The Cyber Defense eMagazine November Edition for 2023

Artificial Deception: The State Of “AI” 

In Defense and Offense 

Master Security by Building on 

Compliance With A Risk-Centric 

Approach 

Charting a Trustworthy AI Journey 

…and much more… 

Cyber Defense eMagazine – November 2023 Edition 1 

Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.

` 

CONTENTS 

Welcome to CDM’s November 2023 Issue------------------------------------------------------------------------- 8 

Artificial Deception: The State Of “AI” In Defense and Offense --------------------------------------------------- 21 

By Ken Westin, Field CISO, Panther Labs 

Master Security by Building on Compliance with A Risk-Centric Approach ------------------------------------ 24 

By Meghan Maneval, Vice President of Product Strategy and Evangelism, RiskOptics 

Charting a Trustworthy AI Journey ---------------------------------------------------------------------------------------- 28 

By Lisa O’Connor, Managing Director—Accenture Security, Cybersecurity R&D, Accenture Labs 

An Age-by-Age Guide to Online Safety for Kids ------------------------------------------------------------------------ 31 

By Chelsea Hopkins, Social Media Manager, Fasthosts 

Overcoming Multi-Cloud Security Challenges: The Power of a Unified Configuration of Clouds -------- 36 

By Michael Rostov, Entrepreneur and Co-Founder at Oasis Defender 

AI And Ad Fraud: Growing Risks for Marketers Using Google’s AI-Based Advertising Campaigns ----- 39 

By Mathew Ratty, CEO, TrafficGuard 

Bolster an Organizational Cybersecurity Strategy with External Data Privacy ------------------------------- 43 

By Harry Maugans, CEO, Privacy Bee 

The Crucial Need for a Secure Software Development Lifecycle (SSDLC) in Today's Digital Landscape46 

By John Riley III, Cyber Business Development, Alan B. Levan | NSU Broward Center of Innovation. 

Beyond Passwords: AI-Enhanced Authentication in Cyber Defense---------------------------------------------- 51 

By Kathleen Dcruz 

7 Steps to Build a Defense in Depth Strategy for Your Home ------------------------------------------------------ 55 

Roger Spears – Cybersecurity Project Manager, Schneider Downs 

Zombie APIs: The Scariest Threat Lurking in The Shadows?-------------------------------------------------------- 60 

By Dan Hopkins, VP of Engineering at StackHawk 

How To Combat the Mounting ‘Hacktivist’ Threat -------------------------------------------------------------------- 63 

By Manish Gohil, Senior Associate, Dragonfly 



OT Cybersecurity: Safeguarding Building Operations in a Digitized World ------------------------------------ 66 

By Mirel Sehic, Global Director of Cyber Security, Honeywell 

The Cyber Risk Nightmare and Financial Risk Disaster Of Using Personal Messaging Apps In The 

Workplace ------------------------------------------------------------------------------------------------------------------------- 69 

By Anurag Lal, President and CEO of NetSfere 

DevOps’ Big Challenge: Limiting Risk Without Impacting Velocity----------------------------------------------- 73 

By Asaf Karas, CTO for JFrog Security 

ChatGPT For Enterprises Is Here – But CEOs First Want Data Protections ------------------------------------- 77 

By Apu Pavithran, CEO and Founder, Hexnode 

Chromecast End-of-Life Announcement Highlights Urgent Need for Patch Management Reform 

Among Hybrid Workers ------------------------------------------------------------------------------------------------------- 81 

By Joao Correia, Technical Evangelist for Tuxcare 

Common Pitfalls of Running On-Premises SIEM Solutions ---------------------------------------------------------- 84 

By Vinaya Sheshadri, Practice Leader Cyber Security at RiverSafe 

Fostering Total Trust with A ‘Zero-Trust’ Approach in Financial Services -------------------------------------- 88 

By Stefan Auerbach, CEO, Utimaco 

Cybersecurity in Digital Afterlife ------------------------------------------------------------------------------------------- 92 

By Chahak Mittal, GRC Manager, Universal Logistics 

When the Enemy Is DDoS, Holistic Protection Is a Must------------------------------------------------------------- 96 

By Sean Newman, VP/Product Management, Corero 

Data Sanitization for End-Of-Use Assets ------------------------------------------------------------------------------- 100 

By Roger Gagnon, President & CEO, Extreme Protocol Solutions 

Developers Hold the New Crown Jewels. Are They Properly Protected? ------------------------------------- 103 

By Aaron Bray, CEO. Phylum 

Expect to Fail: How Organizations Can Benefit from a Breach -------------------------------------------------- 107 

By Tyler Farrar, CISO, Exabeam 

How to Create a Threat Hunting Program for Your Business ---------------------------------------------------- 111 

By Zac Amos, Features Editor, ReHack 



How To Improve Security Capacities of The Internet of Things? ------------------------------------------------ 115 

By Milica D. Djekic 

In Pursuit of a Passwordless Future ------------------------------------------------------------------------------------- 119 

By Rob Jenks, Senior Vice President of Corporate Strategy, Tanium 

Insights from Billington Cybersecurity Summit 2023: The Enhanced Threat Surface of 5G/6G & IOT 122 

By Dr. Torsten Staab, PhD, RTX Principal Technical Fellow 

It’s Time to Tear Down the Barriers Preventing Effective Threat Intelligence ------------------------------ 125 

By Denny LeCompte, CEO, Portnox 

Building For a More Secure Future: How Developers Can Prioritize Cybersecurity ------------------------ 129 

By Jeremy Butteriss, EGM Ecosystem and Partnerships, Xero 

What the Government Can Learn from the Private Sector in Pursuit of Zero Trust ----------------------- 134 

By Kevin Kirkwood, Deputy CISO, LogRhythm 

Protecting Your Business and Personal Data ------------------------------------------------------------------------- 137 

By Brian Lonergan, VP of Product Strategy, Identity Digital 

Navigating Secure Adoption of AI Across Government and Connected Infrastructure ------------------- 142 

By Gaurav (G.P.) Pal, Founder and CEO, stackArmor 

North Korea–Russia Summit ----------------------------------------------------------------------------------------------- 145 

By Stan Vitek, Resident Geopolitical Analyst, Cyfirma 

Protecting Critical Infrastructure from Cyber Attack --------------------------------------------------------------- 151 

By Richard Staynings, Chief Security Strategist for Cylera 

Ruthless Prioritization Is a Myth: Aim For Risk-Less Prioritization Instead ---------------------------------- 156 

By Craig Burland, CISO, Inversion6 

Ditch the Worry - Switch to Secure WhatsApp Alternative ------------------------------------------------------- 159 

By Nicole Allen, Senior Marketing Executive at Salt Communications 

Shifting Left Means Shifting Smart: Managing Software Risk With ASPM ---------------------------------- 163 

By Natasha Gupta, Senior Security Solutions Manager, Synopsys Software Integrity Group 



The Crumbling Castle -------------------------------------------------------------------------------------------------------- 166 

By Jaye Tillson, Director of Strategy, Axis Securit 

The Cybersecurity Bridge: A Necessary Connection for IT and Communications --------------------------- 170 

By Jeff Hahn, principal of Hahn, and Kenneth Holley, Principal and Chairman of Silent Quadrant 

Three Things to Know About the New SEC Rules on Sharing Information and Breach Disclosure 

Deadlines ------------------------------------------------------------------------------------------------------------------------ 173 

By Meghan Maneval, Director of Technical Product Management at RiskOptics 

Striking The Right Balance: Cloud and Cyber Priorities for SMEs ----------------------------------------------- 176 

By Mark Allen, Head of Cyber, CloudCoCo 

The Tech Jobs That AI Will Not Disrupt --------------------------------------------------------------------------------- 179 

By Michael Gibbs, CEO — Go Cloud Careers 



@MILIEFSKY 

From the 

Publisher… 

As we publish the November issue of Cyber Defense Magazine, I’m pleased to note that we have just completed our annual 

CyberDefenseCon. Our very successful 2023 event was top shelf. Featuring CISOs, Innovators, and Black Unicorns in our topof-the-industry 

lineup of professionals, we presented and exchanged much valuable and actionable information for our 

participants. There is more information at https://cyberdefenseconferences.com/. . 

We would also like to draw your attention to the CDMG Global Awards program at https://cyberdefenseawards.com/ , and the 

many participating professionals who have earned this important recognition for their contributions to the cybersecurity industry. 

From our perspective, it’s never too early to build on the success of this conference, and prepare to meet the next challenges in 

cyber sustainability. We do this monthly with the publication of Cyber Defense Magazine. Looking ahead, we are also putting 

out our call for speakers for the 2024 conference. CISOs can participate in this program by responding at this website: 

https://form.jotform.com/230036762118147 

We continue to strive to be the best and most reliable set of resources for the CISO community in discharging these 

responsibilities. With appreciation for the support of our contributors and readers, we continue to pursue our role as the premier 

publication in cybersecurity. 

Warmest regards, 

Gary S.Miliefsky, CISSP®, fmDHS 

CEO, Cyber Defense Media Group 

Publisher, Cyber Defense Magazine 

P.S. When you share a story or an article or 

information about CDM, please use #CDM and 

@CyberDefenseMag and @Miliefsky – it helps spread 

the word about our free resources even more quickly 



@CYBERDEFENSEMAG 

CYBER DEFENSE eMAGAZINE 

Published monthly by the team at Cyber Defense Media Group 

and distributed electronically via opt-in Email, HTML, PDF and 

Online Flipbook formats. 

EDITOR-IN-CHIEF 

Yan Ross, JD 

yan.ross@cyberdefensemagazine.com 

ADVERTISING 

Marketing Team 

marketing@cyberdefensemagazine.com 

CONTACT US: 

Cyber Defense Magazine 

Toll Free: 1-833-844-9468 

International: +1-603-280-4451 

http://www.cyberdefensemagazine.com 

Copyright © 2023, Cyber Defense Magazine, a division of 

CYBER DEFENSE MEDIA GROUP 

1717 Pennsylvania Avenue NW, Suite 1025 

Washington, D.C. 20006 USA 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 

PUBLISHER 

Gary S. Miliefsky, CISSP® 

Learn more about our founder & publisher at: 

https://www.cyberdefensemagazine.com/about-our-founder/ 

11 YEARS OF EXCELLENCE! 

Providing free information, best practices, tips, and techniques 

on cybersecurity since 2012, Cyber Defense Magazine is your 

go-to-source for Information Security. We’re a proud division. 

of Cyber Defense Media Group: 

CYBERDEFENSEMEDIAGROUP.COM 

MAGAZINE TV RADIO AWARDS 

PROFESSIONALS VENTURES WEBINARS 

CYBERDEFENSECONFERENCES 



Welcome to CDM’s November 2023 Issue 

From the Editor-in-Chief 

In my capacity as Editor-in-Chief of Cyber Defense Magazine, I am delighted to offer this note of congratulations to 

the winners and finalists of the Black Unicorn Awards including Top Global CISOs and InfoSec Innovators. In that 

vein, we especially celebrate the amazing women in cyber who have received awards. I encourage all our readers 

and contributors to join us in this recognition. 

As you will know, the Black Unicorn Awards process is an annual activity to identify and recognize leadership and 

accomplishment in the realm of cybersecurity. You may not be aware that many of our award recipients have also 

been contributors to Cyber Defense Magazine. 

Looking back over my many years of editing Cyber Defense Magazine, including review and elaboration of 

thousands of well written articles, I am pleased to observe that we always welcome submission of new and important 

articles on the current challenges and responses in cybersecurity. 

May I take this moment to remind readers that CDM is not a political forum, but a place to notify colleagues of 

important developments in the cybersecurity industry. Our readers are principally CISOs and their colleagues, so 

our focus is on our value to them in discharging their cybersecurity responsibilities, rather than pursuing any political 

agenda. 

As always, we are delighted to receive both solicited and unsolicited proposals for articles. Please remember to 

submit all articles on the Cyber Defense Magazine writer’s kit template, which incorporates the major terms and 

conditions of publication. We make every effort to close out acceptance of articles by the 15 th of each month for 

publication in the following month’s edition. 

Wishing you all success in your cybersecurity endeavors, 

Yan Ross 

Editor-in-Chief 


About the US Editor-in-Chief 

Yan Ross, J.D., is a Cybersecurity Journalist & U.S. Editor-in-Chief of Cyber 

Defense Magazine. He is an accredited author and educator and has provided 

editorial services for award-winning best-selling books on a variety of topics. He 

also serves as ICFE's Director of Special Projects, and the author of the Certified 

Identity Theft Risk Management Specialist ® XV CITRMS® course. As an 

accredited educator for over 20 years, Yan addresses risk management in the 

areas of identity theft, privacy, and cyber security for consumers and organizations 

holding sensitive personal information. You can reach him by e-mail at 

yan.ross@cyberdefensemagazine.com 

















2001 2023 











Artificial Deception: The State Of “AI” In 

Defense and Offense 

By Ken Westin, Field CISO, Panther Labs 

If you have seen any of my talks, I often say that the infosec industry wouldn't exist without deception. 

Although I’ve seen enough nature documentaries to know deception exists throughout the rest of the 

animal kingdom, humans have the cunning ability to deceive each other to gain resources, whether in 

war or crime. Deception in society doesn’t usually become a “crime” until property is lost or there is harm. 

Of course, it has evolved with the evolution of technology into the world of cybercrime — the use of 

artificial intelligence (AI) is no different. At Black Hat and Def Con this year, I saw an interesting dichotomy 

in the realm of AI, specifically the application of data science and machine learning in defensive and 

offensive security. 



Artificial Intelligence or Mechanical Turk? 

Walking the show floor at Black Hat, most vendors were pitching some sort of AI that would “revolutionize” 

defense. I found some of these messages deceptive themselves, making promises the industry has heard 

for years only to disappear into vaporware and disappointment. The advances in machine learning (ML) 

and large language models (LLM) have been very promising over the past few years, although still a bit 

overhyped as “AI” when in reality, these technologies require reliable data inputs, along with ongoing 

human tuning and supervision. 

Machine learning models are only as good as the data they are fed. As any data scientist will tell you, the 

majority of their job is data prep and cleansing, this also makes these models themselves susceptible to 

deception through data poisoning and model manipulation. The application of LLM through tools such as 

ChatGPT has been a fantastic breakthrough in the application of data science, with the promise of 

increasing productivity across many different industries. LLM, however, is a machine learning model that 

uses Natural Language Processing (NLP) to scan massive amounts of text. Some companies have been 

deceptive about how this technology works, confusing the industry. 

Although LLM technology can magically create content from a prompt out of thin air, there is more to it 

than meets the eye. LLMs rely on data inputs like any other model, so they leverage existing works, 

whether articles, blog posts, art, or even code. So there should be no surprise that there are now mass 

lawsuits against companies like ChatGPT from content creators claiming copyright infringement and 

source code is no different, not to mention privacy implications. 

LLM also has another negative side effect of “hallucinations” where it will spit out nonsense or untrue 

content that could trick or confuse a person if they believe the content, which shows why even some of 

the most advanced uses of “AI” require a human in the loop to verify content. Interestingly, we can be 

deceived by this technology by accident; however, the same technology can and is being used offensively 

to manipulate data models and people and, in many respects, is ahead of the defense. 

Generative Deception 

At Def Con I saw the other side of “AI” on the offensive side. Both the Social Engineering and 

Misinformation Villages have grown over the years. The Social Engineering CTF was amazing to watch 

as teams targeted employees at companies to see how they could gather valuable information from 

targets for reconnaissance. This can now be taken a step further to manipulate people using voice 

synthesis to mimic the voice of an authority figure, family member, or celebrity, for example, to gain the 

target's trust. 

The increasingly widespread use of this technology will pose a significant threat to organizations and 

individuals, mainly as many non-tech-savvy folks are unaware of it, and the models become increasingly 

convincing. In addition, the use of generative AI to create videos and images that are progressively 

realistic is already finding its way into propaganda, fraud, and social engineering at a horrifying rate, and 

most security awareness training programs and other defenses for these types of attacks are slow to 

catch up. 



Human-in-the-Middle 

In creating AI tools to make us more productive and creative, we also opened a Pandora’s Box, as these 

same tools can be used to deceive us. I presented a while back at the SANS Data Science Lightning 

Summit “Cyborgs vs. Androids” on this topic, where I discussed the successful use of AI technology 

should be thought of less as an autonomous entity that will replace the security analyst/engineer and 

more like a cyborg, where we leverage these technologies to enhance the security analyst/engineer. 

Organizations also need to consider the potential liability of using some of these tools, given the 

technology is new, questions about data provenance, and potential legislation regarding their use. 

By keeping the human in the center, we are better able to harness the power of AI while at the same time 

ensuring it has the proper inputs and monitoring of its outputs. Trained humans are still better than 

machines at identifying patterns and detecting human deception; the challenge is that they are 

overwhelmed with data, tooling, and threats. The more we can leverage AI to enhance the analysts' 

capabilities to make their jobs easier, the better we will defend against a whole new generation of threats 

— or maybe this post was written by an AI to convince you that’s the case ;-). 

About the Author 

Ken Westin is Field CISO of Panther Labs. He has been in the 

cybersecurity field for over 15 years working with companies to improve 

their security posture, through detection engineering, threat hunting, 

insider threat programs, and vulnerability research. In the past, he has 

worked closely with law enforcement helping to unveil organized crime 

groups. His work has been featured in Wired, Forbes, New York Times, 

Good Morning America, and others, and is regularly reached out to as 

an expert in cybersecurity, cybercrime, and surveillance. 

Ken can be reached online at LinkedIn 

(https://www.linkedin.com/in/kwestin/) and at our company website 

https://panther.com/ 



Master Security by Building on Compliance 

with A Risk-Centric Approach 

By Meghan Maneval, Vice President of Product Strategy and Evangelism, RiskOptics 

In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. 

Cloud adoption, digital processes, remote work, and third-party relationships have all grown dramatically 

to create an expanding and complex threat landscape that bad actors are eager to exploit. Not only are 

there an enormous number of risks in this digitized world, but they are also coming at us with incredible 

speed. Considering that it only takes an independent cybercriminal around 9.5 hours to obtain illicit 

access to a target’s network, every minute a company lacks visibility into vulnerabilities or fails to respond 

to threats gives hackers a chance to cause significant damage. 

In light of the increasing threat, many organizations have focused on increasing their compliance with 

security certifications under the illusion that compliant means secure. This is not the case. According to 

Forrester, just 35% believe that compliance drives the right focus and behaviors within their business. 

That’s why a proactive approach to seeing, understanding, and acting on risk is key to improving the 



effectiveness of defenses in place to meet compliance standards – helping organizations enhance cyber 

resilience today and tackle the challenges of tomorrow. 

Compliance alone is insufficient to improve security 

Complying with a framework is great. Compliance cannot be underscored. “Being compliant” means 

adhering to a specific framework or list of regulatory requirements and is how you protect your 

organization. But it does not mean you have done everything within reason to protect your organization, 

nor are you prioritizing your security investments to achieve specific business objectives. Therefore, 

compliance does not speak to how well you are protecting your organization. 

Attackers are smart, stealthy, and ready to exploit any opportunity, whether through the front door with a 

phishing email or the back door via one of your third- or fourth-party vendors. In fact, 83% of organizations 

reported having experienced more than one data breach, according to the 2023 Cost of a Data Breach 

Report by IBM and the Ponemon Institute. To protect your organization, you need to go beyond 

compliance and actually assess your risk and put practices into place to prioritize remediation to propel 

your business forward. 

For example, compliance audits are point-in-time assessments that appraise the controls you’ve already 

implemented. They don’t focus on how well you are protecting your organization today. This approach is 

no longer sufficient to reduce risk. What happens if an event occurs the day after an audit that increases 

your number of high-risk vulnerabilities? Remember that attackers don’t care if you’re compliant or not – 

only regulators and other stakeholders do. The attacker aims to make money accessing your high-value 

information, disrupting your business, and profiting from ransomware payments. Keeping your business 

priorities in the center of your risk assessment enables faster data-driven strategic decision making. 

Understand the effectiveness of your compliance and risk activities 

Understanding the need to shift from compliance to risk management is one thing but carrying it out is 

quite another. To understand the effectiveness of your security posture, ask: How well are we protecting 

our organization and assets? 

When choosing risk management technology, it’s important that the platform supports a strategy of 

defining risk within a business context. Your organization’s risk management platform should provide 

information beyond the typical compliance status report. Look for reporting capabilities that provide the 

context necessary to understand the progress and effectiveness of your compliance programs and their 

impact on reducing risk. For example, each program should have a compliance posture indicating the 

number of effective controls compared to total controls. But it should also clearly show the impact of those 

controls on reducing your risk exposure. If it’s not, you’re missing the mark. 

The platform must also be able to update this metric in real time as your team completes compliance 

activities to provide an up-to-the-minute snapshot of the program’s health. You should also expect live- 



view dashboards to include the status and impact of controls and risks, as well as the ability to export 

results into a CSV or formatted report. This level of detailed reporting gives your risk managers the 

visibility they need to prioritize activities that strengthen compliance and reduce risk and can help you 

better understand how risk remediation efforts are progressing. Similarly, a report that quantifies risk 

assessments by category and score can help identify the areas needing attention, so that you can focus 

your resources on the areas negatively impacting your risk posture. 

How can organizations improve their cybersecurity? 

The most security-conscious organizations understand that cybersecurity is an ever-evolving risk that 

must continuously be considered and monitored. When the organization is “in compliance,” it has met 

the minimum requirements under its obligations. But being able to say “we’re compliant” is not the same 

as understanding to what extent implemented controls have effectively reduced the underlying risks. You 

must also identify and categorize risks as they relate to individual business activities and the context 

around them. 

By taking a broader, risk-based approach tying risk to business outcomes, instead of a more limiting 

compliance-based approach, organizations can improve their cybersecurity. 

The four key areas enterprises look to improve are: 

• ENABLEMENT: Supporting business goals by protecting the data and systems essential to the 

business. 

• SECURITY: Protecting data privacy, demonstrating compliance, and managing risk effectively. 

• EFFICIENCY: Eliminating the time wasted on manual tasks. 

• TRUST: Proving to customers that they can entrust their sensitive data to the company. 

Deliver better outcomes with a strategic approach to risk 

Cybersecurity leaders can deliver better outcomes with less effort by transitioning from a compliancecentric 

approach to a risk-centric one. This evolution happens by shifting your perspective. Compliance 

and risk are essentially two sides of the same coin but with different focal points. Compliance is focused 

on adherence to a framework of statutory, regulatory, or contractual requirements, using implemented 

controls to satisfy those obligations. This adherence is binary — each requirement is either met or unmet. 

But risk is a continuum. Risk management requires evaluation of controls and their impact on the 

business’ ability to meet its goals. 

Such an approach puts cyber risk in a business context so that CISOs and CIOs can tie risk to the 

business objectives prioritized by the C-suite and Board. To do so, they need visibility into the 

organization’s overall risk and compliance posture that breaks down the silos that cause inefficiencies, 

gaps, and blind spots. You need organizational and program-level reporting that gives you detailed 

insights and metrics. The tools and automation involved can substantially ease the burden of managing 



this information and related activities. Automation capable of facilitating a continuous, near real-time view 

of the organization’s risk profile is key to delivering better outcomes with less effort. In addition, a riskcentric 

risk management approach builds trust among customers and business partners, ultimately 

supporting your go-to-market initiatives. 


Meghan Maneval is the Vice President of Product Strategy and 

Evangelism at RiskOptics. She has over 15 years of experience in risk 

management, information security, and compliance, and is a 

passionate, visionary leader who drives new ways to solve industry 

problems. As the Vice President of Product Strategy and Evangelism 

at RiskOptics, she leads a team of talented and diverse professionals. 

She develops and executes strategy and objectives for the Go-To- 

Market function, innovates and designs new solutions for the risk 

management market, and evangelizes the benefits and value of cyber 

risk management. Meghan can be reached online at her LinkedIn here 

and at our company website https://reciprocity.com/. 



Charting a Trustworthy AI Journey 

Sound cybersecurity principles for responsible generative AI innovation 

By Lisa O’Connor, Managing Director—Accenture Security, Cybersecurity R&D, Accenture Labs 

As companies turn to generative AI to transform business operations, traditional notions of trust are being 

reshaped. How will the enterprise navigate a journey toward Responsible AI—designing, developing and 

deploying AI in ways that engender confidence and trust? 

AI brings unprecedented opportunities to businesses, but also incredible responsibility. Its direct impact 

on people’s lives has raised considerable questions around AI ethics, data governance, trust and legality. 

In fact, Accenture’s 2022 Tech Vision research found that only 35% of global consumers trust how AI is 

being implemented by organizations. And 77% think organizations must be held accountable for their 

misuse of AI. 

That skepticism in understandable. Humans will have a more difficult time determining if sources of 

information are reliable. There are risks that large language models will be used to manipulate data in 

ways that will make us question the veracity of all sorts of information. 

Today, threat actors are using Gen AI to write more and more effective phishing campaigns. They are 

getting better at leveraging collected profiles and the troves of information we share on-line on social 

sites to craft precision spearphishing. Attacks methods against AI and Generative AI are all over the dark 

web. These methods take advantage of how these models work. For example “prompt injection” attacks 

can cause the large language model (LLM) to unknowingly execute the malicious user’s instructions, 



leading to the potential exploit of backend systems or the presentation of false information to the 

unknowing user. Vulnerabilities and the proliferation of the knowledge on how to use them means that 

well-meaning initiatives without the right security may put relationships at risk and proprietary data 

exposed. The cybersecurity playbook must keep pace with these new realities. 

But using gen AI in the organization also put trust at risk. The following are steps leading enterprises are 

taking to build trust that generative AI is being used responsibly: 

• Build consensus about risk appetite—Accenture’s recent “State of Cybersecurity Resilience 2023” 

research found that 65% of so-called “cyber transformers” apply three leading practices to excel 

at risk management. By contrast, just 11% of the rest adopt a “best-in-class” approach. The 

leaders apply a cyber risk-based framework that is completely integrated into their enterprise risk 

management program. Their operations and executive leadership consistently agree on the 

priority of assets and which operations to protect. And they consider cybersecurity risk to a great 

extent when evaluating overall enterprise risk. 

