurity industry. Our readers are principally CISOs and their colleagues, so<br />

our focus is on our value to them in discharging their cybersecurity responsibilities, rather than pursuing any political<br />

agenda.<br />

As always, we are delighted to receive both solicited and unsolicited proposals <strong>for</strong> articles. Please remember to<br />

submit all articles on the <strong>Cyber</strong> <strong>Defense</strong> Magazine writer’s kit template, which incorporates the major terms and<br />

conditions of publication. We make every ef<strong>for</strong>t to close out acceptance of articles by the 15 th of each month <strong>for</strong><br />

publication in the following month’s edition.<br />

Wishing you all success in your cybersecurity endeavors,<br />

Yan Ross<br />

Editor-in-Chief<br />

<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />

About the US Editor-in-Chief<br />

Yan Ross, J.D., is a <strong>Cyber</strong>security Journalist & U.S. Editor-in-Chief of <strong>Cyber</strong><br />

<strong>Defense</strong> Magazine. He is an accredited author and educator and has provided<br />

editorial services <strong>for</strong> award-winning best-selling books on a variety of topics. He<br />

also serves as ICFE's Director of Special Projects, and the author of the Certified<br />

Identity <strong>The</strong>ft Risk Management Specialist ® XV CITRMS® course. As an<br />

accredited educator <strong>for</strong> over 20 years, Yan addresses risk management in the<br />

areas of identity theft, privacy, and cyber security <strong>for</strong> consumers and organizations<br />

holding sensitive personal in<strong>for</strong>mation. You can reach him by e-mail at<br />

yan.ross@cyberdefensemagazine.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 8<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 9<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 10<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 11<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 12<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 13<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 14<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 15<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

2001 <strong>2023</strong><br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 16<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 17<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 18<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 19<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 20<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Artificial Deception: <strong>The</strong> State Of “AI” In<br />

<strong>Defense</strong> and Offense<br />

By Ken Westin, Field CISO, Panther Labs<br />

If you have seen any of my talks, I often say that the infosec industry wouldn't exist without deception.<br />

Although I’ve seen enough nature documentaries to know deception exists throughout the rest of the<br />

animal kingdom, humans have the cunning ability to deceive each other to gain resources, whether in<br />

war or crime. Deception in society doesn’t usually become a “crime” until property is lost or there is harm.<br />

Of course, it has evolved with the evolution of technology into the world of cybercrime — the use of<br />

artificial intelligence (AI) is no different. At Black Hat and Def Con this year, I saw an interesting dichotomy<br />

in the realm of AI, specifically the application of data science and machine learning in defensive and<br />

offensive security.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 21<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Artificial Intelligence or Mechanical Turk?<br />

Walking the show floor at Black Hat, most vendors were pitching some sort of AI that would “revolutionize”<br />

defense. I found some of these messages deceptive themselves, making promises the industry has heard<br />

<strong>for</strong> years only to disappear into vaporware and disappointment. <strong>The</strong> advances in machine learning (ML)<br />

and large language models (LLM) have been very promising over the past few years, although still a bit<br />

overhyped as “AI” when in reality, these technologies require reliable data inputs, along with ongoing<br />

human tuning and supervision.<br />

Machine learning models are only as good as the data they are fed. As any data scientist will tell you, the<br />

majority of their job is data prep and cleansing, this also makes these models themselves susceptible to<br />

deception through data poisoning and model manipulation. <strong>The</strong> application of LLM through tools such as<br />

ChatGPT has been a fantastic breakthrough in the application of data science, with the promise of<br />

increasing productivity across many different industries. LLM, however, is a machine learning model that<br />

uses Natural Language Processing (NLP) to scan massive amounts of text. Some companies have been<br />

deceptive about how this technology works, confusing the industry.<br />

Although LLM technology can magically create content from a prompt out of thin air, there is more to it<br />

than meets the eye. LLMs rely on data inputs like any other model, so they leverage existing works,<br />

whether articles, blog posts, art, or even code. So there should be no surprise that there are now mass<br />

lawsuits against companies like ChatGPT from content creators claiming copyright infringement and<br />

source code is no different, not to mention privacy implications.<br />

LLM also has another negative side effect of “hallucinations” where it will spit out nonsense or untrue<br />

content that could trick or confuse a person if they believe the content, which shows why even some of<br />

the most advanced uses of “AI” require a human in the loop to verify content. Interestingly, we can be<br />

deceived by this technology by accident; however, the same technology can and is being used offensively<br />

to manipulate data models and people and, in many respects, is ahead of the defense.<br />

Generative Deception<br />

At Def Con I saw the other side of “AI” on the offensive side. Both the Social Engineering and<br />

Misin<strong>for</strong>mation Villages have grown over the years. <strong>The</strong> Social Engineering CTF was amazing to watch<br />

as teams targeted employees at companies to see how they could gather valuable in<strong>for</strong>mation from<br />

targets <strong>for</strong> reconnaissance. This can now be taken a step further to manipulate people using voice<br />

synthesis to mimic the voice of an authority figure, family member, or celebrity, <strong>for</strong> example, to gain the<br />

target's trust.<br />

<strong>The</strong> increasingly widespread use of this technology will pose a significant threat to organizations and<br />

individuals, mainly as many non-tech-savvy folks are unaware of it, and the models become increasingly<br />

convincing. In addition, the use of generative AI to create videos and images that are progressively<br />

realistic is already finding its way into propaganda, fraud, and social engineering at a horrifying rate, and<br />

most security awareness training programs and other defenses <strong>for</strong> these types of attacks are slow to<br />

catch up.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 22<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Human-in-the-Middle<br />

In creating AI tools to make us more productive and creative, we also opened a Pandora’s Box, as these<br />

same tools can be used to deceive us. I presented a while back at the SANS Data Science Lightning<br />

Summit “Cyborgs vs. Androids” on this topic, where I discussed the successful use of AI technology<br />

should be thought of less as an autonomous entity that will replace the security analyst/engineer and<br />

more like a cyborg, where we leverage these technologies to enhance the security analyst/engineer.<br />

Organizations also need to consider the potential liability of using some of these tools, given the<br />

technology is new, questions about data provenance, and potential legislation regarding their use.<br />

By keeping the human in the center, we are better able to harness the power of AI while at the same time<br />

ensuring it has the proper inputs and monitoring of its outputs. Trained humans are still better than<br />

machines at identifying patterns and detecting human deception; the challenge is that they are<br />

overwhelmed with data, tooling, and threats. <strong>The</strong> more we can leverage AI to enhance the analysts'<br />

capabilities to make their jobs easier, the better we will defend against a whole new generation of threats<br />

— or maybe this post was written by an AI to convince you that’s the case ;-).<br />

About the Author<br />

Ken Westin is Field CISO of Panther Labs. He has been in the<br />

cybersecurity field <strong>for</strong> over 15 years working with companies to improve<br />

their security posture, through detection engineering, threat hunting,<br />

insider threat programs, and vulnerability research. In the past, he has<br />

worked closely with law en<strong>for</strong>cement helping to unveil organized crime<br />

groups. His work has been featured in Wired, Forbes, New York Times,<br />

Good Morning America, and others, and is regularly reached out to as<br />

an expert in cybersecurity, cybercrime, and surveillance.<br />

Ken can be reached online at LinkedIn<br />

(https://www.linkedin.com/in/kwestin/) and at our company website<br />

https://panther.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 23<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Master Security by Building on Compliance<br />

with A Risk-Centric Approach<br />

By Meghan Maneval, Vice President of Product Strategy and Evangelism, RiskOptics<br />

In recent years, a confluence of circumstances has led to a sharp rise in IT risk <strong>for</strong> many organizations.<br />

Cloud adoption, digital processes, remote work, and third-party relationships have all grown dramatically<br />

to create an expanding and complex threat landscape that bad actors are eager to exploit. Not only are<br />

there an enormous number of risks in this digitized world, but they are also coming at us with incredible<br />

speed. Considering that it only takes an independent cybercriminal around 9.5 hours to obtain illicit<br />

access to a target’s network, every minute a company lacks visibility into vulnerabilities or fails to respond<br />

to threats gives hackers a chance to cause significant damage.<br />

In light of the increasing threat, many organizations have focused on increasing their compliance with<br />

security certifications under the illusion that compliant means secure. This is not the case. According to<br />

Forrester, just 35% believe that compliance drives the right focus and behaviors within their business.<br />

That’s why a proactive approach to seeing, understanding, and acting on risk is key to improving the<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 24<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

effectiveness of defenses in place to meet compliance standards – helping organizations enhance cyber<br />

resilience today and tackle the challenges of tomorrow.<br />

Compliance alone is insufficient to improve security<br />

Complying with a framework is great. Compliance cannot be underscored. “Being compliant” means<br />

adhering to a specific framework or list of regulatory requirements and is how you protect your<br />

organization. But it does not mean you have done everything within reason to protect your organization,<br />

nor are you prioritizing your security investments to achieve specific business objectives. <strong>The</strong>re<strong>for</strong>e,<br />

compliance does not speak to how well you are protecting your organization.<br />

Attackers are smart, stealthy, and ready to exploit any opportunity, whether through the front door with a<br />

phishing email or the back door via one of your third- or fourth-party vendors. In fact, 83% of organizations<br />

reported having experienced more than one data breach, according to the <strong>2023</strong> Cost of a Data Breach<br />

Report by IBM and the Ponemon Institute. To protect your organization, you need to go beyond<br />

compliance and actually assess your risk and put practices into place to prioritize remediation to propel<br />

your business <strong>for</strong>ward.<br />

For example, compliance audits are point-in-time assessments that appraise the controls you’ve already<br />

implemented. <strong>The</strong>y don’t focus on how well you are protecting your organization today. This approach is<br />

no longer sufficient to reduce risk. What happens if an event occurs the day after an audit that increases<br />

your number of high-risk vulnerabilities? Remember that attackers don’t care if you’re compliant or not –<br />

only regulators and other stakeholders do. <strong>The</strong> attacker aims to make money accessing your high-value<br />

in<strong>for</strong>mation, disrupting your business, and profiting from ransomware payments. Keeping your business<br />

priorities in the center of your risk assessment enables faster data-driven strategic decision making.<br />

Understand the effectiveness of your compliance and risk activities<br />

Understanding the need to shift from compliance to risk management is one thing but carrying it out is<br />

quite another. To understand the effectiveness of your security posture, ask: How well are we protecting<br />

our organization and assets?<br />

When choosing risk management technology, it’s important that the plat<strong>for</strong>m supports a strategy of<br />

defining risk within a business context. Your organization’s risk management plat<strong>for</strong>m should provide<br />

in<strong>for</strong>mation beyond the typical compliance status report. Look <strong>for</strong> reporting capabilities that provide the<br />

context necessary to understand the progress and effectiveness of your compliance programs and their<br />

impact on reducing risk. For example, each program should have a compliance posture indicating the<br />

number of effective controls compared to total controls. But it should also clearly show the impact of those<br />

controls on reducing your risk exposure. If it’s not, you’re missing the mark.<br />

<strong>The</strong> plat<strong>for</strong>m must also be able to update this metric in real time as your team completes compliance<br />

activities to provide an up-to-the-minute snapshot of the program’s health. You should also expect live-<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 25<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

view dashboards to include the status and impact of controls and risks, as well as the ability to export<br />

results into a CSV or <strong>for</strong>matted report. This level of detailed reporting gives your risk managers the<br />

visibility they need to prioritize activities that strengthen compliance and reduce risk and can help you<br />

better understand how risk remediation ef<strong>for</strong>ts are progressing. Similarly, a report that quantifies risk<br />

assessments by category and score can help identify the areas needing attention, so that you can focus<br />

your resources on the areas negatively impacting your risk posture.<br />

How can organizations improve their cybersecurity?<br />

<strong>The</strong> most security-conscious organizations understand that cybersecurity is an ever-evolving risk that<br />

must continuously be considered and monitored. When the organization is “in compliance,” it has met<br />

the minimum requirements under its obligations. But being able to say “we’re compliant” is not the same<br />

as understanding to what extent implemented controls have effectively reduced the underlying risks. You<br />

must also identify and categorize risks as they relate to individual business activities and the context<br />

around them.<br />

By taking a broader, risk-based approach tying risk to business outcomes, instead of a more limiting<br />

compliance-based approach, organizations can improve their cybersecurity.<br />

<strong>The</strong> four key areas enterprises look to improve are:<br />

• ENABLEMENT: Supporting business goals by protecting the data and systems essential to the<br />

business.<br />

• SECURITY: Protecting data privacy, demonstrating compliance, and managing risk effectively.<br />

• EFFICIENCY: Eliminating the time wasted on manual tasks.<br />

• TRUST: Proving to customers that they can entrust their sensitive data to the company.<br />

Deliver better outcomes with a strategic approach to risk<br />

<strong>Cyber</strong>security leaders can deliver better outcomes with less ef<strong>for</strong>t by transitioning from a compliancecentric<br />

approach to a risk-centric one. This evolution happens by shifting your perspective. Compliance<br />

and risk are essentially two sides of the same coin but with different focal points. Compliance is focused<br />

on adherence to a framework of statutory, regulatory, or contractual requirements, using implemented<br />

controls to satisfy those obligations. This adherence is binary — each requirement is either met or unmet.<br />

But risk is a continuum. Risk management requires evaluation of controls and their impact on the<br />

business’ ability to meet its goals.<br />

Such an approach puts cyber risk in a business context so that CISOs and CIOs can tie risk to the<br />

business objectives prioritized by the C-suite and Board. To do so, they need visibility into the<br />

organization’s overall risk and compliance posture that breaks down the silos that cause inefficiencies,<br />

gaps, and blind spots. You need organizational and program-level reporting that gives you detailed<br />

insights and metrics. <strong>The</strong> tools and automation involved can substantially ease the burden of managing<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 26<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

this in<strong>for</strong>mation and related activities. Automation capable of facilitating a continuous, near real-time view<br />

of the organization’s risk profile is key to delivering better outcomes with less ef<strong>for</strong>t. In addition, a riskcentric<br />

risk management approach builds trust among customers and business partners, ultimately<br />

supporting your go-to-market initiatives.<br />

About the Author<br />

Meghan Maneval is the Vice President of Product Strategy and<br />

Evangelism at RiskOptics. She has over 15 years of experience in risk<br />

management, in<strong>for</strong>mation security, and compliance, and is a<br />

passionate, visionary leader who drives new ways to solve industry<br />

problems. As the Vice President of Product Strategy and Evangelism<br />

at RiskOptics, she leads a team of talented and diverse professionals.<br />

She develops and executes strategy and objectives <strong>for</strong> the Go-To-<br />

Market function, innovates and designs new solutions <strong>for</strong> the risk<br />

management market, and evangelizes the benefits and value of cyber<br />

risk management. Meghan can be reached online at her LinkedIn here<br />

and at our company website https://reciprocity.com/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 27<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Charting a Trustworthy AI Journey<br />

Sound cybersecurity principles <strong>for</strong> responsible generative AI innovation<br />

By Lisa O’Connor, Managing Director—Accenture Security, <strong>Cyber</strong>security R&D, Accenture Labs<br />

As companies turn to generative AI to trans<strong>for</strong>m business operations, traditional notions of trust are being<br />

reshaped. How will the enterprise navigate a journey toward Responsible AI—designing, developing and<br />

deploying AI in ways that engender confidence and trust?<br />

AI brings unprecedented opportunities to businesses, but also incredible responsibility. Its direct impact<br />

on people’s lives has raised considerable questions around AI ethics, data governance, trust and legality.<br />

In fact, Accenture’s 2022 Tech Vision research found that only 35% of global consumers trust how AI is<br />

being implemented by organizations. And 77% think organizations must be held accountable <strong>for</strong> their<br />

misuse of AI.<br />

That skepticism in understandable. Humans will have a more difficult time determining if sources of<br />

in<strong>for</strong>mation are reliable. <strong>The</strong>re are risks that large language models will be used to manipulate data in<br />

ways that will make us question the veracity of all sorts of in<strong>for</strong>mation.<br />

Today, threat actors are using Gen AI to write more and more effective phishing campaigns. <strong>The</strong>y are<br />

getting better at leveraging collected profiles and the troves of in<strong>for</strong>mation we share on-line on social<br />

sites to craft precision spearphishing. Attacks methods against AI and Generative AI are all over the dark<br />

web. <strong>The</strong>se methods take advantage of how these models work. For example “prompt injection” attacks<br />

can cause the large language model (LLM) to unknowingly execute the malicious user’s instructions,<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 28<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

leading to the potential exploit of backend systems or the presentation of false in<strong>for</strong>mation to the<br />

unknowing user. Vulnerabilities and the proliferation of the knowledge on how to use them means that<br />

well-meaning initiatives without the right security may put relationships at risk and proprietary data<br />

exposed. <strong>The</strong> cybersecurity playbook must keep pace with these new realities.<br />

But using gen AI in the organization also put trust at risk. <strong>The</strong> following are steps leading enterprises are<br />

taking to build trust that generative AI is being used responsibly:<br />

• Build consensus about risk appetite—Accenture’s recent “State of <strong>Cyber</strong>security Resilience <strong>2023</strong>”<br />

research found that 65% of so-called “cyber trans<strong>for</strong>mers” apply three leading practices to excel<br />

at risk management. By contrast, just 11% of the rest adopt a “best-in-class” approach. <strong>The</strong><br />

leaders apply a cyber risk-based framework that is completely integrated into their enterprise risk<br />

management program. <strong>The</strong>ir operations and executive leadership consistently agree on the<br />

priority of assets and which operations to protect. And they consider cybersecurity risk to a great<br />

extent when evaluating overall enterprise risk.<br />

• Ditch the jargon—Provide non-technical explanations. Business leaders and the board need nontechnical<br />

explanation and a common understanding to agree on governance guardrails and<br />

appreciate the risks of having actual business data compromised. Stories and what-if scenarios<br />

can help users gain a gut-level appreciation about the risks of undermining trust. Users need to<br />

appreciate that once corporate data is out in the public environment, it is not coming back.<br />

• Promote early engagement—Pilots can shape opportunities and value propositions and should<br />

be used to provide critical feedback that should be shared with technology providers and<br />

standards organizations. Inside the organization, this critical feedback can be used to develop<br />

standardized business-ready applications and an enhanced understanding of necessary controls.<br />

• Empower cross-organization governance and development—Avoid siloed development ef<strong>for</strong>ts.<br />

Legal, Risk, IT, In<strong>for</strong>mation Security, Marketing and HR should all be engaged in charting the gen<br />

AI journey. One enterprise we know has an “Executive In<strong>for</strong>mation Management Committee;<br />

another a “funnel group” <strong>for</strong> bi-weekly evaluation of use cases.<br />

• Offer a safe “sandbox”—<strong>The</strong> rest of the business is keen to work with gen AI tools. We hear from<br />

CISOs that unsupervised “shadow” ef<strong>for</strong>ts are underway throughout many enterprises. To get<br />

ahead of the risks of rogue ef<strong>for</strong>ts, establish an environment <strong>for</strong> users to test the appropriate uses<br />

and limitations of various models, and of the data that trained the model. For example, a CISO<br />

we know is encouraging people to experiment safely by using ChatGPT to plan their next holiday.<br />

• Identify the prerequisites <strong>for</strong> sustainable generative AI success—A strategic discussion with<br />

business leaders is required to ensure that the generative AI journey actually leads to business<br />

value. <strong>The</strong>re needs to be agreement on governance and a focus on investments that create<br />

sustainable value. Priorities need to be right-sized so trans<strong>for</strong>med processes are af<strong>for</strong>dable.<br />

Short-term successes should not come at the cost of overlooking responsible AI principles.<br />

• Establish a sustainable AI architecture—Get the organization ready to use large language models<br />

cost-effectively. Adopt a foundation model—pure play, open source, or cloud provider—that is fit<br />

<strong>for</strong> purpose. Determine the right approach <strong>for</strong> providing access to gen AI models. Dedicated<br />

infrastructure offers better cost predictability but adds complexity compared to managed cloud<br />

services. A modern data foundation is required to create measurable business value from<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 29<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

proprietary data in your model. A well planned and executed security strategy can mitigate the<br />

risk of compromise that comes with generative AI products.<br />

• Develop use cases that rein<strong>for</strong>ce trust—Demonstrate to the CEO, the board and other leaders<br />

what is possible with generative AI. Also, highlight the privacy and intellectual property risks and<br />

propose criteria <strong>for</strong> evaluating the value of use cases that will inevitably be brought <strong>for</strong>ward by<br />

other areas of the business. In time, generative AI could support enterprise governance and<br />

in<strong>for</strong>mation security, protecting against fraud, improving regulatory compliance, and proactively<br />

identifying risk by drawing cross-domain connections and inferences both within and outside the<br />

organization.<br />

• Know data sources and data lineage—Monitor network traffic and shadow models to prevent data<br />

from leaving the enterprise. Ensure that detection response is up to date. Database records,<br />

system files, configurations, user files, applications, and customer data may all be at risk of<br />

leakage in a public large language model environment. Not understanding or curating the training<br />

data set can lead to inaccuracies, misin<strong>for</strong>mation, discrimination, bias, harm, lack of fairness or<br />

adversarial actions like data poisoning.<br />

While the full impact of generative AI is evolving, one fact is clear: trust cannot be compromised.<br />

Establishing and maintaining trust means the organization must ensure the security, privacy, and the<br />

safety of individuals, communities, businesses, data and services. If stakeholders trust how businesses<br />

are using generative AI, the business strategies predicated on that technology can thrive.<br />

About the Author<br />

Lisa O’Connor is Accenture's Managing Director, Global Security Research and<br />

Development, a visionary leader who understands both the opportunities and<br />

risks of emerging technologies to the business. Her role is to enable the security<br />

and resilience of the future enterprise through a program of applied research,<br />

co-innovating with the Global 2000, governments, academia and startups.<br />

Her applied research programs in Washington, DC and Herzliya, Israel<br />

include Generative AI, Quantum Security, Metaverse Security, Trustworthy AI,<br />

Intelligent Secure Data Mesh, Ontological Mesh and <strong>Cyber</strong> Digital Twins.<br />

She has over 35 years of in<strong>for</strong>mation security experience, with over 16 years in<br />

financial services, including serving as CISO at Fannie Mae. Her nine-year tenure at the National Security<br />

Agency included special assignments to the White House Communications Agency and to the Surveys<br />

and Investigations Staff of the House Appropriations Committee.<br />

Lisa holds a Masters of Engineering Administration from George Washington University and a Bachelor<br />

of Science of Electrical Engineering from Lehigh University. She is an avid rock climber.<br />

Lisa can be reached online on LinkedIn at https://www.linkedin.com/in/lisaoconnor/ and at Accenture’s<br />

company website https://www.accenture.com/it-it/about/leadership/lisa-oconnor<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 30<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

An Age-by-Age Guide to Online Safety <strong>for</strong><br />

Kids<br />

By Chelsea Hopkins, Social Media Manager, Fasthosts<br />

<strong>The</strong> internet is a fast-changing world of in<strong>for</strong>mation that allows kids to play, create, browse, and engage<br />

with different people from all corners of the globe. Although the access to in<strong>for</strong>mation, entertainment, and<br />

connection it offers is vital to modern life, safeguarding kids' online safety is crucial <strong>for</strong> their wellbeing,<br />

development, and future success in an increasingly digital world.<br />

In the following guide, the experts at Fasthosts take a practical approach to online safety. <strong>The</strong>y provide<br />

tailored advice and strategies to specific age groups, aiming to empower us with the knowledge<br />

necessary to make in<strong>for</strong>med decisions, and to help parents keep their kids secure on the web.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 31<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Know your parental controls<br />

Parental controls are designed to manage your children’s online time, keep track of activity, and filter out<br />

inappropriate content. <strong>The</strong>re are various ways to implement these controls:<br />

• Internet provider - You can set up filters that block access to potentially harmful and<br />

inappropriate content on any device connected to your Wi-Fi network.<br />

• Household devices - Most devices such as phones and tablets allow you to set up parental<br />

controls to limit screen time, control content, and block in-app purchases.<br />

• Mobile operators - Filters can also be set up on mobile contracts <strong>for</strong> users under 18 which will<br />

block explicit content.<br />

• Online services - Many online streaming services – such as Hulu and Netflix – offer a set of<br />

parameters where you can set passwords, maturity ratings, and manually block certain content<br />

from your child's profile.<br />

• Software - <strong>The</strong>re’s plenty of software out there that allows you to monitor your home network,<br />

and the activity of each connected device.<br />

• VPNs - Using a virtual private network adds an extra layer of security when browsing the web. A<br />

VPN - powered by a VPS - hides the user's actual public IP address and secures traffic between<br />

the user's device and the remote server.<br />

As kids grow, the safety measures in place should adapt. That’s why it’s important to tackle online safety<br />

in a proactive way where a child’s age is taken into account. Below we have narrowed down the top tips<br />

<strong>for</strong> child online safety from 0 - 18 years old, classified by age range:<br />

Preschooler: 0 - 5 yrs<br />

If your preschooler doesn’t have their own device just yet, it’s likely that they’ll borrow from their parents<br />

or siblings to watch videos or play games. Here’s how to make sure your child is using these devices<br />

safely:<br />

Keep it kid-friendly: Allow the usage of kid-friendly apps and websites that you have verified. Do your<br />

research be<strong>for</strong>ehand.<br />

Supervise: Not all video content is what it seems. Always try to be in the room or close by when your<br />

child is using the internet.<br />

Monitor your child's usage: Keep a close eye on your child’s device usage, especially if they’re<br />

accessing the internet. Better yet, use this time to go online with them where you can guide them and<br />

explore the digital world together.<br />

Set boundaries: Set boundaries by establishing time limits. Use passwords on devices, apps, and online<br />

features to restrict access.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 32<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Educate: It’s never too early to teach about internet safety, so introduce healthy concepts like asking <strong>for</strong><br />

permission, and seeking support.<br />

Kindergarten: 5 - 6 yrs<br />

Although a lot of the advice given in the previous step is relevant to this age group, when a child steps<br />

up to kindergarten, they may find more opportunities <strong>for</strong> independence and interaction with older peers.<br />

Continue supervision: You will likely want to alter parental controls, potentially allowing this age group<br />

to access the internet <strong>for</strong> educational purposes with parental controls in place. Make sure to continue<br />

close supervision and education about healthy online safety habits.<br />

Be available <strong>for</strong> support: <strong>The</strong> internet can be fun and exciting, but there can sometimes be scary or<br />

upsetting things out there. Encourage your children to put down their device and come to a trusted adult<br />

if they encounter anything that makes them feel uncom<strong>for</strong>table.<br />

Elementary School: 6 - 11 yrs<br />

As kids start becoming more independent, their use of devices and the internet will increase. <strong>The</strong>ir online<br />

activities may change, including more communication with friends and peers, and venturing into the world<br />

of social media and video-sharing plat<strong>for</strong>ms.<br />

Maintain supervision: Kids at this age will be wishing <strong>for</strong> more autonomy, but it’s still important to<br />

monitor their activity.<br />

Teach safe browsing: Explain the basics of safe internet usage so that they know the risks to look out<br />

<strong>for</strong>.<br />

Online etiquette: Educate them about being kind and respectful to others online, and never sharing<br />

personal in<strong>for</strong>mation, especially any that could allude to identity and location.<br />

Parental controls: Although some parental functions could start to be reduced, it’s a good idea to keep<br />

reviewing the current controls with open and honest discussions.<br />

Middle School: 11 - 14 yrs<br />

Transitioning to middle school is an important milestone in a child's journey. It marks moving up to<br />

adolescence where they will be spending a significant amount of time online and interacting with peers.<br />

Privacy settings: Encourage kids to be mindful about what they share and post online. Encourage<br />

privacy settings on social media plat<strong>for</strong>ms and other accounts.<br />

<strong>Cyber</strong>bullying: Keep an eye out <strong>for</strong> signs of cyberbullying. Educate your child on the dangers to look<br />

out <strong>for</strong> and the potential effects it can have on themselves and others. Reiterate that they never have to<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 33<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

give in to pressure or other <strong>for</strong>ms of online abuse. You should also become familiar with the signs that<br />

your child might be being bullied, such as becoming withdrawn, hiding their devices from your view, or<br />

giving up on favorite games.<br />

Encourage communication: Create a safe space <strong>for</strong> open communication, let them know that if they<br />

ever come into contact with cyberbullying or become a victim of it themselves, to in<strong>for</strong>m an adult.<br />

Dangers of the internet: Encourage them to question the safety and credibility of the in<strong>for</strong>mation and<br />

content they encounter online. Whether that be watching videos, or friend requests from strangers. Help<br />

them recognize the signs of legitimate websites as opposed to fake/misleading websites.<br />

High School: 14 - 18 yrs<br />

At this age, the internet is an integral part of their daily lives. Kids – or rather young adults – in this group<br />

will adapt quickly to new technology, and use it to communicate, create and post content, and socialize<br />

with their peers.<br />

Online reputation: Strengthen their understanding of the value of their online reputation by emphasizing<br />

how their online decisions now may impact their future.<br />

Keeping in<strong>for</strong>mation private: Discuss the importance of critical thinking be<strong>for</strong>e they post, remaining<br />

mindful, and keeping personal details private.<br />

Responsibility: Encourage independence and responsibility while ensuring that they understand that<br />

you are there <strong>for</strong> help and support. Continue to have regular check-ins with them about their online<br />

experiences.<br />

Healthy habits: Stress the importance of a healthy balance between both online and offline activities.<br />

Additional tips and info<br />

Stranger danger: Always remind your children of stranger danger and to never accept a friend or<br />

message request from someone they don’t know – it simply isn’t worth the risk.<br />

<strong>Cyber</strong>security: Teach them the importance of creating strong and unique passwords to keep their<br />

accounts secure.<br />

Lead by example: Be a good role model <strong>for</strong> internet use. Show them how to be responsible online and<br />

demonstrate positive behavior to follow. This is especially important when it comes to social media usage,<br />

and healthy levels of screen time.<br />

Internet safety is an ongoing conversation, remember to regularly revisit and rein<strong>for</strong>ce these principles to<br />

keep your children safe online in our ever-evolving digital world.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 34<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Chelsea Hopkins is the Social Media Manager of Fasthosts<br />

Fasthosts has been a leading technology provider since 1999, offering<br />

secure UK data centres, 24/7 support and a highly successful reseller<br />

channel. Fasthosts provides everything web professionals need to power<br />

and manage their online space, including domains, web hosting,<br />

business-class email, dedicated servers, and a next-generation cloud<br />

plat<strong>for</strong>m. For more in<strong>for</strong>mation, head to www.fasthosts.co.uk<br />

Chelsea Hopkins can be reached online at LinkedIn and at our company<br />

website https://www.fasthosts.co.uk/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 35<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Overcoming Multi-Cloud Security Challenges:<br />

<strong>The</strong> Power of a Unified Configuration of Clouds<br />

Digital trans<strong>for</strong>mation has urged organizations across various industries to adopt multi-cloud<br />

strategies. <strong>The</strong>y need to find the right balance <strong>for</strong> security and growth.<br />

By Michael Rostov, Entrepreneur and Co-Founder at Oasis Defender<br />

<strong>The</strong> adoption of multi-cloud aims to modernize IT infrastructures and carve out a competitive edge. Be it<br />

manufacturers, financial institutions, global giants in media and entertainment, or healthcare<br />

organizations — many businesses of medium and large caliber find the need to harness two or more<br />

clouds.<br />

Business owners choose multi-cloud strategies to escape vendor lock-in, trim down costs, and reduce<br />

latency. Using multiple clouds helps them enhance supply chains, increase sales rates, and boost service<br />

provisions.<br />

However, the dalliance with multiple clouds amplifies the risks of misconfigurations and human-induced<br />

errors in cloud management. Blunders widen the gateway <strong>for</strong> security vulnerabilities, leading to breaches<br />

that may harm the organization's bottom line and its reputation in the long haul.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 36<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Securing Infrastructure Against Breaches with Adequate Multi-Cloud Settings<br />

IBM reported that 19% of data breaches in 2021 resulted from misconfiguring multiple cloud<br />

environments. <strong>The</strong> average financial losses suffered by organizations reached $4.41 million, an amount<br />

impressive enough to focus on adopting adequate multi-cloud security strategies.<br />

Both public and private cloud services often lack proper security and management when users make<br />

mistakes in setting up access controls, encryption, firewalls, backups, and other security features. So, is<br />

there a silver bullet <strong>for</strong> this concern?<br />

A way <strong>for</strong>ward <strong>for</strong> holistic security across diverse cloud plat<strong>for</strong>ms is centralized cloud management.<br />

Innovative solutions can help manage multiple registered clouds via a unified interface. Such solutions<br />

also tap into machine learning and AI to spot potential threats in real-time, ensuring swift and effective<br />

responses to keep damage to a minimum.<br />

Enhancing Data Protection and Privacy<br />

Protecting data across multi-cloud environments is tough without centralized security controls. Nearly<br />

57% of US organizations report challenges they face trying to comply with corporate policies and<br />

regulatory rules. This is often the case <strong>for</strong> manufacturers and retailers operating globally, as they face<br />

strict local and industry-specific regulations.<br />

Centralized security controls give a clear view across cloud providers while offering strong compliance<br />

mechanisms. Integrated AI tools and automated systems scan the cloud environment and help meet<br />

compliance needs by giving real-time reports and alerts on deviations. By using a unified interface,<br />

organizations can tap into steady multi-cloud security policies and top-notch threat protection.<br />

Managing More Clouds While Limited in Talent<br />

A notable 56% of organizations struggle to find the needed skills to manage security in multi-cloud<br />

environments.<br />

When an organization steps into a multi-cloud strategy, the team may not be fully ready. <strong>The</strong>y may be<br />

unfamiliar with different security features and practices that differ across Google Cloud, AWS, Microsoft<br />

Azure, and other cloud services. As a result, doubts arise regarding consistent security policies and<br />

adequate protection <strong>for</strong> sensitive data.<br />

For those lacking cloud skills, an integrated approach comes in handy. AI-driven threat detection<br />

simplifies security tasks, reducing the need <strong>for</strong> specialized knowledge. Continuous upgrades through<br />

user feedback make the system smarter over time, without manual tweaking. Besides, collaboration tools<br />

help share knowledge, helping less experienced members learn from seasoned experts.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 37<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Wrapping Up<br />

Embracing multi-cloud strategies often opens a door to cybersecurity challenges <strong>for</strong> organizations.<br />

Fortunately, there are solutions <strong>for</strong> unified visualization and configuration of cross-cloud security tools<br />

that make cloud management simpler.<br />

With the help of AI and machine learning, these tools auto-detect threats and learn from user feedback<br />

to improve security continually. Organizations can then navigate their clouds with ease, making sure data<br />

stays safe, secure, and compliant.<br />

About the Author<br />

Michael Rostov is a Co-Founder of Dubai-based startup Oasis Defender<br />

which focuses on developing AI-driven software <strong>for</strong> unified visualization and<br />

configuration of multi-cloud security. He is an entrepreneur and VC with over<br />

a decade of experience in the telecom and cybersecurity sectors. Michael<br />

can be reached online at https://www.linkedin.com/in/michael-rostov/ and at<br />

the company website https://oasisdefender.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 38<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

AI And Ad Fraud: Growing Risks <strong>for</strong> Marketers<br />

Using Google’s AI-Based Advertising Campaigns<br />

Google’s Per<strong>for</strong>mance Max (PMax) - AI has ignited a flurry of concerns relating to data protection<br />

and security, and organisations must act now to prevent further damaging losses.<br />

By Mathew Ratty, CEO, TrafficGuard<br />

Artificial intelligence (AI) is trans<strong>for</strong>ming the marketing industry. While there are many benefits to using<br />

AI in digital campaigns, recent revelations surrounding Google’s Per<strong>for</strong>mance Max (PMax) - AI has<br />

ignited a flurry of concerns relating to data protection and security.<br />

When Google announced PMax, it appeared to be the answer to every marketer’s dream – driving<br />

marketing efficiency, per<strong>for</strong>mance, and better ROI across all of Google's channels, including YouTube,<br />

search, shopping, and discovery. Since this launch, questions have been raised regarding its ability to<br />

adhere to stringent data privacy laws.<br />

In a recent data privacy breach, YouTube may have inadvertently shown adverts to children. Not only<br />

does this spark concerns around the violation of the Children’s Online Privacy Protection Act (COPPA)<br />

but it causes a ripple effect <strong>for</strong> advertisers seeking to optimise their returns.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 39<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>The</strong>re is still much to understand and learn about AI, and it is crucial that organisations are aware of the<br />

risks. With full transparency into the algorithms and tools to combat potential fraudsters, organisations<br />

can effectively protect themselves and avoid breaching data privacy.<br />

Threat Actors Taking Advantage of AI Vulnerabilities<br />

AI systems can be incredibly efficient at managing large amounts of in<strong>for</strong>mation on behalf of data<br />

analysts. <strong>The</strong> problem with this is AI systems like PMax have difficulty differentiating between positive<br />

user engagement, and more malicious actions taken by fraudsters.<br />

<strong>The</strong> challenge with PMax is all user engagement is viewed as positive or legitimate, and threat actors are<br />

exploiting this algorithm. Fraudsters are capable of creating fake intent signals, which trick systems into<br />

thinking the signal is a user with a legitimate interest in engaging with the site. To accomplish this,<br />

fraudsters create numerous bots to flood systems with fake engagement. This leads to the AI algorithm<br />

optimising toward the source of the invalid traffic, resulting in wrongly optimised campaigns that divert<br />

and deplete advertising budgets by driving more fake engagement.<br />

Fraudsters are also targeting potential weaknesses in the data privacy of AI plat<strong>for</strong>ms like PMax. Google<br />

has implemented multiple features to address data privacy concerns within PMax, such as anonymisation<br />

of user data, user controls/preferences to control their data, and ad preferences. PMax aims to uphold<br />

strong data privacy measures, but vulnerabilities in the system are still possible, as seen in the recent<br />

showing of ads to minors on YouTube.<br />

<strong>The</strong> vulnerabilities in the system demonstrate the ever-evolving nature of data privacy and the challenge<br />

of ensuring it remains complex and secure. Constant vigilance and adaptions are crucial to address<br />

potential gaps or flaws within systems. Organisations can greatly benefit from using AI within marketing<br />

campaigns, but it’s important to balance its usage with appropriate risk mitigation. Advertisers should not<br />

only utilise AI, but also put countermeasures in place to protect their campaigns against evolving fraud<br />

tactics.<br />

Preventing Fraudulent Activity<br />

With the big budgets involved in marketing campaigns, fraudsters are always on the lookout <strong>for</strong> a slice of<br />

the profit. Organisations must protect themselves from bad actors getting in the way of achieving<br />

campaign success by ensuring they are optimising toward legitimate sources.<br />