• Ditch the jargon—Provide non-technical explanations. Business leaders and the board need nontechnical 

explanation and a common understanding to agree on governance guardrails and 

appreciate the risks of having actual business data compromised. Stories and what-if scenarios 

can help users gain a gut-level appreciation about the risks of undermining trust. Users need to 

appreciate that once corporate data is out in the public environment, it is not coming back. 

• Promote early engagement—Pilots can shape opportunities and value propositions and should 

be used to provide critical feedback that should be shared with technology providers and 

standards organizations. Inside the organization, this critical feedback can be used to develop 

standardized business-ready applications and an enhanced understanding of necessary controls. 

• Empower cross-organization governance and development—Avoid siloed development efforts. 

Legal, Risk, IT, Information Security, Marketing and HR should all be engaged in charting the gen 

AI journey. One enterprise we know has an “Executive Information Management Committee; 

another a “funnel group” for bi-weekly evaluation of use cases. 

• Offer a safe “sandbox”—The rest of the business is keen to work with gen AI tools. We hear from 

CISOs that unsupervised “shadow” efforts are underway throughout many enterprises. To get 

ahead of the risks of rogue efforts, establish an environment for users to test the appropriate uses 

and limitations of various models, and of the data that trained the model. For example, a CISO 

we know is encouraging people to experiment safely by using ChatGPT to plan their next holiday. 

• Identify the prerequisites for sustainable generative AI success—A strategic discussion with 

business leaders is required to ensure that the generative AI journey actually leads to business 

value. There needs to be agreement on governance and a focus on investments that create 

sustainable value. Priorities need to be right-sized so transformed processes are affordable. 

Short-term successes should not come at the cost of overlooking responsible AI principles. 

• Establish a sustainable AI architecture—Get the organization ready to use large language models 

cost-effectively. Adopt a foundation model—pure play, open source, or cloud provider—that is fit 

for purpose. Determine the right approach for providing access to gen AI models. Dedicated 

infrastructure offers better cost predictability but adds complexity compared to managed cloud 

services. A modern data foundation is required to create measurable business value from 



proprietary data in your model. A well planned and executed security strategy can mitigate the 

risk of compromise that comes with generative AI products. 

• Develop use cases that reinforce trust—Demonstrate to the CEO, the board and other leaders 

what is possible with generative AI. Also, highlight the privacy and intellectual property risks and 

propose criteria for evaluating the value of use cases that will inevitably be brought forward by 

other areas of the business. In time, generative AI could support enterprise governance and 

information security, protecting against fraud, improving regulatory compliance, and proactively 

identifying risk by drawing cross-domain connections and inferences both within and outside the 

organization. 

• Know data sources and data lineage—Monitor network traffic and shadow models to prevent data 

from leaving the enterprise. Ensure that detection response is up to date. Database records, 

system files, configurations, user files, applications, and customer data may all be at risk of 

leakage in a public large language model environment. Not understanding or curating the training 

data set can lead to inaccuracies, misinformation, discrimination, bias, harm, lack of fairness or 

adversarial actions like data poisoning. 

While the full impact of generative AI is evolving, one fact is clear: trust cannot be compromised. 

Establishing and maintaining trust means the organization must ensure the security, privacy, and the 

safety of individuals, communities, businesses, data and services. If stakeholders trust how businesses 

are using generative AI, the business strategies predicated on that technology can thrive. 


Lisa O’Connor is Accenture's Managing Director, Global Security Research and 

Development, a visionary leader who understands both the opportunities and 

risks of emerging technologies to the business. Her role is to enable the security 

and resilience of the future enterprise through a program of applied research, 

co-innovating with the Global 2000, governments, academia and startups. 

Her applied research programs in Washington, DC and Herzliya, Israel 

include Generative AI, Quantum Security, Metaverse Security, Trustworthy AI, 

Intelligent Secure Data Mesh, Ontological Mesh and Cyber Digital Twins. 

She has over 35 years of information security experience, with over 16 years in 

financial services, including serving as CISO at Fannie Mae. Her nine-year tenure at the National Security 

Agency included special assignments to the White House Communications Agency and to the Surveys 

and Investigations Staff of the House Appropriations Committee. 

Lisa holds a Masters of Engineering Administration from George Washington University and a Bachelor 

of Science of Electrical Engineering from Lehigh University. She is an avid rock climber. 

Lisa can be reached online on LinkedIn at https://www.linkedin.com/in/lisaoconnor/ and at Accenture’s 

company website https://www.accenture.com/it-it/about/leadership/lisa-oconnor 



An Age-by-Age Guide to Online Safety for 

Kids 

By Chelsea Hopkins, Social Media Manager, Fasthosts 

The internet is a fast-changing world of information that allows kids to play, create, browse, and engage 

with different people from all corners of the globe. Although the access to information, entertainment, and 

connection it offers is vital to modern life, safeguarding kids' online safety is crucial for their wellbeing, 

development, and future success in an increasingly digital world. 

In the following guide, the experts at Fasthosts take a practical approach to online safety. They provide 

tailored advice and strategies to specific age groups, aiming to empower us with the knowledge 

necessary to make informed decisions, and to help parents keep their kids secure on the web. 



Know your parental controls 

Parental controls are designed to manage your children’s online time, keep track of activity, and filter out 

inappropriate content. There are various ways to implement these controls: 

• Internet provider - You can set up filters that block access to potentially harmful and 

inappropriate content on any device connected to your Wi-Fi network. 

• Household devices - Most devices such as phones and tablets allow you to set up parental 

controls to limit screen time, control content, and block in-app purchases. 

• Mobile operators - Filters can also be set up on mobile contracts for users under 18 which will 

block explicit content. 

• Online services - Many online streaming services – such as Hulu and Netflix – offer a set of 

parameters where you can set passwords, maturity ratings, and manually block certain content 

from your child's profile. 

• Software - There’s plenty of software out there that allows you to monitor your home network, 

and the activity of each connected device. 

• VPNs - Using a virtual private network adds an extra layer of security when browsing the web. A 

VPN - powered by a VPS - hides the user's actual public IP address and secures traffic between 

the user's device and the remote server. 

As kids grow, the safety measures in place should adapt. That’s why it’s important to tackle online safety 

in a proactive way where a child’s age is taken into account. Below we have narrowed down the top tips 

for child online safety from 0 - 18 years old, classified by age range: 

Preschooler: 0 - 5 yrs 

If your preschooler doesn’t have their own device just yet, it’s likely that they’ll borrow from their parents 

or siblings to watch videos or play games. Here’s how to make sure your child is using these devices 

safely: 

Keep it kid-friendly: Allow the usage of kid-friendly apps and websites that you have verified. Do your 

research beforehand. 

Supervise: Not all video content is what it seems. Always try to be in the room or close by when your 

child is using the internet. 

Monitor your child's usage: Keep a close eye on your child’s device usage, especially if they’re 

accessing the internet. Better yet, use this time to go online with them where you can guide them and 

explore the digital world together. 

Set boundaries: Set boundaries by establishing time limits. Use passwords on devices, apps, and online 

features to restrict access. 



Educate: It’s never too early to teach about internet safety, so introduce healthy concepts like asking for 

permission, and seeking support. 

Kindergarten: 5 - 6 yrs 

Although a lot of the advice given in the previous step is relevant to this age group, when a child steps 

up to kindergarten, they may find more opportunities for independence and interaction with older peers. 

Continue supervision: You will likely want to alter parental controls, potentially allowing this age group 

to access the internet for educational purposes with parental controls in place. Make sure to continue 

close supervision and education about healthy online safety habits. 

Be available for support: The internet can be fun and exciting, but there can sometimes be scary or 

upsetting things out there. Encourage your children to put down their device and come to a trusted adult 

if they encounter anything that makes them feel uncomfortable. 

Elementary School: 6 - 11 yrs 

As kids start becoming more independent, their use of devices and the internet will increase. Their online 

activities may change, including more communication with friends and peers, and venturing into the world 

of social media and video-sharing platforms. 

Maintain supervision: Kids at this age will be wishing for more autonomy, but it’s still important to 

monitor their activity. 

Teach safe browsing: Explain the basics of safe internet usage so that they know the risks to look out 

for. 

Online etiquette: Educate them about being kind and respectful to others online, and never sharing 

personal information, especially any that could allude to identity and location. 

Parental controls: Although some parental functions could start to be reduced, it’s a good idea to keep 

reviewing the current controls with open and honest discussions. 

Middle School: 11 - 14 yrs 

Transitioning to middle school is an important milestone in a child's journey. It marks moving up to 

adolescence where they will be spending a significant amount of time online and interacting with peers. 

Privacy settings: Encourage kids to be mindful about what they share and post online. Encourage 

privacy settings on social media platforms and other accounts. 

Cyberbullying: Keep an eye out for signs of cyberbullying. Educate your child on the dangers to look 

out for and the potential effects it can have on themselves and others. Reiterate that they never have to 



give in to pressure or other forms of online abuse. You should also become familiar with the signs that 

your child might be being bullied, such as becoming withdrawn, hiding their devices from your view, or 

giving up on favorite games. 

Encourage communication: Create a safe space for open communication, let them know that if they 

ever come into contact with cyberbullying or become a victim of it themselves, to inform an adult. 

Dangers of the internet: Encourage them to question the safety and credibility of the information and 

content they encounter online. Whether that be watching videos, or friend requests from strangers. Help 

them recognize the signs of legitimate websites as opposed to fake/misleading websites. 

High School: 14 - 18 yrs 

At this age, the internet is an integral part of their daily lives. Kids – or rather young adults – in this group 

will adapt quickly to new technology, and use it to communicate, create and post content, and socialize 

with their peers. 

Online reputation: Strengthen their understanding of the value of their online reputation by emphasizing 

how their online decisions now may impact their future. 

Keeping information private: Discuss the importance of critical thinking before they post, remaining 

mindful, and keeping personal details private. 

Responsibility: Encourage independence and responsibility while ensuring that they understand that 

you are there for help and support. Continue to have regular check-ins with them about their online 

experiences. 

Healthy habits: Stress the importance of a healthy balance between both online and offline activities. 

Additional tips and info 

Stranger danger: Always remind your children of stranger danger and to never accept a friend or 

message request from someone they don’t know – it simply isn’t worth the risk. 

Cybersecurity: Teach them the importance of creating strong and unique passwords to keep their 

accounts secure. 

Lead by example: Be a good role model for internet use. Show them how to be responsible online and 

demonstrate positive behavior to follow. This is especially important when it comes to social media usage, 

and healthy levels of screen time. 

Internet safety is an ongoing conversation, remember to regularly revisit and reinforce these principles to 

keep your children safe online in our ever-evolving digital world. 




Chelsea Hopkins is the Social Media Manager of Fasthosts 

Fasthosts has been a leading technology provider since 1999, offering 

secure UK data centres, 24/7 support and a highly successful reseller 

channel. Fasthosts provides everything web professionals need to power 

and manage their online space, including domains, web hosting, 

business-class email, dedicated servers, and a next-generation cloud 

platform. For more information, head to www.fasthosts.co.uk 

Chelsea Hopkins can be reached online at LinkedIn and at our company 

website https://www.fasthosts.co.uk/ 



Overcoming Multi-Cloud Security Challenges: 

The Power of a Unified Configuration of Clouds 

Digital transformation has urged organizations across various industries to adopt multi-cloud 

strategies. They need to find the right balance for security and growth. 

By Michael Rostov, Entrepreneur and Co-Founder at Oasis Defender 

The adoption of multi-cloud aims to modernize IT infrastructures and carve out a competitive edge. Be it 

manufacturers, financial institutions, global giants in media and entertainment, or healthcare 

organizations — many businesses of medium and large caliber find the need to harness two or more 

clouds. 

Business owners choose multi-cloud strategies to escape vendor lock-in, trim down costs, and reduce 

latency. Using multiple clouds helps them enhance supply chains, increase sales rates, and boost service 

provisions. 

However, the dalliance with multiple clouds amplifies the risks of misconfigurations and human-induced 

errors in cloud management. Blunders widen the gateway for security vulnerabilities, leading to breaches 

that may harm the organization's bottom line and its reputation in the long haul. 



Securing Infrastructure Against Breaches with Adequate Multi-Cloud Settings 

IBM reported that 19% of data breaches in 2021 resulted from misconfiguring multiple cloud 

environments. The average financial losses suffered by organizations reached $4.41 million, an amount 

impressive enough to focus on adopting adequate multi-cloud security strategies. 

Both public and private cloud services often lack proper security and management when users make 

mistakes in setting up access controls, encryption, firewalls, backups, and other security features. So, is 

there a silver bullet for this concern? 

A way forward for holistic security across diverse cloud platforms is centralized cloud management. 

Innovative solutions can help manage multiple registered clouds via a unified interface. Such solutions 

also tap into machine learning and AI to spot potential threats in real-time, ensuring swift and effective 

responses to keep damage to a minimum. 

Enhancing Data Protection and Privacy 

Protecting data across multi-cloud environments is tough without centralized security controls. Nearly 

57% of US organizations report challenges they face trying to comply with corporate policies and 

regulatory rules. This is often the case for manufacturers and retailers operating globally, as they face 

strict local and industry-specific regulations. 

Centralized security controls give a clear view across cloud providers while offering strong compliance 

mechanisms. Integrated AI tools and automated systems scan the cloud environment and help meet 

compliance needs by giving real-time reports and alerts on deviations. By using a unified interface, 

organizations can tap into steady multi-cloud security policies and top-notch threat protection. 

Managing More Clouds While Limited in Talent 

A notable 56% of organizations struggle to find the needed skills to manage security in multi-cloud 

environments. 

When an organization steps into a multi-cloud strategy, the team may not be fully ready. They may be 

unfamiliar with different security features and practices that differ across Google Cloud, AWS, Microsoft 

Azure, and other cloud services. As a result, doubts arise regarding consistent security policies and 

adequate protection for sensitive data. 

For those lacking cloud skills, an integrated approach comes in handy. AI-driven threat detection 

simplifies security tasks, reducing the need for specialized knowledge. Continuous upgrades through 

user feedback make the system smarter over time, without manual tweaking. Besides, collaboration tools 

help share knowledge, helping less experienced members learn from seasoned experts. 



Wrapping Up 

Embracing multi-cloud strategies often opens a door to cybersecurity challenges for organizations. 

Fortunately, there are solutions for unified visualization and configuration of cross-cloud security tools 

that make cloud management simpler. 

With the help of AI and machine learning, these tools auto-detect threats and learn from user feedback 

to improve security continually. Organizations can then navigate their clouds with ease, making sure data 

stays safe, secure, and compliant. 


Michael Rostov is a Co-Founder of Dubai-based startup Oasis Defender 

which focuses on developing AI-driven software for unified visualization and 

configuration of multi-cloud security. He is an entrepreneur and VC with over 

a decade of experience in the telecom and cybersecurity sectors. Michael 

can be reached online at https://www.linkedin.com/in/michael-rostov/ and at 

the company website https://oasisdefender.com/ 



AI And Ad Fraud: Growing Risks for Marketers 

Using Google’s AI-Based Advertising Campaigns 

Google’s Performance Max (PMax) - AI has ignited a flurry of concerns relating to data protection 

and security, and organisations must act now to prevent further damaging losses. 

By Mathew Ratty, CEO, TrafficGuard 

Artificial intelligence (AI) is transforming the marketing industry. While there are many benefits to using 

AI in digital campaigns, recent revelations surrounding Google’s Performance Max (PMax) - AI has 

ignited a flurry of concerns relating to data protection and security. 

When Google announced PMax, it appeared to be the answer to every marketer’s dream – driving 

marketing efficiency, performance, and better ROI across all of Google's channels, including YouTube, 

search, shopping, and discovery. Since this launch, questions have been raised regarding its ability to 

adhere to stringent data privacy laws. 

In a recent data privacy breach, YouTube may have inadvertently shown adverts to children. Not only 

does this spark concerns around the violation of the Children’s Online Privacy Protection Act (COPPA) 

but it causes a ripple effect for advertisers seeking to optimise their returns. 



There is still much to understand and learn about AI, and it is crucial that organisations are aware of the 

risks. With full transparency into the algorithms and tools to combat potential fraudsters, organisations 

can effectively protect themselves and avoid breaching data privacy. 

Threat Actors Taking Advantage of AI Vulnerabilities 

AI systems can be incredibly efficient at managing large amounts of information on behalf of data 

analysts. The problem with this is AI systems like PMax have difficulty differentiating between positive 

user engagement, and more malicious actions taken by fraudsters. 

The challenge with PMax is all user engagement is viewed as positive or legitimate, and threat actors are 

exploiting this algorithm. Fraudsters are capable of creating fake intent signals, which trick systems into 

thinking the signal is a user with a legitimate interest in engaging with the site. To accomplish this, 

fraudsters create numerous bots to flood systems with fake engagement. This leads to the AI algorithm 

optimising toward the source of the invalid traffic, resulting in wrongly optimised campaigns that divert 

and deplete advertising budgets by driving more fake engagement. 

Fraudsters are also targeting potential weaknesses in the data privacy of AI platforms like PMax. Google 

has implemented multiple features to address data privacy concerns within PMax, such as anonymisation 

of user data, user controls/preferences to control their data, and ad preferences. PMax aims to uphold 

strong data privacy measures, but vulnerabilities in the system are still possible, as seen in the recent 

showing of ads to minors on YouTube. 

The vulnerabilities in the system demonstrate the ever-evolving nature of data privacy and the challenge 

of ensuring it remains complex and secure. Constant vigilance and adaptions are crucial to address 

potential gaps or flaws within systems. Organisations can greatly benefit from using AI within marketing 

campaigns, but it’s important to balance its usage with appropriate risk mitigation. Advertisers should not 

only utilise AI, but also put countermeasures in place to protect their campaigns against evolving fraud 

tactics. 

Preventing Fraudulent Activity 

With the big budgets involved in marketing campaigns, fraudsters are always on the lookout for a slice of 

the profit. Organisations must protect themselves from bad actors getting in the way of achieving 

campaign success by ensuring they are optimising toward legitimate sources. 

By implementing solutions to identify fraudulent bots, and data collection filters, they can effectively 

prevent fraud while meeting data privacy laws and ultimately maintain campaign control. 

Organisations can take the following steps to prevent fraud across marketing campaigns: 

• Analyse and Optimise Traffic: AI can be leveraged to combat fraudulent traffic. Through effective 

analytics and reporting tools, patterns, anomalies or irregularities in traffic can be identified to 



enable organisations to make better-informed decisions to optimise their traffic. As fraud tactics 

constantly evolve, AI solutions can be aligned to remain one step ahead. Its predictive abilities 

enable marketers to proactively identify and prevent fraud before it harms campaigns. 

• Data Filtering: It is crucial that organisations stay within data privacy guidelines. Implementing a 

solution to filter through data enables organisations to tailor their data collection strategy. It is 

possible to limit or stop data collection altogether post-click, which ensures the data aligns with 

protection regulations, especially in engagement from minors. Solutions can also minimalise 

collected data so that only the essentials for fraud identification and campaign optimisation are 

gathered. This will reduce the risk of overstepping data privacy laws. 

The threats posed by fraudsters can be prevented, allowing organisations to make the most of AI systems 

like PMax. The right security solution or tools will provide organisations with the ability to scan their data 

in real-time and identify malicious engagement from threat actors which can then be countered, protecting 

budgets and data alike. 

Preserving Campaign Integrity 

AI programs are becoming more and more prevalent, and fraudsters are continuously looking for ways 

to build on their tactics and take advantage. Organisations have the opportunity to take a proactive stance 

against fraud, and pre-emptively tackle threat actors to preserve the integrity of their campaigns and 

comply with regulations. 

A proactive approach involves leveraging AI’s predictive abilities to identify and prevent fraud before it 

can harm campaign budgets. By adopting this approach, organisations can fully appreciate the benefits 

of AI while mitigating the changing threat landscape. 




Mathew Ratty, a seasoned professional with 7 years in digital ad tech, currently 

leads as CEO of Adveritas. Formerly part of a mobile ad network, he's also an 

avid tech investor with a decade of diverse investments. Under his leadership, 

Adveritas launched its flagship product, TrafficGuard, using innovative 

strategies and assembling a top-tier C-level team. Holding a First-Class 

Honours Finance degree from Curtin University, Australia, Ratty steers 

TrafficGuard's mission. This pioneering ad fraud prevention solution employs 

AI and advanced machine learning, revolutionizing business operations. 

Trusted by major brands like Disney, Tab Corp, and HelloFresh, TrafficGuard, 

accessible on Google Cloud Marketplace, upholds transparency and security in 

digital advertising, setting industry benchmarks. Mat can be reached online at @Mathew Ratty on 

LinkedIn and at our company website https://www.trafficguard.ai/ 



Bolster an Organizational Cybersecurity Strategy 

with External Data Privacy 

Enterprise threat protection is missing this critical component 

By Harry Maugans, CEO, Privacy Bee 

Companies fight hard to find, cajole and incentivize top talent to run their business. They also invest in 

cybersecurity systems for the business, protecting it within its closed system. But those same executives 

are as highly valued by hackers as they are by the business. Their external data, when collected from 

any number of shopping, social or messaging sites are so integrated in our lives; they can be the allaccess 

pass into the company system. 

Data privacy at the C-Suite level is critical in today’s hyperconnected, competitive market. Executives are 

responsible for making decisions that shape an organization's future, so shielding them from potential 

risks is vital. Protecting an executive’s personal and professional data ensures that confidential 

information, important business strategies, plans and upcoming initiatives remain safe. 



Why executive data privacy is critical. 

It’s important to understand that threats facing executives, separate from the rest of the workforce, are 

real and on the rise. In fact, 58% of CEOs in the United States have received physical threats after taking 

a position on a controversial topic such as race, politics or gender. One reason for this is the increasing 

exposure of executives’ personally identifiable information (PII) via social media channels. A recent poll 

of CEOs from the 2022 Fortune 500 list revealed that 70% of them have a profile on at least one social 

media platform, which is a 62% increase from 2020. 

As companies report more cybercriminal attacks on senior-level executives, especially with business or 

personal accounts as a tool, protecting personally identifiable information should be a top priority. 

Executives are increasingly targeted directly or used as pawns in a larger organizational scheme, which 

can compromise sensitive business data and lead to unexpected, exorbitant costs. 

Data privacy, internal and external, helps minimize the risk of corporate espionage in the form of hacking. 

While most companies invest heavily in cybersecurity, it’s not comprehensive for today’s ecosystem. The 

next step to stay ahead of threats is External Data Privacy (EDP). This allows an organization to audit 

and secure data that is already outside of the organization which could be used in a malicious way. 

Executives' personal information and online activity, such as email, social media or shopping behavior, 

may be used against them if they are not secured properly. Protecting and monitoring personal accounts 

and digital behavior is a way to safeguard not only the senior-level executive but also the reputation of a 

company and its stakeholders. 

Social engineering on the rise 

There has been a significant increase in social engineering attacks, posing a serious threat to 

organizations and individuals in leadership positions. In fact, it was the top attack type in 2022. 

Social engineering refers to the manipulation of individuals to gain unauthorized access to sensitive 

information or systems. It is often carried out through deceptive tactics, such as standard phishing via 

email or text message, or through social media, which can appear in the form of account hacking, 

deception, impersonation or fraud. 

With the widespread use of social media platforms and increased online activity, individuals have become 

more susceptible to this type of manipulation. As such, organizations are also at risk, directly, or as 

byproducts of their staff’s poor External Data Privacy (EDP). These social engineering techniques can 

be used to breach security systems and gain unauthorized access to valuable data. 

Executives must be cautious about the information they share online and be vigilant against suspicious 

emails or messages asking for personal details. 

Once information has been shared, however, it’s out there to be manipulated and used by threat actors, 

hence the need for stronger EDP across all employee segments. Organizations should prioritize investing 



in EDP in addition to regular cybersecurity measures such as firewalls, encryption protocols and intrusion 

detection systems can enhance organizational safety. 

The recent rise in social engineering calls for heightened awareness about data privacy and protection. 

It’s critical for organizations to be proactive in safeguarding personal information online and to implement 

effective measures at both individual and organizational levels, that way, it’s much easier to defend 

against these evolving threats. 

The future of data privacy 

When it comes to cyber threats, over half of today’s employees note that threat prevention for executives 

and their digital assets are not covered in their cyber, IT and physical securities budgets. And while 

attacks are increasing for executives, as is the cost of data breaches, the investment into external data 

protection needs to keep pace. 

With the financial impact of global cybercrime on track to reach $10.5 trillion by 2025, there is no better 

time to invest in an External Data Privacy strategy. Hackers are responsible for the bulk of digital crime, 

but the greatest threat is human error accounting for more than 80% of incidents, ranging from an 

executive with poor EDP or a team member clicking on a bad phishing link. 

As socially engineered threats become more widespread, and more executives become targets, 

monitoring for external risk across organizations will be a necessary addition to a comprehensive 

cybersecurity strategy moving forward. 


Harry Maugans is the CEO of the Privacy Bee, a proactive privacy 

company. In 2012, Harry founded and became the CEO of 

Clickagy, a data intelligence platform for digital marketing and 

analytics. In 2020, he became the Vice President of Product at 

ZoomInfo, and in 2021, Harry stepped into his role as CEO of 

Privacy Bee. Harry Maugans attended the Terry College of 

Business at the University of Georgia from 2006 to 2010, where 

he studied Computer Science. 

Harry Maugans can be reached on LinkedIn here. Learn more 

about Privacy Bee by visiting https://privacybee.com/ 



The Crucial Need for a Secure Software 

Development Lifecycle (SSDLC) in Today's Digital 

Landscape 

By John Riley III, Cyber Business Development, Alan B. Levan | NSU Broward Center of 

Innovation. 

“Securing the software delivery pipeline is as 

important as securing the software that is 

delivered.” 1 – Gartner 

In today's increasingly digital world, software is 

the backbone of business operations, from 

customer-facing applications to internal 

processes. However, the rapid growth of 

software development has also made 

organizations more vulnerable to security 

threats. To counteract this, companies must 



prioritize a Secure Software Development Lifecycle (SSDLC) to ensure their software remains resilient 

in the face of evolving threats. 

A Secure Software Development Lifecycle strategy is essential for organizations that want to build and 

maintain secure software applications. It not only helps prevent security vulnerabilities, but also offers 

numerous benefits in terms of cost savings, regulatory compliance, customer trust, and competitive 

advantage. By making security an integral part of the development process, organizations can better 

protect their software and the data they process. 

The Necessity of SSDLC 

A Secure Software Development Lifecycle is a systematic and methodical approach to developing 

software with security at its core. It encompasses every phase of the software development process, 

from the initial design and coding to testing, deployment, and maintenance. Here's why companies must 

make SSDLC an integral part of their software development process: 

1. Early Vulnerability Detection: SSDLC encourages identifying and addressing security 

vulnerabilities at an early stage. This proactive approach minimizes the risks of costly security 

breaches and data leaks down the line. 

2. Regulatory Compliance: Various industries and regions have stringent regulations concerning 

data privacy and cybersecurity. Implementing an SSDLC ensures compliance with these 

regulations, helping companies avoid hefty fines and legal consequences. 

3. Risk Reduction: A robust SSDLC strategy significantly reduces the risk of security incidents. By 

integrating security measures from the start, organizations can better protect their reputation and 

sensitive data. 

4. Cost-Efficiency: Addressing security issues post-deployment can be expensive and timeconsuming. 

With SSDLC, the cost of fixing security vulnerabilities is drastically reduced, as issues 

are detected and rectified during the development process. 

5. Faster Development: Contrary to the belief that security measures slow down development, 

SSDLC can expedite the process by reducing the time spent on security-related issues and 

rework. 

Security Concerns in Software Deployment 

When deploying new software into their environments, companies must be aware of a range of security 

concerns: 

1. Data Security: Protecting sensitive data is paramount. Companies should implement encryption, 

access controls, and data retention policies to safeguard user information. 

2. Authentication and Authorization: Ensure that users can only access the parts of the software 

and data they are authorized to. Weak authentication and authorization processes can lead to 

unauthorized access. 



3. Code Vulnerabilities: Unsecured code can provide entry points for attackers. Regular code 

reviews, static and dynamic analysis tools, and best coding practices are essential. 

4. Third-Party Components: Many applications use third-party libraries and components. It's 

crucial to keep these up to date and assess their security posture. 

5. Patch Management: Timely application of security patches is vital to address vulnerabilities in 

software components and operating systems. 

6. Secure Configuration: Ensure that servers, databases, and other system components are 

configured securely. Insecure configurations can expose the software to attacks. 

7. Network Security: Protect the software from network attacks by employing firewalls, intrusion 

detection systems, and monitoring network traffic. 

8. User Training: Educate users and employees about security best practices and potential threats 

to minimize the risk of social engineering attacks. 

9. Incident Response Plan: Develop a robust incident response plan to address security incidents 

swiftly and effectively. Plan to review quarterly and run exercises to test knowledge and 

implementation of the plan. 

10. Secure Development Environment: Keep the development and testing environments secure to 

prevent the introduction of vulnerabilities during development. 

The implementation of a Secure Software Development Lifecycle (SSDLC) is critical for companies 

deploying new software into their environments. A well-executed SSDLC strategy not only enhances 

security but also ensures regulatory compliance, reduces risks, and ultimately saves costs. As 

businesses increasingly rely on software, prioritizing security from the start is a non-negotiable 

requirement in today's digital landscape. 

Phases of SLDC 

1. Requirements Gathering and Analysis: In this phase, the project team collaborates with 

stakeholders to understand their needs and requirements. The goal is to create a detailed and 

comprehensive set of software requirements that will guide the development process. 

2. Planning: Based on the requirements, the project team creates a detailed project plan. This plan 

includes timelines, resource allocation, budgeting, and a breakdown of tasks. It provides a 

roadmap for the entire project. 

3. System Design: This phase involves designing the system architecture. It includes defining the 

software's structure, components, interfaces, and data. The result is a high-level design that 

serves as a blueprint for the development team. 

4. Implementation (Coding): During this phase, developers write the actual code for the software, 

following the design specifications. This is where the software is built according to the 

requirements and design. 

5. Testing: Testing is a crucial phase where the software is evaluated to identify and fix defects and 

ensure it meets the specified requirements. It includes various types of testing, such as unit 

testing, integration testing, system testing, and user acceptance testing. 



6. Deployment: Once the software has been thoroughly tested and is ready for release, it is 

deployed into the production environment. This phase may involve data migration, setting up the 

infrastructure, and making the software available to users. 

7. Maintenance and Support: After deployment, the software enters the maintenance phase. This 

involves addressing issues, releasing updates, and providing ongoing support to users. 

Maintenance may include bug fixes, performance enhancements, and the addition of new 

features. 

In the dynamic landscape of modern business, the importance of a Secure Software Development 

Lifecycle (SSDLC) cannot be overstated. With the rapid expansion of software development comes an 

increased vulnerability to security threats. A well-executed SSDLC not only fortifies against potential 

breaches, but also yields substantial benefits in terms of cost efficiency, regulatory adherence, customer 

confidence, and competitive edge. By integrating security seamlessly into each phase of development, 

organizations fortify their software and shield the data they manage. As reliance on software continues 

to grow, initiating projects with security in focus is an indispensable practice. This article encourages 

every cybersecurity professional to champion the adoption of SSDLC within their organizations, ensuring 

a robust and resilient software ecosystem for years to come. The phases of SSDLC, from Requirements 

Gathering to Maintenance and Support, provide a comprehensive roadmap for safeguarding software 

integrity and security. 




John Riley III, Cyber Business Development, Alan B. Levan | NSU 

Broward Center of Innovation 

With a career spanning over two decades in the software application 

industry, John Riley III brings a wealth of experience to the table. His 

journey has been marked by a steadfast commitment to understanding 

and solving customers' challenges and a strong belief that collaboration 

with like-minded professionals is the key to success. 

John's Specialties and Skills encompass a wide array of expertise, 

making him a versatile leader in various domains: 

In the realm of technology adoption, he excels in End User Adoption, ensuring that technological 

innovations seamlessly integrate into user workflows. He navigates the intricate landscape of SaaS, 

guides organizations through the complex process of Digital Transformation, and harnesses the power 

of Digital Twins for enhanced insights. 

John's knack for Business Process Alignment and his experience in DOD | Military give him a unique 

perspective on optimizing operations. He's a master of Pre-Sales, crafting strategies that drive success, 

and a seasoned hand in Business Development. 

In the world of software, John shines in Enterprise Software implementation and the cutting-edge arena 

of Enterprise Blockchain Platforms. He's well-versed in AI/ML and its applications and excels in Strategy 

development. His commitment to Innovation is unwavering, and he's skilled in building Knowledge 

Graphs for informed decision-making. John also lends his expertise to organizations through Consulting, 

guiding them through complex challenges and ensuring robust Cybersecurity practices. 

John's career trajectory includes a significant tenure in the Oracle Applications space, with a focus on 

consulting services and education, assisting companies in software implementations, business process 

changes, and user adoption education. 

Most recently, he held the position of VP of Business Development at Kilroy Blockchain and assumed 

the role of organizer for two Blockchain Meet-Up groups in West Palm Beach, FL. Presently, he is the 

Co-founder and CEO of C-N-C Blockchain Advisory. 

Notably, John Riley III is a US Marine War Veteran, with a distinguished service record during Desert 

Shield/Desert Storm, underscoring his unwavering commitment to duty and leadership. 

John Riley III can be reached online at jriley@nova.edu and at our company website 

https://www.levancentercyber.com/ 



Beyond Passwords: AI-Enhanced Authentication 

in Cyber Defense 

By Kathleen Dcruz 

Why all the noise about artificial intelligence? Now more than ever, AI is becoming part of our lives faster 

than you could imagine. The question that begs, therefore, is, 'Are we ready for an AI takeover?' 

In production and supply chain processes, most of the technology adopted is operated with machine 

learning and artificial neural networks, which computerize and completely perform the work procedures. 

Moreover, technology proves to be beneficial to society and businesses in leveraging AI for cyber-security 

defense. AI is gathering the interest of many. However, AI is an information technology often used as a 

cyber-security argon. The main question is, what can it achieve in this present time? 

1. AI Provides Continuous Coverage 

Technology and online platforms are always actively in use. That makes them prone to cyber threats and 

attacks since they are used regularly and are easily accessible. IT technicians and engineers need to be 

able to adequately oversee the cyber-attacks regardless of the strenuous, lengthy work shifts. 



To intensify authentication and instant detection of a threat, it is 

crucial to use data solutions such as; prospective analysis, 

matching patterns, and verification of previous data history. If an 

approaching attack is detected or suspected, it alerts the cyber 

security team, notifying them to act promptly. 

It is possible to engineer artificial intelligence systems to defend 

the network, secure data, and protect connected devices. To 

prevent a breach, AI will disconnect and cut off the network and 

log out of the devices to safeguard the system. 

This acts as a first-hand protection measure, enabling IT engineers to study the attack and devise further 

prevention methods carefully. Moreover, it is efficient when there is no workforce in charge. AI guarantees 

network and system security. 

2. AI Addresses the Rise of RaaS 

With the current dependence on technology and digital platforms, ransomware is the main cause of 

concern. 

In 2020, ransomware constituted up to 27% of all malicious 

software attacks. This malware has nonetheless advanced to 

keep up with technology. Ransomware has progressively 

advanced, is more accessible, and has greater damaging 

effects. Since it is easily available, it is subsequently becoming 

greatly widespread. 

Malware and pernicious codes created by firms are being 

procured and utilized as destruction instruments. Today, hackers 

use advanced cyber-attack gadgets, mechanisms, and materials no matter their level of experience. 

This, therefore, calls for adopting greatly proficient cybersecurity technology operated by artificial 

intelligence to assess, prevent and rapidly counter the attacks. 

AI security components can warn IT technicians against imminent attacks beforehand by; identifying 

susceptible system and network domains and precise points of attack. Furthermore, AI solutions can 

advance into malignant codes, also called "suspicious observables" This feature allows the IT workforce 

to understand better its purpose and its effects on the network and digital systems. 



3. Improving the Defensive Cybersecurity 

Technology is being utilized in almost every aspect of today's life; 

therefore, it is our obligation to safeguard our infrastructure. A 

single destruction of the Global Positioning System (GPS) would 

cause power systems, banking industries, airports, trucks, and 

shipping activities to shut down. Even though humans can guard 

important technology systems, they cannot be well equipped to 

detect possible threats since hackers gradually implement 

advanced cyber-attack tactics. 

Conversely, it is fortunate that machine learning solution features gradually equip AI with up-to-date 

knowledge as it obtains greater experience and gains further data. Darktrace develops self-taught 

security systems that adopt AI to locate and halt cyber attacks; most attacks are rarely known or newly 

developed. 

This illustrates the dynamic nature of technology, hence the need to gain more knowledge on cyberattacks, 

their mode of progression, and their relation to and impact on the digital world. The continuous 

outburst of cyber threats potentially causes intense distress. 

Moreover, it instructs AI on what to be cautious of, defensive methods against cyber attacks, and how to 

identify areas vulnerable to new attacks. This improves AI's defensive and rational ability. Despite cyber 

attacks' negative and detrimental impacts, they present various advantages to AI and machine learning 

technology. 

4. AI Responds with Speed 

AI is advantageous because it provides solutions that analyze and rapidly transmit attack reports faster 

than human response actions. Machine learning operations use complex factual information, pattern 

identification, and forecast analytics to respond with unique, highly accurate, and rapid action. 

AI is more prompt and dependable whenever appropriate data is at its disposal. This makes it a perfect 

technology for detecting potential threats, developing ways to deal with them, and responding quickly 

and adequately to the attack. 

AI gives the cybersecurity team greater control over their expertise and a competitive advantage in the 

workplace. 



5. The Digital and AI Arms Race 

On the contrary, AI can point out shortcomings, pilot 

malicious cyber attacks, and establish an everaggressive 

strategy. This can be distinctively expressed 

as a technological escalation powered by AI or, rather, 

by the digital space. It is critical to consistently leverage 

new technology and implement new approaches to 

maintain a competitive edge and take the lead in cyber 

security. This is exactly the purpose of AI in defensive 

cybersecurity. 

Even though it might currently be viewed as argon, this is rapidly transforming. AI has a major role in 

defensive cybersecurity in the present times and also in the times ahead. AI facilitates the provision of 

timely 24-hour defenses, performs intricate threat investigations, and ascertains that the defenses are 

sent out rapidly in case of a possible attack. 

The rise of RaaS and other unforeseeable threats makes all necessary cybersecurity assistance 

essential. 

Final Thought 

From the above discussion, it is evident that AI is deemed to be a double-edged sword. AI can be utilized 

to one's benefit if well-managed and responsibly used. 

It is consequently important to comprehend that even though the current debate on the link between AI 

and cybersecurity has emphasized the negative effects of the technology, it is critical to always bear in 

mind that AI greatly safeguards us against cybersecurity threats. 


Kathleen D. is a passionate writer and guest blogger. Writing helps me 

improve my knowledge, skills & understanding of the specific industry. I love 

writing and sharing my knowledge mostly in the tech industry. I believe 

technology is the real wealth and want to spread my belief across the world. 

Apart from writing, she loves traveling & cooking. 



7 Steps to Build a Defense in Depth Strategy 

for Your Home 

By Roger Spears – Cybersecurity Project Manager, Schneider Downs 

One of the primary pillars of cybersecurity is having a “defense in depth” strategy, which means layering 

defensive security measures to protect your assets from digital intruders. 

With a defense in depth strategy, even if a digital intruder gets through one layer, they are met with 

another, and another, and another… until they lose interest and moves on to a new, more vulnerable 

target. Defense in depth is not about being perfect; it’s about making it difficult for digital intruders to 

access your assets. 

While many people think about multi-faceted security strategies from an organizational perspective, it’s 

also important to think about the personal security of home networks. We prioritize physical safety at 

home by frequently checking windows, locking our doors and installing security systems. We must 

approach and prevent digital intruders with the same vigor. 



To have the best chance of preventing digital intruders’ attacks, home networking equipment must be 

configured properly and updated regularly. Here are seven best practices for improving your home 

network security with a defense in depth strategy. 

1. Responsible Network and Password Security 

Managing a home network might sound daunting but, with the proper guidance, it is quite simple. 

Many don’t realize they interact with modern home networking equipment by using graphical user 

interfaces (GUIs) that allow point-and-click configuration and maintenance. All the following can be 

configured using GUIs: the administrator account password, USB and cloud settings, configuration from 

inside the network, wired administrator connection, segmentation, updates and resources. 

Home networking equipment includes an administrator account for configuration. Out of the box, that 

administrator account uses a default password, and, in most cases, you must change the administrator 

account password for security reasons. If you are not forced to change the default, make sure to do so 

anyway. 

When changing your administrator account password, never reuse the default password or any easy-toguess 

passwords, such as your physical street address or last name. If a digital intruder discovers the 

make/model of your home networking equipment, they can find the default password by performing a 

simple Internet search. 

To see how someone could discover the name of your home networking equipment, use your phone or 

laptop to search for wireless networks around you. The default name for home networks usually includes 

the make and model of the network device. 

2. Secure USB Devices and Connectivity 

Modern home networking equipment usually includes USB connection capabilities. USB devices usually 

include printers or flash drives but can also include external hard drives and other digital asset 

repositories used to store private information. 

Before plugging in, remember that once connected to the networking equipment, the information 

contained on the USB device is available to all users on your network – including malicious ones loaded 

with malware. And if a digital intruder accesses your network, they will have access to those USB-based 

assets. 

From a security perspective, the ability to plug a USB device into your home networking equipment is like 

an open window in your house. If possible, you should disable the USB device connectivity from your 

home network. 

3. Secure Cloud Services and Connectivity 



The same risks associated with USB devices connected to your network apply to cloud storage. 

Cloud services allow you to store files on “the cloud” and are usually offered by the manufacturer of the 

home networking equipment or can be bought from a third-party, such as Google or Microsoft. 

While cloud services have many upsides, “cloud” is really just another name for somebody else’s 

computer. This means anything you store on the cloud is only as secure as the service provider and, 

unfortunately, cloud service providers often experience security issues that impact their users. 

Remember, any service on your home networking equipment that connects directly to a third-party 

service, such as cloud services, is another entry point for a digital intruder. 

4. Restrict Administrator Rights 

Another best practice for improving home network security is to restrict the administration rights to your 

network. 

Nearly all modern home networking equipment allow you to limit the connection type when performing 

administrative duties. Make sure your home networking equipment can only be administered from inside 

the network. 

This means you can’t be on the road or in a hotel and connect back to your home networking equipment 

to configure it. It also means digital intruders can’t configure your home networking equipment from 

outside your network. 

Also, consider only performing administrator tasks while using a wired connection. Performing 

administrative tasks on networking equipment using a wireless connection allows digital intruders to 

potentially capture that traffic over the air. Typically, manufacturers of modern home networking 

equipment include cables in the box. If you need a cable, they are usually available at your local big box 

store or favorite online shopping outlet. 

5. Implement Network Segmentation 

Another best practice for securing home networks is network segmentation. Network segmentation 

involves creating separate networks for separate purposes. These networks can include televisions, 

smart devices, computers, phones and guest networks. 

For those working from home, it’s a good idea to have a separate network just for work equipment. If you 

work from home, the same thought should be applied. Nobody should be able to observe network traffic 

related to your work. Imagine visiting a hotel or restaurant and observing their network traffic for 

payments. 



Guest networks are especially important because you don’t know how others use their devices. If their 

device is infected, that infection could spread to your networks. Additionally, visitors could lose their 

devices or accidentally reveal your network password to others. 

If a guest were to lose their device or reveal your guest network password, there is less potential for harm 

if you have proper network segmentation. Preventing networks from seeing each other provides traffic 

and access segmentation, which can prevent network segmentation-caused breaches, such as the attack 

on Target many years ago. 

Take the time to review your networking needs and develop your own list of networks. If your home 

networking equipment provides an option that prevents networks from seeing each other, be sure to 

activate it. 

6. Continually Update Home Network Equipment 

Be sure to continually update your home networking equipment. Just like computers and phones, 

networking equipment receives updates, which provide critical security fixes, security enhancements and 

new features. 

You can view a list of all known vulnerabilities (and their severity levels) associated with your home 

network equipment. The National Vulnerability Database maintains a list of known Common 

Vulnerabilities and Exposures (CVE). The CVE number associated with each vulnerability contains the 

year it was discovered/registered as a CVE. 

Visit https://nvd.nist.gov/vuln/search and provide the make and model of your home network equipment 

in the “Keyword Search” box and click the “Search” button. Keep in mind, several of the vulnerabilities 

listed may have already been remediated with firmware updates provided by the manufacturer. 

If you can’t set up automatic updates, simply set a calendar reminder or opt-in to your network provider’s 

notifications to make sure your equipment is running at its most secure state. If you purchase used 

equipment or prefer a more manual process, you can reference your home network equipment firmware 

and check the manufacturer’s website for updates. 

Remember to warn other users of your home network before launching the firmware update, as these 

updates usually drop connections while they install the new firmware and reboot. 

7. Contact the Manufacturer 

Finally, if you want to avoid restarting or restoring network default settings when you are experiencing 

issues with your home network, you can always reach out to the manufacturer. 

With the rise of remote work and cloud-based storage and applications, it’s vital to keep your household 

network and all the information in it secure. It’s as important as locking your doors at night. 




Mr. Spears has over 18 years of experience within the IT and 

Cybersecurity disciplines. He has spent his career leading dynamic 

teams on both small- and enterprise-level projects. He has previously 

served as Chief Technology Officer, Cyber Security Training 

Coordinator and in other related positions for employers in the higher 

education sector and, most recently, for the U.S. Navy. He will serve 

a broad array of Schneider Downs’ cybersecurity clients in similar 

capacities. 

Mr. Spears received his Bachelor of Science in Technology from 

Bowling Green State University and his Masters of Science in 

Information Assurance and Security from Capella University. 



Zombie APIs: The Scariest Threat Lurking in 

The Shadows? 

By Dan Hopkins, VP of Engineering at StackHawk 

IT modernization and digital transformation initiatives, combined with faster software deployment 

lifecycles, has caused an exponential increase in the size and scale of API ecosystems within 

organizations. Designed to rapidly and seamlessly connect consumers and businesses to vital data and 

services, APIs power modern enterprises and applications. APIs are constantly in action, working in the 

background for when consumers finally book that dream vacation or place an online takeout order after 

a long workday. With API usage so widespread, touching every industry, and the vast treasure troves of 

sensitive data they boast access to, it comes as no surprise that cyber criminals are increasingly 

exploiting and abusing APIs to execute malicious attacks. 

The velocity and scale of API attacks has caused many to question the strength of their API security 

posture and deeply analyze where most API-centric risks persist. That brings us to Zombies, Zombie 

APIs that is. If the name alone doesn’t initially spark fear, Zombie APIs are APIs that have become 

abandoned, outdated or forgotten by an organization. Similar to a Zombie who revives from the dead in 

a horror movie, Zombie APIs should be deceased but continue to lurk in the shadows within corporate 

environments. Recent research from Salt Security revealed that 54% of security leaders categorize 

Zombie APIs as their greatest concern when it comes to API security. Up from 42% in the previous 

report. 



As Zombie APIs are essentially forgotten and out of mind, there is no regular patching or updates being 

made in either a functional or security capacity. Therefore, Zombie APIs boast the power to become an 

incremental security risk. They are removed from API documentation and security testing programs, 

leaving them to rot over time and expose new vulnerabilities. 

While Zombie APIs pose significant threats to cyber resilience, there is one other great cause for concern 

within API security - the presence of Shadow APIs. Shadow APIs can be defined as third-party APIs that 

exist outside of an organization's official API ecosystem, remaining invisible to most and void of security 

controls. Oftentimes, these types of APIs are created and deployed by well-meaning developers on a 

time crunch to meet business and application innovation demands. Despite no ill-intent from a developer, 

these unmanaged, non-restricted APIs have the potential to cause severe vulnerabilities. Shadow APIs 

often fail to adhere to correct API governance standards, may not meet security best practices such as 

those outlined in the OWASP API Security Top 10, and may also expose sensitive data. 

The presence of Zombie and Shadow APIs remains widespread across organizations, which in turn 

creates many opportunities for sly and sneaky bad actors to execute an attack. The root cause of both is 

simple: Broken and siloed communication between developers and security teams. Developers and 

engineering teams are rapidly creating APIs to keep pace with innovation, and security personnel are 

willfully trying to protect and manage them. But both play a significant role in securing the API ecosystem. 

Particularly in relation to API documentation and inventory management. As the saying goes, “you cannot 

protect what you cannot see”. 

Developers and engineers not only have a duty of care to keep a robust catalog of the APIs created and 

deployed, but also to brief the appropriate parties about deprecated APIs no longer being utilized. This 

intel should be continually shared with security teams to ensure API inventories remain complete, make 

certain appropriate patching and testing initiatives are carried out and allow the complete removal of 

expired APIs. 

Mitigating the volume of Zombie APIs requires developer and security teams to liaise with one another 

to comprehensively define and articulate robust API retirement policies and procedures and determine 

who is responsible for executing such activity. This practice will ensure that inactive APIs are formally 

taken out of an ecosystem and avoid future attacker retaliation. 

Similarly, alleviating the threat of Shadow APIs also calls for deep synergy and collaboration amongst 

teams and strong DevSecOps practices. Security teams must work with engineers and developers to 

define and enforce governance policies for APIs being created. These policies should clearly describe 

which individuals can create new APIs, how they should be designed, deployed and utilized, and offer 

insight into the required testing mechanisms new APIs must undergo prior to being pushed into 

production. 

The existence and proliferation of Zombie and Shadow APIs ultimately comes down to two factors: broken 

communication and human error. Breaking down the barriers of communication and solid collaboration 

amongst developers and security teams will significantly improve API documentation, inventory 

management and help enforce security best practices. Without it, organizations will continue to be 

plagued with API risk, and remain unsuspecting of possible threats and unprotected against exploits. 




Dan Hopkins is VP of Engineering at StackHawk. He has been a software 

engineer for 20 years, working at high growth startups such as VictorOps 

and LivingSocial and at large high-tech companies such as Splunk. For the 

last 10 years, he has focused on building tools for progressive engineering 

teams adopting DevOps and DevSecOps practices. 



How To Combat the Mounting ‘Hacktivist’ 

Threat 

By Manish Gohil, Senior Associate, Dragonfly 

The war in Ukraine has seen the emergence of highly-disruptive cyber criminals, motivated less by money 

than ideology. These ‘hacktivists’ are actively targeting businesses to further their interests – those 

backing Moscow have been posing a threat to Western states as well as the operations and reputation 

of organisations. Corporate exposure to pro-Russia hacktivism is substantial. Yet it does not appear to 

be a priority concern for businesses, leaving them exposed to attacks in what is a rapidly evolving threat 

landscape. 

Hacktivist groups, both current and past, have sought to cause nuisance and disruption to both 

governments and corporations, in line with their ideological goals. For example, we have seen this last 

year with high-profile data breaches by an environmental hacker collective called ‘Guacamaya’, impacting 

national governments and militaries in Mexico and other parts of Latin America. Their tactics are not 

particularly sophisticated (typically involving website defacements and Distributed Denial of Service or 

DDoS attacks – that is the flooding of target networks with an overwhelming amount of traffic). The 

operations are often timed to result in maximum disruption. 