By implementing solutions to identify fraudulent bots, and data collection filters, they can effectively<br />

prevent fraud while meeting data privacy laws and ultimately maintain campaign control.<br />

Organisations can take the following steps to prevent fraud across marketing campaigns:<br />

• Analyse and Optimise Traffic: AI can be leveraged to combat fraudulent traffic. Through effective<br />

analytics and reporting tools, patterns, anomalies or irregularities in traffic can be identified to<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 40<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

enable organisations to make better-in<strong>for</strong>med decisions to optimise their traffic. As fraud tactics<br />

constantly evolve, AI solutions can be aligned to remain one step ahead. Its predictive abilities<br />

enable marketers to proactively identify and prevent fraud be<strong>for</strong>e it harms campaigns.<br />

• Data Filtering: It is crucial that organisations stay within data privacy guidelines. Implementing a<br />

solution to filter through data enables organisations to tailor their data collection strategy. It is<br />

possible to limit or stop data collection altogether post-click, which ensures the data aligns with<br />

protection regulations, especially in engagement from minors. Solutions can also minimalise<br />

collected data so that only the essentials <strong>for</strong> fraud identification and campaign optimisation are<br />

gathered. This will reduce the risk of overstepping data privacy laws.<br />

<strong>The</strong> threats posed by fraudsters can be prevented, allowing organisations to make the most of AI systems<br />

like PMax. <strong>The</strong> right security solution or tools will provide organisations with the ability to scan their data<br />

in real-time and identify malicious engagement from threat actors which can then be countered, protecting<br />

budgets and data alike.<br />

Preserving Campaign Integrity<br />

AI programs are becoming more and more prevalent, and fraudsters are continuously looking <strong>for</strong> ways<br />

to build on their tactics and take advantage. Organisations have the opportunity to take a proactive stance<br />

against fraud, and pre-emptively tackle threat actors to preserve the integrity of their campaigns and<br />

comply with regulations.<br />

A proactive approach involves leveraging AI’s predictive abilities to identify and prevent fraud be<strong>for</strong>e it<br />

can harm campaign budgets. By adopting this approach, organisations can fully appreciate the benefits<br />

of AI while mitigating the changing threat landscape.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 41<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Mathew Ratty, a seasoned professional with 7 years in digital ad tech, currently<br />

leads as CEO of Adveritas. Formerly part of a mobile ad network, he's also an<br />

avid tech investor with a decade of diverse investments. Under his leadership,<br />

Adveritas launched its flagship product, TrafficGuard, using innovative<br />

strategies and assembling a top-tier C-level team. Holding a First-Class<br />

Honours Finance degree from Curtin University, Australia, Ratty steers<br />

TrafficGuard's mission. This pioneering ad fraud prevention solution employs<br />

AI and advanced machine learning, revolutionizing business operations.<br />

Trusted by major brands like Disney, Tab Corp, and HelloFresh, TrafficGuard,<br />

accessible on Google Cloud Marketplace, upholds transparency and security in<br />

digital advertising, setting industry benchmarks. Mat can be reached online at @Mathew Ratty on<br />

LinkedIn and at our company website https://www.trafficguard.ai/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 42<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Bolster an Organizational <strong>Cyber</strong>security Strategy<br />

with External Data Privacy<br />

Enterprise threat protection is missing this critical component<br />

By Harry Maugans, CEO, Privacy Bee<br />

Companies fight hard to find, cajole and incentivize top talent to run their business. <strong>The</strong>y also invest in<br />

cybersecurity systems <strong>for</strong> the business, protecting it within its closed system. But those same executives<br />

are as highly valued by hackers as they are by the business. <strong>The</strong>ir external data, when collected from<br />

any number of shopping, social or messaging sites are so integrated in our lives; they can be the allaccess<br />

pass into the company system.<br />

Data privacy at the C-Suite level is critical in today’s hyperconnected, competitive market. Executives are<br />

responsible <strong>for</strong> making decisions that shape an organization's future, so shielding them from potential<br />

risks is vital. Protecting an executive’s personal and professional data ensures that confidential<br />

in<strong>for</strong>mation, important business strategies, plans and upcoming initiatives remain safe.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 43<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Why executive data privacy is critical.<br />

It’s important to understand that threats facing executives, separate from the rest of the work<strong>for</strong>ce, are<br />

real and on the rise. In fact, 58% of CEOs in the United States have received physical threats after taking<br />

a position on a controversial topic such as race, politics or gender. One reason <strong>for</strong> this is the increasing<br />

exposure of executives’ personally identifiable in<strong>for</strong>mation (PII) via social media channels. A recent poll<br />

of CEOs from the 2022 Fortune 500 list revealed that 70% of them have a profile on at least one social<br />

media plat<strong>for</strong>m, which is a 62% increase from 2020.<br />

As companies report more cybercriminal attacks on senior-level executives, especially with business or<br />

personal accounts as a tool, protecting personally identifiable in<strong>for</strong>mation should be a top priority.<br />

Executives are increasingly targeted directly or used as pawns in a larger organizational scheme, which<br />

can compromise sensitive business data and lead to unexpected, exorbitant costs.<br />

Data privacy, internal and external, helps minimize the risk of corporate espionage in the <strong>for</strong>m of hacking.<br />

While most companies invest heavily in cybersecurity, it’s not comprehensive <strong>for</strong> today’s ecosystem. <strong>The</strong><br />

next step to stay ahead of threats is External Data Privacy (EDP). This allows an organization to audit<br />

and secure data that is already outside of the organization which could be used in a malicious way.<br />

Executives' personal in<strong>for</strong>mation and online activity, such as email, social media or shopping behavior,<br />

may be used against them if they are not secured properly. Protecting and monitoring personal accounts<br />

and digital behavior is a way to safeguard not only the senior-level executive but also the reputation of a<br />

company and its stakeholders.<br />

Social engineering on the rise<br />

<strong>The</strong>re has been a significant increase in social engineering attacks, posing a serious threat to<br />

organizations and individuals in leadership positions. In fact, it was the top attack type in 2022.<br />

Social engineering refers to the manipulation of individuals to gain unauthorized access to sensitive<br />

in<strong>for</strong>mation or systems. It is often carried out through deceptive tactics, such as standard phishing via<br />

email or text message, or through social media, which can appear in the <strong>for</strong>m of account hacking,<br />

deception, impersonation or fraud.<br />

With the widespread use of social media plat<strong>for</strong>ms and increased online activity, individuals have become<br />

more susceptible to this type of manipulation. As such, organizations are also at risk, directly, or as<br />

byproducts of their staff’s poor External Data Privacy (EDP). <strong>The</strong>se social engineering techniques can<br />

be used to breach security systems and gain unauthorized access to valuable data.<br />

Executives must be cautious about the in<strong>for</strong>mation they share online and be vigilant against suspicious<br />

emails or messages asking <strong>for</strong> personal details.<br />

Once in<strong>for</strong>mation has been shared, however, it’s out there to be manipulated and used by threat actors,<br />

hence the need <strong>for</strong> stronger EDP across all employee segments. Organizations should prioritize investing<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 44<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

in EDP in addition to regular cybersecurity measures such as firewalls, encryption protocols and intrusion<br />

detection systems can enhance organizational safety.<br />

<strong>The</strong> recent rise in social engineering calls <strong>for</strong> heightened awareness about data privacy and protection.<br />

It’s critical <strong>for</strong> organizations to be proactive in safeguarding personal in<strong>for</strong>mation online and to implement<br />

effective measures at both individual and organizational levels, that way, it’s much easier to defend<br />

against these evolving threats.<br />

<strong>The</strong> future of data privacy<br />

When it comes to cyber threats, over half of today’s employees note that threat prevention <strong>for</strong> executives<br />

and their digital assets are not covered in their cyber, IT and physical securities budgets. And while<br />

attacks are increasing <strong>for</strong> executives, as is the cost of data breaches, the investment into external data<br />

protection needs to keep pace.<br />

With the financial impact of global cybercrime on track to reach $10.5 trillion by 2025, there is no better<br />

time to invest in an External Data Privacy strategy. Hackers are responsible <strong>for</strong> the bulk of digital crime,<br />

but the greatest threat is human error accounting <strong>for</strong> more than 80% of incidents, ranging from an<br />

executive with poor EDP or a team member clicking on a bad phishing link.<br />

As socially engineered threats become more widespread, and more executives become targets,<br />

monitoring <strong>for</strong> external risk across organizations will be a necessary addition to a comprehensive<br />

cybersecurity strategy moving <strong>for</strong>ward.<br />

About the Author<br />

Harry Maugans is the CEO of the Privacy Bee, a proactive privacy<br />

company. In 2012, Harry founded and became the CEO of<br />

Clickagy, a data intelligence plat<strong>for</strong>m <strong>for</strong> digital marketing and<br />

analytics. In 2020, he became the Vice President of Product at<br />

ZoomInfo, and in 2021, Harry stepped into his role as CEO of<br />

Privacy Bee. Harry Maugans attended the Terry College of<br />

Business at the University of Georgia from 2006 to 2010, where<br />

he studied Computer Science.<br />

Harry Maugans can be reached on LinkedIn here. Learn more<br />

about Privacy Bee by visiting https://privacybee.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 45<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>The</strong> Crucial Need <strong>for</strong> a Secure Software<br />

Development Lifecycle (SSDLC) in Today's Digital<br />

Landscape<br />

By John Riley III, <strong>Cyber</strong> Business Development, Alan B. Levan | NSU Broward Center of<br />

Innovation.<br />

“Securing the software delivery pipeline is as<br />

important as securing the software that is<br />

delivered.” 1 – Gartner<br />

In today's increasingly digital world, software is<br />

the backbone of business operations, from<br />

customer-facing applications to internal<br />

processes. However, the rapid growth of<br />

software development has also made<br />

organizations more vulnerable to security<br />

threats. To counteract this, companies must<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 46<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

prioritize a Secure Software Development Lifecycle (SSDLC) to ensure their software remains resilient<br />

in the face of evolving threats.<br />

A Secure Software Development Lifecycle strategy is essential <strong>for</strong> organizations that want to build and<br />

maintain secure software applications. It not only helps prevent security vulnerabilities, but also offers<br />

numerous benefits in terms of cost savings, regulatory compliance, customer trust, and competitive<br />

advantage. By making security an integral part of the development process, organizations can better<br />

protect their software and the data they process.<br />

<strong>The</strong> Necessity of SSDLC<br />

A Secure Software Development Lifecycle is a systematic and methodical approach to developing<br />

software with security at its core. It encompasses every phase of the software development process,<br />

from the initial design and coding to testing, deployment, and maintenance. Here's why companies must<br />

make SSDLC an integral part of their software development process:<br />

1. Early Vulnerability Detection: SSDLC encourages identifying and addressing security<br />

vulnerabilities at an early stage. This proactive approach minimizes the risks of costly security<br />

breaches and data leaks down the line.<br />

2. Regulatory Compliance: Various industries and regions have stringent regulations concerning<br />

data privacy and cybersecurity. Implementing an SSDLC ensures compliance with these<br />

regulations, helping companies avoid hefty fines and legal consequences.<br />

3. Risk Reduction: A robust SSDLC strategy significantly reduces the risk of security incidents. By<br />

integrating security measures from the start, organizations can better protect their reputation and<br />

sensitive data.<br />

4. Cost-Efficiency: Addressing security issues post-deployment can be expensive and timeconsuming.<br />

With SSDLC, the cost of fixing security vulnerabilities is drastically reduced, as issues<br />

are detected and rectified during the development process.<br />

5. Faster Development: Contrary to the belief that security measures slow down development,<br />

SSDLC can expedite the process by reducing the time spent on security-related issues and<br />

rework.<br />

Security Concerns in Software Deployment<br />

When deploying new software into their environments, companies must be aware of a range of security<br />

concerns:<br />

1. Data Security: Protecting sensitive data is paramount. Companies should implement encryption,<br />

access controls, and data retention policies to safeguard user in<strong>for</strong>mation.<br />

2. Authentication and Authorization: Ensure that users can only access the parts of the software<br />

and data they are authorized to. Weak authentication and authorization processes can lead to<br />

unauthorized access.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 47<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

3. Code Vulnerabilities: Unsecured code can provide entry points <strong>for</strong> attackers. Regular code<br />

reviews, static and dynamic analysis tools, and best coding practices are essential.<br />

4. Third-Party Components: Many applications use third-party libraries and components. It's<br />

crucial to keep these up to date and assess their security posture.<br />

5. Patch Management: Timely application of security patches is vital to address vulnerabilities in<br />

software components and operating systems.<br />

6. Secure Configuration: Ensure that servers, databases, and other system components are<br />

configured securely. Insecure configurations can expose the software to attacks.<br />

7. Network Security: Protect the software from network attacks by employing firewalls, intrusion<br />

detection systems, and monitoring network traffic.<br />

8. User Training: Educate users and employees about security best practices and potential threats<br />

to minimize the risk of social engineering attacks.<br />

9. Incident Response Plan: Develop a robust incident response plan to address security incidents<br />

swiftly and effectively. Plan to review quarterly and run exercises to test knowledge and<br />

implementation of the plan.<br />

10. Secure Development Environment: Keep the development and testing environments secure to<br />

prevent the introduction of vulnerabilities during development.<br />

<strong>The</strong> implementation of a Secure Software Development Lifecycle (SSDLC) is critical <strong>for</strong> companies<br />

deploying new software into their environments. A well-executed SSDLC strategy not only enhances<br />

security but also ensures regulatory compliance, reduces risks, and ultimately saves costs. As<br />

businesses increasingly rely on software, prioritizing security from the start is a non-negotiable<br />

requirement in today's digital landscape.<br />

Phases of SLDC<br />

1. Requirements Gathering and Analysis: In this phase, the project team collaborates with<br />

stakeholders to understand their needs and requirements. <strong>The</strong> goal is to create a detailed and<br />

comprehensive set of software requirements that will guide the development process.<br />

2. Planning: Based on the requirements, the project team creates a detailed project plan. This plan<br />

includes timelines, resource allocation, budgeting, and a breakdown of tasks. It provides a<br />

roadmap <strong>for</strong> the entire project.<br />

3. System Design: This phase involves designing the system architecture. It includes defining the<br />

software's structure, components, interfaces, and data. <strong>The</strong> result is a high-level design that<br />

serves as a blueprint <strong>for</strong> the development team.<br />

4. Implementation (Coding): During this phase, developers write the actual code <strong>for</strong> the software,<br />

following the design specifications. This is where the software is built according to the<br />

requirements and design.<br />

5. Testing: Testing is a crucial phase where the software is evaluated to identify and fix defects and<br />

ensure it meets the specified requirements. It includes various types of testing, such as unit<br />

testing, integration testing, system testing, and user acceptance testing.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 48<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

6. Deployment: Once the software has been thoroughly tested and is ready <strong>for</strong> release, it is<br />

deployed into the production environment. This phase may involve data migration, setting up the<br />

infrastructure, and making the software available to users.<br />

7. Maintenance and Support: After deployment, the software enters the maintenance phase. This<br />

involves addressing issues, releasing updates, and providing ongoing support to users.<br />

Maintenance may include bug fixes, per<strong>for</strong>mance enhancements, and the addition of new<br />

features.<br />

In the dynamic landscape of modern business, the importance of a Secure Software Development<br />

Lifecycle (SSDLC) cannot be overstated. With the rapid expansion of software development comes an<br />

increased vulnerability to security threats. A well-executed SSDLC not only <strong>for</strong>tifies against potential<br />

breaches, but also yields substantial benefits in terms of cost efficiency, regulatory adherence, customer<br />

confidence, and competitive edge. By integrating security seamlessly into each phase of development,<br />

organizations <strong>for</strong>tify their software and shield the data they manage. As reliance on software continues<br />

to grow, initiating projects with security in focus is an indispensable practice. This article encourages<br />

every cybersecurity professional to champion the adoption of SSDLC within their organizations, ensuring<br />

a robust and resilient software ecosystem <strong>for</strong> years to come. <strong>The</strong> phases of SSDLC, from Requirements<br />

Gathering to Maintenance and Support, provide a comprehensive roadmap <strong>for</strong> safeguarding software<br />

integrity and security.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 49<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

John Riley III, <strong>Cyber</strong> Business Development, Alan B. Levan | NSU<br />

Broward Center of Innovation<br />

With a career spanning over two decades in the software application<br />

industry, John Riley III brings a wealth of experience to the table. His<br />

journey has been marked by a steadfast commitment to understanding<br />

and solving customers' challenges and a strong belief that collaboration<br />

with like-minded professionals is the key to success.<br />

John's Specialties and Skills encompass a wide array of expertise,<br />

making him a versatile leader in various domains:<br />

In the realm of technology adoption, he excels in End User Adoption, ensuring that technological<br />

innovations seamlessly integrate into user workflows. He navigates the intricate landscape of SaaS,<br />

guides organizations through the complex process of Digital Trans<strong>for</strong>mation, and harnesses the power<br />

of Digital Twins <strong>for</strong> enhanced insights.<br />

John's knack <strong>for</strong> Business Process Alignment and his experience in DOD | Military give him a unique<br />

perspective on optimizing operations. He's a master of Pre-Sales, crafting strategies that drive success,<br />

and a seasoned hand in Business Development.<br />

In the world of software, John shines in Enterprise Software implementation and the cutting-edge arena<br />

of Enterprise Blockchain Plat<strong>for</strong>ms. He's well-versed in AI/ML and its applications and excels in Strategy<br />

development. His commitment to Innovation is unwavering, and he's skilled in building Knowledge<br />

Graphs <strong>for</strong> in<strong>for</strong>med decision-making. John also lends his expertise to organizations through Consulting,<br />

guiding them through complex challenges and ensuring robust <strong>Cyber</strong>security practices.<br />

John's career trajectory includes a significant tenure in the Oracle Applications space, with a focus on<br />

consulting services and education, assisting companies in software implementations, business process<br />

changes, and user adoption education.<br />

Most recently, he held the position of VP of Business Development at Kilroy Blockchain and assumed<br />

the role of organizer <strong>for</strong> two Blockchain Meet-Up groups in West Palm Beach, FL. Presently, he is the<br />

Co-founder and CEO of C-N-C Blockchain Advisory.<br />

Notably, John Riley III is a US Marine War Veteran, with a distinguished service record during Desert<br />

Shield/Desert Storm, underscoring his unwavering commitment to duty and leadership.<br />

John Riley III can be reached online at jriley@nova.edu and at our company website<br />

https://www.levancentercyber.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 50<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Beyond Passwords: AI-Enhanced Authentication<br />

in <strong>Cyber</strong> <strong>Defense</strong><br />

By Kathleen Dcruz<br />

Why all the noise about artificial intelligence? Now more than ever, AI is becoming part of our lives faster<br />

than you could imagine. <strong>The</strong> question that begs, there<strong>for</strong>e, is, 'Are we ready <strong>for</strong> an AI takeover?'<br />

In production and supply chain processes, most of the technology adopted is operated with machine<br />

learning and artificial neural networks, which computerize and completely per<strong>for</strong>m the work procedures.<br />

Moreover, technology proves to be beneficial to society and businesses in leveraging AI <strong>for</strong> cyber-security<br />

defense. AI is gathering the interest of many. However, AI is an in<strong>for</strong>mation technology often used as a<br />

cyber-security argon. <strong>The</strong> main question is, what can it achieve in this present time?<br />

1. AI Provides Continuous Coverage<br />

Technology and online plat<strong>for</strong>ms are always actively in use. That makes them prone to cyber threats and<br />

attacks since they are used regularly and are easily accessible. IT technicians and engineers need to be<br />

able to adequately oversee the cyber-attacks regardless of the strenuous, lengthy work shifts.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 51<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

To intensify authentication and instant detection of a threat, it is<br />

crucial to use data solutions such as; prospective analysis,<br />

matching patterns, and verification of previous data history. If an<br />

approaching attack is detected or suspected, it alerts the cyber<br />

security team, notifying them to act promptly.<br />

It is possible to engineer artificial intelligence systems to defend<br />

the network, secure data, and protect connected devices. To<br />

prevent a breach, AI will disconnect and cut off the network and<br />

log out of the devices to safeguard the system.<br />

This acts as a first-hand protection measure, enabling IT engineers to study the attack and devise further<br />

prevention methods carefully. Moreover, it is efficient when there is no work<strong>for</strong>ce in charge. AI guarantees<br />

network and system security.<br />

2. AI Addresses the Rise of RaaS<br />

With the current dependence on technology and digital plat<strong>for</strong>ms, ransomware is the main cause of<br />

concern.<br />

In 2020, ransomware constituted up to 27% of all malicious<br />

software attacks. This malware has nonetheless advanced to<br />

keep up with technology. Ransomware has progressively<br />

advanced, is more accessible, and has greater damaging<br />

effects. Since it is easily available, it is subsequently becoming<br />

greatly widespread.<br />

Malware and pernicious codes created by firms are being<br />

procured and utilized as destruction instruments. Today, hackers<br />

use advanced cyber-attack gadgets, mechanisms, and materials no matter their level of experience.<br />

This, there<strong>for</strong>e, calls <strong>for</strong> adopting greatly proficient cybersecurity technology operated by artificial<br />

intelligence to assess, prevent and rapidly counter the attacks.<br />

AI security components can warn IT technicians against imminent attacks be<strong>for</strong>ehand by; identifying<br />

susceptible system and network domains and precise points of attack. Furthermore, AI solutions can<br />

advance into malignant codes, also called "suspicious observables" This feature allows the IT work<strong>for</strong>ce<br />

to understand better its purpose and its effects on the network and digital systems.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 52<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

3. Improving the Defensive <strong>Cyber</strong>security<br />

Technology is being utilized in almost every aspect of today's life;<br />

there<strong>for</strong>e, it is our obligation to safeguard our infrastructure. A<br />

single destruction of the Global Positioning System (GPS) would<br />

cause power systems, banking industries, airports, trucks, and<br />

shipping activities to shut down. Even though humans can guard<br />

important technology systems, they cannot be well equipped to<br />

detect possible threats since hackers gradually implement<br />

advanced cyber-attack tactics.<br />

Conversely, it is <strong>for</strong>tunate that machine learning solution features gradually equip AI with up-to-date<br />

knowledge as it obtains greater experience and gains further data. Darktrace develops self-taught<br />

security systems that adopt AI to locate and halt cyber attacks; most attacks are rarely known or newly<br />

developed.<br />

This illustrates the dynamic nature of technology, hence the need to gain more knowledge on cyberattacks,<br />

their mode of progression, and their relation to and impact on the digital world. <strong>The</strong> continuous<br />

outburst of cyber threats potentially causes intense distress.<br />

Moreover, it instructs AI on what to be cautious of, defensive methods against cyber attacks, and how to<br />

identify areas vulnerable to new attacks. This improves AI's defensive and rational ability. Despite cyber<br />

attacks' negative and detrimental impacts, they present various advantages to AI and machine learning<br />

technology.<br />

4. AI Responds with Speed<br />

AI is advantageous because it provides solutions that analyze and rapidly transmit attack reports faster<br />

than human response actions. Machine learning operations use complex factual in<strong>for</strong>mation, pattern<br />

identification, and <strong>for</strong>ecast analytics to respond with unique, highly accurate, and rapid action.<br />

AI is more prompt and dependable whenever appropriate data is at its disposal. This makes it a perfect<br />

technology <strong>for</strong> detecting potential threats, developing ways to deal with them, and responding quickly<br />

and adequately to the attack.<br />

AI gives the cybersecurity team greater control over their expertise and a competitive advantage in the<br />

workplace.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 53<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

5. <strong>The</strong> Digital and AI Arms Race<br />

On the contrary, AI can point out shortcomings, pilot<br />

malicious cyber attacks, and establish an everaggressive<br />

strategy. This can be distinctively expressed<br />

as a technological escalation powered by AI or, rather,<br />

by the digital space. It is critical to consistently leverage<br />

new technology and implement new approaches to<br />

maintain a competitive edge and take the lead in cyber<br />

security. This is exactly the purpose of AI in defensive<br />

cybersecurity.<br />

Even though it might currently be viewed as argon, this is rapidly trans<strong>for</strong>ming. AI has a major role in<br />

defensive cybersecurity in the present times and also in the times ahead. AI facilitates the provision of<br />

timely 24-hour defenses, per<strong>for</strong>ms intricate threat investigations, and ascertains that the defenses are<br />

sent out rapidly in case of a possible attack.<br />

<strong>The</strong> rise of RaaS and other un<strong>for</strong>eseeable threats makes all necessary cybersecurity assistance<br />

essential.<br />

Final Thought<br />

From the above discussion, it is evident that AI is deemed to be a double-edged sword. AI can be utilized<br />

to one's benefit if well-managed and responsibly used.<br />

It is consequently important to comprehend that even though the current debate on the link between AI<br />

and cybersecurity has emphasized the negative effects of the technology, it is critical to always bear in<br />

mind that AI greatly safeguards us against cybersecurity threats.<br />

About the Author<br />

Kathleen D. is a passionate writer and guest blogger. Writing helps me<br />

improve my knowledge, skills & understanding of the specific industry. I love<br />

writing and sharing my knowledge mostly in the tech industry. I believe<br />

technology is the real wealth and want to spread my belief across the world.<br />

Apart from writing, she loves traveling & cooking.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 54<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

7 Steps to Build a <strong>Defense</strong> in Depth Strategy<br />

<strong>for</strong> Your Home<br />

By Roger Spears – <strong>Cyber</strong>security Project Manager, Schneider Downs<br />

One of the primary pillars of cybersecurity is having a “defense in depth” strategy, which means layering<br />

defensive security measures to protect your assets from digital intruders.<br />

With a defense in depth strategy, even if a digital intruder gets through one layer, they are met with<br />

another, and another, and another… until they lose interest and moves on to a new, more vulnerable<br />

target. <strong>Defense</strong> in depth is not about being perfect; it’s about making it difficult <strong>for</strong> digital intruders to<br />

access your assets.<br />

While many people think about multi-faceted security strategies from an organizational perspective, it’s<br />

also important to think about the personal security of home networks. We prioritize physical safety at<br />

home by frequently checking windows, locking our doors and installing security systems. We must<br />

approach and prevent digital intruders with the same vigor.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 55<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

To have the best chance of preventing digital intruders’ attacks, home networking equipment must be<br />

configured properly and updated regularly. Here are seven best practices <strong>for</strong> improving your home<br />

network security with a defense in depth strategy.<br />

1. Responsible Network and Password Security<br />

Managing a home network might sound daunting but, with the proper guidance, it is quite simple.<br />

Many don’t realize they interact with modern home networking equipment by using graphical user<br />

interfaces (GUIs) that allow point-and-click configuration and maintenance. All the following can be<br />

configured using GUIs: the administrator account password, USB and cloud settings, configuration from<br />

inside the network, wired administrator connection, segmentation, updates and resources.<br />

Home networking equipment includes an administrator account <strong>for</strong> configuration. Out of the box, that<br />

administrator account uses a default password, and, in most cases, you must change the administrator<br />

account password <strong>for</strong> security reasons. If you are not <strong>for</strong>ced to change the default, make sure to do so<br />

anyway.<br />

When changing your administrator account password, never reuse the default password or any easy-toguess<br />

passwords, such as your physical street address or last name. If a digital intruder discovers the<br />

make/model of your home networking equipment, they can find the default password by per<strong>for</strong>ming a<br />

simple Internet search.<br />

To see how someone could discover the name of your home networking equipment, use your phone or<br />

laptop to search <strong>for</strong> wireless networks around you. <strong>The</strong> default name <strong>for</strong> home networks usually includes<br />

the make and model of the network device.<br />

2. Secure USB Devices and Connectivity<br />

Modern home networking equipment usually includes USB connection capabilities. USB devices usually<br />

include printers or flash drives but can also include external hard drives and other digital asset<br />

repositories used to store private in<strong>for</strong>mation.<br />

Be<strong>for</strong>e plugging in, remember that once connected to the networking equipment, the in<strong>for</strong>mation<br />

contained on the USB device is available to all users on your network – including malicious ones loaded<br />

with malware. And if a digital intruder accesses your network, they will have access to those USB-based<br />

assets.<br />

From a security perspective, the ability to plug a USB device into your home networking equipment is like<br />

an open window in your house. If possible, you should disable the USB device connectivity from your<br />

home network.<br />

3. Secure Cloud Services and Connectivity<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 56<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>The</strong> same risks associated with USB devices connected to your network apply to cloud storage.<br />

Cloud services allow you to store files on “the cloud” and are usually offered by the manufacturer of the<br />

home networking equipment or can be bought from a third-party, such as Google or Microsoft.<br />

While cloud services have many upsides, “cloud” is really just another name <strong>for</strong> somebody else’s<br />

computer. This means anything you store on the cloud is only as secure as the service provider and,<br />

un<strong>for</strong>tunately, cloud service providers often experience security issues that impact their users.<br />

Remember, any service on your home networking equipment that connects directly to a third-party<br />

service, such as cloud services, is another entry point <strong>for</strong> a digital intruder.<br />

4. Restrict Administrator Rights<br />

Another best practice <strong>for</strong> improving home network security is to restrict the administration rights to your<br />

network.<br />

Nearly all modern home networking equipment allow you to limit the connection type when per<strong>for</strong>ming<br />

administrative duties. Make sure your home networking equipment can only be administered from inside<br />

the network.<br />

This means you can’t be on the road or in a hotel and connect back to your home networking equipment<br />

to configure it. It also means digital intruders can’t configure your home networking equipment from<br />

outside your network.<br />

Also, consider only per<strong>for</strong>ming administrator tasks while using a wired connection. Per<strong>for</strong>ming<br />

administrative tasks on networking equipment using a wireless connection allows digital intruders to<br />

potentially capture that traffic over the air. Typically, manufacturers of modern home networking<br />

equipment include cables in the box. If you need a cable, they are usually available at your local big box<br />

store or favorite online shopping outlet.<br />

5. Implement Network Segmentation<br />

Another best practice <strong>for</strong> securing home networks is network segmentation. Network segmentation<br />

involves creating separate networks <strong>for</strong> separate purposes. <strong>The</strong>se networks can include televisions,<br />

smart devices, computers, phones and guest networks.<br />

For those working from home, it’s a good idea to have a separate network just <strong>for</strong> work equipment. If you<br />

work from home, the same thought should be applied. Nobody should be able to observe network traffic<br />

related to your work. Imagine visiting a hotel or restaurant and observing their network traffic <strong>for</strong><br />

payments.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 57<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Guest networks are especially important because you don’t know how others use their devices. If their<br />

device is infected, that infection could spread to your networks. Additionally, visitors could lose their<br />

devices or accidentally reveal your network password to others.<br />

If a guest were to lose their device or reveal your guest network password, there is less potential <strong>for</strong> harm<br />

if you have proper network segmentation. Preventing networks from seeing each other provides traffic<br />

and access segmentation, which can prevent network segmentation-caused breaches, such as the attack<br />

on Target many years ago.<br />

Take the time to review your networking needs and develop your own list of networks. If your home<br />

networking equipment provides an option that prevents networks from seeing each other, be sure to<br />

activate it.<br />

6. Continually Update Home Network Equipment<br />

Be sure to continually update your home networking equipment. Just like computers and phones,<br />

networking equipment receives updates, which provide critical security fixes, security enhancements and<br />

new features.<br />

You can view a list of all known vulnerabilities (and their severity levels) associated with your home<br />

network equipment. <strong>The</strong> National Vulnerability Database maintains a list of known Common<br />

Vulnerabilities and Exposures (CVE). <strong>The</strong> CVE number associated with each vulnerability contains the<br />

year it was discovered/registered as a CVE.<br />

Visit https://nvd.nist.gov/vuln/search and provide the make and model of your home network equipment<br />

in the “Keyword Search” box and click the “Search” button. Keep in mind, several of the vulnerabilities<br />

listed may have already been remediated with firmware updates provided by the manufacturer.<br />

If you can’t set up automatic updates, simply set a calendar reminder or opt-in to your network provider’s<br />

notifications to make sure your equipment is running at its most secure state. If you purchase used<br />

equipment or prefer a more manual process, you can reference your home network equipment firmware<br />

and check the manufacturer’s website <strong>for</strong> updates.<br />

Remember to warn other users of your home network be<strong>for</strong>e launching the firmware update, as these<br />

updates usually drop connections while they install the new firmware and reboot.<br />

7. Contact the Manufacturer<br />

Finally, if you want to avoid restarting or restoring network default settings when you are experiencing<br />

issues with your home network, you can always reach out to the manufacturer.<br />

With the rise of remote work and cloud-based storage and applications, it’s vital to keep your household<br />

network and all the in<strong>for</strong>mation in it secure. It’s as important as locking your doors at night.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 58<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Mr. Spears has over 18 years of experience within the IT and<br />

<strong>Cyber</strong>security disciplines. He has spent his career leading dynamic<br />

teams on both small- and enterprise-level projects. He has previously<br />

served as Chief Technology Officer, <strong>Cyber</strong> Security Training<br />

Coordinator and in other related positions <strong>for</strong> employers in the higher<br />

education sector and, most recently, <strong>for</strong> the U.S. Navy. He will serve<br />

a broad array of Schneider Downs’ cybersecurity clients in similar<br />

capacities.<br />

Mr. Spears received his Bachelor of Science in Technology from<br />

Bowling Green State University and his Masters of Science in<br />

In<strong>for</strong>mation Assurance and Security from Capella University.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 59<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Zombie APIs: <strong>The</strong> Scariest Threat Lurking in<br />

<strong>The</strong> Shadows?<br />

By Dan Hopkins, VP of Engineering at StackHawk<br />

IT modernization and digital trans<strong>for</strong>mation initiatives, combined with faster software deployment<br />

lifecycles, has caused an exponential increase in the size and scale of API ecosystems within<br />

organizations. Designed to rapidly and seamlessly connect consumers and businesses to vital data and<br />

services, APIs power modern enterprises and applications. APIs are constantly in action, working in the<br />

background <strong>for</strong> when consumers finally book that dream vacation or place an online takeout order after<br />

a long workday. With API usage so widespread, touching every industry, and the vast treasure troves of<br />

sensitive data they boast access to, it comes as no surprise that cyber criminals are increasingly<br />

exploiting and abusing APIs to execute malicious attacks.<br />

<strong>The</strong> velocity and scale of API attacks has caused many to question the strength of their API security<br />

posture and deeply analyze where most API-centric risks persist. That brings us to Zombies, Zombie<br />

APIs that is. If the name alone doesn’t initially spark fear, Zombie APIs are APIs that have become<br />

abandoned, outdated or <strong>for</strong>gotten by an organization. Similar to a Zombie who revives from the dead in<br />

a horror movie, Zombie APIs should be deceased but continue to lurk in the shadows within corporate<br />

environments. Recent research from Salt Security revealed that 54% of security leaders categorize<br />

Zombie APIs as their greatest concern when it comes to API security. Up from 42% in the previous<br />

report.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 60<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

As Zombie APIs are essentially <strong>for</strong>gotten and out of mind, there is no regular patching or updates being<br />

made in either a functional or security capacity. <strong>The</strong>re<strong>for</strong>e, Zombie APIs boast the power to become an<br />

incremental security risk. <strong>The</strong>y are removed from API documentation and security testing programs,<br />

leaving them to rot over time and expose new vulnerabilities.<br />

While Zombie APIs pose significant threats to cyber resilience, there is one other great cause <strong>for</strong> concern<br />

within API security - the presence of Shadow APIs. Shadow APIs can be defined as third-party APIs that<br />

exist outside of an organization's official API ecosystem, remaining invisible to most and void of security<br />

controls. Oftentimes, these types of APIs are created and deployed by well-meaning developers on a<br />

time crunch to meet business and application innovation demands. Despite no ill-intent from a developer,<br />

these unmanaged, non-restricted APIs have the potential to cause severe vulnerabilities. Shadow APIs<br />

often fail to adhere to correct API governance standards, may not meet security best practices such as<br />

those outlined in the OWASP API Security Top 10, and may also expose sensitive data.<br />

<strong>The</strong> presence of Zombie and Shadow APIs remains widespread across organizations, which in turn<br />

creates many opportunities <strong>for</strong> sly and sneaky bad actors to execute an attack. <strong>The</strong> root cause of both is<br />

simple: Broken and siloed communication between developers and security teams. Developers and<br />

engineering teams are rapidly creating APIs to keep pace with innovation, and security personnel are<br />

willfully trying to protect and manage them. But both play a significant role in securing the API ecosystem.<br />

Particularly in relation to API documentation and inventory management. As the saying goes, “you cannot<br />

protect what you cannot see”.<br />

Developers and engineers not only have a duty of care to keep a robust catalog of the APIs created and<br />

deployed, but also to brief the appropriate parties about deprecated APIs no longer being utilized. This<br />

intel should be continually shared with security teams to ensure API inventories remain complete, make<br />

certain appropriate patching and testing initiatives are carried out and allow the complete removal of<br />

expired APIs.<br />

Mitigating the volume of Zombie APIs requires developer and security teams to liaise with one another<br />

to comprehensively define and articulate robust API retirement policies and procedures and determine<br />

who is responsible <strong>for</strong> executing such activity. This practice will ensure that inactive APIs are <strong>for</strong>mally<br />

taken out of an ecosystem and avoid future attacker retaliation.<br />

Similarly, alleviating the threat of Shadow APIs also calls <strong>for</strong> deep synergy and collaboration amongst<br />

teams and strong DevSecOps practices. Security teams must work with engineers and developers to<br />

define and en<strong>for</strong>ce governance policies <strong>for</strong> APIs being created. <strong>The</strong>se policies should clearly describe<br />

which individuals can create new APIs, how they should be designed, deployed and utilized, and offer<br />

insight into the required testing mechanisms new APIs must undergo prior to being pushed into<br />

production.<br />

<strong>The</strong> existence and proliferation of Zombie and Shadow APIs ultimately comes down to two factors: broken<br />

communication and human error. Breaking down the barriers of communication and solid collaboration<br />

amongst developers and security teams will significantly improve API documentation, inventory<br />

management and help en<strong>for</strong>ce security best practices. Without it, organizations will continue to be<br />

plagued with API risk, and remain unsuspecting of possible threats and unprotected against exploits.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 61<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Dan Hopkins is VP of Engineering at StackHawk. He has been a software<br />

engineer <strong>for</strong> 20 years, working at high growth startups such as VictorOps<br />

and LivingSocial and at large high-tech companies such as Splunk. For the<br />

last 10 years, he has focused on building tools <strong>for</strong> progressive engineering<br />

teams adopting DevOps and DevSecOps practices.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 62<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

How To Combat the Mounting ‘Hacktivist’<br />

Threat<br />

By Manish Gohil, Senior Associate, Dragonfly<br />

<strong>The</strong> war in Ukraine has seen the emergence of highly-disruptive cyber criminals, motivated less by money<br />

than ideology. <strong>The</strong>se ‘hacktivists’ are actively targeting businesses to further their interests – those<br />

backing Moscow have been posing a threat to Western states as well as the operations and reputation<br />

of organisations. Corporate exposure to pro-Russia hacktivism is substantial. Yet it does not appear to<br />

be a priority concern <strong>for</strong> businesses, leaving them exposed to attacks in what is a rapidly evolving threat<br />

landscape.<br />

Hacktivist groups, both current and past, have sought to cause nuisance and disruption to both<br />

governments and corporations, in line with their ideological goals. For example, we have seen this last<br />

year with high-profile data breaches by an environmental hacker collective called ‘Guacamaya’, impacting<br />

national governments and militaries in Mexico and other parts of Latin America. <strong>The</strong>ir tactics are not<br />

particularly sophisticated (typically involving website defacements and Distributed Denial of Service or<br />

DDoS attacks – that is the flooding of target networks with an overwhelming amount of traffic). <strong>The</strong><br />

operations are often timed to result in maximum disruption.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 63<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

However, many corporate cyber teams do not appear to be looking at these threat groups as seriously<br />

as they should, putting their companies on the back foot, across a range of geographies. I argue that this<br />

stems from a limited understanding of the geopolitical and security landscape and the developments<br />

spawning these groups, as well as a weak grasp of how, when and why they operate, and who they are<br />

intent on pursuing.<br />

Real-world events – politics, war, sanctions – arguably exert the biggest influence over the tactics and<br />

techniques employed by hacktivists. <strong>The</strong> Ukraine war is a case in point. It has led to the creation of new<br />

– and the re-emergence of dormant – hacker groups. Each side in the conflict is now able to draw on<br />

cyber actors willing to fight <strong>for</strong> their respective cause.<br />

Ukraine’s volunteer ‘cyber army’ has impacted key Russian sectors, while pro-Russia groups have<br />

launched widespread DDoS attack campaigns against European states over their support <strong>for</strong> Ukraine.<br />

<strong>The</strong> latter have hit sectors such as banking, finance, energy, and transport. And, recently, they have<br />

upped the ante by explicitly threatening to carry out what they describe as destructive hacks against<br />

Western financial entities, in an attempt to paralyse global payment systems.<br />

While most pro-Russia hacktivist groups stalking corporations do not appear to be capable of inflicting<br />

significant damage or major financial loss, they nonetheless present a persistent disruptive threat. <strong>The</strong><br />

groups’ goals are to exert pressure and embarrassment, often making demands aimed at drawing<br />

businesses deeper into their line of fire. It has <strong>for</strong>ced more and more decision-makers to adopt a<br />

defensive posture, <strong>for</strong> instance through enhanced DDoS protections. Such is the danger they pose that<br />

the UK National <strong>Cyber</strong> Security Centre this year warned that these state-aligned groups intended to<br />

launch “destructive and disruptive attacks”.<br />

As a way of boosting their profile, hacktivists have also turned to brazen, coercive tactics and threats to<br />

pressure their victims. This summer, the hacktivist group ‘Anonymous Sudan’, which supports Russia,<br />

claimed responsibility <strong>for</strong> DDoS attacks against a major European airline and Microsoft365 services. And<br />

the prolific pro-Russian ‘Killnet’ collective has escalated its threats, warning of physical attacks (such as<br />

the burning of offices and the singling out of employees) of a target organisation. While such threats are<br />

probably overblown, they are effective because of the psychological pressure they can place on<br />

companies and their staff.<br />

States’ leveraging of hacktivists complicates the threat to businesses. <strong>The</strong>re has been growing evidence<br />

of collusion between the Russian state and pro-Russia groups since the Ukraine war broke out in<br />

February 2022. <strong>The</strong> cybersecurity firm Mandiant said earlier this year that it had identified three “so-called<br />

hacktivist groups” that appeared to be working with – or operating as a front <strong>for</strong> – the Russian intelligence<br />

agencies. An unverified, leaked US intelligence report this year revealed coordination between a pro-<br />

Russia hacktivist group and the Russian FSB domestic security service in an operation that could<br />

potentially have damaged a Canadian gas facility.<br />

Many corporations do not have a sense of the hacktivist threat they face until they have been targeted.<br />

However, with a greater understanding of the geopolitical landscape, cybersecurity teams would be better<br />

equipped to identify and track developments or indicators that might place their organisation in hacktivist<br />

crosshairs. A whole series of events during the Ukraine war have sparked a near-immediate response<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 64<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

y pro-Russia hacktivists. <strong>The</strong>se have included DDoS attack campaigns on specific countries, sectors<br />

and firms.<br />

<strong>The</strong> most likely triggers <strong>for</strong> pro-Russia campaigns include the following developments: new sanctions<br />

packages against Russia; disputes over trade or transit of Russian goods; announcements of significant<br />

military assistance to Ukraine; European countries’ expulsion of the Russian diplomats; the removal of<br />

Soviet monuments, particularly in eastern European countries; and approaching national elections in<br />

North America and Europe. Regarding the latter, pro-Russia hacktivists will almost certainly see the<br />

upcoming Polish elections on 15 October as a prime opportunity to strike at entities and companies there.<br />

All the evidence suggests that the hacktivist menace is not going to go away anytime soon. Organisations<br />

not only need to become alert to the dangers but must also try to anticipate them. In so doing, they can<br />

then begin to mitigate their impact. <strong>The</strong> fast-moving and dynamic way in which these new cyber threats<br />

evolve means cyber professionals require an edge. Geopolitical intelligence has a critical role to play<br />

here. Having the capacity to <strong>for</strong>ecast real-world risks – such as revolution, insurrection, and war – and<br />

simultaneously identify ensuing cyber threats will increasingly become critical to the protection of<br />

organisations.<br />

About the Author<br />

Manish Gohil is a Senior Associate covering cyber risks at Dragonfly, a<br />

geopolitical and security risk consultancy firm based in London. He has<br />

several years of experience in helping organisations anticipate<br />

geopolitical risks globally, including topics on how real-world events<br />

impact the cyber threat landscape. Manish previously led coverage on<br />

the South Asia region on political and security issues, and is a Certified<br />

Security Management Professional.<br />

manish.gohil@Dragonflyintelligence.com,<br />

https://www.dragonflyintelligence.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 65<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

OT <strong>Cyber</strong>security: Safeguarding Building<br />

Operations in a Digitized World<br />

By Mirel Sehic, Global Director of <strong>Cyber</strong> Security, Honeywell<br />

In an increasingly digitized world, the looming threat of cyberattacks has cast a shadow over nearly every<br />

aspect of our lives. As technology continues to intertwine with our daily routines, the vulnerability of a<br />

building's critical infrastructure becomes ever more apparent. <strong>The</strong>se concerns are brought into the<br />

spotlight by high-profile ransomware attacks, which can now penetrate even the most intricate systems.<br />

Recently, in September, the gravity of this threat was illustrated when two Las Vegas casinos fell victim<br />

to an in<strong>for</strong>mation technology (IT) cybersecurity breach. This breach not only caused slot machines to be<br />

down but also rendered hotel cards useless, among other disruptions. <strong>The</strong> aftermath of these attacks<br />

cost these institutions millions of dollars in revenue, underscoring that no business, regardless of the<br />

sophistication of its cybersecurity systems, is immune to such attacks.<br />

While this example shows how the consequences of any cybersecurity attack can be severe, it is<br />

imperative to also recognize that attacks associated with operational technology (OT) cybersecurity can<br />

be even more catastrophic. In these cases, operations cease, and entire systems come to a standstill.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 66<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Unlike IT cybersecurity attacks, which primarily jeopardize data, OT cybersecurity breaches threaten not<br />

only the integrity of in<strong>for</strong>mation but also the functionality and safety of the spaces we inhabit.<br />

<strong>The</strong> number of cyberattacks involving OT systems has steadily increased in recent years. Several factors<br />

contribute to this trend, including inadequately protected cybersecurity environments, the influx of new<br />

Internet of Things (IoT) devices and connected systems, and the escalating complexity of securing OT<br />

systems. <strong>The</strong>se challenges highlight the need <strong>for</strong> organizations to prioritize the security of these critical<br />

systems.<br />

In tandem with the surge in attack incidents, the global cost of cybercrime is also increasing, with a portion<br />

of the multi-trillion dollar cybercrime industry cost being attributed to attacks on operational technology<br />

environments. This emphasizes the escalating threat to OT environments and highlights the urgency <strong>for</strong><br />

organizations to bolster their cybersecurity measures to protect against attacks, especially given the<br />

critical role OT systems play in the safe and effective operation of industrial processes. As the<br />

cybersecurity threat landscape continues to expand within both OT and IT, it is paramount <strong>for</strong><br />

organizations to proactively stay ahead of the curve.<br />

When speaking about OT cybersecurity attacks in buildings, it is imperative to understand that buildings<br />

are not just physical structures but instead, they serve as the vital hubs of modern life, encompassing<br />

offices, entertainment facilities, factories, hospitals and more. However, this centrality makes them an<br />

attractive target <strong>for</strong> cyberattacks. Equipped with various smart systems like access control, heating,<br />

ventilation, and air conditioning (HVAC) and lighting, buildings have become increasingly digital, but this<br />

digitalization also exposes them to vulnerabilities. As the lines blur between the physical and digital<br />

worlds, attackers exploit new avenues to infiltrate these spaces.<br />

To enhance a building’s resilience against OT attacks, cybersecurity governance stakeholders, from<br />

facility managers, operators to CISOs should adopt a layered security approach. This method begins with<br />

a comprehensive security assessment to understand assets and how they communicate with each other.<br />

Once an assessment has been completed, key stakeholders can identify vulnerabilities, create a secure<br />

configuration and design plan that prioritizes critical assets while also selecting additive cybersecurity<br />

appliances and software to bolster defenses. From there, operators can begin to implement holistic<br />

cybersecurity monitoring and importantly create an incident readiness plan to be prepared in case of any<br />

future incidents. This convergence provides real-time threat detection and response capabilities,<br />

bolstering a building's defense against cyberattacks. However, while these are just a few of the steps<br />

building owners and operators can take to reduce vulnerabilities, each plan will vary based on the<br />

building's security risk requirements and budget.<br />

<strong>The</strong> intersection of OT and IT cybersecurity in the built environment requires a comprehensive approach.<br />

It necessitates a collective understanding that buildings are not just physical spaces but also digital<br />

ecosystems. <strong>The</strong> future demands a holistic approach to OT security, aligning IT and building<br />

management to safeguard the spaces we rely on.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 67<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Mirel Sehic is the Global Director of <strong>Cyber</strong> Security of Honeywell. Mirel<br />

Sehic is the vice president general manager of cybersecurity <strong>for</strong><br />

Honeywell Building Technologies (HBT). He leads a team that is<br />

responsible <strong>for</strong> educating and helping customers ef<strong>for</strong>ts to protect their<br />

operational technology (OT) cybersecurity critical infrastructure<br />

environments. Mirel oversees the cybersecurity business globally,<br />

including the integration with development, partnerships, marketing of<br />

solutions, sales and operations. Mirel can be reached online at our<br />

company website https://buildings.honeywell.com/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 68<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>The</strong> <strong>Cyber</strong> Risk Nightmare and Financial Risk Disaster of<br />

Using Personal Messaging Apps in <strong>The</strong> Workplace<br />

By Anurag Lal, President and CEO of NetSfere<br />

Using personal messaging apps <strong>for</strong> business communication and collaboration is harmless – right?<br />

Wrong. This practice, which is un<strong>for</strong>tunately still widespread in an environment of relentless cyberattacks,<br />

is fraught with major cyber and financial risk.<br />

Unsecure messaging apps are a gateway <strong>for</strong> cybercriminals to access, expose and exploit an enterprise’s<br />

sensitive data. When this happens, the cyber and financial fallout can be devastating <strong>for</strong> organizations.<br />

To mitigate cyber and financial risk, enterprises should move to secure mobile messaging plat<strong>for</strong>ms with<br />

robust security and control features that are specifically designed to maintain data security, integrity and<br />

privacy.<br />

Using messaging apps not designed <strong>for</strong> the enterprise invites a cyber risk nightmare and financial risk<br />

disaster.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 69<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> risk nightmare<br />

<strong>Cyber</strong> criminals are using unsecure mobile messaging tools to infiltrate and wreak havoc on enterprise<br />

networks and systems. Bad actors are very aware that consumer-grade messaging apps and unsecure<br />

collaboration tools were not designed <strong>for</strong> enterprise use and are tailoring attacks to take advantage of<br />

security gaps and vulnerabilities in these tools.<br />

Data shows that the use of unsecure messaging and collaboration apps is fueling an increase in global<br />

cyberattacks. Findings from a Check Point Research report show that cyberattacks are increasing<br />

worldwide, with 38% more cyberattacks per week on corporate networks in 2022, compared to 2021. <strong>The</strong><br />

report revealed that this increase was driven by smaller, more agile hacker and ransomware gangs, who<br />

focused on exploiting collaboration tools used in work-from-home environments.<br />

<strong>The</strong> use of unauthorized apps in the workplace like consumer-grade messaging apps, or what is called<br />

shadow IT, introduces network vulnerabilities that put companies at risk of compliance violations and<br />

data breaches. In fact, Randori’s State of Attack Surface Management 2022 report revealed that 7 in 10<br />

organizations have been compromised by shadow IT.<br />

Financial risk disaster<br />

Using personal messaging apps in the workplace can also result in crippling financial losses <strong>for</strong><br />

enterprises. Business disruption, reputational damage, downtime, legal fees and fines <strong>for</strong> compliance<br />

violations are all disastrous effects of data breaches that impact the bottom line.<br />

Over the last few years, many organizations learned the hard way that using these unsecure<br />

communication and collaboration tools exponentially increases cyber risk that can result in costly<br />

compliance violations. For example, a massive crackdown by the SEC on the use of unapproved<br />

communication apps led to 16 firms being fined $1.1 billion in 2022, followed by another round of<br />

violations <strong>for</strong> 11 more firms in August of this year resulting in an additional $289 million in fines.<br />

<strong>The</strong> bottom line damaging impact of cyberattacks was recently quantified in research by ThreatConnect<br />

which found that cyberattacks can cost enterprises up to a whopping 30% of operating income.<br />

That’s not surprising considering that IBM most recent cost of a data breach report showed the global<br />

average cost of a data breach reached $4.45 million in <strong>2023</strong> – an all-time high <strong>for</strong> the report and a 15%<br />

increase over the last three years.<br />

Company stock prices also take a hit when data breaches occur. A Comparitech analysis of the impact<br />

of data breaches on the share prices of 34 breached companies that were listed on the New York Stock<br />

Exchange (NYSE), found that share prices of these breached companies hit a low point approximately<br />

110 market days following a breach, falling -3.5% on average, and underper<strong>for</strong>ming the NASDAQ by -<br />

3.5%. According to the analysis, one year after the data breach the share price of breached companies<br />

fell -8.6% on average and underper<strong>for</strong>med the NASDAQ by -8.6%. After 2 years, the average share price<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 70<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

fell -11.3%, and underper<strong>for</strong>med the NASDAQ by -11.9%. And after three years, the average share price<br />

was down by -15.6% and down against the NASDAQ by -15.6%.<br />

<strong>The</strong> impact of cyber risk on corporate balance sheets extends even further. Last year, the Wall Street<br />

Journal reported that credit-rating firms are warning companies about cyber risks and issuing reports on<br />

how attacks could affect their credit ratings. This has serious implications <strong>for</strong> companies as a cyber risk<br />

downgrade in credit rating can negatively impact shareholder value and investor confidence.<br />

Evolving data privacy and security regulations present another financial risk, with regulators stepping up<br />

en<strong>for</strong>cement and issuing record fines <strong>for</strong> compliance violations. Data protection supervisory authorities<br />

across Europe have issued a total of €1.64 billion ($1.74 billion) in fines since January 28, 2022,<br />

representing a year-on-year increase in aggregate reported GDPR fines of 50%.<br />

<strong>The</strong> right mobile messaging tools reduce enterprise risk<br />

<strong>The</strong> growing frequency and sophistication of cyber threats present existential levels of cyber and financial<br />

risks <strong>for</strong> enterprises today. <strong>The</strong> practice of using unsecure mobile messaging apps in the workplace<br />

needlessly increases these risks.<br />

Using enterprise-grade secure mobile messaging technology mitigates cyber and financial risks in<br />

business communication. This technology reduces the attack surface, providing no point of entry <strong>for</strong><br />

malicious hackers intent on accessing sensitive enterprise data.<br />

Mobile messaging plat<strong>for</strong>ms designed <strong>for</strong> the enterprise feature end-to-end encryption (E2EE), protecting<br />

data at rest and in transit and ensuring that only the sender and receiver can read messages. Secure by<br />

design collaboration technology like this provides employees with a convenient and frictionless way to<br />

share ideas, files, and data without the risk of data leakage or exposure.<br />

<strong>The</strong>se plat<strong>for</strong>ms also reduce risk with robust administrative controls that enable centralized account<br />

management, file sharing and policy compliance, remote wipe, real-time reporting and other capabilities,<br />

giving IT departments the control mechanisms, they need to securely manage the distribution of<br />

in<strong>for</strong>mation across the enterprise.<br />

Providing employees with user-friendly mobile messaging tools that don’t compromise security or<br />

compliance is a risk management strategy that eliminates the use of unsecure mobile messaging apps.<br />

When employees have the secure tools they need to optimize their work experience, productivity<br />

increases and cyber risk decreases.<br />

Today, organizations need to ban the use of unauthorized messaging apps and adopt enterprise-grade<br />

plat<strong>for</strong>ms to protect their networks and systems from the cyber threats that create cyber risk nightmares<br />

and financial risk disasters.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 71<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Anurag Lal is the President and CEO of NetSfere. With more<br />

than 25 years of experience in technology, cybersecurity,<br />

ransomware, broadband and mobile security services, Anurag<br />

leads a team of talented innovators who are creating secure and<br />

trusted enterprise-grade workplace communication technology<br />

to equip the enterprise with world-class secure communication<br />

solutions. Lal is an expert on global cybersecurity innovations,<br />

policies, and risks.<br />

Previously Lal was appointed by the Obama administration to<br />

serve as Director of the U.S. National Broadband Task Force.<br />

His resume includes time at Meru, iPass, British Telecom and Sprint in leadership positions. Lal has<br />

received various industry accolades including recognition by the Wireless Broadband Industry Alliance<br />

in the U.K. Lal holds a B.A. in Economics from Delhi University and is based in Washington, D.C. Anurag<br />

can be reached online at @anuragl and www.netsfere.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 72<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

DevOps’ Big Challenge: Limiting Risk Without<br />

Impacting Velocity<br />

By Asaf Karas, CTO <strong>for</strong> JFrog Security<br />

Businesses leverage enterprise applications to build a competitive edge and move quickly. <strong>The</strong>se<br />

applications need to be built, secured, deployed, and updated on a daily basis in most cases. This is<br />

where the power of DevOps comes in to prioritize swift software delivery.<br />

Businesses’ heavy reliance on software applications has spurred increased use of open-source software<br />

(OSS) libraries and packages, which can help accelerate software delivery. While the benefits of opensource<br />

software are undeniable, its use also comes with challenges, particularly where security is<br />

concerned. OSS accounts <strong>for</strong> roughly 70 to 90 percent of all enterprise software, which is largely why<br />

OSS has become a primary target <strong>for</strong> cyber threats, where malicious actors target vulnerabilities within<br />

software supply chains.<br />

This means developers are now every enterprise’s first line of defense against a software supply chain<br />

attack. Ideally, DevOps teams need to preemptively shield against high-risk packages be<strong>for</strong>e they<br />

infiltrate their organization's infrastructure, which calls <strong>for</strong> the early-stage analysis of open-source<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 73<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

packages. <strong>The</strong> idea is to obstruct risky or malicious components at the point of request or update so they<br />

don’t infiltrate the software ecosystem.<br />

Rising Threat: Software Package Hijacking<br />

Software package hijacking is a rising and significant cybersecurity threat where legitimate software<br />

packages are injected with malicious code. Although challenging to execute, the method is highly<br />

effective due to the widespread use of these packages, creating a high infection rate. Once a package<br />

hijacking incident is identified, package maintainers or public repository administrators work to remove<br />

the malicious version and publish a clean one, making the infected version inaccessible.<br />

<strong>The</strong>re are two main types of software package hijacking:<br />

1. External Package Hijacking. Software package hijacking is typically carried out using unauthorized<br />

access to maintainers' and developers' accounts or by discreetly injecting hidden malicious code into<br />

legitimate code contributions to open-source projects. A relatively recent example of this was seen in the<br />

PyTorch library, a renowned Python machine-learning framework with more than 180 million downloads.<br />

In December 2022, PyTorch experienced a dependency hijacking attack directly targeting the machine<br />

learning (ML) developer community. <strong>The</strong> attacker successfully acquired PyTorch maintainer credentials<br />

and introduced a malicious dependency named "torchtriton" into the project. <strong>The</strong> malicious package<br />

garnered more than 3,000 downloads within just five days.<br />

<strong>The</strong> payload concealed within torchtriton exfiltrated sensitive in<strong>for</strong>mation, including Secure Shell (SSH)<br />

keys and environment variables, sending them to the attacker's server.<br />

2. Self-Package Hijacking (Protestware). Software package hijacking isn't limited to external malicious<br />

actors; developers and project maintainers themselves sometimes engage in this activity as a <strong>for</strong>m of<br />

protest or advocacy <strong>for</strong> their beliefs. This <strong>for</strong>m of hijacking, often referred to as "protestware," is a<br />

concerning trend because it can be difficult <strong>for</strong> an organization to recognize it be<strong>for</strong>e it's too late.<br />

Take, <strong>for</strong> instance, "faker" and "colors," two npm packages highly favored by Node.js developers. <strong>The</strong><br />

“colors” package enables developers to apply styles, fonts, and colors to the Node.js console, while<br />

“faker” aids in generating data <strong>for</strong> testing purposes during development.<br />

<strong>The</strong> same individual authored both packages which became quite popular, rising to millions of weekly<br />

downloads. In January 2022, the author intentionally sabotaged the packages to protest against large<br />

corporations that didn't contribute to the open-source community. <strong>The</strong>y sabotaged both packages by<br />

injecting an infinite loop into the code, effectively rendering thousands of projects that depended on these<br />

packages inoperable. It took two days to detect this malicious modification following the release of the<br />

tainted versions.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 74<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

By making this single alteration to the package code, a multitude of companies were impacted by the<br />

malicious code and faced significant disruptions to their products and development workflows.<br />

<strong>Defense</strong> Mechanism: Curate Be<strong>for</strong>e You Code<br />

It’s not surprising that these hijacking methods have become prominent in recent years — up to 96<br />

percent of applications contain at least one open-source component. As developers collaborate on<br />

software production, there is one word they should become familiar with when it comes to securing the<br />

software development pipeline: curation.<br />

At a high level, the word "curation" is defined as the act of thoughtfully selecting and organizing items --<br />

a process typically associated with articles, images, music, and so on. In this case, however, the items<br />

being curated are open-source software components in a way that acts as an automated lock to<br />

safeguard the gateway of the software pipeline. It entails filtering, tracking, and managing software<br />

packages based on preset policies to ensure the use of reliable components across the development<br />

lifecycle.<br />

Curating software components streamlines development by guaranteeing the safety, reliability, and<br />

current status of packages. <strong>The</strong> idea is to protect against both known and unknown risks through a<br />

comprehensive approach that strengthens the organization's software supply chain by establishing a<br />

trusted source of packages.<br />

As the concept of DevSecOps (development + security + operations) gains prominence, curation serves<br />

as the initial defense, preventing package-related risks early in the software development process to<br />

improve alignment within the organization and enhance the overall developer experience. Effectively<br />

curating software packages within the supply chain provides peace of mind by offering secure building<br />

blocks <strong>for</strong> development teams.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 75<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Ultimately, software package hijacking is a growing concern in the cybersecurity landscape as external<br />

actors and —in some cases, even developers themselves — attack software packages to execute<br />

malicious code. Vigilance through proactive curation of software packages, improved security measures<br />

across the software supply chain, and rapid incident response are all essential to safeguarding the<br />

integrity of software packages upon which countless developers and organizations rely.<br />

About the Author<br />

Asaf Karas is Chief Technology Officer <strong>for</strong> JFrog Security. A seasoned<br />

security expert, Karas has extensive experience in reverse engineering,<br />

device debugging, network <strong>for</strong>ensics, malware analysis, big data, and<br />

anomaly detection. Prior to JFrog, Karas served as CTO of Vdoo, which<br />

delivered an integrated security plat<strong>for</strong>m designed <strong>for</strong> connected, IoT, and<br />

embedded devices. Vdoo was acquired by JFrog in June 2021. Karas<br />

also spent several years working with international military organizations.<br />

Asaf spent almost 15 years leading security research at the Israeli<br />

<strong>Defense</strong> Forces where he served as a branch leader <strong>for</strong> over 100 cyber specialists. Asaf can be reached<br />

online at (LinkedIn, @JFrogSecurity) and at our company website https://jfrog.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 76<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

ChatGPT For Enterprises Is Here – But CEOs<br />

First Want Data Protections<br />

Amidst the rise of generative AI, business leaders must navigate the delicate balance of<br />

adoption, security, and trust.<br />

By Apu Pavithran, CEO and Founder, Hexnode<br />

At the end of August, OpenAI released ChatGPT <strong>for</strong> Enterprises. <strong>The</strong> much-hyped version focuses on<br />

“enterprise-grade security,” advanced data analysis capabilities, and customization options. But, it’s<br />

unlikely to change how businesses view the tool. Despite a solid majority (60%) of US executives<br />

expecting generative AI (GenAI) to have an enormous long-term impact, they’re still a year or two away<br />

from implementing their first solution.<br />

Regardless of self-proclaimed “enterprise” solutions, business leaders first want to understand how the<br />

technology works, evaluate their internal capabilities and data security, and invest accordingly.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 77<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Let’s explore how businesses can navigate the delicate balance of adoption, security, and trust in the era<br />

of GenAI.<br />

Why Business Leaders Aren’t Yet Sure of GenAI<br />

So, how does this technology work, and why does it warrant concern <strong>for</strong> businesses? GenAI models<br />

undergo extensive training on vast image and text datasets from various origins. Users start the process<br />

with an initial prompt to the plat<strong>for</strong>m which serves as a guide <strong>for</strong> generating content. Given that these<br />

models are still in their learning phases, however, the way data is utilized on the backend remains<br />

uncertain.<br />

It’s important to recognize that any shared in<strong>for</strong>mation effectively becomes part of the plat<strong>for</strong>m’s training<br />

data, influencing future outputs. While ChatGPT assures consumers of not training their software with<br />

personal or corporate data, OpenAI faces multiple high-profile data leaks. For example, Samsung faced<br />

a proprietary data leak with ChatGPT. Meanwhile, others criticized the way it learns from content in a<br />

manner that potentially breaches copyright.<br />

Enterprises are right to approach this technology with a healthy dose of caution. Consider that higher<br />

adoption of GenAI and subsequent integration with third-party plat<strong>for</strong>ms demand additional assessment<br />

from cybersecurity teams. As a result, their focus is no longer confined to internal measures but to also<br />

scrutinizing the security of third-party software and its affiliates. Additionally, another emerging threat<br />

involves injection attacks targeting customer support chatbots, which could potentially grant unauthorized<br />

access to enterprise systems. If unaddressed, the potential threat vector with this technology is<br />

considerable.<br />

Interestingly, 45% of organizations believe that if they fail to implement the right risk management tools,<br />

GenAI could potentially erode trust within their organization. <strong>The</strong>re<strong>for</strong>e, be<strong>for</strong>e onboarding this<br />

technology, business leaders are doing their homework to ensure a safe and responsible adoption. This<br />

meticulous approach to adoption seeks to strike a balance between the remarkable potential of GenAI<br />

and the imperative of safeguarding trust.<br />

<strong>The</strong> Duality of GenAI<br />

<strong>The</strong>re’s great promise and profound risk <strong>for</strong> enterprises venturing into the realm of GenAI. To navigate<br />

the associated risks and challenges, organizations must <strong>for</strong>ge <strong>for</strong>ward-thinking policies that protect<br />

employees and data.<br />

For instance, companies will likely need to address GenAI-specific risks by revising policies regarding<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 78<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

usiness email communication, data sharing with third parties, or the utilization of established third-party<br />

code projects.<br />

Chief In<strong>for</strong>mation Security Officers (CISOs) should also consider running awareness campaigns to<br />

educate users about the inherent risks associated with this technology. Establishing a comprehensive<br />

rulebook that delineates who can utilize what and what should remain confidential will help.<br />

While international policymakers are actively <strong>for</strong>mulating strategies to foster a responsible AI ecosystem,<br />

organizations must align their ef<strong>for</strong>ts with government-endorsed approaches to fend off potential threats.<br />

It’s important to remember that GenAI risks extend beyond cybersecurity – they encompass privacy and<br />

data protection risks, regulatory compliance, legal exposure, and AI ethics. This means that CISOs must<br />

stay vigilant, not only regarding current risks but also those on the horizon.<br />

Redefining <strong>The</strong> Security Roadmap<br />

A big concern <strong>for</strong> enterprises is that employees dabble in GenAI away from the watchful eye of IT. In<br />

effect, it’s now a major vector of Shadow IT. Research found that 7 out of 10 folks who’ve jumped on the<br />

ChatGPT bandwagon aren’t telling their supervisors. While more than two-thirds of employees continue<br />

to engage in non-enterprise applications, CISOs need to question why such applications are gaining<br />

prominence and attain a clear picture of these users.<br />

Alarmingly, studies show that 4% of employees have placed sensitive corporate data into language<br />

models. <strong>Cyber</strong>security leaders can work on this by deploying protection tools to ensure safer transit of<br />

data, ensuring that sensitive in<strong>for</strong>mation remains shielded from unauthorized access or exposure.<br />

Finally, there are tools like unified endpoint management (UEM) that can restrict the transfer of sensitive<br />

data across unapproved devices or applications by defining accessibility. Admins can authorize device<br />

access to such applications based on the user’s role. Endpoint management solutions, when integrated<br />

with identity and access management (IAM), will flag admins if confidential data is shared. In the<br />

un<strong>for</strong>tunate event of a device with ChatGPT access being misplaced or stolen, UEM solutions can<br />

remotely erase data from the device, effectively shielding sensitive in<strong>for</strong>mation from falling into the wrong<br />

hands.<br />

GenAI is understandably gaining ground in the modern workplace. Corporations are taking these tools<br />

<strong>for</strong> a spin, developers are cozying up to them, and employees are experimenting with them. At the end<br />

of the day, CISOs must create a security-conscious environment without stifling the productivity of their<br />

work<strong>for</strong>ce. It’s there<strong>for</strong>e vital to find the perfect harmony between innovation and safety. End of article.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 79<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Apu Pavithran is the Founder and CEO of Hexnode. Recognized in the<br />

IT management community as a consultant, speaker, and thought leader,<br />

Apu has been a strong advocate <strong>for</strong> IT governance and In<strong>for</strong>mation<br />

security management. He’s passionate about entrepreneurship and<br />

spends significant time working with startups and empowering young<br />

entrepreneurs. You can find more about Apu on his LinkedIn and his<br />

company’s website, Hexnode.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 80<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Chromecast End-of-Life Announcement Highlights Urgent<br />

Need <strong>for</strong> Patch Management Re<strong>for</strong>m Among Hybrid<br />

Workers<br />

By Joao Correia, Technical Evangelist <strong>for</strong> Tuxcare<br />

In April this year, Google announced the discontinuation of support <strong>for</strong> its original Chromecast device.<br />

<strong>The</strong> first-generation Chromecast had been a highly successful hardware venture <strong>for</strong> Google, with an<br />

impressively long lifespan in the consumer market boasting sales surpassing 10 million units in 2014<br />

alone. While newer generations of Chromecast will remain functional <strong>for</strong> users, Google's decision<br />

effectively put an end to technical support, updates, and security patches <strong>for</strong> the initial devices.<br />

This move by Google presents potential challenges to security teams around the globe, as a significant<br />

number of companies continue to embrace their hybrid or fully remote operating status brought on by the<br />

pandemic. According to a recent study conducted by the Pew Research Center in early <strong>2023</strong>,<br />

approximately 22 million individuals are presently engaged in full-time remote work, and thus it’s fair to<br />

assume a considerable portion of them may still be using Chromecast devices within their home<br />

networks.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 81<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Past incidents involving data breaches have illustrated the risks associated with outdated home systems<br />

and a lack of security awareness, as they can unwittingly compromise entire enterprise networks.<br />

Neglecting to keep software systems up-to-date has also proven to lead to an ever-growing number of<br />

vulnerabilities that are ripe <strong>for</strong> bad actors to exploit. A noteworthy example occurred in March <strong>2023</strong> when<br />

LastPass experienced a massive breach due to an oversight by one of its engineers who failed to update<br />

Plex on their personal computer. This oversight resulted in a deserialization flaw that affected a Plex<br />

Media Server running on Windows, permitting a remote attacker with authentication to execute Python<br />

code within the context of the current operating system user.<br />

While employers may learn from such attacks and en<strong>for</strong>ce consistent patching requirements <strong>for</strong> individual<br />

devices connected to internal systems, Chromecast devices now remain vulnerable. Without the ability<br />

to automatically secure itself through a provided patch, it could serve as a stepping stone <strong>for</strong> attackers to<br />

gain access to other systems in the home network and subsequently, the enterprise network itself.<br />

Currently, companies can spend millions every year to patch, document and report results. Yet they will<br />

opt to delay their updates and security patches by weeks or even months. This is largely due to the fact<br />

that security leaders and IT teams view patch management as a highly disruptive and time-consuming<br />

process disrupting operations due to server reboots and scheduled downtime.<br />

Such hesitance to maintain a consistent patch schedule creates a highly exploitable attack surface that<br />

can become a ticking time bomb <strong>for</strong> any remote employee or unsuspecting business. This is where live<br />

patching comes in to streamline the process without disrupting systems. Live patching is a relatively new<br />

approach to enterprise security that works by intercepting and modifying code at runtime, without<br />

interrupting the system's normal operation or modifying the underlying binary. Having this system in<br />

place that can apply an automatic patch as it becomes available can not only reduce system downtime,<br />

but it can also provide substantial labor cost savings, eliminate maintenance windows, and free up<br />

understaffed IT security teams.<br />

Implementing more robust security measures <strong>for</strong> remote access to corporate networks will ensure<br />

potential breaches cannot take down an entire enterprise system. According to a recent Tessin report,<br />

nearly 90% of IT leaders and CISO’s agree that a strong security culture is imperative to maintaining the<br />

required security posture, while a third of employees do not think they play a role in effective cyber<br />

mitigation. But employee behavior can place companies at a huge risk of falling victim to cyberattacks,<br />

with human error one of the biggest risks to cybersecurity today.<br />

Human error can manifest itself in a multitude of ways, from weak passwords to failing to install software<br />

security updates on time, to accidentally giving up sensitive in<strong>for</strong>mation to phishing emails and malware<br />

threats. <strong>The</strong> risk has only increased as office employees have moved to the more preferred status of<br />

remote work. Staff working from home are often outside the direct oversight of IT teams and often struggle<br />

to deal with cyberthreats and appropriately protect company in<strong>for</strong>mation. In fact, remote work has<br />

effectively removed the notion of a security perimeter around networked corporate IT assets. While<br />

technical solutions like zero trust, mobile device management systems or spam filters are useful <strong>for</strong> endusers,<br />

they do not offer the level of protection needed to properly reduce risk, and offer no additional<br />

security to devices present in home networks but not directly used to access internal enterprise systems.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 82<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Going beyond awareness and fostering a real culture of cybersecurity requires implementing tangible<br />

strategies that are rooted in safeguarding sensitive in<strong>for</strong>mation and materials. Traditional methods of<br />

controlling and securing company data aren’t always as effective when employees are working in remote<br />

locations. This ultimately places a greater responsibility on the individual and companies must empower<br />

their employees to deal with a certain level of risk. From aggressive security awareness and anti-phishing<br />

training that maintains a frequent schedule, to multi-factor authentication tools and strong password<br />

management, employees need to serve as the first line of defense against potential attacks.<br />

Ultimately, the announcement of Google Chromecast’s end of life serves as yet another example why<br />

both individuals and businesses must remain vigilant and up-to -date in their security measures and<br />

vulnerability management. As criminals continue to evolve in their hacking ef<strong>for</strong>ts, defending against new<br />

attacks via a reliable patch management system and other proactive security measures can make your<br />

organization a far less appealing target <strong>for</strong> bad actors.<br />

About the Author<br />

Joao Correia serves as the Technical Evangelist at TuxCare<br />

(www.tuxcare.com), a global innovator in enterprise-grade cybersecurity<br />

<strong>for</strong> Linux.<br />

Joao can be reached online at @jcorreiacl and at our company website<br />

https://tuxcare.com/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 83<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Common Pitfalls of Running On-Premises<br />