However, many corporate cyber teams do not appear to be looking at these threat groups as seriously 

as they should, putting their companies on the back foot, across a range of geographies. I argue that this 

stems from a limited understanding of the geopolitical and security landscape and the developments 

spawning these groups, as well as a weak grasp of how, when and why they operate, and who they are 

intent on pursuing. 

Real-world events – politics, war, sanctions – arguably exert the biggest influence over the tactics and 

techniques employed by hacktivists. The Ukraine war is a case in point. It has led to the creation of new 

– and the re-emergence of dormant – hacker groups. Each side in the conflict is now able to draw on 

cyber actors willing to fight for their respective cause. 

Ukraine’s volunteer ‘cyber army’ has impacted key Russian sectors, while pro-Russia groups have 

launched widespread DDoS attack campaigns against European states over their support for Ukraine. 

The latter have hit sectors such as banking, finance, energy, and transport. And, recently, they have 

upped the ante by explicitly threatening to carry out what they describe as destructive hacks against 

Western financial entities, in an attempt to paralyse global payment systems. 

While most pro-Russia hacktivist groups stalking corporations do not appear to be capable of inflicting 

significant damage or major financial loss, they nonetheless present a persistent disruptive threat. The 

groups’ goals are to exert pressure and embarrassment, often making demands aimed at drawing 

businesses deeper into their line of fire. It has forced more and more decision-makers to adopt a 

defensive posture, for instance through enhanced DDoS protections. Such is the danger they pose that 

the UK National Cyber Security Centre this year warned that these state-aligned groups intended to 

launch “destructive and disruptive attacks”. 

As a way of boosting their profile, hacktivists have also turned to brazen, coercive tactics and threats to 

pressure their victims. This summer, the hacktivist group ‘Anonymous Sudan’, which supports Russia, 

claimed responsibility for DDoS attacks against a major European airline and Microsoft365 services. And 

the prolific pro-Russian ‘Killnet’ collective has escalated its threats, warning of physical attacks (such as 

the burning of offices and the singling out of employees) of a target organisation. While such threats are 

probably overblown, they are effective because of the psychological pressure they can place on 

companies and their staff. 

States’ leveraging of hacktivists complicates the threat to businesses. There has been growing evidence 

of collusion between the Russian state and pro-Russia groups since the Ukraine war broke out in 

February 2022. The cybersecurity firm Mandiant said earlier this year that it had identified three “so-called 

hacktivist groups” that appeared to be working with – or operating as a front for – the Russian intelligence 

agencies. An unverified, leaked US intelligence report this year revealed coordination between a pro- 

Russia hacktivist group and the Russian FSB domestic security service in an operation that could 

potentially have damaged a Canadian gas facility. 

Many corporations do not have a sense of the hacktivist threat they face until they have been targeted. 

However, with a greater understanding of the geopolitical landscape, cybersecurity teams would be better 

equipped to identify and track developments or indicators that might place their organisation in hacktivist 

crosshairs. A whole series of events during the Ukraine war have sparked a near-immediate response 



y pro-Russia hacktivists. These have included DDoS attack campaigns on specific countries, sectors 

and firms. 

The most likely triggers for pro-Russia campaigns include the following developments: new sanctions 

packages against Russia; disputes over trade or transit of Russian goods; announcements of significant 

military assistance to Ukraine; European countries’ expulsion of the Russian diplomats; the removal of 

Soviet monuments, particularly in eastern European countries; and approaching national elections in 

North America and Europe. Regarding the latter, pro-Russia hacktivists will almost certainly see the 

upcoming Polish elections on 15 October as a prime opportunity to strike at entities and companies there. 

All the evidence suggests that the hacktivist menace is not going to go away anytime soon. Organisations 

not only need to become alert to the dangers but must also try to anticipate them. In so doing, they can 

then begin to mitigate their impact. The fast-moving and dynamic way in which these new cyber threats 

evolve means cyber professionals require an edge. Geopolitical intelligence has a critical role to play 

here. Having the capacity to forecast real-world risks – such as revolution, insurrection, and war – and 

simultaneously identify ensuing cyber threats will increasingly become critical to the protection of 

organisations. 


Manish Gohil is a Senior Associate covering cyber risks at Dragonfly, a 

geopolitical and security risk consultancy firm based in London. He has 

several years of experience in helping organisations anticipate 

geopolitical risks globally, including topics on how real-world events 

impact the cyber threat landscape. Manish previously led coverage on 

the South Asia region on political and security issues, and is a Certified 

Security Management Professional. 

manish.gohil@Dragonflyintelligence.com, 

https://www.dragonflyintelligence.com/ 



OT Cybersecurity: Safeguarding Building 

Operations in a Digitized World 

By Mirel Sehic, Global Director of Cyber Security, Honeywell 

In an increasingly digitized world, the looming threat of cyberattacks has cast a shadow over nearly every 

aspect of our lives. As technology continues to intertwine with our daily routines, the vulnerability of a 

building's critical infrastructure becomes ever more apparent. These concerns are brought into the 

spotlight by high-profile ransomware attacks, which can now penetrate even the most intricate systems. 

Recently, in September, the gravity of this threat was illustrated when two Las Vegas casinos fell victim 

to an information technology (IT) cybersecurity breach. This breach not only caused slot machines to be 

down but also rendered hotel cards useless, among other disruptions. The aftermath of these attacks 

cost these institutions millions of dollars in revenue, underscoring that no business, regardless of the 

sophistication of its cybersecurity systems, is immune to such attacks. 

While this example shows how the consequences of any cybersecurity attack can be severe, it is 

imperative to also recognize that attacks associated with operational technology (OT) cybersecurity can 

be even more catastrophic. In these cases, operations cease, and entire systems come to a standstill. 



Unlike IT cybersecurity attacks, which primarily jeopardize data, OT cybersecurity breaches threaten not 

only the integrity of information but also the functionality and safety of the spaces we inhabit. 

The number of cyberattacks involving OT systems has steadily increased in recent years. Several factors 

contribute to this trend, including inadequately protected cybersecurity environments, the influx of new 

Internet of Things (IoT) devices and connected systems, and the escalating complexity of securing OT 

systems. These challenges highlight the need for organizations to prioritize the security of these critical 

systems. 

In tandem with the surge in attack incidents, the global cost of cybercrime is also increasing, with a portion 

of the multi-trillion dollar cybercrime industry cost being attributed to attacks on operational technology 

environments. This emphasizes the escalating threat to OT environments and highlights the urgency for 

organizations to bolster their cybersecurity measures to protect against attacks, especially given the 

critical role OT systems play in the safe and effective operation of industrial processes. As the 

cybersecurity threat landscape continues to expand within both OT and IT, it is paramount for 

organizations to proactively stay ahead of the curve. 

When speaking about OT cybersecurity attacks in buildings, it is imperative to understand that buildings 

are not just physical structures but instead, they serve as the vital hubs of modern life, encompassing 

offices, entertainment facilities, factories, hospitals and more. However, this centrality makes them an 

attractive target for cyberattacks. Equipped with various smart systems like access control, heating, 

ventilation, and air conditioning (HVAC) and lighting, buildings have become increasingly digital, but this 

digitalization also exposes them to vulnerabilities. As the lines blur between the physical and digital 

worlds, attackers exploit new avenues to infiltrate these spaces. 

To enhance a building’s resilience against OT attacks, cybersecurity governance stakeholders, from 

facility managers, operators to CISOs should adopt a layered security approach. This method begins with 

a comprehensive security assessment to understand assets and how they communicate with each other. 

Once an assessment has been completed, key stakeholders can identify vulnerabilities, create a secure 

configuration and design plan that prioritizes critical assets while also selecting additive cybersecurity 

appliances and software to bolster defenses. From there, operators can begin to implement holistic 

cybersecurity monitoring and importantly create an incident readiness plan to be prepared in case of any 

future incidents. This convergence provides real-time threat detection and response capabilities, 

bolstering a building's defense against cyberattacks. However, while these are just a few of the steps 

building owners and operators can take to reduce vulnerabilities, each plan will vary based on the 

building's security risk requirements and budget. 

The intersection of OT and IT cybersecurity in the built environment requires a comprehensive approach. 

It necessitates a collective understanding that buildings are not just physical spaces but also digital 

ecosystems. The future demands a holistic approach to OT security, aligning IT and building 

management to safeguard the spaces we rely on. 




Mirel Sehic is the Global Director of Cyber Security of Honeywell. Mirel 

Sehic is the vice president general manager of cybersecurity for 

Honeywell Building Technologies (HBT). He leads a team that is 

responsible for educating and helping customers efforts to protect their 

operational technology (OT) cybersecurity critical infrastructure 

environments. Mirel oversees the cybersecurity business globally, 

including the integration with development, partnerships, marketing of 

solutions, sales and operations. Mirel can be reached online at our 

company website https://buildings.honeywell.com/. 



The Cyber Risk Nightmare and Financial Risk Disaster of 

Using Personal Messaging Apps in The Workplace 

By Anurag Lal, President and CEO of NetSfere 

Using personal messaging apps for business communication and collaboration is harmless – right? 

Wrong. This practice, which is unfortunately still widespread in an environment of relentless cyberattacks, 

is fraught with major cyber and financial risk. 

Unsecure messaging apps are a gateway for cybercriminals to access, expose and exploit an enterprise’s 

sensitive data. When this happens, the cyber and financial fallout can be devastating for organizations. 

To mitigate cyber and financial risk, enterprises should move to secure mobile messaging platforms with 

robust security and control features that are specifically designed to maintain data security, integrity and 

privacy. 

Using messaging apps not designed for the enterprise invites a cyber risk nightmare and financial risk 

disaster. 



Cyber risk nightmare 

Cyber criminals are using unsecure mobile messaging tools to infiltrate and wreak havoc on enterprise 

networks and systems. Bad actors are very aware that consumer-grade messaging apps and unsecure 

collaboration tools were not designed for enterprise use and are tailoring attacks to take advantage of 

security gaps and vulnerabilities in these tools. 

Data shows that the use of unsecure messaging and collaboration apps is fueling an increase in global 

cyberattacks. Findings from a Check Point Research report show that cyberattacks are increasing 

worldwide, with 38% more cyberattacks per week on corporate networks in 2022, compared to 2021. The 

report revealed that this increase was driven by smaller, more agile hacker and ransomware gangs, who 

focused on exploiting collaboration tools used in work-from-home environments. 

The use of unauthorized apps in the workplace like consumer-grade messaging apps, or what is called 

shadow IT, introduces network vulnerabilities that put companies at risk of compliance violations and 

data breaches. In fact, Randori’s State of Attack Surface Management 2022 report revealed that 7 in 10 

organizations have been compromised by shadow IT. 

Financial risk disaster 

Using personal messaging apps in the workplace can also result in crippling financial losses for 

enterprises. Business disruption, reputational damage, downtime, legal fees and fines for compliance 

violations are all disastrous effects of data breaches that impact the bottom line. 

Over the last few years, many organizations learned the hard way that using these unsecure 

communication and collaboration tools exponentially increases cyber risk that can result in costly 

compliance violations. For example, a massive crackdown by the SEC on the use of unapproved 

communication apps led to 16 firms being fined $1.1 billion in 2022, followed by another round of 

violations for 11 more firms in August of this year resulting in an additional $289 million in fines. 

The bottom line damaging impact of cyberattacks was recently quantified in research by ThreatConnect 

which found that cyberattacks can cost enterprises up to a whopping 30% of operating income. 

That’s not surprising considering that IBM most recent cost of a data breach report showed the global 

average cost of a data breach reached $4.45 million in 2023 – an all-time high for the report and a 15% 

increase over the last three years. 

Company stock prices also take a hit when data breaches occur. A Comparitech analysis of the impact 

of data breaches on the share prices of 34 breached companies that were listed on the New York Stock 

Exchange (NYSE), found that share prices of these breached companies hit a low point approximately 

110 market days following a breach, falling -3.5% on average, and underperforming the NASDAQ by - 

3.5%. According to the analysis, one year after the data breach the share price of breached companies 

fell -8.6% on average and underperformed the NASDAQ by -8.6%. After 2 years, the average share price 



fell -11.3%, and underperformed the NASDAQ by -11.9%. And after three years, the average share price 

was down by -15.6% and down against the NASDAQ by -15.6%. 

The impact of cyber risk on corporate balance sheets extends even further. Last year, the Wall Street 

Journal reported that credit-rating firms are warning companies about cyber risks and issuing reports on 

how attacks could affect their credit ratings. This has serious implications for companies as a cyber risk 

downgrade in credit rating can negatively impact shareholder value and investor confidence. 

Evolving data privacy and security regulations present another financial risk, with regulators stepping up 

enforcement and issuing record fines for compliance violations. Data protection supervisory authorities 

across Europe have issued a total of €1.64 billion ($1.74 billion) in fines since January 28, 2022, 

representing a year-on-year increase in aggregate reported GDPR fines of 50%. 

The right mobile messaging tools reduce enterprise risk 

The growing frequency and sophistication of cyber threats present existential levels of cyber and financial 

risks for enterprises today. The practice of using unsecure mobile messaging apps in the workplace 

needlessly increases these risks. 

Using enterprise-grade secure mobile messaging technology mitigates cyber and financial risks in 

business communication. This technology reduces the attack surface, providing no point of entry for 

malicious hackers intent on accessing sensitive enterprise data. 

Mobile messaging platforms designed for the enterprise feature end-to-end encryption (E2EE), protecting 

data at rest and in transit and ensuring that only the sender and receiver can read messages. Secure by 

design collaboration technology like this provides employees with a convenient and frictionless way to 

share ideas, files, and data without the risk of data leakage or exposure. 

These platforms also reduce risk with robust administrative controls that enable centralized account 

management, file sharing and policy compliance, remote wipe, real-time reporting and other capabilities, 

giving IT departments the control mechanisms, they need to securely manage the distribution of 

information across the enterprise. 

Providing employees with user-friendly mobile messaging tools that don’t compromise security or 

compliance is a risk management strategy that eliminates the use of unsecure mobile messaging apps. 

When employees have the secure tools they need to optimize their work experience, productivity 

increases and cyber risk decreases. 

Today, organizations need to ban the use of unauthorized messaging apps and adopt enterprise-grade 

platforms to protect their networks and systems from the cyber threats that create cyber risk nightmares 

and financial risk disasters. 




Anurag Lal is the President and CEO of NetSfere. With more 

than 25 years of experience in technology, cybersecurity, 

ransomware, broadband and mobile security services, Anurag 

leads a team of talented innovators who are creating secure and 

trusted enterprise-grade workplace communication technology 

to equip the enterprise with world-class secure communication 

solutions. Lal is an expert on global cybersecurity innovations, 

policies, and risks. 

Previously Lal was appointed by the Obama administration to 

serve as Director of the U.S. National Broadband Task Force. 

His resume includes time at Meru, iPass, British Telecom and Sprint in leadership positions. Lal has 

received various industry accolades including recognition by the Wireless Broadband Industry Alliance 

in the U.K. Lal holds a B.A. in Economics from Delhi University and is based in Washington, D.C. Anurag 

can be reached online at @anuragl and www.netsfere.com. 



DevOps’ Big Challenge: Limiting Risk Without 

Impacting Velocity 

By Asaf Karas, CTO for JFrog Security 

Businesses leverage enterprise applications to build a competitive edge and move quickly. These 

applications need to be built, secured, deployed, and updated on a daily basis in most cases. This is 

where the power of DevOps comes in to prioritize swift software delivery. 

Businesses’ heavy reliance on software applications has spurred increased use of open-source software 

(OSS) libraries and packages, which can help accelerate software delivery. While the benefits of opensource 

software are undeniable, its use also comes with challenges, particularly where security is 

concerned. OSS accounts for roughly 70 to 90 percent of all enterprise software, which is largely why 

OSS has become a primary target for cyber threats, where malicious actors target vulnerabilities within 

software supply chains. 

This means developers are now every enterprise’s first line of defense against a software supply chain 

attack. Ideally, DevOps teams need to preemptively shield against high-risk packages before they 

infiltrate their organization's infrastructure, which calls for the early-stage analysis of open-source 



packages. The idea is to obstruct risky or malicious components at the point of request or update so they 

don’t infiltrate the software ecosystem. 

Rising Threat: Software Package Hijacking 

Software package hijacking is a rising and significant cybersecurity threat where legitimate software 

packages are injected with malicious code. Although challenging to execute, the method is highly 

effective due to the widespread use of these packages, creating a high infection rate. Once a package 

hijacking incident is identified, package maintainers or public repository administrators work to remove 

the malicious version and publish a clean one, making the infected version inaccessible. 

There are two main types of software package hijacking: 

1. External Package Hijacking. Software package hijacking is typically carried out using unauthorized 

access to maintainers' and developers' accounts or by discreetly injecting hidden malicious code into 

legitimate code contributions to open-source projects. A relatively recent example of this was seen in the 

PyTorch library, a renowned Python machine-learning framework with more than 180 million downloads. 

In December 2022, PyTorch experienced a dependency hijacking attack directly targeting the machine 

learning (ML) developer community. The attacker successfully acquired PyTorch maintainer credentials 

and introduced a malicious dependency named "torchtriton" into the project. The malicious package 

garnered more than 3,000 downloads within just five days. 

The payload concealed within torchtriton exfiltrated sensitive information, including Secure Shell (SSH) 

keys and environment variables, sending them to the attacker's server. 

2. Self-Package Hijacking (Protestware). Software package hijacking isn't limited to external malicious 

actors; developers and project maintainers themselves sometimes engage in this activity as a form of 

protest or advocacy for their beliefs. This form of hijacking, often referred to as "protestware," is a 

concerning trend because it can be difficult for an organization to recognize it before it's too late. 

Take, for instance, "faker" and "colors," two npm packages highly favored by Node.js developers. The 

“colors” package enables developers to apply styles, fonts, and colors to the Node.js console, while 

“faker” aids in generating data for testing purposes during development. 

The same individual authored both packages which became quite popular, rising to millions of weekly 

downloads. In January 2022, the author intentionally sabotaged the packages to protest against large 

corporations that didn't contribute to the open-source community. They sabotaged both packages by 

injecting an infinite loop into the code, effectively rendering thousands of projects that depended on these 

packages inoperable. It took two days to detect this malicious modification following the release of the 

tainted versions. 



By making this single alteration to the package code, a multitude of companies were impacted by the 

malicious code and faced significant disruptions to their products and development workflows. 

Defense Mechanism: Curate Before You Code 

It’s not surprising that these hijacking methods have become prominent in recent years — up to 96 

percent of applications contain at least one open-source component. As developers collaborate on 

software production, there is one word they should become familiar with when it comes to securing the 

software development pipeline: curation. 

At a high level, the word "curation" is defined as the act of thoughtfully selecting and organizing items -- 

a process typically associated with articles, images, music, and so on. In this case, however, the items 

being curated are open-source software components in a way that acts as an automated lock to 

safeguard the gateway of the software pipeline. It entails filtering, tracking, and managing software 

packages based on preset policies to ensure the use of reliable components across the development 

lifecycle. 

Curating software components streamlines development by guaranteeing the safety, reliability, and 

current status of packages. The idea is to protect against both known and unknown risks through a 

comprehensive approach that strengthens the organization's software supply chain by establishing a 

trusted source of packages. 

As the concept of DevSecOps (development + security + operations) gains prominence, curation serves 

as the initial defense, preventing package-related risks early in the software development process to 

improve alignment within the organization and enhance the overall developer experience. Effectively 

curating software packages within the supply chain provides peace of mind by offering secure building 

blocks for development teams. 



Ultimately, software package hijacking is a growing concern in the cybersecurity landscape as external 

actors and —in some cases, even developers themselves — attack software packages to execute 

malicious code. Vigilance through proactive curation of software packages, improved security measures 

across the software supply chain, and rapid incident response are all essential to safeguarding the 

integrity of software packages upon which countless developers and organizations rely. 


Asaf Karas is Chief Technology Officer for JFrog Security. A seasoned 

security expert, Karas has extensive experience in reverse engineering, 

device debugging, network forensics, malware analysis, big data, and 

anomaly detection. Prior to JFrog, Karas served as CTO of Vdoo, which 

delivered an integrated security platform designed for connected, IoT, and 

embedded devices. Vdoo was acquired by JFrog in June 2021. Karas 

also spent several years working with international military organizations. 

Asaf spent almost 15 years leading security research at the Israeli 

Defense Forces where he served as a branch leader for over 100 cyber specialists. Asaf can be reached 

online at (LinkedIn, @JFrogSecurity) and at our company website https://jfrog.com/ 



ChatGPT For Enterprises Is Here – But CEOs 

First Want Data Protections 

Amidst the rise of generative AI, business leaders must navigate the delicate balance of 

adoption, security, and trust. 

By Apu Pavithran, CEO and Founder, Hexnode 

At the end of August, OpenAI released ChatGPT for Enterprises. The much-hyped version focuses on 

“enterprise-grade security,” advanced data analysis capabilities, and customization options. But, it’s 

unlikely to change how businesses view the tool. Despite a solid majority (60%) of US executives 

expecting generative AI (GenAI) to have an enormous long-term impact, they’re still a year or two away 

from implementing their first solution. 

Regardless of self-proclaimed “enterprise” solutions, business leaders first want to understand how the 

technology works, evaluate their internal capabilities and data security, and invest accordingly. 



Let’s explore how businesses can navigate the delicate balance of adoption, security, and trust in the era 

of GenAI. 

Why Business Leaders Aren’t Yet Sure of GenAI 

So, how does this technology work, and why does it warrant concern for businesses? GenAI models 

undergo extensive training on vast image and text datasets from various origins. Users start the process 

with an initial prompt to the platform which serves as a guide for generating content. Given that these 

models are still in their learning phases, however, the way data is utilized on the backend remains 

uncertain. 

It’s important to recognize that any shared information effectively becomes part of the platform’s training 

data, influencing future outputs. While ChatGPT assures consumers of not training their software with 

personal or corporate data, OpenAI faces multiple high-profile data leaks. For example, Samsung faced 

a proprietary data leak with ChatGPT. Meanwhile, others criticized the way it learns from content in a 

manner that potentially breaches copyright. 

Enterprises are right to approach this technology with a healthy dose of caution. Consider that higher 

adoption of GenAI and subsequent integration with third-party platforms demand additional assessment 

from cybersecurity teams. As a result, their focus is no longer confined to internal measures but to also 

scrutinizing the security of third-party software and its affiliates. Additionally, another emerging threat 

involves injection attacks targeting customer support chatbots, which could potentially grant unauthorized 

access to enterprise systems. If unaddressed, the potential threat vector with this technology is 

considerable. 

Interestingly, 45% of organizations believe that if they fail to implement the right risk management tools, 

GenAI could potentially erode trust within their organization. Therefore, before onboarding this 

technology, business leaders are doing their homework to ensure a safe and responsible adoption. This 

meticulous approach to adoption seeks to strike a balance between the remarkable potential of GenAI 

and the imperative of safeguarding trust. 

The Duality of GenAI 

There’s great promise and profound risk for enterprises venturing into the realm of GenAI. To navigate 

the associated risks and challenges, organizations must forge forward-thinking policies that protect 

employees and data. 

For instance, companies will likely need to address GenAI-specific risks by revising policies regarding 



usiness email communication, data sharing with third parties, or the utilization of established third-party 

code projects. 

Chief Information Security Officers (CISOs) should also consider running awareness campaigns to 

educate users about the inherent risks associated with this technology. Establishing a comprehensive 

rulebook that delineates who can utilize what and what should remain confidential will help. 

While international policymakers are actively formulating strategies to foster a responsible AI ecosystem, 

organizations must align their efforts with government-endorsed approaches to fend off potential threats. 

It’s important to remember that GenAI risks extend beyond cybersecurity – they encompass privacy and 

data protection risks, regulatory compliance, legal exposure, and AI ethics. This means that CISOs must 

stay vigilant, not only regarding current risks but also those on the horizon. 

Redefining The Security Roadmap 

A big concern for enterprises is that employees dabble in GenAI away from the watchful eye of IT. In 

effect, it’s now a major vector of Shadow IT. Research found that 7 out of 10 folks who’ve jumped on the 

ChatGPT bandwagon aren’t telling their supervisors. While more than two-thirds of employees continue 

to engage in non-enterprise applications, CISOs need to question why such applications are gaining 

prominence and attain a clear picture of these users. 

Alarmingly, studies show that 4% of employees have placed sensitive corporate data into language 

models. Cybersecurity leaders can work on this by deploying protection tools to ensure safer transit of 

data, ensuring that sensitive information remains shielded from unauthorized access or exposure. 

Finally, there are tools like unified endpoint management (UEM) that can restrict the transfer of sensitive 

data across unapproved devices or applications by defining accessibility. Admins can authorize device 

access to such applications based on the user’s role. Endpoint management solutions, when integrated 

with identity and access management (IAM), will flag admins if confidential data is shared. In the 

unfortunate event of a device with ChatGPT access being misplaced or stolen, UEM solutions can 

remotely erase data from the device, effectively shielding sensitive information from falling into the wrong 

hands. 

GenAI is understandably gaining ground in the modern workplace. Corporations are taking these tools 

for a spin, developers are cozying up to them, and employees are experimenting with them. At the end 

of the day, CISOs must create a security-conscious environment without stifling the productivity of their 

workforce. It’s therefore vital to find the perfect harmony between innovation and safety. End of article. 




Apu Pavithran is the Founder and CEO of Hexnode. Recognized in the 

IT management community as a consultant, speaker, and thought leader, 

Apu has been a strong advocate for IT governance and Information 

security management. He’s passionate about entrepreneurship and 

spends significant time working with startups and empowering young 

entrepreneurs. You can find more about Apu on his LinkedIn and his 

company’s website, Hexnode. 