SIEM Solutions<br />

By Vinaya Sheshadri, Practice Leader <strong>Cyber</strong> Security at RiverSafe<br />

A good Security In<strong>for</strong>mation and Event Management (SIEM) tool is a necessity <strong>for</strong> any organisation<br />

looking to protect their digital environment. <strong>The</strong>y help security teams be more proactive, and identify<br />

potential threats be<strong>for</strong>e they can disrupt operations or expose sensitive data.<br />

By monitoring systems and networks <strong>for</strong> unusual activity, SIEM solutions allow organisations to detect,<br />

investigate, and deal with possible security issues or cyberattacks quickly, minimising the damage that<br />

they might cause.<br />

SIEM technology has been around <strong>for</strong> a while, and in that time these products have evolved significantly,<br />

improving their ability to flag anomalous events and behaviours, and increasing the amount of data they<br />

can parse simultaneously.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 84<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

But the most crucial innovations have come with the advent of cloud-native SIEM solutions. Boasting all<br />

the benefits of SaaS products, like fast deployment and scalability, cloud-based SIEM plat<strong>for</strong>ms also offer<br />

a host of advantages that their on-premise peers do not.<br />

With cyberattacks becoming more sophisticated and widespread, keeping your security stack up-to-date<br />

is critical. <strong>The</strong> threat landscape is evolving constantly, and yesterday’s security tools cannot defend<br />

against today’s cyber risks.<br />

If your organisation is relying on on-premises SIEM solutions, then you could be leaving yourself<br />

vulnerable to fast-developing threats.<br />

Many of the most common disadvantages of running an on-premises SIEM solution aren’t just<br />

inconvenient compared to their cloud counterparts; they can also present security risks. Let’s take a look<br />

at some of the key pitfalls of on-premise SIEMs.<br />

High (and recurring) costs<br />

On-premises SIEM solutions can be costly, not only to purchase but also to maintain.<br />

As well as the upfront investment needed in storage, servers, hardware, and software licences,<br />

responsibility <strong>for</strong> ongoing maintenance or upgrades falls on the shoulders of the organisation. For a SIEM<br />

to deliver proper protection, it needs to be regularly updated, optimised, and patched, requiring significant<br />

time and ef<strong>for</strong>t from your IT team.<br />

Limited scalability<br />

Change is the only constant in today’s economy, and as a result, the ability to flex resources based on<br />

an organisation’s needs can give businesses the edge. Scaling up capacity to meet usage demands or<br />

scaling down to reduce waste and overspend is essential—and the faster you can do it, the better.<br />

On-premise SIEM deployments can often lack this flexibility, and this sluggishness to respond to<br />

changing requirements can leave your organisation unprotected. Adding new data streams or event types<br />

to look out <strong>for</strong> may require additional hardware or infrastructure upgrades if the existing system can’t<br />

handle the extra data volume and processing requirements.<br />

Complex deployment<br />

Deploying any kind of software on-premises is complex and time-consuming. With multiple data sources<br />

to ingest and rules to put in place, a SIEM can be especially tricky to implement. Often taking months to<br />

roll out, on-premises SIEM tools usually require expert assistance to install, which can be costly. Plus,<br />

the potential consequences of any errors or misconfigurations that occur during set-up can be dire.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 85<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Legacy SIEM solutions may also be limited in terms of integration with other security tools, leaving you<br />

with unmonitored weak spots across your environment. Any integrations you do have in place must be<br />

carefully monitored, as missed connection updates can lead to integrations breaking and events being<br />

missed.<br />

Extensive data storage<br />

<strong>The</strong> entire purpose of SIEM is to collect and analyse data <strong>for</strong> suspicious occurrences. Gaining the deep,<br />

real-time visibility required to protect your applications, infrastructure, and networks means collecting logs<br />

and audit trails so they can be examined and reported on.<br />

<strong>The</strong> more data your SIEM is ingesting, the more protected you’ll be—but that data has to go somewhere,<br />

and on-premises data storage isn’t cheap.<br />

Compliance challenges<br />

Not only can storing data locally on your own on-premises servers be costly, but it can also be challenging<br />

to organise and maintain if you have a lot of it.<br />

Complying with certain data and privacy regulations often necessitates that you store data in a certain<br />

way and often <strong>for</strong> certain periods, meaning you’ll likely need to be hands-on with managing this data.<br />

You’ll need to be able to keep track of its movements and access history too; data privacy laws like GDPR<br />

and CCPA, <strong>for</strong> example, have strict regulations that must be followed if data crosses international borders<br />

or state lines. This tends to be more difficult when your data is isolated in local storage.<br />

Lock-in periods<br />

We’ve already mentioned how on-premises SIEMs are limited when it comes to the flexibility of users,<br />

data streams, or resources. Licencing the product itself can also prove more restrictive than you’d like.<br />

Once a SIEM is implemented, switching to a more suitable plat<strong>for</strong>m (and migrating all your log data along<br />

with it) can be tough, not to mention prohibitively expensive. This outlay, and the sunk-cost fallacy that<br />

often comes along with it, can prevent organisations from branching out into other security tools, and<br />

soldiering on with a SIEM that doesn’t offer the best per<strong>for</strong>mance or features.<br />

Next-generation SIEM delivers many benefits, from rich, AI-powered functionality and always-up-to-date<br />

threat intelligence to customisation possibilities and reduced false positives. But whatever your primary<br />

motivation <strong>for</strong> moving to a cloud-based SIEM, the end result of these benefits is better protection <strong>for</strong> your<br />

organisation in a time when the threat of cyberattacks and the impact of insider threats are on the rise.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 86<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Vinaya is a highly experienced security engineer, certified in Splunk,<br />

McAfee, IBM and more, with over 8 years of experience handling diverse<br />

security technologies such as SIEM, SOAR, EDR and Vulnerability<br />

Management.<br />

At RiverSafe, Vinaya is the Practice Lead <strong>for</strong> <strong>Cyber</strong> Security. In this role<br />

he leads and guides other consultants within the business, ensuring the<br />

team provide the best results possible to RiverSafe’s customers. Vinaya<br />

is also heavily involved in the business development of RiverSafe as an<br />

organisation.<br />

Vinaya has a post graduate degree in Data Telecommunication<br />

Networks from the University of Sal<strong>for</strong>d and has worked as both an IT<br />

consultant and security engineer <strong>for</strong> companies like Caretower, Happiest Minds Technologies and<br />

Paladion Networks.<br />

All of the knowledge gained throughout his career is now being invested into ensuring RiverSafe solutions<br />

and services are the best they can be and keep its customers’ networks secure.<br />

When not working, Vinaya enjoys travelling, cooking and photography.<br />

Vinaya can be reached at RiverSafe’s company website https://riversafe.co.uk/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 87<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Fostering Total Trust with A ‘Zero-Trust’<br />

Approach in Financial Services<br />

By Stefan Auerbach, CEO, Utimaco<br />

Despite annual spending on cybersecurity by the financial services industry reaching $600 million<br />

annually – a figure which is growing every year – trust in financial institutions (FIs) remains relatively low.<br />

According to new research, which surveyed consumers in countries as varied as the United States,<br />

Mexico, Germany, and the UK, just 13% of people across the globe trust FIs completely, while 5% don’t<br />

trust them at all. <strong>The</strong> majority of people around the world say that they only have ‘some’ trust in FIs’ digital<br />

security.<br />

As a result, we found that cash remains the most trusted payment option and is believed to be secure by<br />

36% of people. On the other hand, only 12% of respondents said that they believe credit and debit cards<br />

are secure. Being prudent about digital security is always sensible of course, but this wariness from<br />

customers can directly impact an FI’s bottom line. <strong>The</strong> tiny processing fees that FIs make on individual<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 88<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

card transactions often comprise a huge part of their revenue, so customers using cash due to trust<br />

concerns can be problematic.<br />

It also poses an issue <strong>for</strong> companies trying to expand their capabilities and services: consumers in our<br />

research had the lowest levels of trust in cryptocurrency, <strong>for</strong> example, with only 2% worldwide citing it as<br />

secure. Trust plays a crucial role in whether new payment methods achieve mass adoption, regardless<br />

of their benefits <strong>for</strong> the end user. Although our own survey didn’t cover open banking, similar surveys<br />

have found that trust is a major factor in why it is not more widely adopted.<br />

What is Zero-Trust?<br />

Many modern-day security systems are not sufficient as hackers will have full access to a company if<br />

they breach the system. Meanwhile, while it may seem contradictory, a new security framework called<br />

zero-trust may in fact be the solution. With zero-trust, everyone has their own biometric profile or<br />

passcode that only permits them to enter the parts of the facility that are relevant to their work, and their<br />

identity must be verified every time they enter a new area.<br />

Zero-trust fundamentally uses robust access controls and continuous authentication mechanisms to<br />

ensure that sensitive financial systems and data are only accessed by authorized entities. This entails<br />

meticulous user identity verification through multifactor authentication (MFA) and the least privilege<br />

principle, which restricts user access only to the resources required <strong>for</strong> completing tasks.<br />

This approach is more <strong>for</strong>midable against modern threats. Everything from account takeover to<br />

sophisticated malware attacks make other <strong>for</strong>ms of security inadequate. Banking trojans are capable of<br />

emptying customer bank accounts in seconds and, despite their strong security, banks are not immune<br />

from cyberattacks. In 2021, <strong>for</strong> example, Flagstar Bank lost its members’ social security numbers after it<br />

was breached by an attack. Malware attacks on FI companies are extremely frequent, which is why the<br />

sector could lose $700 million to cybercrime over the next five years.<br />

While zero-trust's segmentation strategy breaks the network down into distinct zones, each segment can<br />

be isolated and <strong>for</strong>tified to prevent specific threats. Network microsegmentation leverages firewalls,<br />

intrusion detection systems, and encryption to bolster these barriers.<br />

<strong>The</strong> zero-trust approach can be implemented by FIs to mitigate data breaches, safeguard customer<br />

financial in<strong>for</strong>mation, and uphold regulatory compliance standards such as PCI DSS and GDPR. As<br />

digital channels and remote work arrangements become increasingly prevalent, zero-trust's holistic and<br />

adaptive cybersecurity approach emerges as a cornerstone <strong>for</strong> bolstering the industry's resilience against<br />

the evolving threat landscape.<br />

However, there are some costs or drawbacks associated with implementing this new security framework.<br />

Many FIs, including banks, are still using legacy systems, which means extra security checks are needed.<br />

This can hinder the customer experience and increase the possibility <strong>for</strong> user error. With FIs’ networks<br />

located in ‘the cloud’, having full control can also prove difficult. Although a rock-solid zero-trust<br />

environment can be created, the companies they work with might not have the same capabilities.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 89<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

How do you create a zero-trust environment?<br />

Here are some steps <strong>for</strong> creating a successful zero-trust environment in a financial services company:<br />

1. Define your perimeter: Today, the complexity of FIs, M&A activity, and cloud computing make<br />

them even more so, means we must define what is and isn’t within the remit of the company’s<br />

zero-trust policy.<br />

2. Microsegmentation: Segmenting your company’s digital operations into segments is useful when<br />

using zero-trust. If a company is compromised by a malware attack but the data is encrypted,<br />

then its damage can only spread so far.<br />

3. Continually monitor devices: Devices used by FIs are constantly being connected / reconnected<br />

and are made up of dozens (if not hundreds) of components and many third parties may not have<br />

security practices. Thus, every device needs to be continually monitored, even after it has passed<br />

security checks.<br />

4. Data inventory: You need to categorize your company data by its importance and allocate<br />

appropriate levels of protection, while ensuring it’s still made available to those who need it. <strong>The</strong>re<br />

will need to be strong governance protocols so that going <strong>for</strong>ward every new piece of data can be<br />

classified.<br />

5. Implement security controls: Finally, systems can be put in place that enable the zero-trust<br />

system, deciding what methods of verification are appropriate <strong>for</strong> each ‘checkpoint’, where to use<br />

multi-factor authentication, which types of encryptions to use <strong>for</strong> what data and how to adapt to<br />

future threats like quantum computing.<br />

Hardware and software systems which encrypt data and manage the digital keys are the foundations of<br />

a zero-trust environment since they allow each user and device to access the parts of the system that<br />

they are supposed to access – but nothing more.<br />

Organizations that are best placed to deploy a zero-trust environment usually have the experience of a<br />

partner that has been building and integrating these systems <strong>for</strong> over 40 years.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 90<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the author<br />

Stefan Auerbach, CEO, Utimaco. Stefan Auerbach, who was<br />

Chairman of our Advisory Board in 2018, took over the position of<br />

CEO in January 2019. Stefan has a background of more than 30<br />

years in R&D, Service, Marketing and Management of Global<br />

Sales Organizations <strong>for</strong> In<strong>for</strong>mation Technology and Mobile<br />

Security. He started his career in Nixdorf Computer, held several<br />

key management positions in Siemens Nixdorf and was a longterm<br />

Board Member in Wincor Nixdorf and Giesecke & Devrient.<br />

About UTIMACO<br />

UTIMACO is a global plat<strong>for</strong>m provider of trusted <strong>Cyber</strong>security and Compliance solutions and services<br />

with headquarters in Aachen (Germany) and Campbell, CA (USA). UTIMACO develops on-premises and<br />

cloud-based hardware security modules, solutions <strong>for</strong> key management, data protection and identity<br />

management as well as data intelligence solutions <strong>for</strong> regulated critical infrastructures and Public<br />

Warning Systems. UTIMACO is one of the world's leading manufacturers in its key market segments.<br />

550+ employees around the globe create innovative solutions and services to protect data, identities and<br />

communication networks with responsibility <strong>for</strong> global customers and citizens. Customers and partners<br />

in many different industries value the reliability and long-term investment security of UTIMACO’s highsecurity<br />

products and solutions. Find out more on www.utimaco.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 91<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong>security in Digital Afterlife<br />

Managing cybersecurity risks in digital afterlife<br />

By Chahak Mittal, GRC Manager, Universal Logistics<br />

<strong>The</strong> concept of the digital afterlife is not merely theoretical; it is a tangible and growing phenomenon.<br />

From social media plat<strong>for</strong>ms to AI chatbots, there are many ways in which our digital footprints persist<br />

after death.<br />

Several TV shows and movies have explored the concept of the digital afterlife, raising important<br />

questions about ethics, privacy, and the nature of grief.<br />

1. Upload (2020-present): This Amazon Prime Video series imagines a future where people can<br />

upload their consciousness to a virtual afterlife. <strong>The</strong> show explores the social, economic, and<br />

ethical implications of this technology.<br />

2. Black Mirror (2011-2019): This anthology series features several episodes that explore the dark<br />

side of technology, including the digital afterlife. For example, the episode "Be Right Back" follows<br />

a woman who uses a service to create a lifelike AI replica of her deceased boyfriend.<br />

3. Altered Carbon (2018-2020): This Netflix series is set in a future where human consciousness<br />

can be stored on digital storage devices called "stacks." <strong>The</strong> show explores the implications of<br />

this technology <strong>for</strong> immortality, social inequality, and the nature of identity.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 92<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Consider the following data and real-life examples:<br />

1. Data Persistence: According to a survey conducted by the Pew Research Center, as of 2021,<br />

72% of American adults use social media plat<strong>for</strong>ms, and many of them have more than one<br />

account. <strong>The</strong>se plat<strong>for</strong>ms host vast amounts of personal data, from photos to messages.<br />

According to Facebook's most recent investor's report, Facebook currently has 2.895 billion<br />

monthly active users (MAUs). Tragically, some of these users pass away, leaving behind digital<br />

footprints that persist. <strong>The</strong> families of these users must navigate the delicate task of managing<br />

their loved ones' online presence. According to a research paper from the University of Ox<strong>for</strong>d<br />

Internet Institute published April 2019 in the journal Big Data & Society, the dead will eventually<br />

outnumber the living on Facebook.<br />

2. Posthumous Interactions: AI and natural language processing advancements have led to the<br />

development of chatbots and virtual avatars that can simulate conversations with the deceased.<br />

3. <strong>The</strong> AI company Replika offers a chatbot service that allows users to create AI friends. While<br />

primarily intended <strong>for</strong> the living, some have contemplated using such technology to interact with<br />

the memories of loved ones.<br />

4. Digital Immortality: <strong>The</strong> idea of digital immortality is emerging as a fascination <strong>for</strong> some. Projects<br />

like the Eternime app aim to create digital avatars that continue to learn from a person's digital<br />

history. Eternime wants you to live <strong>for</strong>ever as a digital ghost.<br />

Microsoft introduced an AI chatbot designed to mimic the personality of a deceased loved one,<br />

based on text messages, emails, and social media posts. This experiment sparked both curiosity<br />

and ethical concerns. This chat bot can bring you back from the dead, sort of.<br />

<strong>Cyber</strong>security Risks in the Digital Afterlife<br />

Understanding the stakes of cybersecurity in the digital afterlife<br />

becomes even more critical when considering real-world incidents:<br />

1. Legacy Preservation and Privacy: <strong>The</strong> data left behind by<br />

individuals often becomes a target <strong>for</strong> cybercriminals. According to<br />

Norton's 2021 <strong>Cyber</strong> Safety Insights Report, cybercrime cost<br />

victims nearly $1 trillion globally. Protecting digital legacies is<br />

essential to prevent unauthorized access.<br />

In 2020, the Twitter accounts of several deceased celebrities were<br />

compromised as part of a cryptocurrency scam, highlighting the<br />

need <strong>for</strong> robust cybersecurity measures to protect posthumous<br />

online identities.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 93<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Further, PharMerica Healthcare disclosed that its systems were breached in early <strong>2023</strong> by an<br />

unauthorized third party, which resulted in the leak of the personal details of more than 5.8 million<br />

deceased people.<br />

2. Posthumous Identity <strong>The</strong>ft: <strong>The</strong> phenomenon<br />

of posthumous identity theft is increasingly<br />

prevalent. In 2021, the Identity <strong>The</strong>ft Resource<br />

Center reported that cases of identity theft<br />

increased by 72% compared to the previous<br />

year.<br />

<strong>The</strong> family of a deceased individual discovered<br />

that the deceased's personal in<strong>for</strong>mation was<br />

used to open fraudulent bank accounts and take<br />

out loans, causing significant financial and<br />

emotional distress. Obituary Scams are<br />

becoming more common. Obituary scams, also<br />

known as bereavement scams, typically start<br />

with in<strong>for</strong>mation gleaned from death notices in<br />

newspapers or posted online. Criminals harvest<br />

facts commonly included in obits — such as the<br />

deceased’s birth date, where the person lived and worked, and family members’ names — to start<br />

building a profile <strong>for</strong> identity theft.<br />

<strong>Cyber</strong>security Risk Management<br />

As seen above, our digital afterlife is becoming<br />

increasingly important, and with it comes new risks.<br />

Posthumous identity theft, unauthorized access to<br />

accounts, and misuse of personal data are all potential<br />

threats.<br />

A risk management approach to protecting your digital<br />

afterlife can help you identify, assess, and mitigate these<br />

risks. Here are some key steps:<br />

1. Identify your digital assets and accounts. This includes everything from social media profiles to<br />

financial accounts to online storage services.<br />

2. Assess the risks to each asset and account. Consider the following factors:<br />

o What type of data is stored in the account?<br />

o How sensitive is the data?<br />

o How easily could the account be accessed by unauthorized individuals?<br />

3. Implement mitigation strategies to reduce the risks. This may include using strong passwords,<br />

enabling two-factor authentication, and reviewing privacy settings.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 94<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

4. Create a digital estate plan. This document should outline your wishes <strong>for</strong> your digital assets and<br />

accounts after your death. It should also include contact in<strong>for</strong>mation <strong>for</strong> your digital executor.<br />

5. Review and update your digital estate plan regularly. As your online presence evolves, so should<br />

your digital estate plan.<br />

Conclusion<br />

Our online presence continues to grow exponentially, and so<br />

does the importance of protecting our digital afterlife. Identity<br />

theft of deceased persons is a growing problem, and it can<br />

have serious financial and emotional consequences <strong>for</strong> loved<br />

ones. <strong>The</strong> risk management approach can help you protect<br />

your digital legacy, privacy, and prevent posthumous identity<br />

theft. By taking these steps, you can ensure that your wishes<br />

are respected and that your loved ones are protected after<br />

your passing.<br />

About the Author<br />

Chahak Mittal is a Certified In<strong>for</strong>mation Systems Security Professional<br />

(CISSP) and <strong>Cyber</strong>security Governance, Risk and Compliance Manager<br />

at Universal Logistics. Chahak is deeply committed to knowledge<br />

sharing and community engagement. She has actively contributed to the<br />

cybersecurity ecosystem through her roles as a Judge at Major League<br />

Hacking (MLH) Hackathons and a dedicated <strong>Cyber</strong>security Teacher in<br />

the Microsoft TEALS Program. Chahak's active involvement in<br />

organizations such as the <strong>Cyber</strong>security Collaboration Forum and<br />

SecureWorld's Detroit Advisory Board has been instrumental in her<br />

pursuit of staying at the <strong>for</strong>efront of industry trends and challenges. She<br />

has also channeled her insights into thought-provoking cybersecurity articles, published on SecureWorld,<br />

making a meaningful contribution to the field's intellectual discourse. Chahak's commitment to diversity<br />

and inclusion in cybersecurity is unwavering. She has actively participated in organizations like Women<br />

in <strong>Cyber</strong>security (WiCyS) and the Michigan Council of Women in Technology (MCWT), where she has<br />

championed the cause of gender diversity within the field. Her outreach ef<strong>for</strong>ts extend to interviews on<br />

prominent media plat<strong>for</strong>ms like PBS Channel and the Women in Technology podcast, where she has<br />

shared her insights to inspire young girls to consider cybersecurity as a viable and rewarding career path.<br />

Chahak Mittal can be reached online at goyalchahak6@gmail.com and at her LinkedIn profile<br />

www.linkedin.com/in/chahak-mittal-cissp/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 95<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

When the Enemy Is DDoS, Holistic Protection<br />

Is a Must<br />

An infinite variety of attack methods require customizable solutions.<br />

By Sean Newman, VP/Product Management, Corero<br />

Sun Tzu was an exceptional general, strategist, and philosopher, and certainly one of the most prolific<br />

and best-known military figures in history. When he stated that “the greatest victory is that which requires<br />

no battle,” it’s safe to assume that he wasn’t anticipating that his words would be relevant many centuries<br />

into the future, let alone applied to something as abstract as cybersecurity. But some 2,000 years later,<br />

they hold just as true in cyberspace as on the battlefield.<br />

While the battles he led centuries ago were complex in their own right, they in no way reached the same<br />

orders of magnitude that face today’s enterprises when attempting to secure their organizations.<br />

Today, most, if not all, companies do at least a portion of their business online. For many, this means<br />

employees rely on cloud-delivered applications to go about their daily tasks, and the companies<br />

themselves rely on the internet <strong>for</strong> their bottom line. It goes without saying that these organizations must<br />

be available to their customers 24/7—even brief outages can result in lost revenue and productivity and<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 96<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

do untold damage to a company’s reputation. Gartner estimates that downtime can cost up to $5,600 per<br />

minute; meanwhile other estimates suggest that even small businesses may lose over $100,000 per<br />

hour. Un<strong>for</strong>tunately, those daunting figures do more than emphasize the importance of the internet in<br />

modern commerce—they put companies squarely in the crosshairs of malicious actors looking to launch<br />

distributed denial of service (DDoS) attacks.<br />

Modern DDoS attacks pose a triple threat.<br />

Nearly 30 years after the first known DDoS attack, whereby a perpetrator floods their victim with traffic<br />

from across the internet, it remains a favorite attack type. From the standpoint of a cybercriminal, they<br />

have a lot to offer: they can be launched from anywhere in the world; they can be automated and multivector;<br />

and increasingly, they can be crafted to behave similarly to “normal” internet traffic, thereby<br />

evading human observation and manual, or legacy, mitigation techniques. Best of all, <strong>for</strong> the attacker<br />

perhaps, is the fact that many legacy DDoS mitigation solutions can also take more than ten minutes<br />

be<strong>for</strong>e their defenses kick in. This has led attackers to engineer shorter, sub-saturating attacks that are<br />

capable of inflicting as much, if not more damage, than their larger, longer-running volumetric<br />

counterparts.<br />

Disconcertingly, malicious attackers have taken a page out of modern warfare and, increasingly, are<br />

launching carpet-bomb (also known as “spread spectrum”) DDoS attacks, which distribute themselves<br />

across a large number of targets rather than a more easily identifiable single target.<br />

This carpet-bomb technique poses a triple threat to defenders in that it’s able to evade detection by flying<br />

under the radar of legacy, per-IP analysis techniques and thresholds. This attack technique also<br />

invalidates the use of black-hole or null-route mitigation, making it even more difficult <strong>for</strong> companies to<br />

avoid collateral damage. And because they more easily overwhelm scrubbing lane capacity (where traffic<br />

is redirected to be cleansed of malicious DDoS packets), cloud service budgets are exceeded and<br />

reporting systems are overloaded.<br />

Counter the critics.<br />

IT security leaders have the unenviable responsibility of selecting exactly the right solutions to defend<br />

against a host of ever-evolving threats, and when (not if) an attack occurs, everyone’s an armchair critic.<br />

Luckily, there are several basic tenets to follow when selecting the right DDoS defense solution.<br />

Less bad isn’t good enough. <strong>The</strong> best solutions are those that do more than mitigate attacks—they<br />

prevent them entirely. Un<strong>for</strong>tunately, all too many DDoS defense solutions don’t go the extra mile to stave<br />

off attacks. Instead, they only make them “less bad” by mitigating them, meaning that organizations must<br />

still deal with downtime and lost productivity and/or revenue while they recover.<br />

Semantics matter. <strong>The</strong>re is a big difference between “always on” and “on demand.” <strong>The</strong> <strong>for</strong>mer means<br />

that your solution is always there, protecting your systems and devices against intrusions. On-demand,<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 97<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

however, might as well translate to “already in trouble.” On-demand solutions monitor, but simply can’t<br />

react fast enough to prevent some amount of downtime. It can be minutes or tens of minutes be<strong>for</strong>e<br />

protection kicks in, and in that time most, if not all, of the damage is done. Rubbing salt in the wound,<br />

recovering downed servers and applications almost always takes significantly longer than the time it took<br />

a DDoS attack to fell them in the first place.<br />

Do you feel lucky? IT leaders shouldn’t even be asking themselves if the odds are ever in their favor.<br />

<strong>The</strong>y need confidence in the fact that their solution automatically protects against known and zero-day<br />

attacks. <strong>The</strong>se same solutions should also be capable of effectively defending against evasive<br />

techniques such as multi-vector and carpet-bombing. Moreover, a solution should be able to shorten the<br />

detection-to-protection timeline to mere seconds so that downtime is prevented.<br />

Bespoke is <strong>for</strong> more than suits. A good solution is one that can be tailored to fit a company’s needs.<br />

Some of the best solutions are those that allow IT leaders to select the defense and services they<br />

currently need, with room to grow as their needs evolve. Good DDoS defense solutions will offer flexible<br />

deployment with hardware, virtual software, and integrated options that align with company architecture.<br />

A modular plat<strong>for</strong>m that adapts to the ever-changing DDoS landscape can help companies maintain<br />

business continuity, while simultaneously protecting against future threats. Automation is also critical as<br />

it frees IT teams to focus on high-value initiatives and projects that grow the organization. Optional<br />

managed service offerings, meanwhile, are more than nice-to-haves as they deliver valuable domain<br />

expertise, without burdening existing staff and resources.<br />

Count the cost. When choosing a DDoS defense solution, cheaper isn’t necessarily better. Ask yourself<br />

what the true cost of an outage would be, accounting <strong>for</strong> both damage to your bottom line and your<br />

reputation and choose accordingly.<br />

Ponder and deliberate.<br />

Regardless of size or sector, companies need to be prepared <strong>for</strong> both high-volume and sub-saturating<br />

DDoS attacks, looking <strong>for</strong> defense that extends beyond brute <strong>for</strong>ce, slow-to-react mitigation to full<br />

protection that eliminates any impact on their or their customers' businesses. Investing in an advanced<br />

solution that is capable not only of viewing the IP address space holistically to detect and report on<br />

malicious behavior, but that delivers full protection in seconds rather than minutes is imperative.<br />

<strong>The</strong>re are many solutions that purport to address the threat from DDoS attacks. When it comes to<br />

selecting the one that’s right <strong>for</strong> your company, take a page from the Art of War: Ponder and deliberate<br />

be<strong>for</strong>e you make a move.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 98<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Sean Newman is the Vice President of Product Management <strong>for</strong> Corero<br />

Network Security, where he is responsible <strong>for</strong> Corero’s product strategy.<br />

Sean brings over 25 years of experience in the security and networking<br />

industry, to guide Corero’s growing leadership in the real time DDoS<br />

protection market. Prior to joining Corero, Sean’s previous roles include<br />

network security Global Product Manager <strong>for</strong> Cisco, who he joined as part<br />

of their acquisition of cyber-security vendor Sourcefire, where he was<br />

Security Evangelist and Field Product Manager <strong>for</strong> EMEA. Prior to that he<br />

was Senior Product Manager <strong>for</strong> endpoint and network security vendor<br />

Sophos, after having spent more than 12 years as an Engineer,<br />

Engineering Manager and then Senior Product Manager <strong>for</strong> network<br />

infrastructure manufacturer 3Com.<br />

Sean can be reached online Sean.Newman@corero.com and at our<br />

company website http://www.corero.com/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 99<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Data Sanitization <strong>for</strong> End-Of-Use Assets<br />

Taking <strong>The</strong> Worry Out of Retiring Assets<br />

By Roger Gagnon, President & CEO, Extreme Protocol Solutions<br />

Organizations across the globe are prioritizing <strong>Cyber</strong>security ef<strong>for</strong>ts as threats from cyber criminals are<br />

on the rise. As the circular economy and green initiatives grow simultaneously, increased vigilance in<br />

data security ef<strong>for</strong>ts <strong>for</strong> end-of-use enterprise and office systems needs to be prioritized as well.<br />

Why Worry About Retiring Assets?<br />

Most organizations focus on live data security, which of course is extremely important. Recently<br />

decommissioned assets, however, contain the same data that was just migrated to the new live systems.<br />

That data must be digitally destroyed on the end-of-use systems with an accompanying tamperproof<br />

certificate of destruction prior to re-use or recycling to satisfy regulatory compliance with HIPAA, FACTA,<br />

Gramm-Leach-Bliley, CMMC, GDPR, and a host of other industry or government-related data privacy<br />

laws that keep compliance and security officers awake at night with data breach concerns.<br />

Just because an asset is being decommissioned doesn’t place any less importance on the data it<br />

contains, nor on the risk mitigation required to ensure its re-entry into the circular economy. In fact, the<br />

danger that this data can be utilized <strong>for</strong> nefarious purposes is even greater than live systems since these<br />

assets no longer hide behind corporate firewalls and other cybersecurity gateways that are constantly<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 100<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

eing monitored to protect against misuse of data. Because of this threat, it is of the utmost importance<br />

that organizations acquire certified software/hardware solutions or hire a certified IT Asset Disposition<br />

Company (ITAD) to effectively destroy all remnants of data on all data-bearing devices prior to those<br />

devices leaving their secured facilities.<br />

Assets at Risk<br />

<strong>The</strong> task of destroying this data can sometimes be overwhelming. In a data center, data-bearing assets<br />

range from enterprise storage arrays, hyper-converged storage, servers, blade servers, network<br />

switches, routers, firewalls, storage switches, and access points to assets commonly found in offices. In<br />

an office space, laptops, desktops, high-end Chromebooks, servers, mobile phones, tablets, high-end<br />

printers, scanners, and copiers can all contain sensitive data that must be purged be<strong>for</strong>e removal from<br />

the facility. If that list of assets isn’t daunting enough, consider that <strong>for</strong> each asset type, there may be<br />

hundreds or thousands of combinations of manufacturer, model, and firmware <strong>for</strong> each device type. Each<br />

of these may behave slightly differently than the other and require either specialized knowledge or<br />

software to properly sanitize the data.<br />

What Standards Exist<br />

Fortunately, there are clear standards <strong>for</strong> data sanitization in place and new standards being finalized <strong>for</strong><br />

both present and future use. Gone are the days of Department of <strong>Defense</strong> 3X, 5X, and 7X overwrites.<br />

Today’s storage is too varied and overwrites can be ineffective on certain types of storage media. Luckily,<br />

there are standards in place that provide secure, absolute data sanitization with <strong>for</strong>ensic science to back<br />

them up.<br />

1. NIST SP800-88r1 (2014)<br />

o This standard has been the gold standard since its inception. It is no longer being revised and<br />

there<strong>for</strong>e is not up to date with the latest storage devices and technology. Because of this,<br />

IEEE decided to update it and create a new standard, IEEE 2883.<br />

2. IEEE 2883 (2022/<strong>2023</strong>)<br />

o This standard picks up where NIST left off and accounts <strong>for</strong> the latest storage devices. It will<br />

be the new standard moving <strong>for</strong>ward. It addresses both digital sanitization and physical<br />

destruction of data-bearing assets.<br />

Where to find help<br />

Now that this article has rightfully put some fear into anyone in charge of managing these assets as they<br />

make their transition from in-use to end-of-use, take solace in the fact that there are solutions and<br />

services out there that can mitigate data security risks to the highest standards and provide certifications<br />

that can be used <strong>for</strong> security audits and regulatory compliance. <strong>The</strong>re are vendors that manufacture<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 101<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

certified data sanitization software and hardware solutions equipped to handle a massive variety of asset<br />

types and configurations <strong>for</strong> those inclined to leave nothing to chance and want to keep risk mitigation<br />

and data security in-house. <strong>The</strong>re are also the a<strong>for</strong>ementioned IT Asset Disposition Companies or 3 rd<br />

party professional services companies, many of whom also provide on-site data sanitization services and<br />

white glove asset removal.<br />

What to look <strong>for</strong> in a solution or service<br />

First and <strong>for</strong>emost, any solution or service should have certification(s) that attest to their efficacy and<br />

professionalism. Certifying bodies such as R2, e-Stewards, and NAID AAA provide detailed audits of IT<br />

Asset Disposition (ITAD) companies and 3 rd party service providers to ensure they are meeting a variety<br />

of standards <strong>for</strong> asset handling, tracking, and, of course, data security. Certifying bodies such as ADISA<br />

provide detailed <strong>for</strong>ensic analysis of software solutions <strong>for</strong> compliance with NIST and IEEE erasure<br />

standards. Make sure that whomever you deal with has certifications appropriate to their function.<br />

Conclusion<br />

In today’s increasingly complex business environment, a massive number of data-bearing devices are<br />

constantly being placed in end-of-use states through technology refreshes, lease returns, malfunctions,<br />

and a variety of other reasons. Regardless of the inactive status of an asset, and no matter how daunting<br />

the task, data-bearing devices must be protected by proper sanitization techniques that adhere to the<br />

highest standards. Finding the right solution or service can be challenging, but proper due diligence and<br />

prioritization around data security will ensure that no data leaves a facility and keeps both businesses<br />

and customers safe.<br />

About the Author<br />

Roger Gagnon is the President and CEO of Extreme Protocol Solutions,<br />

a leading provider of data sanitization solutions based outside of Boston<br />

in Uxbridge, Massachusetts. He began his career as a data storage<br />

engineer <strong>for</strong> both EMC and Digital Equipment. In 1999, the Worcester<br />

Polytechnic Institute grad founded Extreme Protocol Solutions (EPS).<br />

Over the next two-plus decades, Roger built EPS into a global player in<br />

the data storage test, development, and sanitization markets. EPS<br />

remains committed to cutting-edge, customer-focused solutions that<br />

ensure risk mitigation while providing substantial ROI <strong>for</strong> Fortune 100,<br />

500, and 1000 companies. Roger can be reached at<br />

rgagnon@extremeprotocol.com; EPS’s website is<br />

www.extremeprotocol.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 102<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Developers Hold the New Crown Jewels. Are<br />

<strong>The</strong>y Properly Protected?<br />

By Aaron Bray, CEO. Phylum<br />

<strong>Cyber</strong>security has changed dramatically in the last four years. During the pandemic, organizations around<br />

the globe found themselves faced with accelerating digital trans<strong>for</strong>mation initiatives, remote work<strong>for</strong>ces,<br />

and a whole host of other concerns that have dramatically changed the attack surface they must defend.<br />

However, most organizations have a security posture that hasn't yet metamorphosed in response to the<br />

changes their operations, processes, and systems have undergone.<br />

One of the biggest impacts of these changes has been a dramatic shift in the tradeoff concerning where<br />

the proverbial security "crown jewels" of the organization lie, and the cost an attacker faces in trying to<br />

gain access to them. In the past, organizations consisted largely of traditional, on-premise work<strong>for</strong>ces<br />

who primarily used workstations while at work, which connected to domain controllers that lived onpremise,<br />

and were tended by system administrators. This effectively centralized power in the hands of<br />

the system administrators, which made them the primary target of any potential attacker.<br />

Compromising an account with domain administrator privileges would enable access to virtually anything<br />

connected to the network. Additionally, consider that the security posture of this type of organization,<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 103<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

from basic hygiene concerns like patch maintenance and breach detection to higher order concerns such<br />

as managing security policy and direction, all reside entirely with security staff, executives, and system<br />

administrators retained by the organization. <strong>The</strong> ability to prevent attackers from successfully breaching<br />

systems, moving laterally, and ultimately gaining access to these "God" accounts is entirely a function of<br />

how much the organization prioritizes security, and in some cases, how much legacy baggage to which<br />

they are subjected.<br />

As Attack Surface Expands, Targets Shift<br />

Contrast this with modernized organizations: What does the attack surface look like when many businesscritical<br />

assets have now been shifted to the cloud, organizations are increasingly leveraging third parties<br />

to handle what were previously core business IT functions (i.e., the adoption of products like Office365<br />

and G Suite), many employees are working remotely, and more development processes have migrated<br />

from slow, gated releases to being effectively continuous? Fundamentally, it means that the traditional<br />

system administrator accounts likely don't have credentials centralized in quite the same way they were<br />

be<strong>for</strong>e, and traditional access vectors outside of more unsophisticated approaches like phishing, such as<br />

exploitation, are more expensive than they were previously. It becomes much more challenging, <strong>for</strong><br />

example, to find an unpatched mail server or domain controller to compromise when that entire function<br />

has now been effectively outsourced to Microsoft.<br />

Additionally, engineering teams now have far more access than they enjoyed previously, with far fewer<br />

security controls. Many organizations have no endpoint protection on developer systems or have policy<br />

exceptions <strong>for</strong> build and test directories. Cloud infrastructure is often maintained "as code.” Many modern,<br />

business-critical assets are now described by a set of scripts that are read, modified, tested, and deployed<br />

through Continuous Integration / Continuous Deployment (CI/CD) solutions.<br />

<strong>The</strong> same is generally true of most modern development processes. Large enterprises now field<br />

hundreds or thousands of builds every day. From a security perspective, software developers and CI/CD<br />

systems now have access to a tremendous amount of business-critical functionality. In order to operate,<br />

developers often have administrative access to cloud infrastructure, credentials <strong>for</strong> production data, and<br />

intellectual property, not to mention systems featuring little-to-no security tooling, almost universal local<br />

administrative privileges, and unfettered access to download things from the open internet.<br />

What this means is the balance has shifted. In the past, system administrators were the quick, easy<br />

targets attackers used to gain broad access and the ability to operate with impunity throughout an<br />

organization. Those targets have become harder and much more expensive <strong>for</strong> attackers to reach, with<br />

now substantially-reduced rewards.<br />

On the other hand, modern organizations face an absolutely staggering amount of risk in the activities<br />

per<strong>for</strong>med by their development work<strong>for</strong>ces and processes, including CI/CD infrastructures, and<br />

shockingly few tools exist to help mitigate or even give insight into the challenges faced.<br />

On top of this, attackers have taken note - leveraging these open channels to steal credentials, production<br />

data, intellectual property, and more. Perhaps the most frightening aspect of most of these incidents is<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 104<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

the fact that many organizations lack even basic visibility into these activities, or try to rely on more<br />

traditional controls such as standard endpoint products, which don't at all align with the threat model<br />

these types of attacks represent. This means that many more such breaches are likely already underway,<br />

albeit undetected.<br />

So how do attackers use these channels to gain initial access, and how does this really change the threat<br />

model? One of the most active vectors that adversaries are currently leveraging to gain a foothold in<br />

organizations is the Open Source Software (OSS) ecosystem. While this may seem a bit unintuitive at<br />

first blush, let's consider briefly how OSS development and consumption has evolved, and what that<br />

statement really entails.<br />

Open Source Software: Rewards and Risks<br />

OSS has risen to prominence in the last two decades, despite having a relatively rich history well be<strong>for</strong>e.<br />

<strong>The</strong>se days, nearly every organization in existence, from governments to regulated industries to<br />

advertising agencies, rely on it <strong>for</strong> business-critical functions. It has led to many great things, including<br />

massive cost reductions <strong>for</strong> development and faster time to field. However, it does come with sharp<br />

edges.<br />

While many of the more traditional issues, like problematic licenses and unpatched vulnerabilities, are<br />

relatively well understood, there is also an entire strata of new issues that have risen to the <strong>for</strong>efront in<br />

the last few years as well - driven by a migration of processes from static to continuous, backed by<br />

systems that were fundamentally designed without security in mind.<br />

What does the open-source ecosystem as an access vector really mean, and how does this relate to<br />

developers? Consider that most modern software projects of any sophistication contain thousands of<br />

third-party, open-source software packages. <strong>The</strong>se packages are published, managed, and maintained<br />

by tens of thousands of volunteer software developers from all over the globe. While some may have<br />

corporate backing from a large enterprise, there is fundamentally no sort of traditional supplier<br />

relationship between those who create the OSS, and those who consume it. Everything is effectively<br />

supplied as-is.<br />

<strong>The</strong>se packages are pulled down and incorporated into business-critical systems in a massive, messy<br />

web. For example, a software developer may install a popular package to solve a common business<br />

problem. That package may depend on two or three other packages, which will also silently get pulled<br />

down and installed. Each of those two or three packages, in turn, will likely depend on more packages,<br />

and so on. From a security practitioner's perspective, that single software developer installing that one,<br />

innocuous, popular package has now effectively integrated a supply chain of software spanning<br />

thousands of possible individual software packages, maintained by tens of thousands of strangers that<br />

have no relationship or vetting process of any sort with your organization, into a business-critical piece<br />

of software. Worse yet, each one of those thousands of software packages gets the ability to execute<br />

code each and every time the software developer or CI/CD runner hits "install" or "update."<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 105<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

An analysis of the largest, most active software package managers developers pull packages from found<br />

that in Q2, an average of about 28,000 packages were published every day - a staggering amount when<br />

considering that most of these package managers have a veritable skeleton crew on staff of usually one<br />

to three individuals responsible <strong>for</strong> trying to manage and triage all of the software being published. While<br />

these ecosystems are the primary locations developers pull packages from in order to build software, the<br />

contents are largely unvetted. In fact, bursts of bad activity have actually triggered some of these<br />

ecosystems to shut down portions of their functionality altogether.<br />

Phylum's research reports <strong>for</strong> Q1 and Q2 Security researchers have noted an increase in incidents in<br />

which bad actors have pumped out hundreds of thousands of packages that are either spam or actively<br />

malicious incidents in which bad actors have pumped out hundreds of thousands of packages that are<br />

either spam or actively malicious; the vast majority of which targeted software developers and CI/CD<br />

infrastructure. While some of these attacks take a spray-and-pray approach, many are much more<br />

targeted. Attacks like dependency confusion enable malicious actors to surgically target organizations<br />

through their software supply chains, and a massive rise in typosquatting attacks, which may come in a<br />

surprising variety of flavors, tend to target popular open-source packages in use by organizations of<br />

interest. Additionally, threat actors have also employed attacks against the package maintainers<br />

themselves in order to gain a foothold.<br />

Software Developers: <strong>The</strong> New Keepers of the Crown Jewels<br />

Software developers have become the new high-value targets, owning much more privilege, with much<br />

less security and oversight than in the past. Attackers are capitalizing on this, as evidenced by the<br />

dramatic increase in software supply chain-borne attacks and compromises in recent years, and targeted<br />

attacks on software developers in many recent breaches.<br />

Organizations have their work cut out <strong>for</strong> them in adjusting security posture to match organizational<br />

changes driven by digital trans<strong>for</strong>mation. A rapid focus on closing these security gaps is now critically<br />

important, as it is now more a matter of when, rather than if, a breach as a result of a malicious package<br />

installed from the open-source ecosystem occurs without intervention.<br />

About the Author<br />

My name is Aaron Bray, CEO and Co-Founder, Phylum. Aaron has 14 years of<br />

experience working in software engineering and in<strong>for</strong>mation security. He spent<br />

11 years working within the U.S. Intelligence Community be<strong>for</strong>e joining Sony to<br />

lead development <strong>for</strong> the Global Threat Emulation cell. Aaron’s past research<br />

has focused on program synthesis, malware diversity, software anomaly<br />

detection, and the application of natural language processing techniques to<br />

binary analysis. Aaron can be reached online at aaron@phylum.com and<br />

https://www.linkedin.com/in/aaron-bray-422ba06a/ and at our company<br />

website http://www.phylum.io<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 106<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Expect to Fail: How Organizations Can<br />

Benefit from a Breach<br />

By Tyler Farrar, CISO, Exabeam<br />

<strong>The</strong> Chief In<strong>for</strong>mation Security Officer (CISO) is one of the most prominent and well-paid positions in<br />

digital security. As CISO, you bear primary responsibility <strong>for</strong> protecting your organization's data, you play<br />

an important part in business strategy, and help secure the future of the company. Some regard the CISO<br />

role as the pinnacle of a career in cybersecurity. Security analysts, the entry-level members of a SOC<br />

team, enthralled by the challenges and rewards of detecting threats and preventing breaches, often<br />

aspire to this role in the C-suite.<br />

As they advance up the chain of command, however, they quickly discover that the CISO role is not as<br />

fascinating as it seems. Rife with stress and intense pressure to ensure organizations comply with<br />

governance and regulatory requirements, nearly half of CISOs cite human error and a lack of<br />

cybersecurity understanding as the most critical threats confronting enterprises today.<br />

<strong>The</strong> rigorous demands and pressures of the job keep 90% of CISOs up at night, with many opting <strong>for</strong> a<br />

career switch. Much of the tension can be attributed to long hours and the misplaced idea that security<br />

professionals can eliminate all threats. Misaligned expectations can lead to a culture of fear and blame,<br />

where mistakes are unacceptable. This is a result of CISOs now facing federal charges if it’s proven they<br />

failed to properly handle a security breach. Scapegoating CISOs <strong>for</strong> security incidents is not new, with<br />

many subjected to public blame or firing <strong>for</strong> such incidents. But new accountability measures from the<br />

federal government have made a CISO’s job even more difficult.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 107<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

For those hesitant to take on the CISO role due to pressure of failure and its career implications, I would<br />

argue that a healthy outlook begins by recognizing that failure will happen. In cybersecurity, managing<br />

an incident is not a question of if, but when. <strong>The</strong> biggest difference is in how you prepare.<br />

<strong>The</strong> best laid plans…<br />

Protecting an enterprise from the continual threat of financial or reputational damage is a tall task. CISOs<br />

also live with fear that, despite taking all reasonable precautions to mitigate cyber risk, some threat will<br />

invariably infiltrate a business and cause harm.<br />

Wise security experts know that threat actors aren't lying in wait. <strong>The</strong>y are constantly changing their<br />

tactics and approach to remain unpredictable to even the most seasoned security professionals. Consider<br />

this: you’ve invested time and ef<strong>for</strong>t into creating an incident response plan, and your team has been<br />

trained, giving you full confidence that they’ll know what to do, if and when the breach occurs.<br />

However, when the breach happens, you discover that the incident response procedures weren’t<br />

adequate, and you failed to account <strong>for</strong> the impact of the breach on the firm. In this circumstance, no<br />

amount of training or practice adequately prepares your SOC personnel <strong>for</strong> the harsh reality of the<br />

security incident, with no way to capture everything that occurs during a breach, especially the gravity<br />

and intensity that accompany it.<br />

…of mice and men often go awry<br />

As the famous quote indicates, even when you plan carefully, something will go wrong. That’s why<br />

reducing human error is crucial <strong>for</strong> cybersecurity. Given that more than half of CISOs consider human<br />

error to be the greatest threat to enterprises, ensuring that everyone in the organization is accountable<br />

<strong>for</strong> cybersecurity can be an effective approach to preserving data privacy and security.<br />

Working together to proactively identify or avoid cyber risks can result in enterprises developing a wellvetted<br />

planning stage with awareness of potential outcomes of security operations and threat detection<br />

teams. This includes <strong>for</strong>ming the appropriate functional teams and ensuring that everyone understands<br />

their duties. By testing backups and understanding how to recover critical operations from backups can<br />

near-guarantee that incident response plans are built out and the human error aspect of cybersecurity is<br />

minimized.<br />

Existing in a risk-aware culture<br />

Many private sector firms are incorporating risk awareness into company culture by adding risk<br />

management training <strong>for</strong> every employee. Rather than placing the whole responsibility on the CISO,<br />

create shared accountability across the firm. It is critical to be adaptable and adjust to changing<br />

conditions.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 108<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>The</strong> more personnel that you train to be looking out <strong>for</strong> new dangers, the less likely the company may be<br />

caught off guard by a vulnerability. To begin, a CISO must provide employees with basic risk<br />

understanding and language. Explain the processes of managing risk and identifying potential problems.<br />

Next, provide employees with a well-defined mechanism <strong>for</strong> reporting risks, and they will be more likely<br />

to alert of potential issues be<strong>for</strong>e they become problems. Finally, use technology to acquire risk-related<br />

in<strong>for</strong>mation, boosting transparency and fostering a risk-aware culture throughout the organization.<br />

Communication, escalation, and documentation<br />

Communication and delegation are the most crucial aspects of risk management <strong>for</strong> the CISO. In a crisis,<br />

CISOs are called to lead the technical incident response, assembling functional teams, delegating work,<br />

and understanding when to repurpose resources to meet the demands of the incident. It is critical to<br />

contact Crisis Management teams and discuss the business impact, with an understanding that difficult<br />

decisions regarding containment must be taken. In a crisis, a CISO must communicate consistently using<br />

neutral emotion. Doing so can help ensure judgments are sound and not hasty. Forming a risk<br />

management team composed of stakeholders from several departments can avoid communication silos.<br />

This is a good time to use technology as an aid in centralizing risk in<strong>for</strong>mation, establishing a shared<br />

language, and facilitating communication to address vulnerabilities. Finally, make sure there is<br />

documentation throughout the process. Delegating a scribe to document all decisions is helpful and can<br />

ensure the escalation process is followed, with the appropriate persons alerted. This provides CISOs with<br />

a framework of checks and balances and shares responsibility of the response process.<br />

Devise a new game plan<br />

Currently, there is far too much emphasis on breach prevention and not enough on detection. In fact,<br />

many breaches are not the result of inadequate cybersecurity prevention, rather of the organization's<br />

poor detection and lack of cybersecurity knowledge. Organizations can focus on preventative measures,<br />

such as reducing the attack surface to a more manageable level. This must be balanced with incident<br />

response and crisis management.<br />

<strong>Cyber</strong>security professionals, and specifically the CISO, must approach their role through the lens of<br />

opportunity, rather than failure. Each cybersecurity incident provides an opportunity to learn from previous<br />

mistakes, discover potential weaknesses in cybersecurity policy, and develop more effective measures<br />

to assist the organization in preventing and detecting future attacks. It is not just about making a plan<br />

with the intention of succeeding, but rather about accepting that failures are likely to happen - but by<br />

being prepared to adjust plans, you’ll be well-positioned to minimize any damages.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 109<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Tyler Farrar is the Chief In<strong>for</strong>mation Security Officer (CISO) at<br />

Exabeam. In this role, he is responsible <strong>for</strong> protecting Exabeam – its<br />

employees, customers, and data assets – against present and future<br />

digital threats. Farrar also leads ef<strong>for</strong>ts in supporting current and<br />

prospective customers’ move to the Exabeam cloud-native New-<br />

Scale SIEM and security operations plat<strong>for</strong>m by helping them to<br />

address cloud security compliance barriers. With over 15 years of<br />

broad and diversified technical experience, Farrar is recognized as a<br />

business-focused and results-oriented leader with a proven track<br />

record of advancing organizational security programs.<br />

Prior to Exabeam, Farrar was responsible <strong>for</strong> the strategy and<br />

execution of the in<strong>for</strong>mation security program at Maxar Technologies, which included security operations,<br />

infrastructure governance, cyber assurance, and USG program protection functions. As a <strong>for</strong>mer Naval<br />

Officer, he managed multiple projects and cyber operations <strong>for</strong> a multimillion-dollar U.S. Department of<br />

<strong>Defense</strong> program.<br />

Farrar earned an MBA from the University of Maryland and a Bachelor of Science in Aerospace<br />

Engineering from the United States Naval Academy. He also holds a variety of technical and professional<br />

certifications, including the Certified In<strong>for</strong>mation Systems Security Professional (CISSP) certification.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 110<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

How to Create a Threat Hunting Program <strong>for</strong><br />

Your Business<br />

By Zac Amos, Features Editor, ReHack<br />

When it comes to online security, danger lurks around every corner. A threat hunter’s job is to proactively<br />

seek out potential problems and stop them be<strong>for</strong>e they have a chance to harm a company’s network.<br />

Here’s how businesses can create their own threat hunting programs and why it’s important to do so.<br />

Why Is Threat Hunting Necessary?<br />

<strong>Cyber</strong>crime is growing exponentially. In <strong>2023</strong>, Americans lost $10.3 billion to online schemes — a<br />

staggering 49% increase in losses compared to the previous year. Enterprises must stay vigilant to<br />

protect themselves and their assets against bad actors. As well as establishing vital cybersecurity<br />

measures like implementing two-factor authentication, securing mobile devices and changing passwords<br />

regularly, companies should utilize threat hunting to fend off attacks.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 111<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

A threat hunting program enables faster incident response times. It’s also much easier and cheaper to<br />

go threat hunting than to clean up after a security breach. Here’s how to create one <strong>for</strong> a business.<br />

1. Establish a Baseline<br />

Be<strong>for</strong>e they can establish a threat hunting program, business owners must gain a solid understanding of<br />

what’s typical within their work environment. For example, they should understand the usual employee<br />

behavior, activities and network operations that take place within the company. Establishing a baseline<br />

<strong>for</strong> what is and isn’t normal is the first step toward identifying outliers.<br />

2. Identify Important Assets<br />

What does the enterprise offer to hackers? What are its most valuable assets a threat actor would want<br />

to target? <strong>The</strong>se will differ from one company to another, but they often include aspects like money or<br />

client data. Identifying them helps establish why a threat hunting program is necessary and what it should<br />

focus on.<br />

3. Define Success<br />

<strong>The</strong> next important step is to define exactly what the program should achieve. What key per<strong>for</strong>mance<br />

indicators (KPIs) can the business use to measure its success?<br />

An example of a KPI is the number of vulnerabilities — specifically those that could’ve installed malware<br />

on the network — the team remediates within a specific timeframe. KPIs should tie directly to the main<br />

goal of finding and blocking threats, and should help set the cybersecurity team up <strong>for</strong> success.<br />

4. Select a Threat Hunting Strategy<br />

Not every threat hunting program looks the same. A few common strategies include:<br />

• Using the MITRE framework to decide where to start<br />

• Building a minefield under the assumption that a threat actor is already within a network<br />

• Blocking access entirely by building a wall, ensuring anything related to execution and initial<br />

access is blocked<br />

Different strategies address unique needs, so it’s crucial to find the right one <strong>for</strong> each business.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 112<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

5. Decide Whether to Automate<br />

Although automation isn’t required <strong>for</strong> threat hunting, many companies — especially those with<br />

established, advanced cybersecurity programs — automate part of the process to reduce errors and<br />

boost productivity. For businesses that pursue the automation route, it’s crucial to have the right staff to<br />

develop and maintain the software. It’s also vital to closely monitor the automation process so it remains<br />

relevant.<br />

6. Create a Formal Security Operations Center (SOC)<br />

Another important step in building a threat hunting program is establishing an SOC. This process<br />

involves:<br />

• Creating a centralized logging system to data collecting logs such as host endpoint alerts, event<br />

logs, AD logs, routers and switches<br />

• Setting up an automated detection system — such as IDS or SIEM — if desired<br />

• Acquiring external signature and intel feeds to complement the automated detection system<br />

• Hiring an incident response team to resolve alerts and investigate incidents<br />

7. Create Testable Hypotheses<br />

<strong>The</strong> main feature distinguishing threat hunting from reactive cybersecurity is it’s proactive, not based on<br />

alerts. Threat hunters look <strong>for</strong> problems long be<strong>for</strong>e the alarm even sounds. To do this, they build<br />

hypotheses and then set about testing them.<br />

For example, a hypothesis could state that if hackers executed a certain type of malware on the company<br />

network, very specific evidence would exist to prove the malware is on the system. Essentially, if the<br />

malware exists, it will leave a detectable signature.<br />

Threat hunters will then use that theory to run iterative hunting campaigns in their search <strong>for</strong> malware.<br />

<strong>The</strong>y will look <strong>for</strong> the specific evidence outlined in their hypothesis to try and detect it.<br />

8. Think Like a Hacker<br />

Lastly, creating a threat hunting program means thinking in a proactive rather than reactive manner. It<br />

entails always looking <strong>for</strong> vulnerabilities in the enterprise’s network and wondering how best to exploit<br />

them.<br />

To sharpen their proactive thinking, threat hunters can use purple teaming <strong>for</strong> testing. This strategy<br />

involves security teams simulating malicious attacks against the organization’s network, then working<br />

together to solve them.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 113<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Staying Prepared<br />

As cybercrime becomes more prevalent, anticipating it is more important than ever. A good threat hunting<br />

program fends off attacks be<strong>for</strong>e they even start to protect an organization’s time, money and data. It’s a<br />

valuable tool in a company’s arsenal against threat actors — and it will only become more important as<br />

time goes on. Hackers may be savvy, but threat hunters are always one step ahead.<br />

About the Author<br />

Zac Amos is the Features Editor at ReHack, where he covers cybersecurity<br />

and the tech industry. For more of his content, follow him on Twitter or<br />

LinkedIn.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 114<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

How To Improve Security Capacities of <strong>The</strong><br />

Internet of Things?<br />

By Milica D. Djekic<br />

<strong>The</strong> security of the Internet of Things (IoT) is one of the main challenges of today. Many IoT assets could<br />

get an easy target to cyber attacks and it’s highly recommended to somehow cope with these<br />

requirements. <strong>The</strong> best practice is something that would deal with the final solutions, while we would like<br />

to suggest that an IoT design is something we should pay more attention on. When we say a security<br />

within a design – we would mean by that a better cryptography equally being applied to communication<br />

channels and end user’s data. In other words, the role of this chapter is to deal with some suggestions<br />

regarding the IoT security and try to explain how we could improve the next generation solutions.<br />

<strong>The</strong> main IoT security’s requirements<br />

<strong>The</strong> IoT should offer us a great deal of security and privacy. Unluckily, with today’s solutions that’s not<br />

fully the case. Many IoT solutions would deal with the so called – rookie’s mistakes and it would appear<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 115<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

as absolutely unbelievable how some solutions being expected to get highly professional would cope<br />

with some beginner’s questions. <strong>The</strong> IoT security’s requirements should get high and as many research<br />

institutions would indicate it’s about the best practice. <strong>The</strong> fact is the IoT security is about the appropriate<br />

risk management, but the point is if we could do anything more than such best practice could. Right here,<br />

we would point on the possible IoT design that should offer us stronger safety and security through its<br />

usage. <strong>The</strong> cybersecurity is a wide topic and through this chapter – we could discuss many of its aspects.<br />

At this stage, we would try to concentrate on all the necessary steps that should get taken to offer us<br />

much safer private and business environment.<br />

As it’s already suggested through this material, the IoT solutions could include ICS, SCADA and PLC<br />

systems, embedded devices, mobile technologies and much more. <strong>The</strong> main question here would be<br />

how we could make all of these advancements being more secured. <strong>The</strong> majority of a job could get about<br />

the proper set up of those devices being correlated to each other. In other words, we should work hard<br />

on a good hardware, software and network configuration trying to put the risk at the lowest possible level.<br />

Also, it’s important to mention that every single day some of the staffs should maintain such a system<br />

working hard on a better risk management. Many research ef<strong>for</strong>ts would deal with some tips and tricks<br />

how it’s possible to set up your environment in order to avoid any sort of unpredictable scenario. Even if<br />

that scenario occurs – we should always try to rely on a disaster recovery plan as well as business<br />

continuity strategy that should support us in resolving some of the practical issues already being<br />

happened in a practice.<br />

Finally, some of the challenges <strong>for</strong> a future would indicate that it’s not all about the management of the<br />

existing solutions, but rather about development and deployment of new systems that would deal with a<br />

better cyber defense. For instance, many experts would indicate that the IoT of the future should cope<br />

with the stronger encryption and in such a way – offer the better per<strong>for</strong>mances to its next generation<br />

devices. Also, it’s well known that IoT systems would use the big network being created using many<br />

devices talking to each other. In other words, it’s so recommended that those devices should get a wellprotected<br />

communication channel as well as deal with the good data cryptography securing the devices<br />

themselves. In conclusion, some of the next generation IoT improvements are about the better device’s<br />

security which could get obtained through the good practices, disaster recovery and business continuity<br />

strategies and much stronger design of the final products relying on more advanced encryption solutions.<br />

<strong>The</strong> recommendations coming from a practice<br />

Through the practice, we would notice that many IoT solutions would need better software, hardware and<br />

network configuration. Also, we would realize that the majority of those systems would not follow the<br />

basic recommendations suggesting that the inbound ports should get hidden from some of the IoT search<br />

engines. Also, many networks would not use both – software and hardware firewalls or they would take<br />

the minimum of actions in updating their routers, modems or the other network devices.<br />

Also, we would notice some sort of the lack in terms of the good practice in managing the appropriate<br />

authentication. In simple words, people would not try to deal with the strong usernames and passwords<br />

that would make an access to the hackers being much requiring. <strong>The</strong>se are only some of the examples<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 116<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

eing noticed in a practice and some of the advices being indicated to the IoT systems’ users in order to<br />

make them do the better improvements of their<br />

security’s capacities.<br />

<strong>The</strong> challenges <strong>for</strong> a future<br />

At this stage of the IoT development and<br />

deployment – we would deal with many security’s<br />

requirements that should get overcome so shortly.<br />

Some of the weaknesses to this concept are<br />

already known and the expert’s community works<br />

hard to resolve those concerns. On the other hand,<br />

many of vulnerabilities are being discovered as<br />

time goes on and we believe that these findings<br />

could only help us improving our current capacities.<br />

In addition, we think that the IoT of the future would deal with much better encryption. We are aware of<br />

how these solutions could get expensive at this stage, but we believe that many security’s risk, threats<br />

and challenges would make cyber industries seriously deal with this sort of challenges. Finally, it’s<br />

important to say that there are still many challenges to the IoT technology and we hope that they would<br />

get their responses in a coming time.<br />

<strong>The</strong> concluding talk<br />

At the end, we could conclude that the main challenge to the IoT technology could get its security.<br />

Through this material – we would talk about how serious consequences of the unprotected IoT assets<br />

could be to their owners. In order to avoid anything of that happens in the future – we should begin<br />

thinking hard about the possible solutions. In such a sense, any support of the expert’s community is<br />

welcome and we honestly hope that the future would bring us fewer concerns and offer a much better<br />

environment to all.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 117<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About <strong>The</strong> Author<br />

Milica D. Djekic is an Independent Researcher from Subotica, the Republic of<br />

Serbia. She received her engineering background from the Faculty of<br />

Mechanical Engineering, University of Belgrade. She writes <strong>for</strong> some domestic<br />

and overseas presses and she is also the author of the books “<strong>The</strong> Internet of<br />

Things: Concept, Applications and Security” and “<strong>The</strong> Insider’s Threats:<br />

Operational, Tactical and Strategic Perspective” being published in 2017 and<br />

2021 respectively with the Lambert Academic Publishing. Milica is also a<br />

speaker with the BrightTALK expert’s channel. She is the member of an ASIS<br />

International since 2017 and contributor to the Australian <strong>Cyber</strong> Security<br />

Magazine since 2018. Milica's research ef<strong>for</strong>ts are recognized with Computer<br />

Emergency Response Team <strong>for</strong> the European Union (CERT-EU), Censys Press, BU-CERT UK and<br />

EASA European Centre <strong>for</strong> <strong>Cyber</strong>security in Aviation (ECCSA). Her fields of interests are cyber defense,<br />

technology and business. Milica is a person with disability.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 118<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

In Pursuit of a Passwordless Future<br />

By Rob Jenks, Senior Vice President of Corporate Strategy, Tanium<br />

Many computer users dream of a day when the industry can move past its reliance on passwords to<br />

reach a more serene future of frictionless cybersecurity. But most IT and security professionals will tell<br />

you that day is still a long way off. <strong>The</strong> fact is, countless remaining devices and systems are aging relics<br />

that have been based on password security <strong>for</strong> decades. <strong>The</strong>re can be no turning back time <strong>for</strong> such<br />

legacy systems - as long as they are in use, we will depend on passwords, at least to some extent.<br />

For most organizations that means they are stuck in the password filled present, but that doesn’t mean<br />

there isn’t a passwordless future. Be<strong>for</strong>e we can get to that future however, we need to make sure we<br />

are protecting ourselves on the journey there.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 119<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>The</strong> issue with passwords<br />

Passwords usually aggravate users due to all the associated friction. Nobody likes memorizing long<br />

strands of letters, numerals, and symbols to conduct the simplest business, but weak passwords tend to<br />

reward bad actors, which is of course the underlying problem. <strong>The</strong> goal of passwordless is about reducing<br />

the amount of friction to make authentication and authorization simpler <strong>for</strong> users. So, in essence, we<br />

should think of “passwordless” as being “frictionless,” based on simplifying the login process <strong>for</strong> users.<br />

<strong>The</strong> trouble is, the safest passwords are typically the hardest to remember, so there is a high amount of<br />

friction. But in a world where hackers launch an average of 50 million attacks on passwords every day,<br />

which equates to 579 strikes per second, according to Microsoft, safety should override convenience, but<br />

that often isn’t the case. In fact, Verizon found that 60% of data breaches are now attributed to<br />

compromised credentials. Hackers often prey on a user’s natural proclivity <strong>for</strong> convenience when people<br />

re-use the same ID and password combination <strong>for</strong> multiple sites. Once those passwords and IDs appear<br />

on the dark web, they can be used <strong>for</strong> a range of different logins.<br />

Surviving in the present<br />

In the short term, we need to bridge the gap between the needs <strong>for</strong> a strong, complex password – with<br />

the reduction of friction <strong>for</strong> employees. Nearly half of all Americans (41%) still rely on memory to recall<br />

their passwords, meaning that they often adopt simple or repeatable words that are easy to remember.<br />

<strong>The</strong>re is an easy solution which both reduces friction and improves security: password managers.<br />

Organizations taking security seriously can offer employees a subscription to a password manager which<br />

eliminates the need <strong>for</strong> employees to remember complex passwords while still providing sufficiently<br />

robust credentials. Additionally, organizations should consider using tools which regularly check if<br />

passwords are compromised, further ensuring the strength of the passwords used.<br />

Passwords aren’t enough on their own however, and need to be bolstered by some of the “passwordless”<br />

security protocols that we have been using <strong>for</strong> years. Multifactor authentication (MFA) is an age-old<br />

concept that relies on something you have (a device or application) plus something you know (a captcha<br />

or existing account) to prove your unique identity and authorize your access. Two-factor authentication<br />

(2FA) was the first widespread adoption of this method, in which exactly two authentication factors were<br />

required, but with the threats becoming more sophisticated the industry has been shifting towards<br />

requiring more than two factors to better safeguard against attack like credential stuffing. <strong>The</strong>se helps<br />

make the organizations more secure, but also add friction which a passwordless future promises to<br />

eliminate.<br />

<strong>The</strong> road to <strong>for</strong>getting our passwords <strong>for</strong>ever<br />

We have seen many of the biggest tech companies like Apple, Google, and Microsoft lead the charge<br />

into a passwordless future with the use of biometric recognition or facial recognition. <strong>The</strong>se approaches<br />

can be an effective alternative to passwords as it is much harder to fake someone’s fingerprints or face<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 120<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

than to guess their password, but it still doesn’t solve the problem of all the legacy systems that will be in<br />

use <strong>for</strong> years to come.<br />

<strong>The</strong> only real path <strong>for</strong>ward is organizations committing to updating legacy systems and technologies. As<br />

the organization’s technology advances and becomes more cloud based, authentication can change<br />

along with it. <strong>The</strong> process is slow, but if it is done intentionally, organizations can reduce the number of<br />

things passwords are needed <strong>for</strong>, then the number of people who need to use passwords, be<strong>for</strong>e finally<br />

eliminating them all together.<br />

<strong>The</strong> passwordless future feels close because we have the technology to do it, but progress will be slow<br />

as applications are migrated to adopt passwordless authentication. So, while there is no way my<br />

password manager will be empty by next year, or even the year after that – by 2030? That’s possible.<br />

About the Author<br />

As senior vice president of corporate strategy, Rob Jenks leads<br />

Tanium’s business development and ecosystem ef<strong>for</strong>ts. Rob is<br />

focused on advancing business-critical relationships across<br />

technology alliances and channel partners, driving new ways<br />

Tanium’s real-time, accurate data can be leveraged, and<br />

identifying new market opportunities.<br />

Prior to joining Tanium, Rob served as vice president of strategy<br />

and alliances at C3.ai, where he helped the company determine its<br />

strategy, product, partner, and pricing approach in service of<br />

delivering business value to its customers. Be<strong>for</strong>e C3.ai, Rob led<br />

the Low Carbon Economics service line at McKinsey & Company,<br />

an innovative software-enabled capability within the energy<br />

practice. Rob advised clients across a range of industries on<br />

strategy and operations related to technology and the clean-energy<br />

transition. He has also served on advisory boards <strong>for</strong> early-stage<br />

fintech and edtech software startups.<br />

Rob received a Ph.D. in Physics from Harvard University, an M.Phil. in the History of Science from<br />

Cambridge University, and a BA in Physics from Williams College.<br />

To learn more or reach out to Rob, visit www.tanium.com and follow us on LinkedIn and Twitter.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 121<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Insights from Billington <strong>Cyber</strong>security Summit <strong>2023</strong>:<br />

<strong>The</strong> Enhanced Threat Surface of 5G/6G & IOT<br />

By Dr. Torsten Staab, PhD, RTX Principal Technical Fellow<br />

From September 5th to September 8th of <strong>2023</strong>, Billington <strong>Cyber</strong>security hosted its 14th annual<br />

<strong>Cyber</strong>security Summit in Washington, D.C.<br />

Among my fellow Raytheon executives, I was given the honor of joining senior leadership from the U.S.<br />

government and its allied partners, along with other industry and academic partners to discuss some of<br />

today’s most pressing national security issues. On the second day of the conference, I myself participated<br />

in a panel discussion titled, “Breakout C4: <strong>The</strong> Enhanced Threat Surface of 5G/6G & IoT,” which explored<br />

the implications of telecommunication capabilities on cybersecurity as true 5G networks and several<br />

billion more internet-connected devices become a reality. Detailed below are some of my insights<br />

regarding this topic and the key points that were discussed during the panel.<br />

It is estimated that the number of internet-connected IoT devices could reach 30 billion by 2030. With an<br />

exponential increase of commercial and industrial IoT devices and systems, concerns have been<br />

naturally raised regarding IoT vulnerabilities. <strong>The</strong>se can include a wide range of different threats, such<br />

as a lack of secure update mechanisms, use of components from questionable suppliers, weak or<br />

hardcoded passwords, unprotected Application Programming Interfaces (APIs), unencrypted data<br />

transfer or storage, insufficient data privacy protections, and lack of device management. And as we<br />

begin to more widely deploy, embed, and rely on interconnected IoT devices and sensors, the basic<br />

building blocks needed to improve security must be upleveled. Such security measures should include<br />

Zero Trust by design and promote secure boot, secure firmware and application updates, continuous<br />

authentication and authorization, secure communications, data encryption (at rest and in transit), and<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 122<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

configurable data privacy. <strong>The</strong>se building blocks will help reduce potential attack vectors and will make it<br />

much harder <strong>for</strong> adversaries to exploit IoT devices, connected infrastructure, and end users. It is also<br />

important that the focus is not only on cyber-hardening of the IoT devices or sensors. Securing the<br />

surrounding IoT ecosystem and components, such as mobile apps and cloud-hosted services that<br />

interact with IoT devices and services like home security cameras and Alexa-type voice assistants, is<br />

equally important.<br />

Considering these ongoing and expansive cyber threats in the IoT domain, there is widespread<br />

recognition that preventative actions need to be taken. In July, the FCC, along with a host of partnering<br />

companies, announced a late 2024 <strong>Cyber</strong> Trust Mark labeling program <strong>for</strong> interconnected IoT and home<br />

automation devices, such as home network routers, appliances, security cameras, and other products.<br />

<strong>The</strong> goal of the program is to help consumers quickly assess the security level of an IoT product or<br />

service without requiring them to be a cyber expert. Modeled after similar product security programs in<br />

other countries such as Singapore, the new US <strong>Cyber</strong> Trust Mark program is expected to help consumers<br />

with their IoT device purchasing decisions. <strong>The</strong> program is also expected to help motivate IoT device<br />

manufacturers to voluntarily add more security to their offering and allow them to use the US <strong>Cyber</strong> Trust<br />

Mark to help differentiate their offerings.<br />

In relation to enhanced 5G/6G threats and attack surfaces, network slicing is often part of the<br />

conversation. Network slicing, <strong>for</strong> example, allows a network operator to "slice" a 5G network into multiple<br />

logical and independent networks and provide fine-grained control over who gets priority network access<br />

and how much bandwidth each user, application, and service gets to consume. Advanced networking<br />

capabilities like slicing, however, also considerably increase the implementation complexity and attack<br />

surface 5G/Future G networks. <strong>The</strong> official 5G standard specification did not provide sufficient guidance<br />

on how to implement features such as network slicing securely. As a result, many 5G implementations<br />

have fallen victim to sophisticated denial of service, side channel, and man-in-the-middle attacks. To help<br />

address these shortcomings, the NSA and CISA recently released security considerations <strong>for</strong> the<br />

implementation of 5G network slicing. In their recommendations, they address some identified threats to<br />

5G standalone network slicing and outline specific practices <strong>for</strong> the design, deployment, operation, and<br />

maintenance of network slices.<br />

<strong>The</strong> implementation and operation of next generation networks and advanced capabilities such as<br />

network slicing will also require network operators to implement and rely more on algorithmic and AI/MLdriven<br />

decision making. <strong>The</strong> increased use of AI/ML in the operation of networks will also require a<br />

significant change in how these advanced networks are secured. For example, 5G/Future G networks<br />

will also have to address and counter known AI/ML-related vulnerabilities and attacks, such as data<br />

poisoning and adversarial attacks. Independent of network-specific vulnerabilities such as network slicing<br />

or AI/ML operations, however, the Zero Trust mantra of “Never trust, always verify!” should always apply.<br />

To help reduce cyber-attack surfaces and to combat continuously evolving IoT- and 5G/6G-related cyber<br />

threats, suppliers, manufacturers, service providers, and users must<br />

work closely together to cyber-harden their components, devices, networks, and services.<br />

After all, cybersecurity is a team sport.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 123<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Dr. Torsten Staab serves as Chief Innovation Officer <strong>for</strong> Raytheon’s<br />

<strong>Cyber</strong>security, Intelligence, & Services business unit and Chief<br />