Chromecast End-of-Life Announcement Highlights Urgent 

Need for Patch Management Reform Among Hybrid 

Workers 

By Joao Correia, Technical Evangelist for Tuxcare 

In April this year, Google announced the discontinuation of support for its original Chromecast device. 

The first-generation Chromecast had been a highly successful hardware venture for Google, with an 

impressively long lifespan in the consumer market boasting sales surpassing 10 million units in 2014 

alone. While newer generations of Chromecast will remain functional for users, Google's decision 

effectively put an end to technical support, updates, and security patches for the initial devices. 

This move by Google presents potential challenges to security teams around the globe, as a significant 

number of companies continue to embrace their hybrid or fully remote operating status brought on by the 

pandemic. According to a recent study conducted by the Pew Research Center in early 2023, 

approximately 22 million individuals are presently engaged in full-time remote work, and thus it’s fair to 

assume a considerable portion of them may still be using Chromecast devices within their home 

networks. 



Past incidents involving data breaches have illustrated the risks associated with outdated home systems 

and a lack of security awareness, as they can unwittingly compromise entire enterprise networks. 

Neglecting to keep software systems up-to-date has also proven to lead to an ever-growing number of 

vulnerabilities that are ripe for bad actors to exploit. A noteworthy example occurred in March 2023 when 

LastPass experienced a massive breach due to an oversight by one of its engineers who failed to update 

Plex on their personal computer. This oversight resulted in a deserialization flaw that affected a Plex 

Media Server running on Windows, permitting a remote attacker with authentication to execute Python 

code within the context of the current operating system user. 

While employers may learn from such attacks and enforce consistent patching requirements for individual 

devices connected to internal systems, Chromecast devices now remain vulnerable. Without the ability 

to automatically secure itself through a provided patch, it could serve as a stepping stone for attackers to 

gain access to other systems in the home network and subsequently, the enterprise network itself. 

Currently, companies can spend millions every year to patch, document and report results. Yet they will 

opt to delay their updates and security patches by weeks or even months. This is largely due to the fact 

that security leaders and IT teams view patch management as a highly disruptive and time-consuming 

process disrupting operations due to server reboots and scheduled downtime. 

Such hesitance to maintain a consistent patch schedule creates a highly exploitable attack surface that 

can become a ticking time bomb for any remote employee or unsuspecting business. This is where live 

patching comes in to streamline the process without disrupting systems. Live patching is a relatively new 

approach to enterprise security that works by intercepting and modifying code at runtime, without 

interrupting the system's normal operation or modifying the underlying binary. Having this system in 

place that can apply an automatic patch as it becomes available can not only reduce system downtime, 

but it can also provide substantial labor cost savings, eliminate maintenance windows, and free up 

understaffed IT security teams. 

Implementing more robust security measures for remote access to corporate networks will ensure 

potential breaches cannot take down an entire enterprise system. According to a recent Tessin report, 

nearly 90% of IT leaders and CISO’s agree that a strong security culture is imperative to maintaining the 

required security posture, while a third of employees do not think they play a role in effective cyber 

mitigation. But employee behavior can place companies at a huge risk of falling victim to cyberattacks, 

with human error one of the biggest risks to cybersecurity today. 

Human error can manifest itself in a multitude of ways, from weak passwords to failing to install software 

security updates on time, to accidentally giving up sensitive information to phishing emails and malware 

threats. The risk has only increased as office employees have moved to the more preferred status of 

remote work. Staff working from home are often outside the direct oversight of IT teams and often struggle 

to deal with cyberthreats and appropriately protect company information. In fact, remote work has 

effectively removed the notion of a security perimeter around networked corporate IT assets. While 

technical solutions like zero trust, mobile device management systems or spam filters are useful for endusers, 

they do not offer the level of protection needed to properly reduce risk, and offer no additional 

security to devices present in home networks but not directly used to access internal enterprise systems. 



Going beyond awareness and fostering a real culture of cybersecurity requires implementing tangible 

strategies that are rooted in safeguarding sensitive information and materials. Traditional methods of 

controlling and securing company data aren’t always as effective when employees are working in remote 

locations. This ultimately places a greater responsibility on the individual and companies must empower 

their employees to deal with a certain level of risk. From aggressive security awareness and anti-phishing 

training that maintains a frequent schedule, to multi-factor authentication tools and strong password 

management, employees need to serve as the first line of defense against potential attacks. 

Ultimately, the announcement of Google Chromecast’s end of life serves as yet another example why 

both individuals and businesses must remain vigilant and up-to -date in their security measures and 

vulnerability management. As criminals continue to evolve in their hacking efforts, defending against new 

attacks via a reliable patch management system and other proactive security measures can make your 

organization a far less appealing target for bad actors. 


Joao Correia serves as the Technical Evangelist at TuxCare 

(www.tuxcare.com), a global innovator in enterprise-grade cybersecurity 

for Linux. 

Joao can be reached online at @jcorreiacl and at our company website 

https://tuxcare.com/. 



Common Pitfalls of Running On-Premises 

SIEM Solutions 

By Vinaya Sheshadri, Practice Leader Cyber Security at RiverSafe 

A good Security Information and Event Management (SIEM) tool is a necessity for any organisation 

looking to protect their digital environment. They help security teams be more proactive, and identify 

potential threats before they can disrupt operations or expose sensitive data. 

By monitoring systems and networks for unusual activity, SIEM solutions allow organisations to detect, 

investigate, and deal with possible security issues or cyberattacks quickly, minimising the damage that 

they might cause. 

SIEM technology has been around for a while, and in that time these products have evolved significantly, 

improving their ability to flag anomalous events and behaviours, and increasing the amount of data they 

can parse simultaneously. 



But the most crucial innovations have come with the advent of cloud-native SIEM solutions. Boasting all 

the benefits of SaaS products, like fast deployment and scalability, cloud-based SIEM platforms also offer 

a host of advantages that their on-premise peers do not. 

With cyberattacks becoming more sophisticated and widespread, keeping your security stack up-to-date 

is critical. The threat landscape is evolving constantly, and yesterday’s security tools cannot defend 

against today’s cyber risks. 

If your organisation is relying on on-premises SIEM solutions, then you could be leaving yourself 

vulnerable to fast-developing threats. 

Many of the most common disadvantages of running an on-premises SIEM solution aren’t just 

inconvenient compared to their cloud counterparts; they can also present security risks. Let’s take a look 

at some of the key pitfalls of on-premise SIEMs. 

High (and recurring) costs 

On-premises SIEM solutions can be costly, not only to purchase but also to maintain. 

As well as the upfront investment needed in storage, servers, hardware, and software licences, 

responsibility for ongoing maintenance or upgrades falls on the shoulders of the organisation. For a SIEM 

to deliver proper protection, it needs to be regularly updated, optimised, and patched, requiring significant 

time and effort from your IT team. 

Limited scalability 

Change is the only constant in today’s economy, and as a result, the ability to flex resources based on 

an organisation’s needs can give businesses the edge. Scaling up capacity to meet usage demands or 

scaling down to reduce waste and overspend is essential—and the faster you can do it, the better. 

On-premise SIEM deployments can often lack this flexibility, and this sluggishness to respond to 

changing requirements can leave your organisation unprotected. Adding new data streams or event types 

to look out for may require additional hardware or infrastructure upgrades if the existing system can’t 

handle the extra data volume and processing requirements. 

Complex deployment 

Deploying any kind of software on-premises is complex and time-consuming. With multiple data sources 

to ingest and rules to put in place, a SIEM can be especially tricky to implement. Often taking months to 

roll out, on-premises SIEM tools usually require expert assistance to install, which can be costly. Plus, 

the potential consequences of any errors or misconfigurations that occur during set-up can be dire. 



Legacy SIEM solutions may also be limited in terms of integration with other security tools, leaving you 

with unmonitored weak spots across your environment. Any integrations you do have in place must be 

carefully monitored, as missed connection updates can lead to integrations breaking and events being 

missed. 

Extensive data storage 

The entire purpose of SIEM is to collect and analyse data for suspicious occurrences. Gaining the deep, 

real-time visibility required to protect your applications, infrastructure, and networks means collecting logs 

and audit trails so they can be examined and reported on. 

The more data your SIEM is ingesting, the more protected you’ll be—but that data has to go somewhere, 

and on-premises data storage isn’t cheap. 

Compliance challenges 

Not only can storing data locally on your own on-premises servers be costly, but it can also be challenging 

to organise and maintain if you have a lot of it. 

Complying with certain data and privacy regulations often necessitates that you store data in a certain 

way and often for certain periods, meaning you’ll likely need to be hands-on with managing this data. 

You’ll need to be able to keep track of its movements and access history too; data privacy laws like GDPR 

and CCPA, for example, have strict regulations that must be followed if data crosses international borders 

or state lines. This tends to be more difficult when your data is isolated in local storage. 

Lock-in periods 

We’ve already mentioned how on-premises SIEMs are limited when it comes to the flexibility of users, 

data streams, or resources. Licencing the product itself can also prove more restrictive than you’d like. 

Once a SIEM is implemented, switching to a more suitable platform (and migrating all your log data along 

with it) can be tough, not to mention prohibitively expensive. This outlay, and the sunk-cost fallacy that 

often comes along with it, can prevent organisations from branching out into other security tools, and 

soldiering on with a SIEM that doesn’t offer the best performance or features. 

Next-generation SIEM delivers many benefits, from rich, AI-powered functionality and always-up-to-date 

threat intelligence to customisation possibilities and reduced false positives. But whatever your primary 

motivation for moving to a cloud-based SIEM, the end result of these benefits is better protection for your 

organisation in a time when the threat of cyberattacks and the impact of insider threats are on the rise. 




Vinaya is a highly experienced security engineer, certified in Splunk, 

McAfee, IBM and more, with over 8 years of experience handling diverse 

security technologies such as SIEM, SOAR, EDR and Vulnerability 

Management. 

At RiverSafe, Vinaya is the Practice Lead for Cyber Security. In this role 

he leads and guides other consultants within the business, ensuring the 

team provide the best results possible to RiverSafe’s customers. Vinaya 

is also heavily involved in the business development of RiverSafe as an 

organisation. 

Vinaya has a post graduate degree in Data Telecommunication 

Networks from the University of Salford and has worked as both an IT 

consultant and security engineer for companies like Caretower, Happiest Minds Technologies and 

Paladion Networks. 

All of the knowledge gained throughout his career is now being invested into ensuring RiverSafe solutions 

and services are the best they can be and keep its customers’ networks secure. 

When not working, Vinaya enjoys travelling, cooking and photography. 

Vinaya can be reached at RiverSafe’s company website https://riversafe.co.uk/ 



Fostering Total Trust with A ‘Zero-Trust’ 

Approach in Financial Services 

By Stefan Auerbach, CEO, Utimaco 

Despite annual spending on cybersecurity by the financial services industry reaching $600 million 

annually – a figure which is growing every year – trust in financial institutions (FIs) remains relatively low. 

According to new research, which surveyed consumers in countries as varied as the United States, 

Mexico, Germany, and the UK, just 13% of people across the globe trust FIs completely, while 5% don’t 

trust them at all. The majority of people around the world say that they only have ‘some’ trust in FIs’ digital 

security. 

As a result, we found that cash remains the most trusted payment option and is believed to be secure by 

36% of people. On the other hand, only 12% of respondents said that they believe credit and debit cards 

are secure. Being prudent about digital security is always sensible of course, but this wariness from 

customers can directly impact an FI’s bottom line. The tiny processing fees that FIs make on individual 



card transactions often comprise a huge part of their revenue, so customers using cash due to trust 

concerns can be problematic. 

It also poses an issue for companies trying to expand their capabilities and services: consumers in our 

research had the lowest levels of trust in cryptocurrency, for example, with only 2% worldwide citing it as 

secure. Trust plays a crucial role in whether new payment methods achieve mass adoption, regardless 

of their benefits for the end user. Although our own survey didn’t cover open banking, similar surveys 

have found that trust is a major factor in why it is not more widely adopted. 

What is Zero-Trust? 

Many modern-day security systems are not sufficient as hackers will have full access to a company if 

they breach the system. Meanwhile, while it may seem contradictory, a new security framework called 

zero-trust may in fact be the solution. With zero-trust, everyone has their own biometric profile or 

passcode that only permits them to enter the parts of the facility that are relevant to their work, and their 

identity must be verified every time they enter a new area. 

Zero-trust fundamentally uses robust access controls and continuous authentication mechanisms to 

ensure that sensitive financial systems and data are only accessed by authorized entities. This entails 

meticulous user identity verification through multifactor authentication (MFA) and the least privilege 

principle, which restricts user access only to the resources required for completing tasks. 

This approach is more formidable against modern threats. Everything from account takeover to 

sophisticated malware attacks make other forms of security inadequate. Banking trojans are capable of 

emptying customer bank accounts in seconds and, despite their strong security, banks are not immune 

from cyberattacks. In 2021, for example, Flagstar Bank lost its members’ social security numbers after it 

was breached by an attack. Malware attacks on FI companies are extremely frequent, which is why the 

sector could lose $700 million to cybercrime over the next five years. 

While zero-trust's segmentation strategy breaks the network down into distinct zones, each segment can 

be isolated and fortified to prevent specific threats. Network microsegmentation leverages firewalls, 

intrusion detection systems, and encryption to bolster these barriers. 

The zero-trust approach can be implemented by FIs to mitigate data breaches, safeguard customer 

financial information, and uphold regulatory compliance standards such as PCI DSS and GDPR. As 

digital channels and remote work arrangements become increasingly prevalent, zero-trust's holistic and 

adaptive cybersecurity approach emerges as a cornerstone for bolstering the industry's resilience against 

the evolving threat landscape. 

However, there are some costs or drawbacks associated with implementing this new security framework. 

Many FIs, including banks, are still using legacy systems, which means extra security checks are needed. 

This can hinder the customer experience and increase the possibility for user error. With FIs’ networks 

located in ‘the cloud’, having full control can also prove difficult. Although a rock-solid zero-trust 

environment can be created, the companies they work with might not have the same capabilities. 



How do you create a zero-trust environment? 

Here are some steps for creating a successful zero-trust environment in a financial services company: 

1. Define your perimeter: Today, the complexity of FIs, M&A activity, and cloud computing make 

them even more so, means we must define what is and isn’t within the remit of the company’s 

zero-trust policy. 

2. Microsegmentation: Segmenting your company’s digital operations into segments is useful when 

using zero-trust. If a company is compromised by a malware attack but the data is encrypted, 

then its damage can only spread so far. 

3. Continually monitor devices: Devices used by FIs are constantly being connected / reconnected 

and are made up of dozens (if not hundreds) of components and many third parties may not have 

security practices. Thus, every device needs to be continually monitored, even after it has passed 

security checks. 

4. Data inventory: You need to categorize your company data by its importance and allocate 

appropriate levels of protection, while ensuring it’s still made available to those who need it. There 

will need to be strong governance protocols so that going forward every new piece of data can be 

classified. 

5. Implement security controls: Finally, systems can be put in place that enable the zero-trust 

system, deciding what methods of verification are appropriate for each ‘checkpoint’, where to use 

multi-factor authentication, which types of encryptions to use for what data and how to adapt to 

future threats like quantum computing. 

Hardware and software systems which encrypt data and manage the digital keys are the foundations of 

a zero-trust environment since they allow each user and device to access the parts of the system that 

they are supposed to access – but nothing more. 

Organizations that are best placed to deploy a zero-trust environment usually have the experience of a 

partner that has been building and integrating these systems for over 40 years. 



About the author 

Stefan Auerbach, CEO, Utimaco. Stefan Auerbach, who was 

Chairman of our Advisory Board in 2018, took over the position of 

CEO in January 2019. Stefan has a background of more than 30 

years in R&D, Service, Marketing and Management of Global 

Sales Organizations for Information Technology and Mobile 

Security. He started his career in Nixdorf Computer, held several 

key management positions in Siemens Nixdorf and was a longterm 

Board Member in Wincor Nixdorf and Giesecke & Devrient. 

About UTIMACO 

UTIMACO is a global platform provider of trusted Cybersecurity and Compliance solutions and services 

with headquarters in Aachen (Germany) and Campbell, CA (USA). UTIMACO develops on-premises and 

cloud-based hardware security modules, solutions for key management, data protection and identity 

management as well as data intelligence solutions for regulated critical infrastructures and Public 

Warning Systems. UTIMACO is one of the world's leading manufacturers in its key market segments. 

550+ employees around the globe create innovative solutions and services to protect data, identities and 

communication networks with responsibility for global customers and citizens. Customers and partners 

in many different industries value the reliability and long-term investment security of UTIMACO’s highsecurity 

products and solutions. Find out more on www.utimaco.com. 



Cybersecurity in Digital Afterlife 

Managing cybersecurity risks in digital afterlife 

By Chahak Mittal, GRC Manager, Universal Logistics 

The concept of the digital afterlife is not merely theoretical; it is a tangible and growing phenomenon. 

From social media platforms to AI chatbots, there are many ways in which our digital footprints persist 

after death. 

Several TV shows and movies have explored the concept of the digital afterlife, raising important 

questions about ethics, privacy, and the nature of grief. 

1. Upload (2020-present): This Amazon Prime Video series imagines a future where people can 

upload their consciousness to a virtual afterlife. The show explores the social, economic, and 

ethical implications of this technology. 

2. Black Mirror (2011-2019): This anthology series features several episodes that explore the dark 

side of technology, including the digital afterlife. For example, the episode "Be Right Back" follows 

a woman who uses a service to create a lifelike AI replica of her deceased boyfriend. 

3. Altered Carbon (2018-2020): This Netflix series is set in a future where human consciousness 

can be stored on digital storage devices called "stacks." The show explores the implications of 

this technology for immortality, social inequality, and the nature of identity. 



Consider the following data and real-life examples: 

1. Data Persistence: According to a survey conducted by the Pew Research Center, as of 2021, 

72% of American adults use social media platforms, and many of them have more than one 

account. These platforms host vast amounts of personal data, from photos to messages. 

According to Facebook's most recent investor's report, Facebook currently has 2.895 billion 

monthly active users (MAUs). Tragically, some of these users pass away, leaving behind digital 

footprints that persist. The families of these users must navigate the delicate task of managing 

their loved ones' online presence. According to a research paper from the University of Oxford 

Internet Institute published April 2019 in the journal Big Data & Society, the dead will eventually 

outnumber the living on Facebook. 

2. Posthumous Interactions: AI and natural language processing advancements have led to the 

development of chatbots and virtual avatars that can simulate conversations with the deceased. 

3. The AI company Replika offers a chatbot service that allows users to create AI friends. While 

primarily intended for the living, some have contemplated using such technology to interact with 

the memories of loved ones. 

4. Digital Immortality: The idea of digital immortality is emerging as a fascination for some. Projects 

like the Eternime app aim to create digital avatars that continue to learn from a person's digital 

history. Eternime wants you to live forever as a digital ghost. 

Microsoft introduced an AI chatbot designed to mimic the personality of a deceased loved one, 

based on text messages, emails, and social media posts. This experiment sparked both curiosity 

and ethical concerns. This chat bot can bring you back from the dead, sort of. 

Cybersecurity Risks in the Digital Afterlife 

Understanding the stakes of cybersecurity in the digital afterlife 

becomes even more critical when considering real-world incidents: 

1. Legacy Preservation and Privacy: The data left behind by 

individuals often becomes a target for cybercriminals. According to 

Norton's 2021 Cyber Safety Insights Report, cybercrime cost 

victims nearly $1 trillion globally. Protecting digital legacies is 

essential to prevent unauthorized access. 

In 2020, the Twitter accounts of several deceased celebrities were 

compromised as part of a cryptocurrency scam, highlighting the 

need for robust cybersecurity measures to protect posthumous 

online identities. 



Further, PharMerica Healthcare disclosed that its systems were breached in early 2023 by an 

unauthorized third party, which resulted in the leak of the personal details of more than 5.8 million 

deceased people. 

2. Posthumous Identity Theft: The phenomenon 

of posthumous identity theft is increasingly 

prevalent. In 2021, the Identity Theft Resource 

Center reported that cases of identity theft 

increased by 72% compared to the previous 

year. 

The family of a deceased individual discovered 

that the deceased's personal information was 

used to open fraudulent bank accounts and take 

out loans, causing significant financial and 

emotional distress. Obituary Scams are 

becoming more common. Obituary scams, also 

known as bereavement scams, typically start 

with information gleaned from death notices in 

newspapers or posted online. Criminals harvest 

facts commonly included in obits — such as the 

deceased’s birth date, where the person lived and worked, and family members’ names — to start 

building a profile for identity theft. 

Cybersecurity Risk Management 

As seen above, our digital afterlife is becoming 

increasingly important, and with it comes new risks. 

Posthumous identity theft, unauthorized access to 

accounts, and misuse of personal data are all potential 

threats. 

A risk management approach to protecting your digital 

afterlife can help you identify, assess, and mitigate these 

risks. Here are some key steps: 

1. Identify your digital assets and accounts. This includes everything from social media profiles to 

financial accounts to online storage services. 

2. Assess the risks to each asset and account. Consider the following factors: 

o What type of data is stored in the account? 

o How sensitive is the data? 

o How easily could the account be accessed by unauthorized individuals? 

3. Implement mitigation strategies to reduce the risks. This may include using strong passwords, 

enabling two-factor authentication, and reviewing privacy settings. 



4. Create a digital estate plan. This document should outline your wishes for your digital assets and 

accounts after your death. It should also include contact information for your digital executor. 

5. Review and update your digital estate plan regularly. As your online presence evolves, so should 

your digital estate plan. 

Conclusion 

Our online presence continues to grow exponentially, and so 

does the importance of protecting our digital afterlife. Identity 

theft of deceased persons is a growing problem, and it can 

have serious financial and emotional consequences for loved 

ones. The risk management approach can help you protect 

your digital legacy, privacy, and prevent posthumous identity 

theft. By taking these steps, you can ensure that your wishes 

are respected and that your loved ones are protected after 

your passing. 


Chahak Mittal is a Certified Information Systems Security Professional 

(CISSP) and Cybersecurity Governance, Risk and Compliance Manager 

at Universal Logistics. Chahak is deeply committed to knowledge 

sharing and community engagement. She has actively contributed to the 

cybersecurity ecosystem through her roles as a Judge at Major League 

Hacking (MLH) Hackathons and a dedicated Cybersecurity Teacher in 

the Microsoft TEALS Program. Chahak's active involvement in 

organizations such as the Cybersecurity Collaboration Forum and 

SecureWorld's Detroit Advisory Board has been instrumental in her 

pursuit of staying at the forefront of industry trends and challenges. She 

has also channeled her insights into thought-provoking cybersecurity articles, published on SecureWorld, 

making a meaningful contribution to the field's intellectual discourse. Chahak's commitment to diversity 

and inclusion in cybersecurity is unwavering. She has actively participated in organizations like Women 

in Cybersecurity (WiCyS) and the Michigan Council of Women in Technology (MCWT), where she has 

championed the cause of gender diversity within the field. Her outreach efforts extend to interviews on 

prominent media platforms like PBS Channel and the Women in Technology podcast, where she has 

shared her insights to inspire young girls to consider cybersecurity as a viable and rewarding career path. 

Chahak Mittal can be reached online at goyalchahak6@gmail.com and at her LinkedIn profile 

www.linkedin.com/in/chahak-mittal-cissp/. 



When the Enemy Is DDoS, Holistic Protection 

Is a Must 

An infinite variety of attack methods require customizable solutions. 

By Sean Newman, VP/Product Management, Corero 

Sun Tzu was an exceptional general, strategist, and philosopher, and certainly one of the most prolific 

and best-known military figures in history. When he stated that “the greatest victory is that which requires 

no battle,” it’s safe to assume that he wasn’t anticipating that his words would be relevant many centuries 

into the future, let alone applied to something as abstract as cybersecurity. But some 2,000 years later, 

they hold just as true in cyberspace as on the battlefield. 

While the battles he led centuries ago were complex in their own right, they in no way reached the same 

orders of magnitude that face today’s enterprises when attempting to secure their organizations. 

Today, most, if not all, companies do at least a portion of their business online. For many, this means 

employees rely on cloud-delivered applications to go about their daily tasks, and the companies 

themselves rely on the internet for their bottom line. It goes without saying that these organizations must 

be available to their customers 24/7—even brief outages can result in lost revenue and productivity and 



do untold damage to a company’s reputation. Gartner estimates that downtime can cost up to $5,600 per 

minute; meanwhile other estimates suggest that even small businesses may lose over $100,000 per 

hour. Unfortunately, those daunting figures do more than emphasize the importance of the internet in 

modern commerce—they put companies squarely in the crosshairs of malicious actors looking to launch 

distributed denial of service (DDoS) attacks. 

Modern DDoS attacks pose a triple threat. 

Nearly 30 years after the first known DDoS attack, whereby a perpetrator floods their victim with traffic 

from across the internet, it remains a favorite attack type. From the standpoint of a cybercriminal, they 

have a lot to offer: they can be launched from anywhere in the world; they can be automated and multivector; 

and increasingly, they can be crafted to behave similarly to “normal” internet traffic, thereby 

evading human observation and manual, or legacy, mitigation techniques. Best of all, for the attacker 

perhaps, is the fact that many legacy DDoS mitigation solutions can also take more than ten minutes 

before their defenses kick in. This has led attackers to engineer shorter, sub-saturating attacks that are 

capable of inflicting as much, if not more damage, than their larger, longer-running volumetric 

counterparts. 

Disconcertingly, malicious attackers have taken a page out of modern warfare and, increasingly, are 

launching carpet-bomb (also known as “spread spectrum”) DDoS attacks, which distribute themselves 

across a large number of targets rather than a more easily identifiable single target. 