Technology Officer <strong>for</strong> Raytheon Blackbird Technologies, Inc. He is also<br />

an RTX Principal Technical Fellow, a role in which he also supports RTX’s<br />

other businesses Collins Aerospace and Pratt & Whitney.<br />

Staab has an extensive background in software and systems engineering<br />

and cybersecurity. He is a recognized subject matter expert in areas such<br />

as Zero Trust Security, data analytics, machine learning, distributed<br />

systems and laboratory automation. He has contributed to more than 50<br />

publications and has received five patents with 9 pending.<br />

He received a Diplom In<strong>for</strong>matiker (FH) degree from the University of Applied Sciences in Wiesbaden,<br />

Germany. In addition, he also holds Master of Science and Doctorate degrees in Computer Science from<br />

the University of New Mexico.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 124<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

It’s Time to Tear Down the Barriers Preventing<br />

Effective Threat Intelligence<br />

By Denny LeCompte, CEO, Portnox<br />

Today, organizations are confronted with a deluge of cyber threats, ranging from sophisticated AIpowered<br />

ransomware to tried and true brute <strong>for</strong>ce attacks. At this point, IT security teams know it’s<br />

essential to stay one step ahead of cybercriminals, but numerous barriers hinder such events and prevent<br />

effective threat intelligence that would otherwise enable them to do this. As one might expect, some<br />

roadblocks are operational, some technical, and some human.<br />

Prioritization of vulnerabilities, investment in security training and tools, and a general re- evaluation of<br />

threat hunting tactics and strategies may seem like obvious steps towards improvement, but these<br />

initiatives can often feel herculean. Fortunately, there is a clear path <strong>for</strong>ward thanks in part to the advent<br />

of cloud-native security tools, artificial intelligence, machine learning, and the mistakes made by others.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 125<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>The</strong> Murky Waters of Threat Intelligence<br />

One of the most pervasive challenges confronting organizations in their quest <strong>for</strong> effective threat<br />

intelligence is the sheer volume of data generated across a wide array of security tools. <strong>The</strong> relentless<br />

proliferation of in<strong>for</strong>mation makes it increasingly difficult to separate the signal from the noise. Inundated<br />

with a barrage of alerts and indicators of compromise, security teams often find themselves overwhelmed<br />

and unable to discern genuine threats from false positives. This in<strong>for</strong>mation overload not only wastes<br />

valuable time but also diverts resources away from addressing the most critical risks.<br />

While in<strong>for</strong>mation overload is perhaps the most apparent challenge when it comes to strengthening threat<br />

intelligence programs, there are several other key reasons why more organizations do not (or cannot)<br />

invest more time and energy in this area:<br />

• <strong>The</strong>re is an overall lack of contextualization of in<strong>for</strong>mation at hand. Raw data, without proper<br />

context, can be meaningless and may not provide actionable insights. If you can’t tie A to B to C,<br />

who cares? This mindset tends to silo security operations which perpetuates the lack of context<br />

problem.<br />

• <strong>The</strong> shortage of skilled personnel is yet another obstacle in the path of effective threat intelligence.<br />

<strong>The</strong> cybersecurity talent gap is well documented and is driven largely by increased systems and<br />

architecture complexity, a growing demand <strong>for</strong> talent, budget constraints, and burnout. When<br />

combined, these factors have made it very difficult <strong>for</strong> organizations to recruit and retain skilled<br />

IT security professionals.<br />

• Interoperability issues within organizations existing security infrastructure constitute a significant<br />

hindrance to threat intelligence implementation. Many organizations operate a patchwork of<br />

security tools and systems that do not communicate seamlessly. This siloed approach impedes<br />

the flow of in<strong>for</strong>mation and hinders timely threat detection and response.<br />

• <strong>The</strong> ever-evolving nature of cyber threats presents perhaps the most unpredictable challenge.<br />

<strong>Cyber</strong>criminals are continually developing new tactics, techniques, and procedures to evade<br />

detection, making it extremely difficult <strong>for</strong> IT security teams to identify and then act on threats.<br />

Just one of these roadblocks is enough to deter organizations from investing more time and<br />

energy into developing threat profiles, deterrence tactics, and even remediation plans. <strong>The</strong> path<br />

<strong>for</strong>ward requires a certain degree of introspection. <strong>The</strong> willingness to look critically at operational<br />

shortcomings and prioritize areas of improvement that can contribute to better threat intelligence can pay<br />

off down the line, even if it means having to acknowledge some uncom<strong>for</strong>table truths first.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 126<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Is it Time to Re-evaluate Your Threat Hunting Program?<br />

For most organizations, the answer to this question is most certainly yes. Tackling the above challenges<br />

head-on is daunting, but achievable. Below, there are several factors to consider across each pain point:<br />

• It starts with contextualizing threat data and determining an organization’s unique risk profile,<br />

business objectives, and industry-specific threats. For a bank, <strong>for</strong> example, this would mean<br />

identifying its most critical assets, such as customer data, company financials, any transaction<br />

systems, and even payment processing infrastructure. <strong>The</strong> bank would then want to create threat<br />

profiles based on what the most common types of attacks are against similar institutions, focusing<br />

on the various end goals these attackers have. Is it purely <strong>for</strong> financial gain? Is it state-sponsored?<br />

Is the attack coming from the inside? Tailoring threat intelligence to specific needs allows<br />

organizations to focus on the most relevant threats and allocate resources effectively.<br />

• Addressing the skills gap requires time and money. <strong>The</strong>re’s really no way to avoid this. To address<br />

the skills shortage, businesses should develop training and development programs to upskill their<br />

existing work<strong>for</strong>ce and promote a culture of continuous learning. Additionally, partnering with<br />

third-party managed security service providers can help augment in-house expertise and provide<br />

access to a broader pool of talent. While the time horizon on these initiatives may seem long or<br />

expensive, it’s important to remember that the average cost of a ransomware attack is in the<br />

millions of dollars.<br />

• Look to the cloud to solve interoperability issues. To overcome legacy system and hardware<br />

interoperability issues, organizations should look to the cloud. Specifically, companies should<br />

adopt cloud-native security solutions that can be easily integrated with one another, allowing <strong>for</strong><br />

seamless data sharing and orchestration. This is a critical step towards not only contextualizing<br />

security posture data, but also being able to define and en<strong>for</strong>ce policies that proactively mitigate<br />

and eliminate threats. In recent years, core security technologies like network access control<br />

(NAC), security in<strong>for</strong>mation and event management (SIEM), endpoint detection and response<br />

(EDR), and others have moved from on-premises to the cloud.<br />

• Keeping up with new threats requires agility and adaptability across an organization’s security<br />

posture. Regular threat intelligence updates, threat huntingexercises, and red teaming<br />

engagements can help organizations proactively identify vulnerabilities and improve their<br />

defensive capabilities. It’s important to note that without filling the skills gap and focusing on<br />

continuous learning across the security team, and by not investing in new cloud-native<br />

technologies, companies will continue to struggle to get the context they need to address threats,<br />

let alone be able to keep up with new ones.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 127<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Don’t Wait to Infuse Threat Intelligence with AI & ML<br />

Everything covered above still requires some degree of human interference. That’s changing. Humans<br />

are fallible, perhaps more than we’d like to admit. Even with automation, we have a tendency to overlook,<br />

miss, or even ignore things. This is true in the cyber security function, but there’s been a realization: the<br />

stakes are too high.<br />

Artificial intelligence and machine learning are already being used today to enhance threat detection,<br />

response, and overall cybersecurity ef<strong>for</strong>ts. With the ability to analyze large volumes of network and<br />

system data, AI and ML are being leveraged to establish baselines <strong>for</strong> normal user behavior, making it<br />

easier to pinpoint the anomalies when they occur. By recognizing attack patterns, AI and ML are enabling<br />

organizations to improve the accuracy of their intrusion detection systems and prevent threats from<br />

advancing.<br />

As these technologies become more sophisticated through deep learning, neural networks, and other<br />

techniques, more and more tactics and approaches to threat intelligence, hunting, and prevention will<br />

emerge. Today, by leveraging these emerging technologies to unleash predictive and adaptive threat<br />

capabilities, companies can finally gain the upper hand against cybercriminals and establish effective<br />

threat intelligence programs. One question remains: will they commit to doing it?<br />

About the Author<br />

Denny LeCompete is the CEO of Portnox. He is responsible <strong>for</strong><br />

overseeing the day-to-day operations and strategic direction of the<br />

company. Denny brings over 20 years of experience in IT<br />

infrastructure and cyber security. Prior to joining Portnox, Denny<br />

held executive leadership roles at leading IT management and<br />

security firms, including SolarWinds and AlienVault. Denny holds<br />

a Ph.D. in cognitive psychology from Rice University.<br />

Denny can be reached online at denny@portnox.com and at our<br />

company website https://www.portnox.com/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 128<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Building For a More Secure Future: How<br />

Developers Can Prioritize <strong>Cyber</strong>security<br />

By Jeremy Butteriss, EGM Ecosystem and Partnerships, Xero<br />

An iconic moment in the rise of ecosystems was Steve Ballmer on stage saying ‘developers, developers,<br />

developers’ at the 1999 Microsoft .NET presentation. At the time, he was breaking new ground, repeating<br />

those words to help convince his teams on how crucial developers were going to be to the success of<br />

their plat<strong>for</strong>m. And then of course in 2008, Steve Jobs launched the iPhone and the App Store - a point<br />

in time that arguably changed the world and led to a massive rise of new developers. Both of those<br />

moments signaled the arrival of tech plat<strong>for</strong>ms, and solidified the important role a burgeoning developer<br />

industry would have in making them a success.<br />

Today, it’s hard to imagine a world without developers, and the plat<strong>for</strong>ms and ecosystems they operate<br />

in. While the focus may have been initially on enterprise B2B plat<strong>for</strong>ms with Microsoft, and then B2C with<br />

the Apple App Store, plat<strong>for</strong>ms have become much more ubiquitous and broad in their scope. Vertical<br />

plat<strong>for</strong>ms in industries such as hospitality, construction and ecommerce; horizontal plat<strong>for</strong>ms in areas<br />

such as financial services and CRM; and even plat<strong>for</strong>ms <strong>for</strong> plat<strong>for</strong>ms. <strong>The</strong>se have become business<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 129<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

operating systems of sorts <strong>for</strong> their customers. <strong>The</strong>y create a massive amount of opportunity <strong>for</strong><br />

developers, by reducing barriers to entry and providing access to large pools of customers. In turn,<br />

developers enable these plat<strong>for</strong>ms to offer a broad array of complementary services, increase average<br />

revenue per user (ARPU) and drive more customer retention.<br />

<strong>The</strong> rise of digitalization<br />

Cloud plat<strong>for</strong>ms and ecosystems are part of an increasingly connected globe driven by the proliferation<br />

of technology. Many countries and governments are recognizing this and are accelerating the<br />

digitalization of their economies as quickly as possible. This shift means more opportunities <strong>for</strong> plat<strong>for</strong>ms<br />

and developers alike, especially as new markets open up. However, it also means greater demands<br />

stemming from increased regulation, competition and cybersecurity risks.<br />

As part of this digitalization shift, more and more business and transaction data is moving online, exposing<br />

the data to a greater risk of cybersecurity-related issues - especially as malicious actors are getting more<br />

sophisticated and using AI. Smaller organizations are especially vulnerable and often don’t have the<br />

resources or expertise to invest in and maintain their own cybersecurity. Developers are recognizing this<br />

too: a recent survey published by small business cloud-accounting plat<strong>for</strong>m, Xero, shows more than half<br />

(56%) said data privacy and security are top of mind, and that 15% reported having faced cybersecurity<br />

challenges in the 12 months prior. As cybersecurity incidents rise, it’s clear more developers are focused<br />

on data security and protecting customer data appropriately.<br />

Government and financial institutions are responding by introducing new regulatory and policy<br />

requirements that help protect consumers and businesses. Additionally, plat<strong>for</strong>ms themselves are also<br />

setting their own policies on key topics like responsible data use and API security standards. <strong>The</strong>se<br />

policies set the expectation of how the plat<strong>for</strong>ms will operate internally and externally, and by extension<br />

any third-parties that they connect with – including developers.<br />

For those looking to take advantage of the digitalization wave, navigating the additional cybersecurity,<br />

regulatory and plat<strong>for</strong>m requirements can be burdensome - especially <strong>for</strong> those looking to scale quickly.<br />

While cloud plat<strong>for</strong>ms are applying some of their own standards and policies, they also carry the distinct<br />

advantage of scale and resources. <strong>The</strong>y can not only invest in security and keep up with regulatory<br />

changes, but can also provide additional paths to market and access to technology at a lower cost and<br />

with greater reliability. Developers seeking to build solutions that help businesses run their operations<br />

and handle their financial in<strong>for</strong>mation can leverage the scalable and secure environments that plat<strong>for</strong>ms<br />

provide. Regulatory standards and cybersecurity features can be developed into apps and solutions from<br />

the ground up, providing assurance to end-users.<br />

Building to enable building.<br />

For some smaller developers the combination of both internal and external standards can be an extra<br />

burden and a barrier to entry. Whether it be a plat<strong>for</strong>m policy decision to migrate an ecosystem from<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 130<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

OAuth 1.0 to OAuth 2.0, or increasing regulatory requirements <strong>for</strong> multi-factor authentication (MFA), the<br />

increased compliance workload pulls valuable time away from building a product. Increasingly, plat<strong>for</strong>ms<br />

have recognized this burden and are investing in building out-of-the-box tools required to reduce the load.<br />

Underpinning this is extensive documentation, education and support <strong>for</strong> developers who need help or<br />

are interested in taking a deeper dive.<br />

An example is the large range of identity tools <strong>for</strong> user access and credentials that make signing-up and<br />

signing-into apps easier <strong>for</strong> customers, like Single-Sign On using Xero, Okta or Google. Developers can<br />

leverage existing customer details within the security of the plat<strong>for</strong>m as part of their onboarding and login<br />

flow. Additionally, some plat<strong>for</strong>ms have already established complementary MFA tools as part of their<br />

login flow. This is especially useful <strong>for</strong> developers wanting to add additional security protocols <strong>for</strong> their<br />

product, or those operating or wanting to operate in countries like Australia where MFA is mandatory <strong>for</strong><br />

digital service providers. Research from Verizon shows that MFA can prevent up to 80% of data breaches<br />

making it one of the most effective methods to protect customer data, especially if their credentials are<br />

compromised.<br />

Point-of-sale and payments plat<strong>for</strong>ms like Square, Stripe and Shopify all offer secure and easily<br />

integrated checkout and payments solutions so developers don’t need to build their own. This helps avoid<br />

the increased compliance, risk and security burdens that come with directly managing payments - a highly<br />

regulated global industry.<br />

Plat<strong>for</strong>ms also constantly monitor the operation and security of their APIs with dedicated teams and tools.<br />

Issues or unusual behavior, such as sudden spikes in request volumes or webhooks errors, can be<br />

immediately flagged <strong>for</strong> investigation, enabling the plat<strong>for</strong>ms to move quickly in response and notify<br />

developers. Where there may be a product or feature slowness or outage, this also helps both parties<br />

manage the customer experience <strong>for</strong> end-users with status updates or a quick resolution.<br />

Reducing burden and barriers to entry <strong>for</strong> developers encourages innovation and experimentation in a<br />

plat<strong>for</strong>m. With developers being supported by cybersecurity features at the plat<strong>for</strong>m level, their time is<br />

freed up to focus on doing what they do best - solving problems and innovating. This ultimately benefits<br />

end-user customers who can use the plat<strong>for</strong>m and choose associated integrations with greater<br />

confidence.<br />

Time to focus on the basics<br />

Developers and end-users both benefit from the work that cloud plat<strong>for</strong>ms do in cybersecurity. By<br />

prioritizing identifying and working with plat<strong>for</strong>ms that provide a secure environment, developers are<br />

prioritizing the safety of the data of both parties. <strong>The</strong>y’re also freeing up resources to spend on building<br />

out their products and solutions, enabling time to be spent on developing features that customers want.<br />

But even with plat<strong>for</strong>ms taking a lot of the security burden off of developers, it’s not permission to be idle<br />

when creating solutions. <strong>The</strong>re are many other basic security practices and processes that should<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 131<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

underpin the work developers and plat<strong>for</strong>ms do, to build additional layers of security when creating apps<br />

and integrations:<br />

• Encryption - employing encryption across systems and databases may sound obvious, but its<br />

additional base-level protection of data complements what plat<strong>for</strong>ms offer. AWS, Azure, or Google<br />

Cloud Plat<strong>for</strong>m provide in-built encryption tools and mechanisms that are often an easy way to<br />

apply encryption safely. However, applying encryption isn’t always a simple process. At Xero, we<br />

see developers constantly juggling all of the considerations including which algorithms to use and<br />

generating and securing unique keys.<br />

• Vulnerability management using industry accepted guidance <strong>for</strong> secure code development,<br />

such as OWASP Top 10, and ensuring secure communication between an app and authorization<br />

servers using HTTPS or similar secure protocol to prevent unauthorized access and<br />

eavesdropping.<br />

• Constant vigilance around security and encryption. <strong>The</strong> landscape is constantly changing, with<br />

new standards and tools available, to counter emerging threats. Integrating with plat<strong>for</strong>ms helps<br />

manage this, but it’s not a ‘one and done’ solution. Security monitoring practices, breach reporting<br />

provided by plat<strong>for</strong>ms helps to detect and manage threats be<strong>for</strong>e it’s too late. Backing this up with<br />

appropriate audit logging at both application level and event-based actions can make it easy to<br />

identify and track unusual activity quickly.<br />

• Data hosting and third-party risk assessments. We’ve seen multiple times over recent years<br />

that even when doing everything correctly, data can still be compromised through other tools or<br />

plat<strong>for</strong>ms that you integrate with. Developers are having to consider a large number of variables<br />

when making these decisions, including country, legal, contractual, access, sovereignty and<br />

counterparty risks. Ideally, client data is not hosted in high risk areas, where it could be seized,<br />

compromised or made unavailable <strong>for</strong> access.<br />

Security and opportunity<br />

Small businesses are a significant and often underestimated driver of the global economy and are one<br />

of the most at-risk when it comes to cybersecurity. <strong>The</strong> digitalization of this sector presents a major<br />

opportunity <strong>for</strong> plat<strong>for</strong>ms and developers to provide solutions that help small businesses thrive in a secure<br />

way. Taking advantage of the security investment, resources and scale of plat<strong>for</strong>ms, like Xero, means<br />

that as this digital transition occurs, developers can focus on creating the apps and integrations that make<br />

it as smooth as possible. Consumer and business data privacy and security are a top priority when<br />

handling the in<strong>for</strong>mation of this major but vulnerable part of the global economy. To deliver on this<br />

requires constant ef<strong>for</strong>t from all parties, including developers, cybersecurity and IT professionals, endusers,<br />

and the plat<strong>for</strong>ms they use.<br />

All in all, living in an innovation-driven world is quite exciting – however, as the old tale goes, with great<br />

power comes more responsibility. Whether it be <strong>for</strong> business or consumer use cases, app developers<br />

and cybersecurity professionals need to operate on synergistic levels to uphold the safest options <strong>for</strong><br />

clients.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 132<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Jeremy Butteriss and I am the Executive General Manager of<br />

Ecosystem and Partnerships at small business accounting plat<strong>for</strong>m,<br />

Xero. I’m responsible <strong>for</strong> improving Xero’s plat<strong>for</strong>m via enhancing US<br />

partnerships, integrating software and helping customers and partners<br />

discover new solutions.<br />

Jeremy can be found on LinkedIn:<br />

https://www.linkedin.com/in/jbutteriss/?originalSubdomain=ca.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 133<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

What the Government Can Learn from the<br />

Private Sector in Pursuit of Zero Trust<br />

By Kevin Kirkwood, Deputy CISO, LogRhythm<br />

It has now been over two years since President Biden issued the Executive Order on Improving the<br />

Nation’s <strong>Cyber</strong>security, outlining one of the administration's first real advancements in the pursuit of Zero<br />

Trust Architecture. <strong>The</strong> announcement signified a major milestone in modernizing U.S. government<br />

security defenses and raising awareness <strong>for</strong> all federal, state and local agencies to make security a top<br />

priority.<br />

Now just one year away from the White House’s Zero Trust implementation target of September 2024,<br />

several U.S. government agencies recently fell victim to a Russian cyberattack, signaling that there is still<br />

more ground to be covered in the government-wide pursuit of Zero Trust. <strong>The</strong> hacking spree, which has<br />

impacted schools, hospitals and local government institutions, in addition to several federal agencies,<br />

has placed extra scrutiny on the government’s security measures – or lack thereof.<br />

In mid-April of <strong>2023</strong>, the <strong>Cyber</strong>security and Infrastructure Security Agency (CISA) released the second<br />

version of its Zero Trust Maturity Model that serves as the guidebook <strong>for</strong> federal agencies on the path to<br />

Zero Trust. According to a report from the National Security Telecommunications Advisory Committee,<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 134<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

which helped feed the development of the updated model agencies are in “dramatically different phases”<br />

of their respective zero trust journeys. Burdened by legacy infrastructure, some federal entities lack the<br />

resources necessary to meet the proposed Zero Trust guidelines in the near-term future.<br />

Getting Zero Trust on Track<br />

Though the federal government has historically been a breeding ground <strong>for</strong> top cybersecurity<br />

professionals, it may be time <strong>for</strong> the government to borrow a few lessons from industry pros in the private<br />

sector. <strong>The</strong> public sector must adopt some of the agility and flexibility of the business world to streamline<br />

the progress of zero trust projects, especially with federal implementation deadlines looming.<br />

Assessing the Situation<br />

When planning to build out a Zero Trust program, government agencies should look to model their<br />

implementations based on the steps that enterprises use <strong>for</strong> their own transitions. This starts with an<br />

initial assessment of the organization’s security posture. While it may sound obvious, agencies must first<br />

assess the mechanisms they currently have in place to understand where potential gaps may lie.<br />

Identifying potential threats is an important first step in laying the groundwork <strong>for</strong> Zero Trust.<br />

Planning the Transition<br />

Once a comprehensive assessment has been completed, agency leaders can begin to plan the transition<br />

itself. Zero Trust can be extremely complicated, which makes it important <strong>for</strong> leadership to define goals<br />

up front and set expectations <strong>for</strong> the project's outcome. Given the guidance already issued by CISA,<br />

agencies have a baseline <strong>for</strong> defining goals and a timeline <strong>for</strong> achieving them. This is also the stage of<br />

the process where resources are allocated <strong>for</strong> implementation. While budgets can vary from institution to<br />

institution – and especially when comparing a federal agency to a local department – organizations must<br />

understand the resources available to them. Agency leaders at all levels must advocate <strong>for</strong> support of<br />

security projects to protect the infrastructure that serves the public.<br />

Executing the Strategy<br />

After an action plan has been presented, agencies can begin to make headway on the actual<br />

implementation phase. <strong>The</strong> execution of Zero Trust is the most intricate, most important piece of the<br />

puzzle. Not to be overlooked in the deployment of Zero Trust technologies is the importance of training<br />

employees. Zero Trust principles may be new to agency personnel, requiring dedicated training sessions<br />

to educate team members on how to work within the newly deployed architecture. Individual contributors<br />

must know the common warning signs of suspicious activity to avoid falling victim to social engineering<br />

attacks that can help malicious actors penetrate Zero Trust defenses.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 135<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Adapting and Improving<br />

<strong>The</strong> work is never quite done with Zero Trust, even after deployment is complete. Agency leadership<br />

must implement processes <strong>for</strong> monitoring and continuous improvement of Zero Trust architecture.<br />

Leaders must establish per<strong>for</strong>mance metrics to track progress against the objectives outlined in the<br />

earlier planning phases of Zero Trust implementation. Without some kind of measurement, it can be<br />

difficult to demonstrate progress on Zero Trust initiatives. By tracking metrics and conducting regular<br />

reviews of Zero Trust technologies, organizations can continue to adapt their framework to better fit the<br />

unique security considerations of their team.<br />

Building a More Secure Future<br />

Conversations of Zero Trust implementation are sure to dominate the public sector in the year ahead.<br />

While there are many hurdles in deployment unique to the agency landscape, private enterprises have<br />

been fine tuning their Zero Trust strategies <strong>for</strong> years. All this trial and error within the private sector can<br />

show agencies which steps to take, and which to avoid, along their own Zero Trust journeys.<br />

About the Author<br />

Kevin Kirkwood, Deputy CISO, LogRhythm. I lead the internal practice of<br />

security <strong>for</strong> LogRhythm. My teams include: governance, risk and<br />

compliance (GRC), application security (AppSec), security operations<br />

center (SOC), and physical security. This concentration in security<br />

practice, tools, and operations enables the team and I to ensure that we<br />

provide a safe foundation to build the security plat<strong>for</strong>ms of the future while<br />

protecting employees, systems, and ultimately our clients who will use our<br />

products. I can be reached on LinkedIn and at the company website<br />

www.logrhythm.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 136<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Protecting Your Business and Personal Data<br />

By Brian Lonergan, VP of Product Strategy, Identity Digital<br />

October celebrated National <strong>Cyber</strong>security Awareness Month (NCSAM), a time when public and private<br />

sectors, along with tribal communities, join <strong>for</strong>ces to empower individuals and businesses with the<br />

knowledge they need to navigate the digital landscape safely. NCSAM's core message is simple yet<br />

empowering: awareness and proactive measures are our best defenses.<br />

In an increasingly digital world, safeguarding your small business and personal in<strong>for</strong>mation should be a<br />

top priority. This article will explore cybersecurity awareness and provide essential strategies to help keep<br />

your digital presence secure. By the end, you’ll better understand how to make in<strong>for</strong>med choices online<br />

and gain practical insights into protecting yourself and your business from the ever-evolving landscape<br />

of cyber threats.<br />

We’ll begin by exploring cybersecurity and taking a closer look at one of the most common threats:<br />

phishing attacks.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 137<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Understanding Phishing Attacks<br />

Phishing attacks are like digital traps set by cybercriminals to trick individuals into revealing sensitive<br />

in<strong>for</strong>mation, such as passwords, credit card numbers, or personal details. <strong>The</strong>se attacks are widespread<br />

and can take many <strong>for</strong>ms, often arriving in the <strong>for</strong>m of seemingly legitimate emails, messages, or<br />

websites.<br />

Phishing Tactics<br />

Phishing comes in various <strong>for</strong>ms, and it's valuable to recognize them to stay safe. One common type is<br />

Spear Phishing, where scammers target specific individuals, often using personal in<strong>for</strong>mation to make<br />

their messages seem legitimate. Another is Vishing, which involves phone calls to trick you into revealing<br />

sensitive in<strong>for</strong>mation. Smishing is similar, but it happens through text messages. <strong>The</strong>n there's Pharming,<br />

where attackers direct you to fake websites to steal your data. A recent trend involves using QR codes<br />

to propagate malicious URLs, a technique called Qishing. It tricks people with fake Multifactor<br />

Authentication (MFA) alerts, convincing them to scan QR codes. (MFA requires at least two <strong>for</strong>ms of<br />

verification). But instead of reaching the intended site, victims end up on the scammer's phishing page.<br />

Understanding <strong>Cyber</strong>security Risks and Impact<br />

Staying alert and in<strong>for</strong>med can make a big difference in protecting your valuable in<strong>for</strong>mation from<br />

potential threats that can lead to financial and reputational impacts on individuals and businesses. Victims<br />

might face identity theft, financial losses, and even malware infections from harmful software unknowingly<br />

getting into their computers. <strong>The</strong>se attacks can also compromise personal data security and privacy,<br />

making individuals more susceptible to further harm.<br />

When a breach occurs, customers may worry about their data’s safety and question the business’s<br />

reliability. A cybersecurity incident can also reveal weaknesses in other areas, like the quality of products<br />

or services. That's why it's not surprising that 59% of consumers said they'd avoid companies that were<br />

victims of cyberattacks in the past year.<br />

While small and midsize business owners might think they're safe from cyberattacks due to their size and<br />

resources, the truth is that all businesses are at risk. A malicious message costs organizations an average<br />

of 27 minutes (and $31 in labor) to mitigate. Some large organizations spend as much as $1.1 million per<br />

year to reduce phishing attacks.<br />

Inexperienced cybercriminals often practice on smaller businesses be<strong>for</strong>e targeting bigger, more highprofile<br />

attacks. This pattern helps explain why, between 2020 and 2021, 23% of small businesses<br />

experienced cyberattacks.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 138<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Mitigating Phishing with Domain Names<br />

As we've explored various phishing tactics and their statistics, let's focus on a critical aspect of online<br />

security: Mitigating Phishing vulnerability by choosing the right domain name.<br />

<strong>Cyber</strong>criminals often exploit the similarity between legitimate and deceptive web addresses using<br />

techniques like homographic phishing. This harmful strategy adds another layer to our understanding of<br />

cybersecurity and how we can protect ourselves.<br />

For example, consider "online.business" versus "onlıne.business." <strong>The</strong> <strong>for</strong>mer legitimate domain uses<br />

the English letter “i,” while the latter uses a Latin letter. Once visitors click on the fake website, they would<br />

come face to face with malware or a phishing scheme, with your brand name tied to the occurrence.<br />

You can protect yourself by registering a domain that uses anti-phishing technology. Many new web<br />

addresses (domain names beyond traditional options), such as .bio, .social, .live, and .software include<br />

free anti-phishing technology protecting your business and customers. You can check with your domain<br />

registrar to explore the available options.<br />

For instance, Identity Digital, a domain registry provider, includes "Homographic Blocking” with every<br />

domain <strong>for</strong> its lifetime. This feature prevents attacks and keeps your brand and identity security safe.<br />

<strong>The</strong>y have also implemented Registry Lock, which safeguards domains against unauthorized<br />

modifications using a secure, multi-step process. In addition, their Security and DNS Abuse Mitigation<br />

Team actively collaborates with law en<strong>for</strong>cement and industry partners to neutralize security threats.<br />

Protecting Yourself Against Phishing<br />

It’s advisable to check <strong>for</strong> suspicious URLs, scrutinize email headers <strong>for</strong> irregularities, and be cautious<br />

with email attachments. <strong>Cyber</strong>criminals are adept at creating convincing messages that seem genuine<br />

but contain hidden threats. Always verify the sender's email address and avoid clicking links or<br />

downloading attachments if you doubt their legitimacy.<br />

Incorporating a "Zero Trust" security strategy, which emphasizes verification over trust, is gaining traction.<br />

With today’s remote work culture, this approach, coupled with proactive cybersecurity measures, is<br />

crucial <strong>for</strong> safeguarding your personal and business data.<br />

To improve your online safety, use smart email protection with AI. Imagine receiving an email that claims<br />

to be from your bank, asking you to provide your account details urgently. If the email protection system<br />

uses AI, it can quickly analyze the email's content, sender's history, and other factors. If the AI detects<br />

any signs of deception or inconsistency, it will flag the email as suspicious, warning you that it might be<br />

a phishing attempt.<br />

Add an extra step to your login process with MFA. For instance, after entering your password, you might<br />

receive a unique code on your phone that you must also input. This action ensures that even someone<br />

who knows your password can't access your account without the second verification step. Further, remind<br />

employees not to share MFA codes over the phone – no matter how legitimate the caller seems.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 139<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Secure your digital identity using identity and access management (IAM) tools. By using IAM tools, you<br />

can decide who has permission to access your sensitive documents and what actions they're allowed to<br />

take. For example, you might grant certain colleagues the ability to view the files but restrict them from<br />

making any changes.<br />

Also, use SSL encryption to keep your online connections secure and private. This security measure<br />

ensures your data stays safe between you and the trusted website. Ensure emails are encrypted and<br />

employees use secure messaging <strong>for</strong> sensitive discussions. Also, remind employees to update devices<br />

and software to help prevent vulnerabilities, especially if someone accidentally clicks on a phishing link<br />

or attachment.<br />

Implement a Security Awareness Training Program to ensure your employees are up to speed on the red<br />

flags signaling a phishing scam. For example, teach them to recognize suspicious emails that ask <strong>for</strong><br />

personal in<strong>for</strong>mation or contain unfamiliar links.<br />

Deploy anti-phishing solutions, such as the Homographic Blocking mentioned earlier, to strengthen your<br />

organization’s defenses against homographic attacks and prevent malicious actors from targeting<br />

customers and employees with “look alike” website addresses.<br />

Response to Phishing Scams<br />

If you're a small business owner or individual who's fallen <strong>for</strong> a phishing scam, don't worry. Start by<br />

changing the passwords <strong>for</strong> the affected accounts right away. <strong>The</strong>n, contact your bank or credit card<br />

company if any financial in<strong>for</strong>mation is exposed. Reporting the scam to the proper authorities, such as<br />

the Federal Trade Commission (FTC), is critical. Keep a close watch on your business accounts <strong>for</strong> any<br />

unusual activity and consider using credit monitoring services to stay secure. If you're part of a business<br />

network, isolate your devices with the help of your IT team.<br />

Shared Responsibility<br />

<strong>Cyber</strong>security concerns everyone. Attacks can have ripple effects, impacting critical systems and anyone<br />

connected to them. Vigilance and a proactive approach are key to mitigating these risks.<br />

NCSAM reminds us that cybersecurity is a collective ef<strong>for</strong>t. By staying in<strong>for</strong>med, recognizing threats, and<br />

adopting robust preventive measures, small businesses and individuals can significantly reduce their<br />

vulnerability to phishing attacks and other cyber threats. Protecting your digital presence is not only a<br />

smart move but a necessary one in today's digital landscape.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 140<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Brian Lonergan, VP of Product Strategy, Identity Digital. Brian Lonergan<br />

is a domain industry veteran with more than 10 years of experience<br />

designing & building products which range from big data search<br />

algorithms that help customers find their optimal online identity, to antiphishing<br />

and brand protection services used by the world's biggest<br />

brands. Brian joined Identity Digital in 2017 after holding senior product<br />

roles at both Demand Media and Rightside as the business transitioned<br />

through its first IPO.<br />

Brian can be reached online at<br />

LinkedIn: https://www.linkedin.com/in/bornengineer<br />

Email: lonergan@identity.digital<br />

Company website: https://www.identity.digital/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 141<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Navigating Secure Adoption of AI Across<br />

Government and Connected Infrastructure<br />

By Gaurav (G.P.) Pal, Founder and CEO, stackArmor<br />

This year, artificial intelligence has exploded in popularity across all sectors and industries — including<br />

the federal government. AI is being used across agencies of all sizes to streamline tedious tasks and<br />

processes to create a more efficient workflow. This emerging technology has unlimited capabilities to<br />

help agencies better serve their missions and the public.<br />

With all the hype, OMB recently released draft memo detailing 10 requirements <strong>for</strong> implementing artificial<br />

intelligence across the federal government. This in<strong>for</strong>mation became available soon be<strong>for</strong>e the Biden<br />

Administration announced a teaser to its expected upcoming federal executive order on AI. Among the<br />

requirements OMB listed is a recommendation to convene an AI governance board to provide muchneeded<br />

oversight and guidance around this emerging technology.<br />

As the government continues to experiment with AI implementation and wait <strong>for</strong> official standards, leaders<br />

need to ensure its governance and safety to enhance existing practices across public sector systems.<br />

<strong>The</strong> Role of Partnership and Collaboration<br />

It can be overwhelming <strong>for</strong> agencies trying to get their arms around AI governance. This technology is<br />

rapidly evolving and is being implemented faster than the government has been able to push out<br />

legislation to set up guardrails. Like the cloud adoption process across government a few years back, AI<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 142<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

adoption is more than just an IT trans<strong>for</strong>mation. Leaders have a lot of questions and are trying to grasp<br />

the scope of how it can be used and what the potential drawbacks are.<br />

Agencies in the beginning phase of AI adoption should consult cross-sector experts <strong>for</strong> counsel on where<br />

to begin and what the pitfalls might be. This might look like bringing together policy, acquisition, oversight,<br />

work<strong>for</strong>ce, mission program owners and industry leaders to get the full picture and make the process a<br />

little less daunting.<br />

Seeking industry partners with established centers of excellence or advisory committees will grant<br />

leaders unique advice and assistance in their AI journeys. Having a targeted focus and cross<br />

communication standard is very important to bring federal agencies together to ensure the safe adoption<br />

of AI.<br />

<strong>The</strong> government leaders driving AI adoption are senior, well-experienced executives. <strong>The</strong>y’re looking <strong>for</strong><br />

an actionable and implementable framework that they can move with quickly. Federal CIOs and CISOs<br />

are eagerly awaiting a solution that allows them to responsibly deploy AI workloads <strong>for</strong> their agencies’<br />

mission.<br />

<strong>The</strong>re are some helpful resources developed by industry experts and academics seeking to lead the way<br />

in AI security, such as:<br />

• <strong>The</strong> NIST AI Risk Management Framework, voluntary guidance <strong>for</strong> organizations looking to<br />

incorporate trustworthiness into the design, development, use, and evaluation of AI products.<br />

• <strong>The</strong> MITRE ATLAS project, helping develop security practices around AI/ML open-source projects<br />

and collecting a database of adversary threats to better understand the threat landscape.<br />

• OWASP’s published top 10 security considerations <strong>for</strong> large language models (LLMs) and<br />

generative AI use cases, as well as an AI security and privacy guide.<br />

• An IEEE program <strong>for</strong> ambassadors of AI systems, and its development of AI bias protection<br />

systems.<br />

Additionally, as governing bodies like Congress, the White House and OMB as well as agencies like DHS<br />

and NIST are working on developing standards, safe and secure AI adoption can be accelerated by<br />

extending and leveraging existing governance models including FISMA and FedRAMP ATOs (Authority<br />

to Operate) by creating overlays <strong>for</strong> AI. Agencies can look to industry and academic resources <strong>for</strong><br />

guidance to ensure AI is being implemented safely, with security top of mind.<br />

Considerations <strong>for</strong> Upcoming AI Legislation and Government Guidance<br />

<strong>The</strong> upcoming OMB guidance and federal AI executive order will be laser-focused on enabling the safe<br />

and secure adoption of AI. <strong>The</strong> guidance should consider directing and requiring implementation of<br />

strong safety and security requirements that avoid burdensome and duplicative compliances. Expanding<br />

successful cybersecurity programs such as FedRAMP <strong>for</strong> AI systems should be considered to ensure<br />

that safe and secure AI and cloud technologies can be rapidly adopted by agencies.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 143<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Security and safety that is mandatory and backed by strong regulatory oversight should be the top priority<br />