This carpet-bomb technique poses a triple threat to defenders in that it’s able to evade detection by flying 

under the radar of legacy, per-IP analysis techniques and thresholds. This attack technique also 

invalidates the use of black-hole or null-route mitigation, making it even more difficult for companies to 

avoid collateral damage. And because they more easily overwhelm scrubbing lane capacity (where traffic 

is redirected to be cleansed of malicious DDoS packets), cloud service budgets are exceeded and 

reporting systems are overloaded. 

Counter the critics. 

IT security leaders have the unenviable responsibility of selecting exactly the right solutions to defend 

against a host of ever-evolving threats, and when (not if) an attack occurs, everyone’s an armchair critic. 

Luckily, there are several basic tenets to follow when selecting the right DDoS defense solution. 

Less bad isn’t good enough. The best solutions are those that do more than mitigate attacks—they 

prevent them entirely. Unfortunately, all too many DDoS defense solutions don’t go the extra mile to stave 

off attacks. Instead, they only make them “less bad” by mitigating them, meaning that organizations must 

still deal with downtime and lost productivity and/or revenue while they recover. 

Semantics matter. There is a big difference between “always on” and “on demand.” The former means 

that your solution is always there, protecting your systems and devices against intrusions. On-demand, 



however, might as well translate to “already in trouble.” On-demand solutions monitor, but simply can’t 

react fast enough to prevent some amount of downtime. It can be minutes or tens of minutes before 

protection kicks in, and in that time most, if not all, of the damage is done. Rubbing salt in the wound, 

recovering downed servers and applications almost always takes significantly longer than the time it took 

a DDoS attack to fell them in the first place. 

Do you feel lucky? IT leaders shouldn’t even be asking themselves if the odds are ever in their favor. 

They need confidence in the fact that their solution automatically protects against known and zero-day 

attacks. These same solutions should also be capable of effectively defending against evasive 

techniques such as multi-vector and carpet-bombing. Moreover, a solution should be able to shorten the 

detection-to-protection timeline to mere seconds so that downtime is prevented. 

Bespoke is for more than suits. A good solution is one that can be tailored to fit a company’s needs. 

Some of the best solutions are those that allow IT leaders to select the defense and services they 

currently need, with room to grow as their needs evolve. Good DDoS defense solutions will offer flexible 

deployment with hardware, virtual software, and integrated options that align with company architecture. 

A modular platform that adapts to the ever-changing DDoS landscape can help companies maintain 

business continuity, while simultaneously protecting against future threats. Automation is also critical as 

it frees IT teams to focus on high-value initiatives and projects that grow the organization. Optional 

managed service offerings, meanwhile, are more than nice-to-haves as they deliver valuable domain 

expertise, without burdening existing staff and resources. 

Count the cost. When choosing a DDoS defense solution, cheaper isn’t necessarily better. Ask yourself 

what the true cost of an outage would be, accounting for both damage to your bottom line and your 

reputation and choose accordingly. 

Ponder and deliberate. 

Regardless of size or sector, companies need to be prepared for both high-volume and sub-saturating 

DDoS attacks, looking for defense that extends beyond brute force, slow-to-react mitigation to full 

protection that eliminates any impact on their or their customers' businesses. Investing in an advanced 

solution that is capable not only of viewing the IP address space holistically to detect and report on 

malicious behavior, but that delivers full protection in seconds rather than minutes is imperative. 

There are many solutions that purport to address the threat from DDoS attacks. When it comes to 

selecting the one that’s right for your company, take a page from the Art of War: Ponder and deliberate 

before you make a move. 




Sean Newman is the Vice President of Product Management for Corero 

Network Security, where he is responsible for Corero’s product strategy. 

Sean brings over 25 years of experience in the security and networking 

industry, to guide Corero’s growing leadership in the real time DDoS 

protection market. Prior to joining Corero, Sean’s previous roles include 

network security Global Product Manager for Cisco, who he joined as part 

of their acquisition of cyber-security vendor Sourcefire, where he was 

Security Evangelist and Field Product Manager for EMEA. Prior to that he 

was Senior Product Manager for endpoint and network security vendor 

Sophos, after having spent more than 12 years as an Engineer, 

Engineering Manager and then Senior Product Manager for network 

infrastructure manufacturer 3Com. 

Sean can be reached online Sean.Newman@corero.com and at our 

company website http://www.corero.com/. 



Data Sanitization for End-Of-Use Assets 

Taking The Worry Out of Retiring Assets 

By Roger Gagnon, President & CEO, Extreme Protocol Solutions 

Organizations across the globe are prioritizing Cybersecurity efforts as threats from cyber criminals are 

on the rise. As the circular economy and green initiatives grow simultaneously, increased vigilance in 

data security efforts for end-of-use enterprise and office systems needs to be prioritized as well. 

Why Worry About Retiring Assets? 

Most organizations focus on live data security, which of course is extremely important. Recently 

decommissioned assets, however, contain the same data that was just migrated to the new live systems. 

That data must be digitally destroyed on the end-of-use systems with an accompanying tamperproof 

certificate of destruction prior to re-use or recycling to satisfy regulatory compliance with HIPAA, FACTA, 

Gramm-Leach-Bliley, CMMC, GDPR, and a host of other industry or government-related data privacy 

laws that keep compliance and security officers awake at night with data breach concerns. 

Just because an asset is being decommissioned doesn’t place any less importance on the data it 

contains, nor on the risk mitigation required to ensure its re-entry into the circular economy. In fact, the 

danger that this data can be utilized for nefarious purposes is even greater than live systems since these 

assets no longer hide behind corporate firewalls and other cybersecurity gateways that are constantly 



eing monitored to protect against misuse of data. Because of this threat, it is of the utmost importance 

that organizations acquire certified software/hardware solutions or hire a certified IT Asset Disposition 

Company (ITAD) to effectively destroy all remnants of data on all data-bearing devices prior to those 

devices leaving their secured facilities. 

Assets at Risk 

The task of destroying this data can sometimes be overwhelming. In a data center, data-bearing assets 

range from enterprise storage arrays, hyper-converged storage, servers, blade servers, network 

switches, routers, firewalls, storage switches, and access points to assets commonly found in offices. In 

an office space, laptops, desktops, high-end Chromebooks, servers, mobile phones, tablets, high-end 

printers, scanners, and copiers can all contain sensitive data that must be purged before removal from 

the facility. If that list of assets isn’t daunting enough, consider that for each asset type, there may be 

hundreds or thousands of combinations of manufacturer, model, and firmware for each device type. Each 

of these may behave slightly differently than the other and require either specialized knowledge or 

software to properly sanitize the data. 

What Standards Exist 

Fortunately, there are clear standards for data sanitization in place and new standards being finalized for 

both present and future use. Gone are the days of Department of Defense 3X, 5X, and 7X overwrites. 

Today’s storage is too varied and overwrites can be ineffective on certain types of storage media. Luckily, 

there are standards in place that provide secure, absolute data sanitization with forensic science to back 

them up. 

1. NIST SP800-88r1 (2014) 

o This standard has been the gold standard since its inception. It is no longer being revised and 

therefore is not up to date with the latest storage devices and technology. Because of this, 

IEEE decided to update it and create a new standard, IEEE 2883. 

2. IEEE 2883 (2022/2023) 

o This standard picks up where NIST left off and accounts for the latest storage devices. It will 

be the new standard moving forward. It addresses both digital sanitization and physical 

destruction of data-bearing assets. 

Where to find help 

Now that this article has rightfully put some fear into anyone in charge of managing these assets as they 

make their transition from in-use to end-of-use, take solace in the fact that there are solutions and 

services out there that can mitigate data security risks to the highest standards and provide certifications 

that can be used for security audits and regulatory compliance. There are vendors that manufacture 



certified data sanitization software and hardware solutions equipped to handle a massive variety of asset 

types and configurations for those inclined to leave nothing to chance and want to keep risk mitigation 

and data security in-house. There are also the aforementioned IT Asset Disposition Companies or 3 rd 

party professional services companies, many of whom also provide on-site data sanitization services and 

white glove asset removal. 

What to look for in a solution or service 

First and foremost, any solution or service should have certification(s) that attest to their efficacy and 

professionalism. Certifying bodies such as R2, e-Stewards, and NAID AAA provide detailed audits of IT 

Asset Disposition (ITAD) companies and 3 rd party service providers to ensure they are meeting a variety 

of standards for asset handling, tracking, and, of course, data security. Certifying bodies such as ADISA 

provide detailed forensic analysis of software solutions for compliance with NIST and IEEE erasure 

standards. Make sure that whomever you deal with has certifications appropriate to their function. 

Conclusion 

In today’s increasingly complex business environment, a massive number of data-bearing devices are 

constantly being placed in end-of-use states through technology refreshes, lease returns, malfunctions, 

and a variety of other reasons. Regardless of the inactive status of an asset, and no matter how daunting 

the task, data-bearing devices must be protected by proper sanitization techniques that adhere to the 

highest standards. Finding the right solution or service can be challenging, but proper due diligence and 

prioritization around data security will ensure that no data leaves a facility and keeps both businesses 

and customers safe. 


Roger Gagnon is the President and CEO of Extreme Protocol Solutions, 

a leading provider of data sanitization solutions based outside of Boston 

in Uxbridge, Massachusetts. He began his career as a data storage 

engineer for both EMC and Digital Equipment. In 1999, the Worcester 

Polytechnic Institute grad founded Extreme Protocol Solutions (EPS). 

Over the next two-plus decades, Roger built EPS into a global player in 

the data storage test, development, and sanitization markets. EPS 

remains committed to cutting-edge, customer-focused solutions that 

ensure risk mitigation while providing substantial ROI for Fortune 100, 

500, and 1000 companies. Roger can be reached at 

rgagnon@extremeprotocol.com; EPS’s website is 

www.extremeprotocol.com. 



Developers Hold the New Crown Jewels. Are 

They Properly Protected? 

By Aaron Bray, CEO. Phylum 

Cybersecurity has changed dramatically in the last four years. During the pandemic, organizations around 

the globe found themselves faced with accelerating digital transformation initiatives, remote workforces, 

and a whole host of other concerns that have dramatically changed the attack surface they must defend. 

However, most organizations have a security posture that hasn't yet metamorphosed in response to the 

changes their operations, processes, and systems have undergone. 

One of the biggest impacts of these changes has been a dramatic shift in the tradeoff concerning where 

the proverbial security "crown jewels" of the organization lie, and the cost an attacker faces in trying to 

gain access to them. In the past, organizations consisted largely of traditional, on-premise workforces 

who primarily used workstations while at work, which connected to domain controllers that lived onpremise, 

and were tended by system administrators. This effectively centralized power in the hands of 

the system administrators, which made them the primary target of any potential attacker. 

Compromising an account with domain administrator privileges would enable access to virtually anything 

connected to the network. Additionally, consider that the security posture of this type of organization, 



from basic hygiene concerns like patch maintenance and breach detection to higher order concerns such 

as managing security policy and direction, all reside entirely with security staff, executives, and system 

administrators retained by the organization. The ability to prevent attackers from successfully breaching 

systems, moving laterally, and ultimately gaining access to these "God" accounts is entirely a function of 

how much the organization prioritizes security, and in some cases, how much legacy baggage to which 

they are subjected. 

As Attack Surface Expands, Targets Shift 

Contrast this with modernized organizations: What does the attack surface look like when many businesscritical 

assets have now been shifted to the cloud, organizations are increasingly leveraging third parties 

to handle what were previously core business IT functions (i.e., the adoption of products like Office365 

and G Suite), many employees are working remotely, and more development processes have migrated 

from slow, gated releases to being effectively continuous? Fundamentally, it means that the traditional 

system administrator accounts likely don't have credentials centralized in quite the same way they were 

before, and traditional access vectors outside of more unsophisticated approaches like phishing, such as 

exploitation, are more expensive than they were previously. It becomes much more challenging, for 

example, to find an unpatched mail server or domain controller to compromise when that entire function 

has now been effectively outsourced to Microsoft. 

Additionally, engineering teams now have far more access than they enjoyed previously, with far fewer 

security controls. Many organizations have no endpoint protection on developer systems or have policy 

exceptions for build and test directories. Cloud infrastructure is often maintained "as code.” Many modern, 

business-critical assets are now described by a set of scripts that are read, modified, tested, and deployed 

through Continuous Integration / Continuous Deployment (CI/CD) solutions. 

The same is generally true of most modern development processes. Large enterprises now field 

hundreds or thousands of builds every day. From a security perspective, software developers and CI/CD 

systems now have access to a tremendous amount of business-critical functionality. In order to operate, 

developers often have administrative access to cloud infrastructure, credentials for production data, and 

intellectual property, not to mention systems featuring little-to-no security tooling, almost universal local 

administrative privileges, and unfettered access to download things from the open internet. 

What this means is the balance has shifted. In the past, system administrators were the quick, easy 

targets attackers used to gain broad access and the ability to operate with impunity throughout an 

organization. Those targets have become harder and much more expensive for attackers to reach, with 

now substantially-reduced rewards. 

On the other hand, modern organizations face an absolutely staggering amount of risk in the activities 

performed by their development workforces and processes, including CI/CD infrastructures, and 

shockingly few tools exist to help mitigate or even give insight into the challenges faced. 

On top of this, attackers have taken note - leveraging these open channels to steal credentials, production 

data, intellectual property, and more. Perhaps the most frightening aspect of most of these incidents is 



the fact that many organizations lack even basic visibility into these activities, or try to rely on more 

traditional controls such as standard endpoint products, which don't at all align with the threat model 

these types of attacks represent. This means that many more such breaches are likely already underway, 

albeit undetected. 

So how do attackers use these channels to gain initial access, and how does this really change the threat 

model? One of the most active vectors that adversaries are currently leveraging to gain a foothold in 

organizations is the Open Source Software (OSS) ecosystem. While this may seem a bit unintuitive at 

first blush, let's consider briefly how OSS development and consumption has evolved, and what that 

statement really entails. 

Open Source Software: Rewards and Risks 

OSS has risen to prominence in the last two decades, despite having a relatively rich history well before. 

These days, nearly every organization in existence, from governments to regulated industries to 

advertising agencies, rely on it for business-critical functions. It has led to many great things, including 

massive cost reductions for development and faster time to field. However, it does come with sharp 

edges. 

While many of the more traditional issues, like problematic licenses and unpatched vulnerabilities, are 

relatively well understood, there is also an entire strata of new issues that have risen to the forefront in 

the last few years as well - driven by a migration of processes from static to continuous, backed by 

systems that were fundamentally designed without security in mind. 

What does the open-source ecosystem as an access vector really mean, and how does this relate to 

developers? Consider that most modern software projects of any sophistication contain thousands of 

third-party, open-source software packages. These packages are published, managed, and maintained 

by tens of thousands of volunteer software developers from all over the globe. While some may have 

corporate backing from a large enterprise, there is fundamentally no sort of traditional supplier 

relationship between those who create the OSS, and those who consume it. Everything is effectively 

supplied as-is. 

These packages are pulled down and incorporated into business-critical systems in a massive, messy 

web. For example, a software developer may install a popular package to solve a common business 

problem. That package may depend on two or three other packages, which will also silently get pulled 

down and installed. Each of those two or three packages, in turn, will likely depend on more packages, 

and so on. From a security practitioner's perspective, that single software developer installing that one, 

innocuous, popular package has now effectively integrated a supply chain of software spanning 

thousands of possible individual software packages, maintained by tens of thousands of strangers that 

have no relationship or vetting process of any sort with your organization, into a business-critical piece 

of software. Worse yet, each one of those thousands of software packages gets the ability to execute 

code each and every time the software developer or CI/CD runner hits "install" or "update." 



An analysis of the largest, most active software package managers developers pull packages from found 

that in Q2, an average of about 28,000 packages were published every day - a staggering amount when 

considering that most of these package managers have a veritable skeleton crew on staff of usually one 

to three individuals responsible for trying to manage and triage all of the software being published. While 

these ecosystems are the primary locations developers pull packages from in order to build software, the 

contents are largely unvetted. In fact, bursts of bad activity have actually triggered some of these 

ecosystems to shut down portions of their functionality altogether. 

Phylum's research reports for Q1 and Q2 Security researchers have noted an increase in incidents in 

which bad actors have pumped out hundreds of thousands of packages that are either spam or actively 

malicious incidents in which bad actors have pumped out hundreds of thousands of packages that are 

either spam or actively malicious; the vast majority of which targeted software developers and CI/CD 

infrastructure. While some of these attacks take a spray-and-pray approach, many are much more 

targeted. Attacks like dependency confusion enable malicious actors to surgically target organizations 

through their software supply chains, and a massive rise in typosquatting attacks, which may come in a 

surprising variety of flavors, tend to target popular open-source packages in use by organizations of 

interest. Additionally, threat actors have also employed attacks against the package maintainers 

themselves in order to gain a foothold. 

Software Developers: The New Keepers of the Crown Jewels 

Software developers have become the new high-value targets, owning much more privilege, with much 

less security and oversight than in the past. Attackers are capitalizing on this, as evidenced by the 

dramatic increase in software supply chain-borne attacks and compromises in recent years, and targeted 

attacks on software developers in many recent breaches. 

Organizations have their work cut out for them in adjusting security posture to match organizational 

changes driven by digital transformation. A rapid focus on closing these security gaps is now critically 

important, as it is now more a matter of when, rather than if, a breach as a result of a malicious package 

installed from the open-source ecosystem occurs without intervention. 


My name is Aaron Bray, CEO and Co-Founder, Phylum. Aaron has 14 years of 

experience working in software engineering and information security. He spent 

11 years working within the U.S. Intelligence Community before joining Sony to 

lead development for the Global Threat Emulation cell. Aaron’s past research 

has focused on program synthesis, malware diversity, software anomaly 

detection, and the application of natural language processing techniques to 

binary analysis. Aaron can be reached online at aaron@phylum.com and 

https://www.linkedin.com/in/aaron-bray-422ba06a/ and at our company 

website http://www.phylum.io 



Expect to Fail: How Organizations Can 

Benefit from a Breach 

By Tyler Farrar, CISO, Exabeam 

The Chief Information Security Officer (CISO) is one of the most prominent and well-paid positions in 

digital security. As CISO, you bear primary responsibility for protecting your organization's data, you play 

an important part in business strategy, and help secure the future of the company. Some regard the CISO 

role as the pinnacle of a career in cybersecurity. Security analysts, the entry-level members of a SOC 

team, enthralled by the challenges and rewards of detecting threats and preventing breaches, often 

aspire to this role in the C-suite. 

As they advance up the chain of command, however, they quickly discover that the CISO role is not as 

fascinating as it seems. Rife with stress and intense pressure to ensure organizations comply with 

governance and regulatory requirements, nearly half of CISOs cite human error and a lack of 

cybersecurity understanding as the most critical threats confronting enterprises today. 

The rigorous demands and pressures of the job keep 90% of CISOs up at night, with many opting for a 

career switch. Much of the tension can be attributed to long hours and the misplaced idea that security 

professionals can eliminate all threats. Misaligned expectations can lead to a culture of fear and blame, 

where mistakes are unacceptable. This is a result of CISOs now facing federal charges if it’s proven they 

failed to properly handle a security breach. Scapegoating CISOs for security incidents is not new, with 

many subjected to public blame or firing for such incidents. But new accountability measures from the 

federal government have made a CISO’s job even more difficult. 



For those hesitant to take on the CISO role due to pressure of failure and its career implications, I would 

argue that a healthy outlook begins by recognizing that failure will happen. In cybersecurity, managing 

an incident is not a question of if, but when. The biggest difference is in how you prepare. 

The best laid plans… 

Protecting an enterprise from the continual threat of financial or reputational damage is a tall task. CISOs 

also live with fear that, despite taking all reasonable precautions to mitigate cyber risk, some threat will 

invariably infiltrate a business and cause harm. 

Wise security experts know that threat actors aren't lying in wait. They are constantly changing their 

tactics and approach to remain unpredictable to even the most seasoned security professionals. Consider 

this: you’ve invested time and effort into creating an incident response plan, and your team has been 

trained, giving you full confidence that they’ll know what to do, if and when the breach occurs. 

However, when the breach happens, you discover that the incident response procedures weren’t 

adequate, and you failed to account for the impact of the breach on the firm. In this circumstance, no 

amount of training or practice adequately prepares your SOC personnel for the harsh reality of the 

security incident, with no way to capture everything that occurs during a breach, especially the gravity 

and intensity that accompany it. 

…of mice and men often go awry 

As the famous quote indicates, even when you plan carefully, something will go wrong. That’s why 

reducing human error is crucial for cybersecurity. Given that more than half of CISOs consider human 

error to be the greatest threat to enterprises, ensuring that everyone in the organization is accountable 

for cybersecurity can be an effective approach to preserving data privacy and security. 

Working together to proactively identify or avoid cyber risks can result in enterprises developing a wellvetted 

planning stage with awareness of potential outcomes of security operations and threat detection 

teams. This includes forming the appropriate functional teams and ensuring that everyone understands 

their duties. By testing backups and understanding how to recover critical operations from backups can 

near-guarantee that incident response plans are built out and the human error aspect of cybersecurity is 

minimized. 

Existing in a risk-aware culture 

Many private sector firms are incorporating risk awareness into company culture by adding risk 

management training for every employee. Rather than placing the whole responsibility on the CISO, 

create shared accountability across the firm. It is critical to be adaptable and adjust to changing 

conditions. 



The more personnel that you train to be looking out for new dangers, the less likely the company may be 

caught off guard by a vulnerability. To begin, a CISO must provide employees with basic risk 

understanding and language. Explain the processes of managing risk and identifying potential problems. 

Next, provide employees with a well-defined mechanism for reporting risks, and they will be more likely 

to alert of potential issues before they become problems. Finally, use technology to acquire risk-related 

information, boosting transparency and fostering a risk-aware culture throughout the organization. 

Communication, escalation, and documentation 

Communication and delegation are the most crucial aspects of risk management for the CISO. In a crisis, 

CISOs are called to lead the technical incident response, assembling functional teams, delegating work, 

and understanding when to repurpose resources to meet the demands of the incident. It is critical to 

contact Crisis Management teams and discuss the business impact, with an understanding that difficult 

decisions regarding containment must be taken. In a crisis, a CISO must communicate consistently using 

neutral emotion. Doing so can help ensure judgments are sound and not hasty. Forming a risk 

management team composed of stakeholders from several departments can avoid communication silos. 

This is a good time to use technology as an aid in centralizing risk information, establishing a shared 

language, and facilitating communication to address vulnerabilities. Finally, make sure there is 

documentation throughout the process. Delegating a scribe to document all decisions is helpful and can 

ensure the escalation process is followed, with the appropriate persons alerted. This provides CISOs with 

a framework of checks and balances and shares responsibility of the response process. 

Devise a new game plan 

Currently, there is far too much emphasis on breach prevention and not enough on detection. In fact, 

many breaches are not the result of inadequate cybersecurity prevention, rather of the organization's 

poor detection and lack of cybersecurity knowledge. Organizations can focus on preventative measures, 

such as reducing the attack surface to a more manageable level. This must be balanced with incident 

response and crisis management. 

Cybersecurity professionals, and specifically the CISO, must approach their role through the lens of 

opportunity, rather than failure. Each cybersecurity incident provides an opportunity to learn from previous 

mistakes, discover potential weaknesses in cybersecurity policy, and develop more effective measures 

to assist the organization in preventing and detecting future attacks. It is not just about making a plan 

with the intention of succeeding, but rather about accepting that failures are likely to happen - but by 

being prepared to adjust plans, you’ll be well-positioned to minimize any damages. 




Tyler Farrar is the Chief Information Security Officer (CISO) at 

Exabeam. In this role, he is responsible for protecting Exabeam – its 

employees, customers, and data assets – against present and future 

digital threats. Farrar also leads efforts in supporting current and 

prospective customers’ move to the Exabeam cloud-native New- 

Scale SIEM and security operations platform by helping them to 

address cloud security compliance barriers. With over 15 years of 

broad and diversified technical experience, Farrar is recognized as a 

business-focused and results-oriented leader with a proven track 

record of advancing organizational security programs. 

Prior to Exabeam, Farrar was responsible for the strategy and 

execution of the information security program at Maxar Technologies, which included security operations, 

infrastructure governance, cyber assurance, and USG program protection functions. As a former Naval 

Officer, he managed multiple projects and cyber operations for a multimillion-dollar U.S. Department of 

Defense program. 

Farrar earned an MBA from the University of Maryland and a Bachelor of Science in Aerospace 

Engineering from the United States Naval Academy. He also holds a variety of technical and professional 

certifications, including the Certified Information Systems Security Professional (CISSP) certification. 



How to Create a Threat Hunting Program for 

Your Business 

By Zac Amos, Features Editor, ReHack 

When it comes to online security, danger lurks around every corner. A threat hunter’s job is to proactively 

seek out potential problems and stop them before they have a chance to harm a company’s network. 

Here’s how businesses can create their own threat hunting programs and why it’s important to do so. 

Why Is Threat Hunting Necessary? 

Cybercrime is growing exponentially. In 2023, Americans lost $10.3 billion to online schemes — a 

staggering 49% increase in losses compared to the previous year. Enterprises must stay vigilant to 

protect themselves and their assets against bad actors. As well as establishing vital cybersecurity 

measures like implementing two-factor authentication, securing mobile devices and changing passwords 

regularly, companies should utilize threat hunting to fend off attacks. 



A threat hunting program enables faster incident response times. It’s also much easier and cheaper to 

go threat hunting than to clean up after a security breach. Here’s how to create one for a business. 

1. Establish a Baseline 

Before they can establish a threat hunting program, business owners must gain a solid understanding of 

what’s typical within their work environment. For example, they should understand the usual employee 

behavior, activities and network operations that take place within the company. Establishing a baseline 

for what is and isn’t normal is the first step toward identifying outliers. 

2. Identify Important Assets 

What does the enterprise offer to hackers? What are its most valuable assets a threat actor would want 

to target? These will differ from one company to another, but they often include aspects like money or 

client data. Identifying them helps establish why a threat hunting program is necessary and what it should 

focus on. 

3. Define Success 

The next important step is to define exactly what the program should achieve. What key performance 

indicators (KPIs) can the business use to measure its success? 

An example of a KPI is the number of vulnerabilities — specifically those that could’ve installed malware 

on the network — the team remediates within a specific timeframe. KPIs should tie directly to the main 

goal of finding and blocking threats, and should help set the cybersecurity team up for success. 

4. Select a Threat Hunting Strategy 

Not every threat hunting program looks the same. A few common strategies include: 

• Using the MITRE framework to decide where to start 

• Building a minefield under the assumption that a threat actor is already within a network 

• Blocking access entirely by building a wall, ensuring anything related to execution and initial 

access is blocked 

Different strategies address unique needs, so it’s crucial to find the right one for each business. 



5. Decide Whether to Automate 

Although automation isn’t required for threat hunting, many companies — especially those with 

established, advanced cybersecurity programs — automate part of the process to reduce errors and 

boost productivity. For businesses that pursue the automation route, it’s crucial to have the right staff to 

develop and maintain the software. It’s also vital to closely monitor the automation process so it remains 

relevant. 

6. Create a Formal Security Operations Center (SOC) 

Another important step in building a threat hunting program is establishing an SOC. This process 

involves: 

• Creating a centralized logging system to data collecting logs such as host endpoint alerts, event 

logs, AD logs, routers and switches 

• Setting up an automated detection system — such as IDS or SIEM — if desired 

• Acquiring external signature and intel feeds to complement the automated detection system 

• Hiring an incident response team to resolve alerts and investigate incidents 

7. Create Testable Hypotheses 

The main feature distinguishing threat hunting from reactive cybersecurity is it’s proactive, not based on 

alerts. Threat hunters look for problems long before the alarm even sounds. To do this, they build 

hypotheses and then set about testing them. 

For example, a hypothesis could state that if hackers executed a certain type of malware on the company 

network, very specific evidence would exist to prove the malware is on the system. Essentially, if the 

malware exists, it will leave a detectable signature. 

Threat hunters will then use that theory to run iterative hunting campaigns in their search for malware. 

They will look for the specific evidence outlined in their hypothesis to try and detect it. 

8. Think Like a Hacker 

Lastly, creating a threat hunting program means thinking in a proactive rather than reactive manner. It 

entails always looking for vulnerabilities in the enterprise’s network and wondering how best to exploit 

them. 

To sharpen their proactive thinking, threat hunters can use purple teaming for testing. This strategy 

involves security teams simulating malicious attacks against the organization’s network, then working 

together to solve them. 



Staying Prepared 

As cybercrime becomes more prevalent, anticipating it is more important than ever. A good threat hunting 

program fends off attacks before they even start to protect an organization’s time, money and data. It’s a 

valuable tool in a company’s arsenal against threat actors — and it will only become more important as 

time goes on. Hackers may be savvy, but threat hunters are always one step ahead. 


Zac Amos is the Features Editor at ReHack, where he covers cybersecurity 

and the tech industry. For more of his content, follow him on Twitter or 

LinkedIn. 



How To Improve Security Capacities of The 

Internet of Things? 

By Milica D. Djekic 

The security of the Internet of Things (IoT) is one of the main challenges of today. Many IoT assets could 

get an easy target to cyber attacks and it’s highly recommended to somehow cope with these 

requirements. The best practice is something that would deal with the final solutions, while we would like 

to suggest that an IoT design is something we should pay more attention on. When we say a security 

within a design – we would mean by that a better cryptography equally being applied to communication 

channels and end user’s data. In other words, the role of this chapter is to deal with some suggestions 

regarding the IoT security and try to explain how we could improve the next generation solutions. 

The main IoT security’s requirements 

The IoT should offer us a great deal of security and privacy. Unluckily, with today’s solutions that’s not 

fully the case. Many IoT solutions would deal with the so called – rookie’s mistakes and it would appear 



as absolutely unbelievable how some solutions being expected to get highly professional would cope 

with some beginner’s questions. The IoT security’s requirements should get high and as many research 

institutions would indicate it’s about the best practice. The fact is the IoT security is about the appropriate 

risk management, but the point is if we could do anything more than such best practice could. Right here, 

we would point on the possible IoT design that should offer us stronger safety and security through its 

usage. The cybersecurity is a wide topic and through this chapter – we could discuss many of its aspects. 

At this stage, we would try to concentrate on all the necessary steps that should get taken to offer us 

much safer private and business environment. 

As it’s already suggested through this material, the IoT solutions could include ICS, SCADA and PLC 

systems, embedded devices, mobile technologies and much more. The main question here would be 

how we could make all of these advancements being more secured. The majority of a job could get about 

the proper set up of those devices being correlated to each other. In other words, we should work hard 

on a good hardware, software and network configuration trying to put the risk at the lowest possible level. 

Also, it’s important to mention that every single day some of the staffs should maintain such a system 

working hard on a better risk management. Many research efforts would deal with some tips and tricks 

how it’s possible to set up your environment in order to avoid any sort of unpredictable scenario. Even if 

that scenario occurs – we should always try to rely on a disaster recovery plan as well as business 

continuity strategy that should support us in resolving some of the practical issues already being 

happened in a practice. 

Finally, some of the challenges for a future would indicate that it’s not all about the management of the 

existing solutions, but rather about development and deployment of new systems that would deal with a 

better cyber defense. For instance, many experts would indicate that the IoT of the future should cope 

with the stronger encryption and in such a way – offer the better performances to its next generation 

devices. Also, it’s well known that IoT systems would use the big network being created using many 

devices talking to each other. In other words, it’s so recommended that those devices should get a wellprotected 

communication channel as well as deal with the good data cryptography securing the devices 

themselves. In conclusion, some of the next generation IoT improvements are about the better device’s 

security which could get obtained through the good practices, disaster recovery and business continuity 

strategies and much stronger design of the final products relying on more advanced encryption solutions. 

The recommendations coming from a practice 

Through the practice, we would notice that many IoT solutions would need better software, hardware and 

network configuration. Also, we would realize that the majority of those systems would not follow the 

basic recommendations suggesting that the inbound ports should get hidden from some of the IoT search 

engines. Also, many networks would not use both – software and hardware firewalls or they would take 

the minimum of actions in updating their routers, modems or the other network devices. 

Also, we would notice some sort of the lack in terms of the good practice in managing the appropriate 

authentication. In simple words, people would not try to deal with the strong usernames and passwords 

that would make an access to the hackers being much requiring. These are only some of the examples 



eing noticed in a practice and some of the advices being indicated to the IoT systems’ users in order to 

make them do the better improvements of their 

security’s capacities. 

The challenges for a future 

At this stage of the IoT development and 

deployment – we would deal with many security’s 

requirements that should get overcome so shortly. 

Some of the weaknesses to this concept are 

already known and the expert’s community works 

hard to resolve those concerns. On the other hand, 

many of vulnerabilities are being discovered as 

time goes on and we believe that these findings 

could only help us improving our current capacities. 

In addition, we think that the IoT of the future would deal with much better encryption. We are aware of 

how these solutions could get expensive at this stage, but we believe that many security’s risk, threats 

and challenges would make cyber industries seriously deal with this sort of challenges. Finally, it’s 

important to say that there are still many challenges to the IoT technology and we hope that they would 

get their responses in a coming time. 

The concluding talk 

At the end, we could conclude that the main challenge to the IoT technology could get its security. 

Through this material – we would talk about how serious consequences of the unprotected IoT assets 

could be to their owners. In order to avoid anything of that happens in the future – we should begin 

thinking hard about the possible solutions. In such a sense, any support of the expert’s community is 

welcome and we honestly hope that the future would bring us fewer concerns and offer a much better 

environment to all. 



About The Author 

Milica D. Djekic is an Independent Researcher from Subotica, the Republic of 

Serbia. She received her engineering background from the Faculty of 

Mechanical Engineering, University of Belgrade. She writes for some domestic 

and overseas presses and she is also the author of the books “The Internet of 

Things: Concept, Applications and Security” and “The Insider’s Threats: 

Operational, Tactical and Strategic Perspective” being published in 2017 and 

2021 respectively with the Lambert Academic Publishing. Milica is also a 

speaker with the BrightTALK expert’s channel. She is the member of an ASIS 

International since 2017 and contributor to the Australian Cyber Security 

Magazine since 2018. Milica's research efforts are recognized with Computer 

Emergency Response Team for the European Union (CERT-EU), Censys Press, BU-CERT UK and 

EASA European Centre for Cybersecurity in Aviation (ECCSA). Her fields of interests are cyber defense, 

technology and business. Milica is a person with disability. 



In Pursuit of a Passwordless Future 

By Rob Jenks, Senior Vice President of Corporate Strategy, Tanium 

Many computer users dream of a day when the industry can move past its reliance on passwords to 

reach a more serene future of frictionless cybersecurity. But most IT and security professionals will tell 

you that day is still a long way off. The fact is, countless remaining devices and systems are aging relics 

that have been based on password security for decades. There can be no turning back time for such 

legacy systems - as long as they are in use, we will depend on passwords, at least to some extent. 

For most organizations that means they are stuck in the password filled present, but that doesn’t mean 

there isn’t a passwordless future. Before we can get to that future however, we need to make sure we 

are protecting ourselves on the journey there. 



The issue with passwords 

Passwords usually aggravate users due to all the associated friction. Nobody likes memorizing long 

strands of letters, numerals, and symbols to conduct the simplest business, but weak passwords tend to 

reward bad actors, which is of course the underlying problem. The goal of passwordless is about reducing 

the amount of friction to make authentication and authorization simpler for users. So, in essence, we 

should think of “passwordless” as being “frictionless,” based on simplifying the login process for users. 

The trouble is, the safest passwords are typically the hardest to remember, so there is a high amount of 

friction. But in a world where hackers launch an average of 50 million attacks on passwords every day, 

which equates to 579 strikes per second, according to Microsoft, safety should override convenience, but 

that often isn’t the case. In fact, Verizon found that 60% of data breaches are now attributed to 

compromised credentials. Hackers often prey on a user’s natural proclivity for convenience when people 

re-use the same ID and password combination for multiple sites. Once those passwords and IDs appear 

on the dark web, they can be used for a range of different logins. 

Surviving in the present 

In the short term, we need to bridge the gap between the needs for a strong, complex password – with 

the reduction of friction for employees. Nearly half of all Americans (41%) still rely on memory to recall 

their passwords, meaning that they often adopt simple or repeatable words that are easy to remember. 

There is an easy solution which both reduces friction and improves security: password managers. 

Organizations taking security seriously can offer employees a subscription to a password manager which 

eliminates the need for employees to remember complex passwords while still providing sufficiently 

robust credentials. Additionally, organizations should consider using tools which regularly check if 

passwords are compromised, further ensuring the strength of the passwords used. 

Passwords aren’t enough on their own however, and need to be bolstered by some of the “passwordless” 

security protocols that we have been using for years. Multifactor authentication (MFA) is an age-old 

concept that relies on something you have (a device or application) plus something you know (a captcha 

or existing account) to prove your unique identity and authorize your access. Two-factor authentication 

(2FA) was the first widespread adoption of this method, in which exactly two authentication factors were 

required, but with the threats becoming more sophisticated the industry has been shifting towards 

requiring more than two factors to better safeguard against attack like credential stuffing. These helps 

make the organizations more secure, but also add friction which a passwordless future promises to 

eliminate. 

The road to forgetting our passwords forever 

We have seen many of the biggest tech companies like Apple, Google, and Microsoft lead the charge 

into a passwordless future with the use of biometric recognition or facial recognition. These approaches 

can be an effective alternative to passwords as it is much harder to fake someone’s fingerprints or face 



than to guess their password, but it still doesn’t solve the problem of all the legacy systems that will be in 

use for years to come. 

The only real path forward is organizations committing to updating legacy systems and technologies. As 

the organization’s technology advances and becomes more cloud based, authentication can change 

along with it. The process is slow, but if it is done intentionally, organizations can reduce the number of 

things passwords are needed for, then the number of people who need to use passwords, before finally 

eliminating them all together. 

The passwordless future feels close because we have the technology to do it, but progress will be slow 

as applications are migrated to adopt passwordless authentication. So, while there is no way my 

password manager will be empty by next year, or even the year after that – by 2030? That’s possible. 


As senior vice president of corporate strategy, Rob Jenks leads 

Tanium’s business development and ecosystem efforts. Rob is 

focused on advancing business-critical relationships across 

technology alliances and channel partners, driving new ways 

Tanium’s real-time, accurate data can be leveraged, and 

identifying new market opportunities. 

Prior to joining Tanium, Rob served as vice president of strategy 

and alliances at C3.ai, where he helped the company determine its 

strategy, product, partner, and pricing approach in service of 

delivering business value to its customers. Before C3.ai, Rob led 

the Low Carbon Economics service line at McKinsey & Company, 

an innovative software-enabled capability within the energy 

practice. Rob advised clients across a range of industries on 

strategy and operations related to technology and the clean-energy 

transition. He has also served on advisory boards for early-stage 

fintech and edtech software startups. 

Rob received a Ph.D. in Physics from Harvard University, an M.Phil. in the History of Science from 

Cambridge University, and a BA in Physics from Williams College. 

To learn more or reach out to Rob, visit www.tanium.com and follow us on LinkedIn and Twitter. 



Insights from Billington Cybersecurity Summit 2023: 

The Enhanced Threat Surface of 5G/6G & IOT 

By Dr. Torsten Staab, PhD, RTX Principal Technical Fellow 

From September 5th to September 8th of 2023, Billington Cybersecurity hosted its 14th annual 

Cybersecurity Summit in Washington, D.C. 

Among my fellow Raytheon executives, I was given the honor of joining senior leadership from the U.S. 

government and its allied partners, along with other industry and academic partners to discuss some of 

today’s most pressing national security issues. On the second day of the conference, I myself participated 

in a panel discussion titled, “Breakout C4: The Enhanced Threat Surface of 5G/6G & IoT,” which explored 

the implications of telecommunication capabilities on cybersecurity as true 5G networks and several 

billion more internet-connected devices become a reality. Detailed below are some of my insights 

regarding this topic and the key points that were discussed during the panel. 

It is estimated that the number of internet-connected IoT devices could reach 30 billion by 2030. With an 

exponential increase of commercial and industrial IoT devices and systems, concerns have been 

naturally raised regarding IoT vulnerabilities. These can include a wide range of different threats, such 

as a lack of secure update mechanisms, use of components from questionable suppliers, weak or 

hardcoded passwords, unprotected Application Programming Interfaces (APIs), unencrypted data 

transfer or storage, insufficient data privacy protections, and lack of device management. And as we 

begin to more widely deploy, embed, and rely on interconnected IoT devices and sensors, the basic 

building blocks needed to improve security must be upleveled. Such security measures should include 

Zero Trust by design and promote secure boot, secure firmware and application updates, continuous 

authentication and authorization, secure communications, data encryption (at rest and in transit), and 



configurable data privacy. These building blocks will help reduce potential attack vectors and will make it 

much harder for adversaries to exploit IoT devices, connected infrastructure, and end users. It is also 

important that the focus is not only on cyber-hardening of the IoT devices or sensors. Securing the 

surrounding IoT ecosystem and components, such as mobile apps and cloud-hosted services that 

interact with IoT devices and services like home security cameras and Alexa-type voice assistants, is 

equally important. 

Considering these ongoing and expansive cyber threats in the IoT domain, there is widespread 

recognition that preventative actions need to be taken. In July, the FCC, along with a host of partnering 

companies, announced a late 2024 Cyber Trust Mark labeling program for interconnected IoT and home 

automation devices, such as home network routers, appliances, security cameras, and other products. 

The goal of the program is to help consumers quickly assess the security level of an IoT product or 

service without requiring them to be a cyber expert. Modeled after similar product security programs in 

other countries such as Singapore, the new US Cyber Trust Mark program is expected to help consumers 

with their IoT device purchasing decisions. The program is also expected to help motivate IoT device 

manufacturers to voluntarily add more security to their offering and allow them to use the US Cyber Trust 

Mark to help differentiate their offerings. 

In relation to enhanced 5G/6G threats and attack surfaces, network slicing is often part of the 

conversation. Network slicing, for example, allows a network operator to "slice" a 5G network into multiple 

logical and independent networks and provide fine-grained control over who gets priority network access 

and how much bandwidth each user, application, and service gets to consume. Advanced networking 

capabilities like slicing, however, also considerably increase the implementation complexity and attack 

surface 5G/Future G networks. The official 5G standard specification did not provide sufficient guidance 

on how to implement features such as network slicing securely. As a result, many 5G implementations 

have fallen victim to sophisticated denial of service, side channel, and man-in-the-middle attacks. To help 

address these shortcomings, the NSA and CISA recently released security considerations for the 

implementation of 5G network slicing. In their recommendations, they address some identified threats to 

5G standalone network slicing and outline specific practices for the design, deployment, operation, and 

maintenance of network slices. 

The implementation and operation of next generation networks and advanced capabilities such as 

network slicing will also require network operators to implement and rely more on algorithmic and AI/MLdriven 

decision making. The increased use of AI/ML in the operation of networks will also require a 

significant change in how these advanced networks are secured. For example, 5G/Future G networks 

will also have to address and counter known AI/ML-related vulnerabilities and attacks, such as data 

poisoning and adversarial attacks. Independent of network-specific vulnerabilities such as network slicing 

or AI/ML operations, however, the Zero Trust mantra of “Never trust, always verify!” should always apply. 

To help reduce cyber-attack surfaces and to combat continuously evolving IoT- and 5G/6G-related cyber 

threats, suppliers, manufacturers, service providers, and users must 

work closely together to cyber-harden their components, devices, networks, and services. 

After all, cybersecurity is a team sport. 




Dr. Torsten Staab serves as Chief Innovation Officer for Raytheon’s 

Cybersecurity, Intelligence, & Services business unit and Chief 

Technology Officer for Raytheon Blackbird Technologies, Inc. He is also 

an RTX Principal Technical Fellow, a role in which he also supports RTX’s 

other businesses Collins Aerospace and Pratt & Whitney. 

Staab has an extensive background in software and systems engineering 

and cybersecurity. He is a recognized subject matter expert in areas such 

as Zero Trust Security, data analytics, machine learning, distributed 

systems and laboratory automation. He has contributed to more than 50 

publications and has received five patents with 9 pending. 

He received a Diplom Informatiker (FH) degree from the University of Applied Sciences in Wiesbaden, 

Germany. In addition, he also holds Master of Science and Doctorate degrees in Computer Science from 

the University of New Mexico. 



It’s Time to Tear Down the Barriers Preventing 

Effective Threat Intelligence 

By Denny LeCompte, CEO, Portnox 

Today, organizations are confronted with a deluge of cyber threats, ranging from sophisticated AIpowered 

ransomware to tried and true brute force attacks. At this point, IT security teams know it’s 

essential to stay one step ahead of cybercriminals, but numerous barriers hinder such events and prevent 

effective threat intelligence that would otherwise enable them to do this. As one might expect, some 

roadblocks are operational, some technical, and some human. 

Prioritization of vulnerabilities, investment in security training and tools, and a general re- evaluation of 

threat hunting tactics and strategies may seem like obvious steps towards improvement, but these 

initiatives can often feel herculean. Fortunately, there is a clear path forward thanks in part to the advent 

of cloud-native security tools, artificial intelligence, machine learning, and the mistakes made by others. 



The Murky Waters of Threat Intelligence 

One of the most pervasive challenges confronting organizations in their quest for effective threat 

intelligence is the sheer volume of data generated across a wide array of security tools. The relentless 

proliferation of information makes it increasingly difficult to separate the signal from the noise. Inundated 

with a barrage of alerts and indicators of compromise, security teams often find themselves overwhelmed 

and unable to discern genuine threats from false positives. This information overload not only wastes 

valuable time but also diverts resources away from addressing the most critical risks. 

While information overload is perhaps the most apparent challenge when it comes to strengthening threat 

intelligence programs, there are several other key reasons why more organizations do not (or cannot) 

invest more time and energy in this area: 

• There is an overall lack of contextualization of information at hand. Raw data, without proper 

context, can be meaningless and may not provide actionable insights. If you can’t tie A to B to C, 

who cares? This mindset tends to silo security operations which perpetuates the lack of context 

problem. 

• The shortage of skilled personnel is yet another obstacle in the path of effective threat intelligence. 

The cybersecurity talent gap is well documented and is driven largely by increased systems and 

architecture complexity, a growing demand for talent, budget constraints, and burnout. When 

combined, these factors have made it very difficult for organizations to recruit and retain skilled 

IT security professionals. 

• Interoperability issues within organizations existing security infrastructure constitute a significant 

hindrance to threat intelligence implementation. Many organizations operate a patchwork of 

security tools and systems that do not communicate seamlessly. This siloed approach impedes 

the flow of information and hinders timely threat detection and response. 

• The ever-evolving nature of cyber threats presents perhaps the most unpredictable challenge. 

Cybercriminals are continually developing new tactics, techniques, and procedures to evade 

detection, making it extremely difficult for IT security teams to identify and then act on threats. 

Just one of these roadblocks is enough to deter organizations from investing more time and 

energy into developing threat profiles, deterrence tactics, and even remediation plans. The path 

forward requires a certain degree of introspection. The willingness to look critically at operational 

shortcomings and prioritize areas of improvement that can contribute to better threat intelligence can pay 

off down the line, even if it means having to acknowledge some uncomfortable truths first. 



Is it Time to Re-evaluate Your Threat Hunting Program? 

For most organizations, the answer to this question is most certainly yes. Tackling the above challenges 

head-on is daunting, but achievable. Below, there are several factors to consider across each pain point: 

• It starts with contextualizing threat data and determining an organization’s unique risk profile, 

business objectives, and industry-specific threats. For a bank, for example, this would mean 

identifying its most critical assets, such as customer data, company financials, any transaction 

systems, and even payment processing infrastructure. The bank would then want to create threat 

profiles based on what the most common types of attacks are against similar institutions, focusing 

on the various end goals these attackers have. Is it purely for financial gain? Is it state-sponsored? 

Is the attack coming from the inside? Tailoring threat intelligence to specific needs allows 

organizations to focus on the most relevant threats and allocate resources effectively. 

• Addressing the skills gap requires time and money. There’s really no way to avoid this. To address 

the skills shortage, businesses should develop training and development programs to upskill their 

existing workforce and promote a culture of continuous learning. Additionally, partnering with 

third-party managed security service providers can help augment in-house expertise and provide 

access to a broader pool of talent. While the time horizon on these initiatives may seem long or 

expensive, it’s important to remember that the average cost of a ransomware attack is in the 

millions of dollars. 

• Look to the cloud to solve interoperability issues. To overcome legacy system and hardware 

interoperability issues, organizations should look to the cloud. Specifically, companies should 

adopt cloud-native security solutions that can be easily integrated with one another, allowing for 

seamless data sharing and orchestration. This is a critical step towards not only contextualizing 

security posture data, but also being able to define and enforce policies that proactively mitigate 

and eliminate threats. In recent years, core security technologies like network access control 

(NAC), security information and event management (SIEM), endpoint detection and response 

(EDR), and others have moved from on-premises to the cloud. 

• Keeping up with new threats requires agility and adaptability across an organization’s security 

posture. Regular threat intelligence updates, threat huntingexercises, and red teaming 

engagements can help organizations proactively identify vulnerabilities and improve their 

defensive capabilities. It’s important to note that without filling the skills gap and focusing on 

continuous learning across the security team, and by not investing in new cloud-native 

technologies, companies will continue to struggle to get the context they need to address threats, 

let alone be able to keep up with new ones. 



Don’t Wait to Infuse Threat Intelligence with AI & ML 

Everything covered above still requires some degree of human interference. That’s changing. Humans 

are fallible, perhaps more than we’d like to admit. Even with automation, we have a tendency to overlook, 

miss, or even ignore things. This is true in the cyber security function, but there’s been a realization: the 

stakes are too high. 

Artificial intelligence and machine learning are already being used today to enhance threat detection, 

response, and overall cybersecurity efforts. With the ability to analyze large volumes of network and 

system data, AI and ML are being leveraged to establish baselines for normal user behavior, making it 

easier to pinpoint the anomalies when they occur. By recognizing attack patterns, AI and ML are enabling 

organizations to improve the accuracy of their intrusion detection systems and prevent threats from 

advancing. 

As these technologies become more sophisticated through deep learning, neural networks, and other 

techniques, more and more tactics and approaches to threat intelligence, hunting, and prevention will 

emerge. Today, by leveraging these emerging technologies to unleash predictive and adaptive threat 

capabilities, companies can finally gain the upper hand against cybercriminals and establish effective 

threat intelligence programs. One question remains: will they commit to doing it? 


Denny LeCompete is the CEO of Portnox. He is responsible for 

overseeing the day-to-day operations and strategic direction of the 

company. Denny brings over 20 years of experience in IT 

infrastructure and cyber security. Prior to joining Portnox, Denny 

held executive leadership roles at leading IT management and 

security firms, including SolarWinds and AlienVault. Denny holds 

a Ph.D. in cognitive psychology from Rice University. 

Denny can be reached online at denny@portnox.com and at our 

company website https://www.portnox.com/. 



Building For a More Secure Future: How 

Developers Can Prioritize Cybersecurity 

By Jeremy Butteriss, EGM Ecosystem and Partnerships, Xero 

An iconic moment in the rise of ecosystems was Steve Ballmer on stage saying ‘developers, developers, 

developers’ at the 1999 Microsoft .NET presentation. At the time, he was breaking new ground, repeating 

those words to help convince his teams on how crucial developers were going to be to the success of 

their platform. And then of course in 2008, Steve Jobs launched the iPhone and the App Store - a point 

in time that arguably changed the world and led to a massive rise of new developers. Both of those 

moments signaled the arrival of tech platforms, and solidified the important role a burgeoning developer 

industry would have in making them a success. 