<strong>for</strong> legislators and government leaders implementing AI across agencies and connected infrastructure.<br />

About the Author<br />

Gaurav Pal (G.P.) is a Senior Technology Executive with over 20 years<br />

of in<strong>for</strong>mation systems modernization and implementation experience.<br />

He is the CEO and co-founder of stackArmor, a security focused cloud<br />

solutions firm. G.P. also contributed to Federal cloud initiatives<br />

including U.S. Treasury’s Public Cloud Webhosting Solutions,<br />

Department of the Interior Foundation Cloud Hosting Services,<br />

and Recovery.gov 2.0. G.P. can be reached online at<br />

https://stackarmor.com/contact-us/ and at our company website<br />

https://stackarmor.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 144<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

North Korea–Russia Summit<br />

A new alliance in cyberspace?<br />

By Stan Vitek, Resident Geopolitical Analyst, Cyfirma<br />

Introduction<br />

Last month, North Korean leader Kim Jong Un took a rare trip beyond his country’s borders – in fact his<br />

first since 2020 – via a heavily armored train to Russia, where he met with Russian president Vladimir<br />

Putin. <strong>The</strong> visit stoked fears that there could be increased weapons and technology transfers between<br />

the two nations hostile to the West and its partners in Asia, that North Korea could provide Russia with<br />

badly needed munitions <strong>for</strong> its war in Ukraine while Russia could share sensitive nuclear or missile<br />

technologies and cyber knowhow with the hermit kingdom. By the same time, the North Korean military<br />

unveiled a nuclear-capable submarine and North Korean state media said the country aims to equip all<br />

its existing medium-sized diesel submarines with nuclear attack capability and develop nuclear-powered<br />

submarines in the future. Pyongyang is working to develop a robust nuclear triad: land-launched<br />

stationary and mobile missiles, submarine-launched missiles, and aircraft-launched missiles, although<br />

this last vector remains relatively underdeveloped. This is where the news comes full circle, as such<br />

development would be very difficult without external expertise. And finally, this week a study on digital<br />

threats from East Asia revealed that North Korean cyber operations have increased in sophistication over<br />

the past year and stated that Pyongyang’s threat actors seem particularly interested in stealing<br />

in<strong>for</strong>mation related to maritime technology research. After years of mistrust, both Russia and North Korea<br />

seem to have something that the other wants and needs. But let us start with a very brief recap.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 145<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Relationship with a history<br />

Until the Russian invasion of Ukraine, relations between North Korea and Russia were characterized by<br />

a utilitarian and transactional nature peppered with occasional diplomatic misunderstandings, despite the<br />

legacy of close relations that existed between North Korea and the Soviet Union since Russia is the major<br />

successor state to USSR and North Korea has been founded based on Soviet backing and conceived<br />

directly in Soviet Union between the Soviet leadership and then the country’s future first paramount leader<br />

Kim Il Sung.<br />

In 2015, Vladimir Putin invited the third generation Kim-dynasty North Korean leader Kim Jong-un to<br />

Russia on the occasion of celebrations of the seventieth anniversary of the end of World War II, but Kim<br />

was not ready <strong>for</strong> such a meeting at the time, given his ongoing consolidation of power at home. Russia<br />

also supported UN Security Council sanctions against North Korea until 2017 and failed to make progress<br />

in identifying mutually beneficial areas of economic cooperation. <strong>The</strong> 2019 summit between Kim and<br />

Putin, held months after the failure of the Hanoi summit between Kim and <strong>for</strong>mer US President Donald<br />

Trump, resulted in Putin's solo media briefing on the meeting, reflecting the inability of both sides to find<br />

compatibility in the interests of the two countries.<br />

<strong>The</strong> Russian invasion of Ukraine in 2022 provided the basis <strong>for</strong> a convergence of the political needs and<br />

material interests of the two countries. North Korea has provided political support to Russia by<br />

recognizing the independence of puppet governments in separatist provinces in Ukraine in exchange <strong>for</strong><br />

Russia blocking further sanctions in the Security Council <strong>for</strong> launching long-range missiles in violation of<br />

Security Council resolutions. <strong>The</strong> respective autocratic leaders of Russia and North Korea have pledged<br />

to increase bilateral economic and security cooperation and North Korean state propaganda outlets<br />

published a commitment to push back against “common enemy”, referring to the United States and their<br />

security partners in Asia. <strong>The</strong> Russian state-controlled media issued statements on increasing security<br />

ties as a part of Russian strategic posturing in the region as the bulk of the Russian military is tied up in<br />

its war on Ukraine, where Russian progress has grinded down to a halt since the summer of 2022.<br />

North Korea and the impact on the war in Ukraine<br />

North Korea possesses substantial weapons stockpiles and also represents a possible base <strong>for</strong> the<br />

production of certain types of legacy Soviet design weapons Russia could use, particularly Soviet-caliber<br />

artillery ammunition, although within the constraints of the low efficiency and quality of North Korean<br />

factories and the lack of raw materials. Thus, North Korea will most likely send Russia mainly stockpiles<br />

of old artillery shells, anti-tank missiles and rockets <strong>for</strong> unguided salvo rocket launchers. All of these<br />

munitions, while effective and lethal, lack modern guidance systems and levels of technological<br />

sophistication. However, as Stalin aptly noted, quantity has a quality of its own, and Russian military<br />

doctrine has historically been based on this principle. <strong>The</strong> Russian military is doctrinally and structurally<br />

oriented toward the decisive use of overwhelming ground firepower, not firepower delivered to a target<br />

by airpower, as is the case in the United States or Japan. <strong>The</strong> Ukrainian army is still also largely based<br />

on legacy Soviet tactics, and thus sufficient stockpiles of artillery ammunition is one of the most important<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 146<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

factors on both sides of the conflict on which the outcome of the war stands and falls, which is why North<br />

Korean artillery shells are very important to Russia.<br />

Kim Jong-un's tours of factories of the military-industrial complex after a recent pompous visit by the<br />

Russian defense minister could signal North Korea's desire to become a manufacturing base <strong>for</strong><br />

supplying more weapons to Russia. However, this assistance will not be free, and the North Koreans will<br />

in return demand Russian support <strong>for</strong> the acquisition and development of advanced missile and satellite<br />

technology, the a<strong>for</strong>ementioned nuclear submarine technology, as well as food aid, cheap oil and knowhow<br />

transfers, including in the cyber domain. However, it is not yet certain whether the two sides will be<br />

able to provide each other with the level and type of military support that will match the expectations.<br />

New dynamics in the region?<br />

<strong>The</strong> refurbished military relations between North Korea and Russia will resume two-way shipments of<br />

military equipment and dual-use goods, including technology long desired by the North Korean military<br />

but denied to it <strong>for</strong> decades by both China and Russia due to compliance with international sanctions.<br />

<strong>The</strong>se include modernization <strong>for</strong> aircraft, sophisticated missile technology, submarine technology and<br />

other advanced weapons systems.<br />

In addition, North Korea signaled the geopolitical importance of closer relations between China, North<br />

Korea and Russia by hosting both Russian Defence Minister Sergei Shoigu and Chinese Communist<br />

Party Central Committee member Li Chung-chong in late July on the 70th anniversary of the signing of<br />

the Korean Armistice, which North Korea internally commemorates as 'Victory Day'. Also mentioned was<br />

the possibility of North Korea joining regular Sino-Russian military exercises, which would mark another<br />

step <strong>for</strong>ward <strong>for</strong> this newly <strong>for</strong>tified coalition.<br />

This 'coalition' of China, North Korea and Russia is still a far cry from the alliance cohesion and deep<br />

coordination that the United States, Japan and South Korea pursue on bilateral basis, and which, in<br />

accordance with the diplomatic breakthroughs this summer, all three states intend to expand significantly<br />

in the face of regional threats (more on this topic in this Cyfirma research article). <strong>The</strong> emergence of<br />

these coalitions, with conflicting interests and visions <strong>for</strong> the direction of the region, in turn exacerbates<br />

tensions in Northeast Asia. Closer relations between North Korea and Russia partly mitigate North<br />

Korea's political isolation, strengthen Kim Jong-un's domestic political legitimacy and give North Korea<br />

the courage to continue developing missiles and satellites or launching cyber-attacks with impunity.<br />

Dictators’ priorities<br />

<strong>The</strong> summit between the two autocratic leaders presented a clear signal of a new level of strategic<br />

cooperation based on perceptions of interrelated strategic interests and similar perceptions of security<br />

threats. In his seminal work Cold War, leading American historian John Lewis Gaddis put Stalin's Cold<br />

War priorities in this way:<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 147<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Stalin’s postwar goals were security <strong>for</strong> himself, his regime, his country, and his ideology, in precisely<br />

that order. He sought to make sure that no internal challenges could ever again endanger his personal<br />

rule, and that no external threats would ever again place his country at risk.<br />

This can also be said of the Putin and Kim Jong-un duo, who are now finding common ground in the new<br />

Cold War as the current state of international relations is often characterized. So, while both autocratic<br />

leaders aimed to project solidarity against a global order dominated by the West in their statements, their<br />

strategic convergence actually stems from a more transactional logic spurred on by difficult<br />

circumstances <strong>for</strong> both leaders.<br />

<strong>The</strong> <strong>Cyber</strong> Angle: Potential <strong>for</strong> Russia-DPRK cooperation in cyberspace<br />

Russia's immediate interest in cultivating its relationship with North Korea is the prospect of Pyongyang<br />

supplying Russia's army with artillery ammunition, as expenditures have far exceeded Russian<br />

production capacity. <strong>The</strong>re are, however, other potential areas of cooperation, notably in cyberspace.<br />

Prior to 2017, virtually all of North Korean internet traffic had passed through China and specifically<br />

through a single meta-network based in Shenyang, the largest Chinese city close to North Korean<br />

borders, where there strong North Korean cyber community is based due to insufficient infrastructure in<br />

the home country. However as of 2017, North Korea is also linked to Russia, presumably via cable<br />

running through the Friendship Bridge over the Tumen River that connects Khasan in Russia with<br />

Tumangang in North Korea and constitutes the only connection between the two countries. However,<br />

that is not the only instance of technological facilitation in the relationship. Given the general low level of<br />

technical expertise, general backwardness and very low internet connectivity in North Korea, the North<br />

Korean attacks are widespread and increasingly sophisticated, which leaves the experts to believe China<br />

and lately especially Russia were technical facilitators <strong>for</strong> Pyongyang, which would constitute a historical<br />

precedent <strong>for</strong> Russian state hackers sharing their know-how with their North Korean counterparts.<br />

Potential cooperation between Russia and North Korea in cyberspace wouldn't necessarily require much<br />

coordination. Most of North Korea's offensive cyber operations are already directed against countries<br />

whose relations with Russia are at least cool, if not downright adversarial. In <strong>2023</strong> alone, North Korean<br />

APTs have compromised defense companies<br />

in the Czech Republic, Finland, Italy, Norway and Poland – all countries with an adversarial stance to<br />

Russian aggression in Europe. At the same time, as outlined above, the relations between the two<br />

countries still remain largely transactional and the Russian government and defense industries remain<br />

targets <strong>for</strong> North Korean APTs as well. This spring alone, DPRK’s threat actor Ruby Sleet compromised<br />

an aerospace research institute in Russia, while another APT compromised a device belonging to a<br />

university in Russia with yet another group sent phishing emails to accounts belonging to Russian<br />

diplomatic government entities, only to be followed by targeting of a Russian defense industrial base<br />

organization specializing in missiles and military spacecraft by two important North Korean hacking<br />

groups ScarCruft and the notorious Lazarus.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 148<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

That being said, the Russian regime is under such pressure that it is likely to overlook such intrusions in<br />

pursuit of much higher and indeed existential priorities <strong>for</strong> itself. Russia may even use North Korean APTs<br />

as proxies in the future, since DPRK is already sanctioned almost to the maximum and in case of eventual<br />

diplomatic fallout has thus very little to lose. Thus, the digital flank of the Russia–Ukraine conflict which<br />

Russia tries to promote as a new-world-order-type-of-conflict between the West and loose anti-western<br />

coalition spearheaded by Russia and China and the ongoing tensions on the Korean peninsula are in<br />

risk of being greatly enhanced by closer collaboration between Russian and North Korea, that would<br />

bring a country with precious very little to lose to engage the West in the fifth domain.<br />

Conclusion<br />

Both North Korea and Russia are highly cyber-capable nations with a very high degree of willingness to<br />

use cyber as a tool of statecraft. Hackers of both countries can disrupt or break key infrastructure and<br />

steal sensitive in<strong>for</strong>mation. Russia’s ef<strong>for</strong>ts in online fraud, disin<strong>for</strong>mation and disruption to core<br />

infrastructure has become a significant threat to Western societies. North Korean cyber operations are<br />

also increasingly sophisticated. North Korean state hackers both collect intelligence and generate<br />

revenue <strong>for</strong> the state. <strong>The</strong> cyber espionage ef<strong>for</strong>ts are focused on the state’s perceived adversaries:<br />

mainly South Korea, the United States, and Japan; collecting intelligence on other countries’ military<br />

capabilities and stealing technologies that could be used by North Korean military – these ef<strong>for</strong>ts also<br />

include Russia and China as potential technology sources; and increasingly on stealing funds in the <strong>for</strong>m<br />

of cryptocurrency that the state later uses to fund its UN sanctioned missile and nuclear programmes.<br />

<strong>The</strong> distinct North Korean threat actors have repeatedly shown overlaps in targeting in the recent past<br />

and their ef<strong>for</strong>ts have been increasingly sophisticated.<br />

An agreement to supply artillery shells is the most significant result of the Russia–North Korea<br />

cooperation but it is not the only one aspect of this deal, which paves the way <strong>for</strong> more dangerous<br />

technology and know-how transfers and it connects war in Europe more directly with tensions in Asia.<br />

Both Russia and DPRK have been showing contempt <strong>for</strong> international rules in recent years and have<br />

actively and unscrupulously used cyber to promote their agenda. North Korea is to remain focused on<br />

targets related to its political, economic, and defense interests in the region but the announced<br />

heightened security cooperation between the two regimes should be treated as portending increased risk<br />

in cyberspace, especially <strong>for</strong> USA, South Korea, Japan and European NATO countries.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 149<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Resident International Relations Analyst at Cyfirma, working <strong>for</strong><br />

technology companies in Southeast Asia and the US since graduation<br />

from International Security Studies at Charles University in Prague in<br />

2019. He focuses on international relations and security issues,<br />

especially on those revolving around West-East axis Stan can be<br />

reached online at (stan.vitek@cyfirma.com,<br />

https://twitter.com/FogOfWarCZ, etc..) and at our company website<br />

https://www.cyfirma.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 150<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Protecting Critical Infrastructure from <strong>Cyber</strong><br />

Attack<br />

<strong>The</strong> enemy is using cyber weapons that are hard to track and even harder to fully attribute to an<br />

adversary, companies need to act now<br />

By Richard Staynings, Chief Security Strategist <strong>for</strong> Cylera<br />

Escalating geopolitical tensions in Europe and Asia place a very big target on western Critical National<br />

Infrastructure Industries (CNIs). What better way to attack your enemy than to do so using cyber weapons<br />

that are hard to track and even harder to fully attribute to an adversary. Whatsmore, when attribution<br />

finally does occur, it is often years later. By that time, the world has usually <strong>for</strong>gotten and moved on, or<br />

has been stunned by an even more destructive cyberattack. Nearly all cyberattacks and cyber-attackers<br />

thus far, have gone unpunished. This makes it the perfect crime <strong>for</strong> perpetrators.<br />

Use of criminal proxies, insider threat agents, and the manipulation of national discourse with false<br />

inflammatory narratives propagated by social media plat<strong>for</strong>ms, are all designed to weaken an opponent.<br />

Many of these tactics such as undermining of confidence in the western institutions of government are<br />

straight out of the 1950’s KGB playbook but have found new purpose in the 2020’s through the seemingly<br />

addictive mediums of Facebook, Twitter and TikTok. If late twentieth century warfare and nation state<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 151<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

competition <strong>for</strong> power was marked by spies and threats of nuclear war, then the twenty first century<br />

appears to be marked by the development of grey warfare, societal manipulation, and cyber weapons of<br />

mass destruction.<br />

Indeed, the offensive cyber capabilities of America’s adversaries appear to out-match the nation’s<br />

domestic capabilities <strong>for</strong> cyber defense. China alone is thought to employ close to 100,000 Peoples’<br />

Liberation Army (PLA) cyber warriors. <strong>The</strong> job of these special military units is to develop access to other<br />

countries’ IT systems, to establish footholds on sensitive networks, and to exfiltrate vast amounts of<br />

national secrets, intellectual property, and commercial trade secrets from western businesses. This all<br />

appears part of Xi Jinping’s ‘Made in China 2025’ plan, to boost China’s state-owned industries using<br />

stolen IP, and position China as the dominant global military and economic powerhouse.<br />

Russia too is well known <strong>for</strong> the voracity of its organized crime syndicates and mafia cyber gangs who<br />

exercise huge campaigns of cyber theft and cyber extortion against non-Russian language computer<br />

systems. This includes the 2021 Wizard Spider cyber-cartel attack against the Irish HSE (Health Services<br />

Executive) that resulted in $600m in damages, and the <strong>2023</strong> Lockbit ransomware attack against the<br />

Royal Mail that prevented international parcels being sent <strong>for</strong> several weeks. Combined, these types of<br />

cyber extortion attacks net billions of dollars each year in illicit earnings <strong>for</strong> the criminal Russian state.<br />

While seemingly opportunistic and motivated by the possibility of monetary gain even - if government<br />

entities refuse to pay ransoms, these attacks can also be ordered by the Kremlin <strong>for</strong> even darker<br />

purposes. In this case the Royal Mail attack occurred just after Britain had agreed to send longer range<br />

missile systems to Ukraine. Although full attribution has yet to take place, most cyber <strong>for</strong>ensic<br />

investigators don’t believe in coincidence.<br />

Critical infrastructure in other countries has similarly been hit by Russian ransomware gangs. In 2021 the<br />

Colonial Pipeline which supplies gasoline and jet fuel to the US East Coast from refineries in the Gulf of<br />

Mexico was shut down <strong>for</strong> several days by DarkSide, a Russian gang. Supplying half the fuel to the US<br />

east coast as far north as New Jersey, the President was <strong>for</strong>ced to declare a national emergency.<br />

<strong>The</strong> Baku–Tbilisi–Ceyhan (BTC) pipeline transports crude oil from Baku in Azerbaijan through Georgia<br />

to the port of Ceyhan in Turkey <strong>for</strong> export to the rest of the world. In 2008 it was blown up in a huge<br />

explosion in Refahiye in eastern Turkey, possibly by Kurdish PKK separatists, or possibly by a Russian<br />

cyberattack that over-pressurized the pipeline. <strong>The</strong> explosion conveniently occurred two days be<strong>for</strong>e the<br />

Russian invasion of Georgia and in the middle of the Russian backed Nagorno-Karabakh, Armenia -<br />

Azerbaijan war. It deprived Baku of its oil revenue <strong>for</strong> several months and Tbilisi of needed revenue in<br />

transportation fees.<br />

Whether or not the Kremlin was involved in these cyber-physical attacks, Russia has plainly developed<br />

some of the best cyber-kinetic offensive technologies and has been doing so since the 1990s and its<br />

wars against Chechnya, Georgia and elsewhere. <strong>The</strong> Ukraine electrical grid has been the victim of<br />

Russian cyber-attack many times since 2015 when the country failed to subvert itself to Russian<br />

hegemony following the invasion of Crimea or to put in place an east looking President following the<br />

Orange Revolution in 2014 and the un-ceremonial removal from office of Viktor Yanukovych a staunch<br />

Putin confident. Electrical power trans<strong>for</strong>mers have been overloaded and blown up, or the electrical grid<br />

turned off at the height of winter across parts of the country. Nor have hospitals and other CNIs been<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 152<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

spared from the wrath of Russian hackers. Numerous hospitals have been cyberattacked, many far from<br />

the front lines where soldiers might receive treatment <strong>for</strong> wounds. <strong>The</strong> list of deliberately targeted medical<br />

facilities includes obstetrics and pediatrics hospitals and clinics – some of which have been targeted by<br />

missile attacks at the same time.<br />

However, the Russian military establishment, through groups like ‘Sandworm’, part of the Russian GRU,<br />

(the Main Directorate of the General Staff of the Armed Forces of the Russian Federation) takes the prize<br />

<strong>for</strong> the singularly most costly and destructive cyberattack of all time when in 2017 ‘Not Petya’ a viral<br />

wiperware attack was launched upon the world. It took down many global businesses and cost the world<br />

somewhere between $8 and $12bn US dollars. This Russian military supply chain cyberattack was<br />

targeted at Ukrainian tax accounting software vendor M.E. Doc and intended to cripple Ukrainian<br />

businesses, however it quickly spread beyond the borders of Ukraine to every organization that does<br />

business in the country including an alarming number of Russian companies. <strong>The</strong> cyberattack there<strong>for</strong>e<br />

also takes the prize <strong>for</strong> the largest ‘home-goal’ of all time, negatively impacting the Russian economy<br />

along with the rest of the world. It is unknown just how many of those involved in the Not Petya attack<br />

later fell from balconies, but by all accounts, Putin was not pleased. Russia has so far not paid<br />

compensation to those who suffered losses.<br />

Smaller nation-states like Iran and North Korea also play a part in this game of gray warfare through<br />

attacks against CNIs including US power companies many of which were thought to have been infiltrated<br />

by Iranian attackers a decade ago. Meanwhile the DPRK has raided national banks such as the Bank of<br />

Bangladesh and launched indiscriminate ransomware attacks like WannaCry against Asian banks and<br />

healthcare providers such as the NHS.<br />

<strong>The</strong> prospect of a small hospital system, an electrical distributor, or telco provider having to defend itself<br />

from a determined and well-resourced nation state adversary, makes absolutely no sense. <strong>The</strong>se<br />

defenders will be out-gunned every time and don’t stand a chance. It is perhaps no surprise then, that so<br />

many CNIs have been easily attacked and held to ransom, impacting national economies and society in<br />

general. National governments there<strong>for</strong>e not only have a duty of care to protect and defend CNIs from<br />

cyberattack but need to play an active role in the protection of their citizens from pariah state adversaries<br />

via these highly vulnerable attack vectors.<br />

Today however, government agencies which in the US include the FBI, Secret Service, and CISA - part<br />

of Homeland Security, play only a very limited role. This mostly includes the sharing of threat intelligence<br />

via FBI and InfraGuard briefings, or assistance with <strong>for</strong>ensic investigation following an attack or breach.<br />

Given the criticality of CNIs to the economy, perhaps it’s time that the government did more. <strong>The</strong> trouble<br />

is that in the United States, most CNIs are privately held. As an example, outside of military DHA<br />

hospitals, the Veterans Administration, and state clinics, the vast majority of US healthcare providers are<br />

privately owned and operated. Nearly all of these suffer from chronic cybersecurity underfunding and<br />

under-staffing and have only limited capabilities to protect or defend against a regular cyberattack, let<br />

alone a state sponsored one. Other CNIs suffer from a similar predicament.<br />

As health systems continue to modernize and adapt to the changing nature of providing critical health<br />

services to patients and communities, they become especially vulnerable to cyberattacks. A sprawling<br />

digital footprint of vast lakes of medical data, AI-based medical applications, and a growing number of<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 153<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

unmanaged connected IoT devices, all compound historic underinvestment in security. Most providers<br />

have a hard time understanding what connects to their networks, let alone what internal vulnerabilities<br />

and risks urgently need to be addressed – even with adequate resources to do so.<br />

<strong>The</strong> danger is that a concerted and coordinated nation-state attack against US CNIs would undoubtedly<br />

be designed in such a way as to distract and divert key resources away from the battlefield. If nine key<br />

substations are knocked out, the U.S. could suffer a crippling coast-to-coast blackout <strong>for</strong> 18 months —<br />

or longer since spare trans<strong>for</strong>mers are not available and are no longer being constructed. Aside from the<br />

deaths of those reliant upon electricity to power their medical devices once battery backups run out,<br />

millions more city dwellers would die within weeks of a public health crisis as lack of drinkable water or<br />

the ability to pump and treat sewage resulted pandemic diseases the United States has not witnessed<br />

since the 19 th century. As a result, society would most likely quickly break down resulting in anarchy. This<br />

may prove a very attractive and convenient attack vector <strong>for</strong> an adversarial nation-state to weaken and<br />

disable the United States, without ever firing a shot and while all the time hiding behind plausible<br />

deniability.<br />

<strong>The</strong> United States and other western nations are particularly vulnerable to such an attack, given our<br />

reliance upon critical industries. <strong>The</strong> absence of air traffic control would ground all flights, while trains and<br />

trucks would cease to transport goods to markets. Highly developed western countries are far more<br />

dependent upon CNIs than Russia and China where the majority of each population continues to grow<br />

its own food, or North Korea where electricity is highly unreliable and largely not available outside of<br />

Pyongyang. A reciprocal attack by the west would there<strong>for</strong>e have only limited impact. With few<br />

disincentives, what is to prevent an adversary from launching such an attack?<br />

Perhaps it’s time that western governments looked a lot closer at the weakness and vulnerabilities of<br />

their critical industries in the light of modern cyber weapons and recent attacks. Given a responsibility to<br />

defend and protect citizens, perhaps the US Congress should spend less time infighting and consider<br />

how best to protect the US population, US businesses and remaining US industries from those who would<br />

like to weaken and damage the country.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 154<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Richard Staynings is a globally renowned thought leader, author, and<br />

public speaker. A thirty-year veteran of cybersecurity, he has served<br />

as a subject matter expert on government Committees of Inquiry into<br />

some of the highest profile healthcare breaches.<br />

Richard is currently Chief Security Strategist <strong>for</strong> Cylera, a pioneer in<br />

the space of medical device security. He is author of <strong>Cyber</strong> Thoughts,<br />

teaches postgraduate courses in cybersecurity, and health<br />

in<strong>for</strong>matics at the University of Denver, and is a retained advisor to a<br />

number of friendly governments and private companies.<br />

Richard Staynings can be reached online at info@cylera.com and at<br />

our company website https://www.cylera.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 155<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Ruthless Prioritization Is a Myth: Aim <strong>for</strong><br />

Risk-Less Prioritization Instead<br />

By Craig Burland, CISO, Inversion6<br />

In a world driven by technology, innovation and rapid change, companies often find themselves touting<br />

the mantra of "ruthless prioritization." <strong>The</strong> idea sounds pragmatic: with limited resources and time, you<br />

must mercilessly cut away the unnecessary to focus on the truly important. Yet, the reality <strong>for</strong> many<br />

companies is that they're ill-equipped to genuinely practice this level of prioritization. This is especially<br />

true in the cyber security domain as the overwhelming barrage of project and operational demands,<br />

coupled with finite resources, puts mid-level managers in a precarious position. <strong>The</strong>se leaders must<br />

constantly juggling priorities, often having to choose between stretching resources to the limit, defaulting<br />

on commitments, or both. <strong>The</strong> veneer of "ruthlessness" fades quickly, revealing a chaotic mess of<br />

competing interests and tasks. Instead of the much-touted ruthlessness, there's a more grounded,<br />

practical approach <strong>for</strong> cyber teams: prioritize based on risk reduction.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 156<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>The</strong> Illusion of Ruthless Prioritization<br />

<strong>The</strong> very notion of "ruthless prioritization" evokes images of decisive leaders making hard choices with<br />

an unwavering focus on the most critical tasks and sharing those decisions clearly to the teams doing<br />

the work. With clear goals in front of them, teams make great progress, striving together reach a common<br />

objective. However, the implementation of this principle in real-world scenarios often falls short. In the<br />

intricate web of a company's operational requirements, deciding which projects are the most "critical"<br />

requires discipline, data and collaboration. Leaders must continually assess new opportunities, evaluate<br />

available resources and collectively agree on any change. Both large and small companies fail on<br />

multiple elements of this process. Even pulling back from project level to determining the critical<br />

strategies is beyond the ability of most organizations. <strong>The</strong> result is a <strong>for</strong>m of project Darwinism that may<br />

or may not yield the best outcomes <strong>for</strong> the organization. <strong>The</strong> projects that survive may have the most<br />

persistent project managers, C-level visibility or an urgent deadline – all attributes that may or may not<br />

make them valuable to the organization’s success.<br />

Within cyber security, where the stakes are high and the threats are dynamic, this question becomes<br />

even more complex. Mid-level managers in cyber security find themselves overwhelmed with an array<br />

of operational demands. From patching vulnerabilities to ensuring compliance, from monitoring threats<br />

to implementing new security solutions, the list is extensive and ever-growing. Without a finely tuned<br />

system of ruthless prioritization, these managers often find themselves in a conundrum. Do they stretch<br />

resources farther, risking burnout or reduced efficiency? Do they opt to ignore operational threats to<br />

weigh in on a new ef<strong>for</strong>t, risking a potential incident? Do they choose to say ‘No’ – a principle of Ruthless<br />

Prioritization -- risking the political fallout of not being a good partner? <strong>The</strong>se are all lose-lose scenarios.<br />

Risk-less Prioritization: A Practical Alternative<br />

Given the challenges of implementing ruthless prioritization, it's time <strong>for</strong> cyber security professionals to<br />

consider an alternative approach: risk-less prioritization. Instead of trying to decide which tasks or<br />

projects are more "important" in abstract terms, this method emphasizes understanding and reducing the<br />

most significant risks.<br />

In the realm of cyber security, not all tasks are created equal. Some actions might mitigate severe threats<br />

that could cripple an organization, while others address minor vulnerabilities that have a low likelihood of<br />

exploitation. By prioritizing based on risk, cyber teams can focus their energy and resources where they<br />

will have the most substantial impact. This approach aligns with the very essence of cyber security:<br />

protecting critical assets from the most significant threats.<br />

Implementing risk-less prioritization involves a few key steps:<br />

• Risk Assessment: Regularly assess the cyber security landscape to understand the most pressing<br />

threats to the organization. Use tools, analytics, and threat intelligence to gain insights into<br />

potential vulnerabilities and the likelihood of their exploitation.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 157<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

• Quantify Impact: Understand the potential consequences of different threats. Which vulnerabilities<br />

could lead to significant financial losses? Which ones might damage the company's reputation or<br />

result in regulatory penalties?<br />

• Allocate Resources: Once the risks are assessed and quantified, allocate resources based on the<br />

potential impact. Focus on the most significant threats first, ensuring that they're mitigated be<strong>for</strong>e<br />

attending to the lesser ones.<br />

• Communicate: Ensure that the right people know the risks being mitigated and which ones are<br />

being temporarily accepted. This is key to validating the decisions made during the assessment<br />

phase and solidifying support.<br />

• Iterate and Review: <strong>The</strong> cyber landscape is dynamic, with new threats emerging regularly. It's<br />

vital to continuously revisit the risk assessment, ensuring that priorities shift as the threat<br />

landscape changes.<br />

Conclusion<br />

Ruthless prioritization, while a commendable ideal, often remains a myth <strong>for</strong> many companies. Especially<br />

within cyber security, the challenges of implementing such an approach are many, given the array of<br />

pressing demands. However, by shifting the focus from a vague notion of "importance" to concrete risk<br />

reduction, cyber teams can navigate their priorities more effectively. Risk-less prioritization provides a<br />

practical, impactful and grounded approach, ensuring that cyber teams protect their organizations against<br />

the most significant threats first. In a world riddled with cyber threats, it's time to prioritize not ruthlessly,<br />

but wisely.<br />

About the Author<br />

Craig Burland is CISO of Inversion6. Craig brings decades of pertinent<br />

industry experience to Inversion6, including his most recent role leading<br />

in<strong>for</strong>mation security operations <strong>for</strong> a Fortune 200 Company. He is also a<br />

<strong>for</strong>mer Technical Co-Chair of the Northeast Ohio <strong>Cyber</strong> Consortium and a<br />

<strong>for</strong>mer Customer Advisory Board Member <strong>for</strong> Solutionary MSSP, NTT<br />

Global Security, and Oracle Web Center. Craig can be reached online at<br />

LinkedIn and at our company website http://www.inversion6.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 158<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Ditch the Worry - Switch to Secure WhatsApp<br />

Alternative<br />

By Nicole Allen, Senior Marketing Executive at Salt Communications<br />

Many organisations use WhatsApp <strong>for</strong> routine business interactions even though it has been designed<br />

as a personal and social messaging service. <strong>The</strong> fact that almost everyone has it downloaded on their<br />

phone provides a significant threat to businesses where WhatsApp is being used.<br />

Organisations across the globe continue to use WhatsApp more regularly, as well as the likes of Signal.<br />

By turning a blind eye to the use of these insecure messaging plat<strong>for</strong>ms, you are posing an additional<br />

threat to the organisation and the security of the in<strong>for</strong>mation being exchanged.<br />

<strong>The</strong> following are some of the key reasons that your company should reconsider using WhatsApp <strong>for</strong><br />

communication:<br />

WhatsApp literally states it shouldn’t be used <strong>for</strong> business purposes<br />

<strong>The</strong> fact that using WhatsApp <strong>for</strong> business purposes is officially against their own policy is one of the<br />

crucial reasons why private and public sector organisations should not use it. WhatsApp makes it clear<br />

that the use of their system <strong>for</strong> professional matters is against its terms of service.<br />

"You will not use (or assist others in using) our Services in ways that:<br />

(f) involve any non-personal use of our Services unless otherwise authorised by us."<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 159<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Your employees are putting your organisation at considerable danger of security breaches and data<br />

breaches if they use WhatsApp <strong>for</strong> work-related communications on their personal or corporate mobile<br />

devices. Employees continue to use WhatsApp <strong>for</strong> business interactions every day despite the numerous<br />

legal, security, moral, and financial hazards that come with it.<br />

How did WhatsApp become the preferred tool <strong>for</strong> businesses?<br />

Although the usage of illicit communications predates COVID, the pandemic increased the practice as<br />

the boundaries between personal and professional lives blurred. This trend has continued as remote and<br />

hybrid working has carried on in a post COVID era. During the pandemic and after, organisations put a<br />

focus on productivity rather than security and in some cases, compliance. It meant that when lockdown<br />

hit, professionals operated within a home environment with no monitoring as there would be in an office.<br />

<strong>The</strong>re<strong>for</strong>e, if employees are using unauthorised apps <strong>for</strong> work communications, organisations need to<br />

consider data governance risks that could occur. <strong>The</strong>re is a higher level of control if people use an<br />

authorised application to communicate, such as establishing retention periods to protect the users holding<br />

sensitive in<strong>for</strong>mation <strong>for</strong> an extended period, and compliance configurations.<br />

Any organisation that uses consumer messaging plat<strong>for</strong>ms <strong>for</strong> business communication runs the risk of<br />

having confidential in<strong>for</strong>mation stored and published without restriction if personal and business data are<br />

combined. Organisations have zero control over private communications, which poses a significant<br />

security and compliance risk.<br />

It is proving costly to some of the world’s largest organisations<br />

While WhatsApp could be deemed to be a practical tool <strong>for</strong> companies to communicate with customers<br />

or colleagues, some of the biggest financial institutions in the world have found themselves feeling the<br />

significant impact of why you should not be using WhatsApp, Signal and other systems <strong>for</strong> business<br />

communications.<br />

Last year, more than a dozen powerful banks, including JPMorgan and Goldman Sachs, paid fines<br />

totaling more than $2 billion (£1.6 billion) <strong>for</strong> failing to keep an eye on messages exchanged through non<br />

compliant consumer messaging apps like WhatsApp. In recent news you may have also seen the Security<br />

and Exchange Commission (SEC) has just levied eye-watering fines on some of the largest FIs in the<br />

world, totaling $549 million <strong>for</strong> the same reason as well as using Signal, another consumer messaging<br />

system which provides no control to the organisation.<br />

Consumer messaging systems are a real threat to all organisations. Whether it’s client communications<br />

where legal or financial advice is being provided or if employees are conversing with one another on<br />

unsecure messaging apps and their conversations occasionally touch on work-related issues, then those<br />

conversations would be governed by the data protection law. However the use of WhatsApp, Signal and<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 160<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

others are continuing to increase across every vertical, from finance, to law firms <strong>for</strong> internal comms and<br />

client communications, to even policing, handling national security matters through these means of<br />

communication. With no control, organisations have no security or compliance boundaries.<br />

Make the right switch <strong>for</strong> your business<br />

<strong>The</strong> general public can be excused <strong>for</strong> not being aware of the dangers associated with using WhatsApp<br />

but it is getting increasingly difficult <strong>for</strong> businesses to ignore the matter.<br />

Numerous departments face difficulties with regard to in<strong>for</strong>mation security and compliance due to<br />

WhatsApp security threats on a daily basis. When employees use WhatsApp <strong>for</strong> work without<br />

authorisation, these are the greatest hazards because security and compliance personnel are blind to<br />

the risk exposure.<br />

A dedicated secure communications system created specifically <strong>for</strong> workplace communication is without<br />

a doubt the most effective way to keep your business communications secure and your staff more<br />

engaged when all of the a<strong>for</strong>ementioned concerns are taken into account. To meet the needs of<br />

governance and risk requirements, organisations must have complete visibility and control all of their<br />

communications at all times. That control ranges from controlling who is invited to the system, who those<br />

users can then communicate with when on the system, data storage and retention policies, and further<br />

integrations which may be required.<br />

If you want total control over your communication system, consider Salt Communications as either a<br />

SaaS or on-premise solution. <strong>The</strong> Salt solution can be readily installed on your preferred infrastructure<br />

and is perfect <strong>for</strong> regulatory compliance and advanced security requirements that consumer messaging<br />

apps wouldn’t protect your organisation against.<br />

<strong>The</strong>re is no reason why you shouldn't be able to maintain total control over your corporate data if a secure<br />

communications system is in place. Ditch the worry today by using a secure WhatsApp alternative.<br />

To ditch the worry of insecure communications, contact us today on info@saltcommunications.com<br />

About Salt Communications<br />

Salt Communications is a multi-award winning cyber security company providing a fully enterprisemanaged<br />

software solution giving absolute privacy in mobile communications. It is easy to deploy and<br />

uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications<br />

offers ‘Peace of Mind’ <strong>for</strong> Organisations who value their privacy, by giving them complete control and<br />

secure communications, to protect their trusted relationships and stay safe. Salt Communications is<br />

headquartered in Belfast, N. Ireland, <strong>for</strong> more in<strong>for</strong>mation visit Salt Communications.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 161<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

References:<br />

https://www.nytimes.com/<strong>2023</strong>/05/22/business/meta-facebook-eu-privacy-fine.html<br />

https://www.makeuseof.com/tag/4-security-threats-whatsapp-users-need-know/?newsletter_popup=1<br />

https://saltcommunications.com/news/how-secure-are-whatsapp-voice-calls/<br />

https://www.washingtonpost.com/investigations/2021/07/24/whatsapp-pegasus-spyware/<br />

https://www.whatsapp.com/legal/businessterms#:~:text=Company%20must%3A%20(a)%20maintain,our%20Business%20Services%20or%20if<br />

https://www.bloomberg.com/news/articles/2022-09-27/wall-street-whatsapp-probe-poised-to-result-inhistoric-fine<br />

About the Author<br />

Nicole Allen, Senior Marketing Executive at Salt Communications.<br />

Nicole has been working within the Salt Communications Marketing<br />

team <strong>for</strong> several years and has played a crucial role in building Salt<br />

Communications reputation. Nicole implements many of Salt<br />

Communications digital ef<strong>for</strong>ts as well as managing Salt<br />

Communications presence at events, both virtual and in person events<br />

<strong>for</strong> the company.<br />

Nicole can be reached online at (LINKEDIN, TWITTER or by emailing<br />

nicole.allen@saltcommunications.com) and at our company website<br />

https://saltcommunications.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 162<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Shifting Left Means Shifting Smart: Managing<br />

Software Risk With ASPM<br />

By Natasha Gupta, Senior Security Solutions Manager, Synopsys Software Integrity Group<br />

As organizations embrace digital trans<strong>for</strong>mation ef<strong>for</strong>ts to speed up software delivery, security practices<br />

have had to evolve. Development teams are increasingly shifting toward the software factory model—<br />

setting up a scalable framework across people, processes, and tools <strong>for</strong> standardizing how applications<br />

are developed and maintained. This has implications <strong>for</strong> how security workflows are implemented,<br />

particularly when looking at testing automation, validating security controls, and building more secure<br />

code. To keep up with the pace of modern development, application security programs need to achieve<br />

the following:<br />

• En<strong>for</strong>ce checks at each stage of the software development lifecycle (SDLC): Organizations<br />

need solutions that can integrate assessment, controls, remediation, and validation within<br />

pipelines to maintain continuous compliance. This includes centrally defining and en<strong>for</strong>cing<br />

policies that orchestrate testing and prioritization.<br />

• Provide accountability and transparency: Security and development teams need an accurate,<br />

global perspective of all applications, components, and associated security data. This context is<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 163<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

equired to understand the full scope of software risk, and the effectiveness of current security<br />

tooling and teams.<br />

• Connect key data sources, tools, and workflows within the existing environment: It is vital<br />

to enable a frictionless path to security adoption across multiple development teams by<br />

connecting existing tools, issue-tracking, and software delivery frameworks within a uni<strong>for</strong>m user<br />

experience. This simplifies training, breaks siloes across interrelated teams, and above all,<br />

standardizes security visibility across all sources of software.<br />

In practice, many organizations achieve these capabilities in a piecemeal fashion using a variety of tools<br />

including vulnerability management plat<strong>for</strong>ms, application security testing (AST) tools, and homegrown<br />

methods <strong>for</strong> issue-tracking and reporting. While these methods provide data and context on issues that<br />

are uncovered at various stages of the SDLC, they offer an assortment of snapshots that can’t be easily<br />

pieced together. <strong>The</strong> expanding threat footprint has accelerated the need <strong>for</strong> solutions that unify<br />

fragmented tools, data, and workflows to provide a holistic view of software risk. This has driven the<br />

evolution of application security posture management (ASPM).<br />

What is ASPM?<br />

ASPM solutions consolidate security data, visibility, and en<strong>for</strong>cement of controls across software<br />

development, deployment, and operations. <strong>The</strong>y enable organizations to distill security signals across<br />

multiple sources of security data, orchestrate tooling, and view risk posture across all applications within<br />

a single management layer. According to a recent Gartner study, over 40% of organizations developing<br />

proprietary software applications will adopt ASPM by 2026 to rapidly identify and resolve application<br />

security issues. <strong>The</strong>re are several key capabilities that ASPM solutions provide to accelerate security<br />

efficacy.<br />

• Integrates with your existing tools: Often, organizations use security tools from multiple<br />

vendors to cater to different scanning needs (SAST, SCA, IAST, DAST, API scanning, and more).<br />

Each of these tools provides their own assessment of risk, but lacks the larger context of other<br />

testing results or the business criticality of key software components and assets. ASPM solutions<br />

provide value by integrating with all third-party security and developer tooling, and normalize data<br />

from these tools to provide a single source of truth with a common risk taxonomy. This is central<br />

to how ASPM solutions provide context on vulnerable software assets, and map out visibility of<br />

all relevant issues at every stage of the SDLC.<br />

• Provides a way to define, manage, and en<strong>for</strong>ce policies: Setting universal security policies is<br />

key to implementing guardrails which prevent issues from going downstream. ASPM solutions<br />

provide a way to specify policies which define criticality thresholds, remediation SLAs, and testing<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 164<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

triggers to allow <strong>for</strong> a more standardized en<strong>for</strong>cement of security practices. This takes the<br />

guesswork out of security decisions and eliminates redundant testing cycles.<br />

• Enables teams to prioritize the right work: ASPM solutions allow you to define risk criteria to<br />

identify which security work to prioritize, and how issues should be triaged. This criteria can<br />

include context on business-critical software assets, compliance violations, and issue severity.<br />

With these capabilities, developers can eliminate unnecessary escalations and focus on the<br />

security work that matters most.<br />

• Provides a holistic summary of software risk: An ASPM solution provides context about where<br />

an organization’s most vulnerable software resides, whether issues have been resolved, and any<br />

policy or compliance violations. This provides a way <strong>for</strong> teams to gauge the effectiveness of their<br />

overall application security program, and enables them to audit their software accurately.<br />

Today, most organizations understand that software risk equals business risk, and bridging the process<br />

gap between development and security teams is key to addressing that risk. With ASPM, organizations<br />

can substantially reduce the threat to their business by shifting their application security model to keep<br />

pace with modern development, and amplify the value of their existing security tooling.<br />

About the Author<br />

Natasha is a Senior Security Solutions Manager at Synopsys, driving goto-market<br />

strategy <strong>for</strong> Software Risk Manager, an Application Security<br />

Posture Management (ASPM) solution. She has worked <strong>for</strong> ten years in<br />

the cybersecurity and enterprise networking space. Prior to Synopsys,<br />

Natasha was with ServiceNow, where she managed product marketing<br />

initiatives <strong>for</strong> ServiceNow Security Operations, a SOAR plat<strong>for</strong>m <strong>for</strong><br />

incident and vulnerability management.<br />

She has also held previous roles in product marketing and software<br />

product management at Imperva and A10 Networks. Visit our company<br />

website: https://www.synopsys.com/software-integrity.html<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 165<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>The</strong> Crumbling Castle<br />

By Jaye Tillson, Director of Strategy, Axis Security<br />

In the realm of IT security, the traditional "castle and moat" strategy involved building a strong perimeter<br />

around the corporate network, like a medieval castle surrounded by a moat, to keep threats at bay.<br />

However, in today's modern workplace, this approach no longer provides adequate protection <strong>for</strong> the<br />

modern work<strong>for</strong>ce.<br />

<strong>The</strong> Changing Landscape of IT Security<br />

<strong>The</strong> old castle and moat design worked well when corporate data and applications resided primarily within<br />

a physical data center, and employees accessed it from fixed locations using company-owned devices.<br />

However, several key factors have reshaped the IT security landscape, rendering this approach obsolete:<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 166<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

• <strong>The</strong> Rise of Remote Work: <strong>The</strong> COVID-19 pandemic accelerated the shift toward remote work<br />

and today, employees access corporate resources from various locations and from a multitude of<br />

devices which blurs the lines of the traditional perimeter.<br />

• Cloud Computing: Over the last few years cloud services have become integral to modern IT<br />

infrastructures. Many organizations are increasingly relying on cloud providers like AWS, Azure,<br />

and Google Cloud, which operate outside the castle's walls.<br />

• Mobile and BYOD Policies: Bring Your Own Device (BYOD) policies are now commonplace in<br />

organizations, allowing employees to use their personally owned devices <strong>for</strong> work. Often, these<br />

devices do not meet the same security standards as company-owned and purchased devices.<br />

• IoT Expansion: <strong>The</strong> proliferation of Internet of Things (IoT) devices has a large number of diverse<br />

endpoints, many of which are increasingly challenging to secure and are often vulnerable to<br />

attacks.<br />

• Sophisticated Threats: <strong>Cyber</strong>criminals have evolved to bypass many of the traditional security<br />

measures. <strong>The</strong>y use advanced tactics such as social engineering, phishing, and zero-day<br />

exploits, which render once very strong castle's walls ineffective.<br />

Why the Castle and Moat Approach Fails<br />

<strong>The</strong> castle and moat approach focuses on defending the perimeter, assuming that threats originate from<br />

the outside. However, modern threats can emerge from within the network, making this strategy<br />

insufficient. <strong>The</strong> design lacks visibility into user and device activities once they breach the perimeter.<br />

<strong>The</strong>se blind spots often lead to delayed threat detection and response.<br />

Managing access control <strong>for</strong> remote workers, BYOD devices, and cloud services within a castle and moat<br />

model is also overly complex, leading to vulnerabilities. As organizations grow and adopt new<br />

technologies, expanding the castle's walls becomes impractical and costly.<br />

<strong>The</strong> castle and moat approach also hinders user experience with cumbersome authentication processes<br />

and restricted access that reduce productivity and are inefficient.<br />

Modernizing IT Security: A New Paradigm<br />

To adapt to the evolving IT landscape, I believe that architects must embrace a modern security paradigm<br />

that prioritizes the following principles:<br />

•<br />

Zero Trust: Implement a Zero Trust security model assumes threats can exist both outside and<br />

inside the network. It is important in this new world that trust is never assumed and is continuously<br />

verified <strong>for</strong> users, devices, and applications.<br />

• Identity-Centric Security: We need to shift the focus from network perimeters to user and device<br />

identities. Strong identity and access management (IAM) solutions are critical in ensuring secure<br />

access regardless of location or device.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 167<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

• Continuous Monitoring: Deploying robust monitoring and analytics tools will help us gain real-time<br />

visibility into our user activities and potential threats.<br />

• Cloud-Native Security: Integrating security into cloud services and adopting cloud-native security<br />

tools and practices will help protect data and applications wherever they reside.<br />

• User Education: Educating employees and communicating security best practices, including how<br />

to identify and report potential threats like phishing attempts helps change organizational culture<br />

to be more security-focused.<br />

Conclusion<br />

I believe that the days of relying solely on a castle and moat design <strong>for</strong> IT security are long gone. As our<br />

digital landscape evolves, we architects should begin to adapt our security strategies to meet the<br />

challenges posed to us by remote work, cloud computing, and a multitude of devices.<br />

Embracing a Zero Trust, identity-centric approach with continuous monitoring and cloud-native security<br />

measures will help us to better protect our users, their devices, and our applications in this ever-changing<br />

world.<br />

I believe it's now the time to leave the crumbling castle behind and build a new, resilient <strong>for</strong>tress <strong>for</strong> this<br />

new digital age.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 168<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Jaye Tillson is a Field CTO at Axis Security, boasting over 25 years of<br />

invaluable expertise in successfully implementing strategic global<br />

technology programs. With a strong focus on digital<br />

trans<strong>for</strong>mation, Jaye has been instrumental in guiding numerous<br />

organizations through their zero-trust journey, enabling them to thrive in<br />

the ever-evolving digital landscape.<br />

Jaye's passion lies in collaborating with enterprises, assisting them in their<br />

strategic pursuit of zero trust. He takes pride in leveraging his real-world<br />

experience to address critical issues and challenges faced by these businesses.<br />

Beyond his professional pursuits, Jaye co-founded the SSE Forum and co-hosts its popular podcast<br />

called '<strong>The</strong> Edge.' This plat<strong>for</strong>m allows him to engage with a broader audience, fostering meaningful<br />

discussions on industry trends and innovations.<br />

In his leisure time, Jaye indulges in his passions <strong>for</strong> motor racing, savoring delectable cuisine, and<br />

exploring the wonders of the world through his travels.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 169<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>The</strong> <strong>Cyber</strong>security Bridge: A Necessary<br />

Connection <strong>for</strong> IT and Communications<br />

By Jeff Hahn, principal of Hahn, and Kenneth Holley, Principal and chairman of Silent Quadrant<br />

With the increasing unpredictability and sophistication of cyber threats, IT and communications<br />

departments must align and build a joint cybersecurity strategy to protect client in<strong>for</strong>mation and<br />

stakeholders from costly negative impacts.<br />

Statista reports between <strong>2023</strong> and 2028, the global estimated cost of cyber crime is <strong>for</strong>ecasted to<br />

increase by $5.7 trillion. By 2028, the cost of cybercrime worldwide is estimated to more than double to<br />

$13.82 trillion.<br />

To further understand what may be causing a disconnect between IT and communications departments<br />

on prioritizing cybersecurity, Hahn and Silent Quadrant interviewed senior-level communication<br />

executives and IT professionals across the U.S.<br />

Among the majority of participants, the findings showed the current level of cyber attack preparedness is<br />

low with unclear implementation. A majority of IT respondents had a rapid response plan in place but<br />

didn’t know how or who was responsible <strong>for</strong> communicating it. Most of the communications executives<br />

admitted never seeing a rapid response plan, or if they did, it was confusing.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 170<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

In terms of prioritization, out of eight items, cybersecurity was ranked fifth overall. All participants<br />

mentioned their companies prioritized other goals over cybersecurity, such as client satisfaction and<br />

business growth. However, most participants agreed cybersecurity should be a higher priority because<br />

of its potential to affect core business operations.<br />

For most participants, cyber attacks are handled internally until external resources are needed. When<br />

determining whether to bring in an external vendor, IT considered expertise and certifications, while<br />

communications focused on confidentiality. Smaller companies who may not have the right expertise inhouse<br />

are more likely to hire an external vendor.<br />

It’s often unclear what steps a company can take to persuade leadership on the importance of<br />

cybersecurity and effectively build and communicate a plan. Following the survey, three key solutions<br />

emerged on how to bridge the cybersecurity gap between IT and communications departments.<br />

Build a cyber-aware culture:<br />

Oftentimes, leadership can’t visualize how cybersecurity can impact the bottom-line or think cybersecurity<br />

insurance is enough to cover damages. <strong>The</strong>re<strong>for</strong>e, they don’t prioritize or put funding towards it.<br />

Companies can appoint a Chief In<strong>for</strong>mation Security Officer to oversee cybersecurity initiatives and<br />

ensure it’s integrated and communicated throughout an organization. <strong>The</strong> Hahn team undergoes<br />

quarterly cybersecurity reviews with Silent Quadrant to ensure proper security controls are in place and<br />

operating effectively. Our team acts as a human firewall by training monthly on how to recognize and<br />

respond to threats.<br />

Build a joint cyber rapid response plan with regular updating and testing:<br />

<strong>Cyber</strong>security is an ongoing investment and requires time and funds <strong>for</strong> regular updates and<br />

maintenance. However, the cost outweighs potential risks, affecting jobs, operations, reputations and<br />

client trust. Many companies believe the chances <strong>for</strong> a data breach are low or their current security<br />

measures are sufficient. Un<strong>for</strong>tunately, as we saw with the disastrous Colonial Pipeline hack, even just<br />

one attack can come with severe effects. Hahn’s in<strong>for</strong>mation security program is built upon the Silent<br />

Quadrant <strong>Cyber</strong>security Framework, which exceeds National Institute of Standards and Technology<br />

standards. With the help of a cybersecurity experts and rapid response workshops, companies can build<br />

a functional plan and continually assess one’s current security posture by testing <strong>for</strong> vulnerabilities.<br />

Build an effective method to communicate the plan:<br />

For a cyber rapid response plan, remove any technical jargon which could be misinterpreted or lead to<br />

confusion. Make sure everyone fully understands the procedure, roles and responsibilities. Hahn, with<br />

Silent Quadrant’s support, teaches clients to make security best practices instinctual by inviting internal<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 171<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

stakeholders –– from legal and human resources to procurement and environment, health & safety –– to<br />

the training table.<br />

Having an aligned, companywide cyber rapid response plan will help companies respond more quickly<br />

to cyber attacks, deliver consistent communication to all stakeholders and take timely remedial actions.<br />

This is a necessary responsibility as gatekeepers of client in<strong>for</strong>mation to provide that level of security and<br />

trust.<br />

About the Authors<br />

Jeff Hahn is the principal of Hahn, an Austin-based predictive marketing firm,<br />

and author of Breaking Bad News. He is a crisis communication expert with<br />

30 years experience in communications and public relations. He can be<br />

reached on LinkedIn or by email at jeff.hahn@hahn.agency.<br />

Kenneth Holley is the principal and chairman of Silent Quadrant, a digital<br />

protection agency. He founded Silent Quadrant in 1993, and since then, it’s<br />

delivered incomparable digital security, digital trans<strong>for</strong>mation, and digital<br />

risk management within the world's most influential government affairs<br />

firms, associations, and US businesses. With a particular focus on<br />

infrastructure security and data protection, he’s assisted many clients,<br />

including <strong>for</strong>eign sovereignties, ensure brand and profile security. He can<br />

be reached on the Silent Quadrant website, LinkedIn or by email at<br />

kenneth@silentquadrant.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 172<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Three Things to Know About the New SEC<br />

Rules on Sharing In<strong>for</strong>mation and Breach<br />

Disclosure Deadlines<br />

SEC's New Guidelines Prompt Proactive <strong>Cyber</strong> Risk Management<br />

By Meghan Maneval, Director of Technical Product Management at RiskOptics<br />

Recently, the Securities and Exchange Commission (SEC) adopted rules about the handling and<br />

reporting of cyber risks and breaches. With these new guidelines and regulations, public companies and<br />

organizations must disclose cybersecurity incidents experienced in a timely manner and any in<strong>for</strong>mation<br />

regarding their cybersecurity risk management, strategy and governance annually. <strong>The</strong>se new rules will<br />

bring both consistency and timeliness to reporting with the goal of more accurate reports.<br />

While the SEC previously announced guidelines in 2011 and 2018 regarding the reporting of cyber<br />

incidents, they left room <strong>for</strong> frequent delays and a need <strong>for</strong> more sufficient details. Since then, the SEC<br />

has spent over a year deliberating the nuances of the proposed rules and collecting feedback from<br />

cybersecurity professionals and companies to refine the content. With these new guidelines, companies<br />

now must report “material” cyber incidents within four days, provide in<strong>for</strong>mation and updates on<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 173<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

previously disclosed incidents each quarter, annually report on cybersecurity risk management strategy<br />

and adopt controls to mitigate cyber risk.<br />

Although these new rules and guidelines may seem excessive to some, they’re an essential step towards<br />

a stronger and more proactive approach to cyber risk management. Let’s look at a few key takeaways<br />

from this ruling and what they might mean to your organization.<br />

1) Organizations should always be audit ready and then some.<br />

<strong>The</strong> primary concern many organizations may have with these new rules is the requirement to report a<br />

material incident within four days. This can be difficult if you don’t have integrated systems that share<br />

and aggregate data. This can lead to delays in investigations and potentially missing the required<br />

disclosure date. To accomplish the new rule’s requirements, organizations need to be proactive in<br />

collecting data and continuously monitoring their controls. <strong>The</strong> bottom line is that auditors and hackers<br />

are looking <strong>for</strong> the same thing - control failures. If organizations are continuously monitoring and testing<br />

<strong>for</strong> them, it’s less likely hackers will find an opening, meaning that audit-ready organizations that are also<br />

incident-ready!<br />

Being audit-ready means having a holistic approach to security and compliance that includes risk<br />

assessment, real-time continuous compliance monitoring, training <strong>for</strong> employees and effective<br />

communication. Having these critical pieces in place and automating the right processes is extremely<br />

important <strong>for</strong> organizations in the wake of this rule because it enables them to meet the reporting<br />

requirements faster, with less ef<strong>for</strong>t, and with less disruption to ongoing activity.<br />

To have the best understanding of where risk lies in the business, organizations should leverage a risk<br />

management and compliance tool. By auditing against compliance standards, organizations are able to<br />

see where their inherent business risk lies, and in turn, make decisions to remediate that risk and reduce<br />

exposure. Additionally, a robust risk management tool will allow security leaders to quickly understand,<br />

evaluate and convey the impact of risk on the business aspects they care about the most.<br />

2) Boards need to have a deeper understanding of cyber risk and security than ever be<strong>for</strong>e.<br />

Part of the rule requires companies to disclose how much the board knows about cybersecurity and how<br />

their organization is implementing cybersecurity tactics and best practices. This begins with general<br />

education on cybersecurity and the current threat landscape. Organizations can accomplish this with<br />

trainings, providing educational materials or appointing an expert in cybersecurity to the board to help<br />

guide conversations. This foundational step is critical to acting with purpose.<br />

It’s also essential to consider the board members’ awareness of what’s going on within the organization,<br />

what initiatives are currently in place and what risks impact success. To do this effectively, security<br />

leaders must translate cyber risk and its impact into a language that board members will understand –<br />

dollars and cents.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 174<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

For example, if a security leader notes a non-con<strong>for</strong>mity with the Cali<strong>for</strong>nia Consumer Privacy Act, the<br />

board may not know why it is a concern. Instead, communicating that the organization has an increased<br />

risk of reputational damage or fines <strong>for</strong> noncompliance ensures the impact is conveyed and they can<br />

invest in the right areas to reduce those risks. Security leaders should re-visit their current cybersecurity<br />

plan, showing the board where investments are needed to close the cyber risk gap.<br />

3) <strong>The</strong> new rules will significantly benefit companies that talk more about their risk.<br />

Most importantly, this ruling emphasizes the need to take a proactive approach to risk management.<br />

Organizations must understand their cyber risk posture, and the context of their risks, so they are<br />

prepared to act if a risk is realized.<br />

As the SEC sets this precedent, it benefits companies to make risk a part of every conversation. By doing<br />

so, key stakeholders can understand the full impact of said initiatives on the business and propel <strong>for</strong>ward<br />

based on those risk-in<strong>for</strong>med decisions. This requires having a 360-degree view of cyber risk and its<br />

constituent parts (such as vulnerabilities, threats and third parties) to enable action within the required<br />

timeframe.<br />

Although these new rules seem scary and intimidating, they are not going to upend enterprises.<br />

Ultimately, if companies have been doing what they were supposed to be doing all along, this new<br />

timeframe will only further encourage transparency and accountability. With a proactive approach to<br />

cybersecurity and risk management, companies will be further prepared to monitor <strong>for</strong> threats and<br />

vulnerabilities, reporting them quickly as they arise.<br />

About the Author<br />

Meghan Maneval is the Director of Technical Product Management at<br />

RiskOptics. She leads RiskOptics’ Technical Product Management<br />

team- tasked with developing and evangelizing innovative ways to solve<br />

industry problems.<br />

Fun fact about Meghan- she was a RiskOptics customer be<strong>for</strong>e joining<br />

the team! After more than 15 years managing security, compliance,<br />

audit, governance, and risk management programs in highly-regulated<br />

industries, Meghan joined RiskOptics in 2022 to help drive product<br />

innovation and empower our customers to achieve their objectives.<br />

Meghan is a passionate security and risk evangelist, DIBs champion, and home-renovation enthusiast<br />

specializing in process improvement and program iteration. Meghan enjoys giving back to the security<br />

and risk community through blogs, whitepapers, webinars, conference presentations, and podcasts.<br />

Meghan can be reached online on LinkedIn and at our company website https://riskoptics.com/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 175<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Striking <strong>The</strong> Right Balance: Cloud and <strong>Cyber</strong><br />

Priorities <strong>for</strong> SMEs<br />

By Mark Allen, Head of cyber, CloudCoCo<br />

As small and medium-sized enterprises (SMEs) embark on their digitalization journey, they face a crucial<br />

dilemma: Should they prioritize the adoption of cloud solutions or enhance their cyber security defences?<br />

Both aspects are essential, but finding the perfect equilibrium can be a daunting task, especially when IT<br />

budgets are tight.<br />

In this article, we turn to Mark Allen, head of cyber security at UK-based technology firm CloudCoCo, to<br />

gain insights into the most pressing priorities <strong>for</strong> SMEs.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 176<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Cloud adoption has witnessed a significant surge in recent years, and <strong>for</strong> good reason. It offers scalable<br />

infrastructure, enhanced collaboration tools, and cost-efficiency, among other benefits. <strong>The</strong> ability to<br />

streamline operations, scale services on demand, and respond rapidly to market dynamics has made it<br />

an indispensable <strong>for</strong>ce in the modern business landscape.<br />

Nevertheless, digital trans<strong>for</strong>mation brings its own set of challenges. With more data storage, networking<br />

components, and virtualized resources in the cloud, the potential <strong>for</strong> threat actors to exploit vulnerabilities<br />

increases. As such, SMEs must carefully weigh the advantages against potential security and privacy<br />

risks.<br />

Establishing trust among customers and stakeholders is vital <strong>for</strong> organizations aiming to carve out a<br />

strong market presence. However, an excessive focus on cyber security might impede the seamless<br />

support that cloud adoption can offer. Striking the perfect balance between these two priorities is<br />

essential.<br />

Assessing priority factors<br />

<strong>Cyber</strong> security should serve as a foundational consideration that in<strong>for</strong>ms cloud strategy, rather than act<br />

as an afterthought. Just as every organization has unique needs, the extent of security measures required<br />

varies. For instance, a financial services firm handling sensitive customer data will likely need more robust<br />

security than a creative agency. Growth aspirations also play a pivotal role; as a business expands,<br />

so does the blast radius of potential cyber attacks.<br />

Contrary to popular belief, SMEs don't have to exhaust their financial resources. <strong>Cyber</strong> security can be a<br />

significant but necessary investment, but it's about focusing on smart strategies that provide robust<br />

protection during the transition to the cloud. <strong>The</strong>se investments should not solely revolve around<br />

prevention though, as perpetrators are often one step ahead. Identifying, isolating, and remediating risks<br />

at the earliest opportunity should be the focus, as even well-intentioned employees can make mistakes.<br />

Securing endpoints should be a top priority.<br />

Conducting an in-depth analysis of an SME's existing tech infrastructure – including legacy on-premises<br />

systems and elements already in the cloud – can reveal vulnerabilities that are compromising your firm’s<br />

security posture and uncover redundant systems that may be inflating budgets. This analysis ensures<br />

that systems are truly optimized be<strong>for</strong>e proceeding with the cloud transition, as integrating security midmigration<br />

poses greater risks.<br />

While hyperscalers like AWS, Microsoft, and Google offer valuable services, organisations' cyber security<br />

responsibilities do not vanish when migrating to the public cloud. Factors like firewalls, encryption, and<br />

endpoints still require careful consideration.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 177<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Security matters<br />

As the migration progresses, cyber security should no longer be viewed in isolation but as an integral<br />

part of the broader cloud adoption project. A comprehensive approach — combining expert guidance,<br />

advanced technology, and continuous evaluation — is key to achieving a successful, integrated strategy.<br />

<strong>Cyber</strong> threats evolve constantly, rendering today's measures potentially inadequate <strong>for</strong> tomorrow. SMEs<br />

must stay at the <strong>for</strong>efront of technology to effectively combat ever-changing challenges. Seeking the<br />

assistance of a cloud-agnostic security expert <strong>for</strong> a comprehensive review can significantly enhance<br />

proactive measures, whilst keeping costs from spiraling.<br />

<strong>Cyber</strong> risk assessments, often incorporating AI and automation alongside human expertise, provide a<br />

holistic view of an SME's security posture. This analysis yields a general security score that guides further<br />

development to mature the cloud roadmap.<br />

In the world of cyber security, just as in academics, it's wise not to grade your own homework. With<br />

higher stakes and increasing risks, SMEs shouldn’t treat their digital tech estateany differently.<br />

About the Author<br />

Mark Allen is the Head of <strong>Cyber</strong> at CloudCoCo. He is the latest<br />

addition to the Cloud CoCo senior team, bringing with him 18 years<br />

of technical and commercial industry experience. Having worked<br />

<strong>for</strong> a number of telecoms, software, and digital trans<strong>for</strong>mation<br />

organisations during his career, his last three roles have centered<br />

on strengthening the MSP offerings within UK ISPs. Attracted by<br />

CloudCoCo’s ambition to become a modern MSP with a difference<br />

— not least due to it’s recently unveiled multi-cloud proposition <strong>for</strong><br />

customers that want to hyperscale — he now leads on the firm’s<br />

cybersecurity offering.<br />

Mark can be reached online at (Mark.Allen@cloudcoco.co.uk,<br />

https://www.linkedin.com/in/mark-allen-61a8a31a/) and at our<br />

company website https://cloudcoco.co.uk/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 178<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>The</strong> Tech Jobs That AI Will Not Disrupt<br />

By Michael Gibbs, CEO — Go Cloud Careers<br />

Artificial intelligence is the most exciting innovation to hit the tech world in decades. It has unleashed new<br />

capabilities that promise to significantly reshape the way tech work is done. It also has millions of tech<br />

workers worried.<br />

Media reports suggest that AI could replace as many as 5 percent of full-time technology roles each year<br />

over the next four to five years. That would account <strong>for</strong> 250,000 jobs a year in the US alone.<br />

<strong>The</strong> good news <strong>for</strong> tech workers is AI has its limitations. <strong>The</strong> key <strong>for</strong> today’s tech worker is understanding<br />

which jobs AI can’t do.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 179<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Capitalizing on AI’s weaknesses<br />

Artificial intelligence is a disruptive technology that changes how we work and how we live. <strong>The</strong><br />

businesses that leverage it gain a competitive advantage, while those who don’t find themselves unable<br />

to compete.<br />

<strong>The</strong> disruption that AI is bringing to the cybersecurity space can already be seen. Recent reports show<br />

that AI-assisted cybersecurity dramatically shortens the length of data breach lifecycles, reducing them<br />

by more than 100 days and saving organizations nearly $2 million in breach-related costs. AI delivers<br />

cybersecurity results that are faster, more precise, and more effective than those provided by humans<br />

alone.<br />

Still, AI is incapable of accomplishing a lot of tasks conducted in the tech space. It cannot lead teams of<br />

people, establish meaningful connections with clients and coworkers, or convince a CEO of the need to<br />

commit resources to enhancing technology plat<strong>for</strong>ms.<br />

Tech workers who want to thrive in the AI era will need to focus on developing and delivering those types<br />

of human skills.<br />

Developing future-proof skills<br />

<strong>The</strong> tech workers who want to be safe as AI evolves must move beyond mastering technology to become<br />

experts at leveraging technology to improve business per<strong>for</strong>mance. Those who cultivate business<br />

acumen have key insights into the ways finances, operations, strategy, and competition impact business<br />

success. Bringing that understanding to the tech space allows them to deliver solutions rather than just<br />

products.<br />

Executive presence is another skill that can help tech workers to become future-proof. It allows them to<br />

step into meetings with C-suite level leaders, speak their language, understand their issues, and address<br />

their concerns. AI may be able to detect malware faster than a human, but it can’t explain to a CEO the<br />

return on investment his company will get from an AI-driven cybersecurity plat<strong>for</strong>m.<br />

Emotional intelligence is being cited as one of the most important skills <strong>for</strong> workers to develop in the age<br />

of AI. EQ generally allows workers to build better relationships with clients and coworkers by<br />

understanding and managing emotions. Employees with high EQ are also considered to be highly flexible<br />

and adaptable, which are critical skills to have in today’s ever-changing workplace.<br />

AI does not bring any of these important skills to an organization, which means those who can provide<br />

them will be in high demand. Tech workers who are relying on technical, hands-on skills, however, may<br />

find themselves quickly replaced by AI.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 180<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Examples of tech jobs that will survive<br />

Cloud architects and enterprise architects stand as great examples of tech positions AI won’t replace.<br />

Architects design solutions that improve business per<strong>for</strong>mance. To do that, they must deliver all of the<br />

future-proof skills listed above.<br />

<strong>The</strong> architect must interview clients to identify their business goals. This requires business acumen,<br />

executive presence, and emotional intelligence. Consider also that in some cases the key conversations<br />

between an architect and a client take place over dinner or on a golf course, two very human venues<br />

where AI offers little value.<br />

Once architects understand clients’ needs, they must lead a team of tech pros who bring solutions to life.<br />

This requires overseeing the creation of a tech blueprint that delivers the proper solution. Emotional<br />

intelligence and leadership are key qualities that architects bring to this process.<br />

Those in the right positions — which are those heavily dependent on human skills — shouldn’t doubt<br />

their job security in the age of AI. In fact, they may even see salary growth as they leverage AI to develop<br />

even more effective and efficient technology solutions.<br />

For those whose expertise is limited to hands-on positions, now is the time to consider developing the<br />

skills that will allow you to shift to new technology roles. AI can already do many hands-on tech jobs<br />

cheaper, faster, and with higher accuracy than the humans who previously managed them. As the<br />

technology evolves, it promises to automate more and more positions within the tech space.<br />

About the Author<br />

Michael Gibbs is the CEO of Go Cloud Careers, a global organization that<br />

provides training <strong>for</strong> elite cloud computing careers. Go Cloud Careers is<br />

focused on helping individuals achieve their dream technology careers by<br />

getting hired. Michael has 25 years of experience in networking, cloud<br />

computing, and IT security.<br />

Michael can be reached online at info@gocloudcareers.net, YouTube,<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 181<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 182<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 183<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 184<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 185<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 186<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 187<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 188<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 189<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong><strong>Defense</strong>.TV now has 200 hotseat interviews and growing…<br />

Market leaders, innovators, CEO hot seat interviews and much more.<br />

A division of <strong>Cyber</strong> <strong>Defense</strong> Media Group and sister to <strong>Cyber</strong> <strong>Defense</strong> Magazine.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 190<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Free Monthly <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> Via Email<br />

Enjoy our monthly electronic editions of our Magazines <strong>for</strong> FREE.<br />

This magazine is by and <strong>for</strong> ethical in<strong>for</strong>mation security professionals with a twist on innovative consumer<br />

products and privacy issues on top of best practices <strong>for</strong> IT security and Regulatory Compliance. Our<br />

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best<br />

ideas, products and services in the in<strong>for</strong>mation technology industry. Our monthly <strong>Cyber</strong> <strong>Defense</strong> e-<br />

Magazines will also keep you up to speed on what is happening in the cyber-crime and cyber warfare<br />

arena plus we’ll in<strong>for</strong>m you as next generation and innovative technology vendors have news worthy of<br />

sharing with you – so enjoy. You get all of this <strong>for</strong> FREE, always, <strong>for</strong> our electronic editions. Click here<br />

to sign up today and within moments, you’ll receive your first email from us with an archive of our<br />

newsletters along with this month’s newsletter.<br />

By signing up, you’ll always be in the loop with CDM.<br />

Copyright (C) <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.<br />

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a<br />

<strong>Cyber</strong><strong>Defense</strong>Awards.com, <strong>Cyber</strong><strong>Defense</strong>Conferences.com, <strong>Cyber</strong><strong>Defense</strong>Magazine.com,<br />

<strong>Cyber</strong><strong>Defense</strong>Newswire.com, <strong>Cyber</strong><strong>Defense</strong>Professionals.com, <strong>Cyber</strong><strong>Defense</strong>Radio.com, and<br />

<strong>Cyber</strong><strong>Defense</strong>TV.com, is a Limited Liability Corporation (LLC) originally incorporated in the United States of<br />

America. Our Tax ID (EIN) is: 45-4188465, <strong>Cyber</strong> <strong>Defense</strong> Magazine® is a registered trademark of <strong>Cyber</strong><br />

<strong>Defense</strong> Media Group. EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide.<br />

marketing@cyberdefensemagazine.com<br />

All rights reserved worldwide. Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved. No part of this<br />

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,<br />

recording, taping or by any in<strong>for</strong>mation storage retrieval system without the written permission of the publisher<br />

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of<br />

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may<br />

no longer be valid. <strong>The</strong> views expressed in this work are solely those of the author and do not necessarily reflect<br />

the views of the publisher, and the publisher hereby disclaims any responsibility <strong>for</strong> them. Send us great content<br />

and we’ll post it in the magazine <strong>for</strong> free, subject to editorial approval and layout. Email us at<br />

marketing@cyberdefensemagazine.com<br />

<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />

276 Fifth Avenue, Suite 704, New York, NY 1000<br />

EIN: 454-18-8465, DUNS# 078358935.<br />

All rights reserved worldwide.<br />

marketing@cyberdefensemagazine.com<br />

www.cyberdefensemagazine.com<br />


<strong>Cyber</strong> <strong>Defense</strong> Magazine - <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> rev. date: 11/02/<strong>2023</strong><br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 191<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Books by our Publisher: https://www.amazon.com/stores/Gary-Miliefsky/author/B07KQJM1GP (with others coming<br />

soon...)<br />

11 Years in <strong>The</strong> Making…<br />

Thank You to our Loyal Subscribers!<br />

We've Completely Rebuilt <strong>Cyber</strong><strong>Defense</strong>Magazine.com - Please Let Us Know What You Think.<br />

It's mobile and tablet friendly and superfast. We hope you like it. In addition, we're past the five<br />

nines of 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content<br />

Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and<br />

<strong>Cyber</strong><strong>Defense</strong>Magazine.com up and running as an array of live mirror sites. We successfully<br />

launched https://cyberdefenseconferences.com/and have another amazing plat<strong>for</strong>m coming<br />

soon.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 192<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 193<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 194<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 195<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2023</strong> <strong>Edition</strong> 196<br />

Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!