Today, it’s hard to imagine a world without developers, and the platforms and ecosystems they operate 

in. While the focus may have been initially on enterprise B2B platforms with Microsoft, and then B2C with 

the Apple App Store, platforms have become much more ubiquitous and broad in their scope. Vertical 

platforms in industries such as hospitality, construction and ecommerce; horizontal platforms in areas 

such as financial services and CRM; and even platforms for platforms. These have become business 



operating systems of sorts for their customers. They create a massive amount of opportunity for 

developers, by reducing barriers to entry and providing access to large pools of customers. In turn, 

developers enable these platforms to offer a broad array of complementary services, increase average 

revenue per user (ARPU) and drive more customer retention. 

The rise of digitalization 

Cloud platforms and ecosystems are part of an increasingly connected globe driven by the proliferation 

of technology. Many countries and governments are recognizing this and are accelerating the 

digitalization of their economies as quickly as possible. This shift means more opportunities for platforms 

and developers alike, especially as new markets open up. However, it also means greater demands 

stemming from increased regulation, competition and cybersecurity risks. 

As part of this digitalization shift, more and more business and transaction data is moving online, exposing 

the data to a greater risk of cybersecurity-related issues - especially as malicious actors are getting more 

sophisticated and using AI. Smaller organizations are especially vulnerable and often don’t have the 

resources or expertise to invest in and maintain their own cybersecurity. Developers are recognizing this 

too: a recent survey published by small business cloud-accounting platform, Xero, shows more than half 

(56%) said data privacy and security are top of mind, and that 15% reported having faced cybersecurity 

challenges in the 12 months prior. As cybersecurity incidents rise, it’s clear more developers are focused 

on data security and protecting customer data appropriately. 

Government and financial institutions are responding by introducing new regulatory and policy 

requirements that help protect consumers and businesses. Additionally, platforms themselves are also 

setting their own policies on key topics like responsible data use and API security standards. These 

policies set the expectation of how the platforms will operate internally and externally, and by extension 

any third-parties that they connect with – including developers. 

For those looking to take advantage of the digitalization wave, navigating the additional cybersecurity, 

regulatory and platform requirements can be burdensome - especially for those looking to scale quickly. 

While cloud platforms are applying some of their own standards and policies, they also carry the distinct 

advantage of scale and resources. They can not only invest in security and keep up with regulatory 

changes, but can also provide additional paths to market and access to technology at a lower cost and 

with greater reliability. Developers seeking to build solutions that help businesses run their operations 

and handle their financial information can leverage the scalable and secure environments that platforms 

provide. Regulatory standards and cybersecurity features can be developed into apps and solutions from 

the ground up, providing assurance to end-users. 

Building to enable building. 

For some smaller developers the combination of both internal and external standards can be an extra 

burden and a barrier to entry. Whether it be a platform policy decision to migrate an ecosystem from 



OAuth 1.0 to OAuth 2.0, or increasing regulatory requirements for multi-factor authentication (MFA), the 

increased compliance workload pulls valuable time away from building a product. Increasingly, platforms 

have recognized this burden and are investing in building out-of-the-box tools required to reduce the load. 

Underpinning this is extensive documentation, education and support for developers who need help or 

are interested in taking a deeper dive. 

An example is the large range of identity tools for user access and credentials that make signing-up and 

signing-into apps easier for customers, like Single-Sign On using Xero, Okta or Google. Developers can 

leverage existing customer details within the security of the platform as part of their onboarding and login 

flow. Additionally, some platforms have already established complementary MFA tools as part of their 

login flow. This is especially useful for developers wanting to add additional security protocols for their 

product, or those operating or wanting to operate in countries like Australia where MFA is mandatory for 

digital service providers. Research from Verizon shows that MFA can prevent up to 80% of data breaches 

making it one of the most effective methods to protect customer data, especially if their credentials are 

compromised. 

Point-of-sale and payments platforms like Square, Stripe and Shopify all offer secure and easily 

integrated checkout and payments solutions so developers don’t need to build their own. This helps avoid 

the increased compliance, risk and security burdens that come with directly managing payments - a highly 

regulated global industry. 

Platforms also constantly monitor the operation and security of their APIs with dedicated teams and tools. 

Issues or unusual behavior, such as sudden spikes in request volumes or webhooks errors, can be 

immediately flagged for investigation, enabling the platforms to move quickly in response and notify 

developers. Where there may be a product or feature slowness or outage, this also helps both parties 

manage the customer experience for end-users with status updates or a quick resolution. 

Reducing burden and barriers to entry for developers encourages innovation and experimentation in a 

platform. With developers being supported by cybersecurity features at the platform level, their time is 

freed up to focus on doing what they do best - solving problems and innovating. This ultimately benefits 

end-user customers who can use the platform and choose associated integrations with greater 

confidence. 

Time to focus on the basics 

Developers and end-users both benefit from the work that cloud platforms do in cybersecurity. By 

prioritizing identifying and working with platforms that provide a secure environment, developers are 

prioritizing the safety of the data of both parties. They’re also freeing up resources to spend on building 

out their products and solutions, enabling time to be spent on developing features that customers want. 

But even with platforms taking a lot of the security burden off of developers, it’s not permission to be idle 

when creating solutions. There are many other basic security practices and processes that should 



underpin the work developers and platforms do, to build additional layers of security when creating apps 

and integrations: 

• Encryption - employing encryption across systems and databases may sound obvious, but its 

additional base-level protection of data complements what platforms offer. AWS, Azure, or Google 

Cloud Platform provide in-built encryption tools and mechanisms that are often an easy way to 

apply encryption safely. However, applying encryption isn’t always a simple process. At Xero, we 

see developers constantly juggling all of the considerations including which algorithms to use and 

generating and securing unique keys. 

• Vulnerability management using industry accepted guidance for secure code development, 

such as OWASP Top 10, and ensuring secure communication between an app and authorization 

servers using HTTPS or similar secure protocol to prevent unauthorized access and 

eavesdropping. 

• Constant vigilance around security and encryption. The landscape is constantly changing, with 

new standards and tools available, to counter emerging threats. Integrating with platforms helps 

manage this, but it’s not a ‘one and done’ solution. Security monitoring practices, breach reporting 

provided by platforms helps to detect and manage threats before it’s too late. Backing this up with 

appropriate audit logging at both application level and event-based actions can make it easy to 

identify and track unusual activity quickly. 

• Data hosting and third-party risk assessments. We’ve seen multiple times over recent years 

that even when doing everything correctly, data can still be compromised through other tools or 

platforms that you integrate with. Developers are having to consider a large number of variables 

when making these decisions, including country, legal, contractual, access, sovereignty and 

counterparty risks. Ideally, client data is not hosted in high risk areas, where it could be seized, 

compromised or made unavailable for access. 

Security and opportunity 

Small businesses are a significant and often underestimated driver of the global economy and are one 

of the most at-risk when it comes to cybersecurity. The digitalization of this sector presents a major 

opportunity for platforms and developers to provide solutions that help small businesses thrive in a secure 

way. Taking advantage of the security investment, resources and scale of platforms, like Xero, means 

that as this digital transition occurs, developers can focus on creating the apps and integrations that make 

it as smooth as possible. Consumer and business data privacy and security are a top priority when 

handling the information of this major but vulnerable part of the global economy. To deliver on this 

requires constant effort from all parties, including developers, cybersecurity and IT professionals, endusers, 

and the platforms they use. 

All in all, living in an innovation-driven world is quite exciting – however, as the old tale goes, with great 

power comes more responsibility. Whether it be for business or consumer use cases, app developers 

and cybersecurity professionals need to operate on synergistic levels to uphold the safest options for 

clients. 




Jeremy Butteriss and I am the Executive General Manager of 

Ecosystem and Partnerships at small business accounting platform, 

Xero. I’m responsible for improving Xero’s platform via enhancing US 

partnerships, integrating software and helping customers and partners 

discover new solutions. 

Jeremy can be found on LinkedIn: 

https://www.linkedin.com/in/jbutteriss/?originalSubdomain=ca. 



What the Government Can Learn from the 

Private Sector in Pursuit of Zero Trust 

By Kevin Kirkwood, Deputy CISO, LogRhythm 

It has now been over two years since President Biden issued the Executive Order on Improving the 

Nation’s Cybersecurity, outlining one of the administration's first real advancements in the pursuit of Zero 

Trust Architecture. The announcement signified a major milestone in modernizing U.S. government 

security defenses and raising awareness for all federal, state and local agencies to make security a top 

priority. 

Now just one year away from the White House’s Zero Trust implementation target of September 2024, 

several U.S. government agencies recently fell victim to a Russian cyberattack, signaling that there is still 

more ground to be covered in the government-wide pursuit of Zero Trust. The hacking spree, which has 

impacted schools, hospitals and local government institutions, in addition to several federal agencies, 

has placed extra scrutiny on the government’s security measures – or lack thereof. 

In mid-April of 2023, the Cybersecurity and Infrastructure Security Agency (CISA) released the second 

version of its Zero Trust Maturity Model that serves as the guidebook for federal agencies on the path to 

Zero Trust. According to a report from the National Security Telecommunications Advisory Committee, 



which helped feed the development of the updated model agencies are in “dramatically different phases” 

of their respective zero trust journeys. Burdened by legacy infrastructure, some federal entities lack the 

resources necessary to meet the proposed Zero Trust guidelines in the near-term future. 

Getting Zero Trust on Track 

Though the federal government has historically been a breeding ground for top cybersecurity 

professionals, it may be time for the government to borrow a few lessons from industry pros in the private 

sector. The public sector must adopt some of the agility and flexibility of the business world to streamline 

the progress of zero trust projects, especially with federal implementation deadlines looming. 

Assessing the Situation 

When planning to build out a Zero Trust program, government agencies should look to model their 

implementations based on the steps that enterprises use for their own transitions. This starts with an 

initial assessment of the organization’s security posture. While it may sound obvious, agencies must first 

assess the mechanisms they currently have in place to understand where potential gaps may lie. 

Identifying potential threats is an important first step in laying the groundwork for Zero Trust. 

Planning the Transition 

Once a comprehensive assessment has been completed, agency leaders can begin to plan the transition 

itself. Zero Trust can be extremely complicated, which makes it important for leadership to define goals 

up front and set expectations for the project's outcome. Given the guidance already issued by CISA, 

agencies have a baseline for defining goals and a timeline for achieving them. This is also the stage of 

the process where resources are allocated for implementation. While budgets can vary from institution to 

institution – and especially when comparing a federal agency to a local department – organizations must 

understand the resources available to them. Agency leaders at all levels must advocate for support of 

security projects to protect the infrastructure that serves the public. 

Executing the Strategy 

After an action plan has been presented, agencies can begin to make headway on the actual 

implementation phase. The execution of Zero Trust is the most intricate, most important piece of the 

puzzle. Not to be overlooked in the deployment of Zero Trust technologies is the importance of training 

employees. Zero Trust principles may be new to agency personnel, requiring dedicated training sessions 

to educate team members on how to work within the newly deployed architecture. Individual contributors 

must know the common warning signs of suspicious activity to avoid falling victim to social engineering 

attacks that can help malicious actors penetrate Zero Trust defenses. 



Adapting and Improving 

The work is never quite done with Zero Trust, even after deployment is complete. Agency leadership 

must implement processes for monitoring and continuous improvement of Zero Trust architecture. 

Leaders must establish performance metrics to track progress against the objectives outlined in the 

earlier planning phases of Zero Trust implementation. Without some kind of measurement, it can be 

difficult to demonstrate progress on Zero Trust initiatives. By tracking metrics and conducting regular 

reviews of Zero Trust technologies, organizations can continue to adapt their framework to better fit the 

unique security considerations of their team. 

Building a More Secure Future 

Conversations of Zero Trust implementation are sure to dominate the public sector in the year ahead. 

While there are many hurdles in deployment unique to the agency landscape, private enterprises have 

been fine tuning their Zero Trust strategies for years. All this trial and error within the private sector can 

show agencies which steps to take, and which to avoid, along their own Zero Trust journeys. 


Kevin Kirkwood, Deputy CISO, LogRhythm. I lead the internal practice of 

security for LogRhythm. My teams include: governance, risk and 

compliance (GRC), application security (AppSec), security operations 

center (SOC), and physical security. This concentration in security 

practice, tools, and operations enables the team and I to ensure that we 

provide a safe foundation to build the security platforms of the future while 

protecting employees, systems, and ultimately our clients who will use our 

products. I can be reached on LinkedIn and at the company website 

www.logrhythm.com. 



Protecting Your Business and Personal Data 

By Brian Lonergan, VP of Product Strategy, Identity Digital 

October celebrated National Cybersecurity Awareness Month (NCSAM), a time when public and private 

sectors, along with tribal communities, join forces to empower individuals and businesses with the 

knowledge they need to navigate the digital landscape safely. NCSAM's core message is simple yet 

empowering: awareness and proactive measures are our best defenses. 

In an increasingly digital world, safeguarding your small business and personal information should be a 

top priority. This article will explore cybersecurity awareness and provide essential strategies to help keep 

your digital presence secure. By the end, you’ll better understand how to make informed choices online 

and gain practical insights into protecting yourself and your business from the ever-evolving landscape 

of cyber threats. 

We’ll begin by exploring cybersecurity and taking a closer look at one of the most common threats: 

phishing attacks. 



Understanding Phishing Attacks 

Phishing attacks are like digital traps set by cybercriminals to trick individuals into revealing sensitive 

information, such as passwords, credit card numbers, or personal details. These attacks are widespread 

and can take many forms, often arriving in the form of seemingly legitimate emails, messages, or 

websites. 

Phishing Tactics 

Phishing comes in various forms, and it's valuable to recognize them to stay safe. One common type is 

Spear Phishing, where scammers target specific individuals, often using personal information to make 

their messages seem legitimate. Another is Vishing, which involves phone calls to trick you into revealing 

sensitive information. Smishing is similar, but it happens through text messages. Then there's Pharming, 

where attackers direct you to fake websites to steal your data. A recent trend involves using QR codes 

to propagate malicious URLs, a technique called Qishing. It tricks people with fake Multifactor 

Authentication (MFA) alerts, convincing them to scan QR codes. (MFA requires at least two forms of 

verification). But instead of reaching the intended site, victims end up on the scammer's phishing page. 

Understanding Cybersecurity Risks and Impact 

Staying alert and informed can make a big difference in protecting your valuable information from 

potential threats that can lead to financial and reputational impacts on individuals and businesses. Victims 

might face identity theft, financial losses, and even malware infections from harmful software unknowingly 

getting into their computers. These attacks can also compromise personal data security and privacy, 

making individuals more susceptible to further harm. 

When a breach occurs, customers may worry about their data’s safety and question the business’s 

reliability. A cybersecurity incident can also reveal weaknesses in other areas, like the quality of products 

or services. That's why it's not surprising that 59% of consumers said they'd avoid companies that were 

victims of cyberattacks in the past year. 

While small and midsize business owners might think they're safe from cyberattacks due to their size and 

resources, the truth is that all businesses are at risk. A malicious message costs organizations an average 

of 27 minutes (and $31 in labor) to mitigate. Some large organizations spend as much as $1.1 million per 

year to reduce phishing attacks. 

Inexperienced cybercriminals often practice on smaller businesses before targeting bigger, more highprofile 

attacks. This pattern helps explain why, between 2020 and 2021, 23% of small businesses 

experienced cyberattacks. 



Mitigating Phishing with Domain Names 

As we've explored various phishing tactics and their statistics, let's focus on a critical aspect of online 

security: Mitigating Phishing vulnerability by choosing the right domain name. 

Cybercriminals often exploit the similarity between legitimate and deceptive web addresses using 

techniques like homographic phishing. This harmful strategy adds another layer to our understanding of 

cybersecurity and how we can protect ourselves. 

For example, consider "online.business" versus "onlıne.business." The former legitimate domain uses 

the English letter “i,” while the latter uses a Latin letter. Once visitors click on the fake website, they would 

come face to face with malware or a phishing scheme, with your brand name tied to the occurrence. 

You can protect yourself by registering a domain that uses anti-phishing technology. Many new web 

addresses (domain names beyond traditional options), such as .bio, .social, .live, and .software include 

free anti-phishing technology protecting your business and customers. You can check with your domain 

registrar to explore the available options. 

For instance, Identity Digital, a domain registry provider, includes "Homographic Blocking” with every 

domain for its lifetime. This feature prevents attacks and keeps your brand and identity security safe. 

They have also implemented Registry Lock, which safeguards domains against unauthorized 

modifications using a secure, multi-step process. In addition, their Security and DNS Abuse Mitigation 

Team actively collaborates with law enforcement and industry partners to neutralize security threats. 

Protecting Yourself Against Phishing 

It’s advisable to check for suspicious URLs, scrutinize email headers for irregularities, and be cautious 

with email attachments. Cybercriminals are adept at creating convincing messages that seem genuine 

but contain hidden threats. Always verify the sender's email address and avoid clicking links or 

downloading attachments if you doubt their legitimacy. 

Incorporating a "Zero Trust" security strategy, which emphasizes verification over trust, is gaining traction. 

With today’s remote work culture, this approach, coupled with proactive cybersecurity measures, is 

crucial for safeguarding your personal and business data. 

To improve your online safety, use smart email protection with AI. Imagine receiving an email that claims 

to be from your bank, asking you to provide your account details urgently. If the email protection system 

uses AI, it can quickly analyze the email's content, sender's history, and other factors. If the AI detects 

any signs of deception or inconsistency, it will flag the email as suspicious, warning you that it might be 

a phishing attempt. 

Add an extra step to your login process with MFA. For instance, after entering your password, you might 

receive a unique code on your phone that you must also input. This action ensures that even someone 

who knows your password can't access your account without the second verification step. Further, remind 

employees not to share MFA codes over the phone – no matter how legitimate the caller seems. 



Secure your digital identity using identity and access management (IAM) tools. By using IAM tools, you 

can decide who has permission to access your sensitive documents and what actions they're allowed to 

take. For example, you might grant certain colleagues the ability to view the files but restrict them from 

making any changes. 

Also, use SSL encryption to keep your online connections secure and private. This security measure 

ensures your data stays safe between you and the trusted website. Ensure emails are encrypted and 

employees use secure messaging for sensitive discussions. Also, remind employees to update devices 

and software to help prevent vulnerabilities, especially if someone accidentally clicks on a phishing link 

or attachment. 

Implement a Security Awareness Training Program to ensure your employees are up to speed on the red 

flags signaling a phishing scam. For example, teach them to recognize suspicious emails that ask for 

personal information or contain unfamiliar links. 

Deploy anti-phishing solutions, such as the Homographic Blocking mentioned earlier, to strengthen your 

organization’s defenses against homographic attacks and prevent malicious actors from targeting 

customers and employees with “look alike” website addresses. 

Response to Phishing Scams 

If you're a small business owner or individual who's fallen for a phishing scam, don't worry. Start by 

changing the passwords for the affected accounts right away. Then, contact your bank or credit card 

company if any financial information is exposed. Reporting the scam to the proper authorities, such as 

the Federal Trade Commission (FTC), is critical. Keep a close watch on your business accounts for any 

unusual activity and consider using credit monitoring services to stay secure. If you're part of a business 

network, isolate your devices with the help of your IT team. 

Shared Responsibility 

Cybersecurity concerns everyone. Attacks can have ripple effects, impacting critical systems and anyone 

connected to them. Vigilance and a proactive approach are key to mitigating these risks. 

NCSAM reminds us that cybersecurity is a collective effort. By staying informed, recognizing threats, and 

adopting robust preventive measures, small businesses and individuals can significantly reduce their 

vulnerability to phishing attacks and other cyber threats. Protecting your digital presence is not only a 

smart move but a necessary one in today's digital landscape. 




Brian Lonergan, VP of Product Strategy, Identity Digital. Brian Lonergan 

is a domain industry veteran with more than 10 years of experience 

designing & building products which range from big data search 

algorithms that help customers find their optimal online identity, to antiphishing 

and brand protection services used by the world's biggest 

brands. Brian joined Identity Digital in 2017 after holding senior product 

roles at both Demand Media and Rightside as the business transitioned 

through its first IPO. 

Brian can be reached online at 

LinkedIn: https://www.linkedin.com/in/bornengineer 

Email: lonergan@identity.digital 

Company website: https://www.identity.digital/ 



Navigating Secure Adoption of AI Across 

Government and Connected Infrastructure 

By Gaurav (G.P.) Pal, Founder and CEO, stackArmor 

This year, artificial intelligence has exploded in popularity across all sectors and industries — including 

the federal government. AI is being used across agencies of all sizes to streamline tedious tasks and 

processes to create a more efficient workflow. This emerging technology has unlimited capabilities to 

help agencies better serve their missions and the public. 

With all the hype, OMB recently released draft memo detailing 10 requirements for implementing artificial 

intelligence across the federal government. This information became available soon before the Biden 

Administration announced a teaser to its expected upcoming federal executive order on AI. Among the 

requirements OMB listed is a recommendation to convene an AI governance board to provide muchneeded 

oversight and guidance around this emerging technology. 

As the government continues to experiment with AI implementation and wait for official standards, leaders 

need to ensure its governance and safety to enhance existing practices across public sector systems. 

The Role of Partnership and Collaboration 

It can be overwhelming for agencies trying to get their arms around AI governance. This technology is 

rapidly evolving and is being implemented faster than the government has been able to push out 

legislation to set up guardrails. Like the cloud adoption process across government a few years back, AI 



adoption is more than just an IT transformation. Leaders have a lot of questions and are trying to grasp 

the scope of how it can be used and what the potential drawbacks are. 

Agencies in the beginning phase of AI adoption should consult cross-sector experts for counsel on where 

to begin and what the pitfalls might be. This might look like bringing together policy, acquisition, oversight, 

workforce, mission program owners and industry leaders to get the full picture and make the process a 

little less daunting. 

Seeking industry partners with established centers of excellence or advisory committees will grant 

leaders unique advice and assistance in their AI journeys. Having a targeted focus and cross 

communication standard is very important to bring federal agencies together to ensure the safe adoption 

of AI. 

The government leaders driving AI adoption are senior, well-experienced executives. They’re looking for 

an actionable and implementable framework that they can move with quickly. Federal CIOs and CISOs 

are eagerly awaiting a solution that allows them to responsibly deploy AI workloads for their agencies’ 

mission. 

There are some helpful resources developed by industry experts and academics seeking to lead the way 

in AI security, such as: 

• The NIST AI Risk Management Framework, voluntary guidance for organizations looking to 

incorporate trustworthiness into the design, development, use, and evaluation of AI products. 

• The MITRE ATLAS project, helping develop security practices around AI/ML open-source projects 

and collecting a database of adversary threats to better understand the threat landscape. 

• OWASP’s published top 10 security considerations for large language models (LLMs) and 

generative AI use cases, as well as an AI security and privacy guide. 

• An IEEE program for ambassadors of AI systems, and its development of AI bias protection 

systems. 

Additionally, as governing bodies like Congress, the White House and OMB as well as agencies like DHS 

and NIST are working on developing standards, safe and secure AI adoption can be accelerated by 

extending and leveraging existing governance models including FISMA and FedRAMP ATOs (Authority 

to Operate) by creating overlays for AI. Agencies can look to industry and academic resources for 

guidance to ensure AI is being implemented safely, with security top of mind. 

Considerations for Upcoming AI Legislation and Government Guidance 

The upcoming OMB guidance and federal AI executive order will be laser-focused on enabling the safe 

and secure adoption of AI. The guidance should consider directing and requiring implementation of 

strong safety and security requirements that avoid burdensome and duplicative compliances. Expanding 

successful cybersecurity programs such as FedRAMP for AI systems should be considered to ensure 

that safe and secure AI and cloud technologies can be rapidly adopted by agencies. 



Security and safety that is mandatory and backed by strong regulatory oversight should be the top priority 

for legislators and government leaders implementing AI across agencies and connected infrastructure. 


Gaurav Pal (G.P.) is a Senior Technology Executive with over 20 years 

of information systems modernization and implementation experience. 

He is the CEO and co-founder of stackArmor, a security focused cloud 

solutions firm. G.P. also contributed to Federal cloud initiatives 

including U.S. Treasury’s Public Cloud Webhosting Solutions, 

Department of the Interior Foundation Cloud Hosting Services, 

and Recovery.gov 2.0. G.P. can be reached online at 

https://stackarmor.com/contact-us/ and at our company website 

https://stackarmor.com/ 



North Korea–Russia Summit 

A new alliance in cyberspace? 

By Stan Vitek, Resident Geopolitical Analyst, Cyfirma 

Introduction 

Last month, North Korean leader Kim Jong Un took a rare trip beyond his country’s borders – in fact his 

first since 2020 – via a heavily armored train to Russia, where he met with Russian president Vladimir 

Putin. The visit stoked fears that there could be increased weapons and technology transfers between 

the two nations hostile to the West and its partners in Asia, that North Korea could provide Russia with 

badly needed munitions for its war in Ukraine while Russia could share sensitive nuclear or missile 

technologies and cyber knowhow with the hermit kingdom. By the same time, the North Korean military 

unveiled a nuclear-capable submarine and North Korean state media said the country aims to equip all 

its existing medium-sized diesel submarines with nuclear attack capability and develop nuclear-powered 

submarines in the future. Pyongyang is working to develop a robust nuclear triad: land-launched 

stationary and mobile missiles, submarine-launched missiles, and aircraft-launched missiles, although 

this last vector remains relatively underdeveloped. This is where the news comes full circle, as such 

development would be very difficult without external expertise. And finally, this week a study on digital 

threats from East Asia revealed that North Korean cyber operations have increased in sophistication over 

the past year and stated that Pyongyang’s threat actors seem particularly interested in stealing 

information related to maritime technology research. After years of mistrust, both Russia and North Korea 

seem to have something that the other wants and needs. But let us start with a very brief recap. 



Relationship with a history 

Until the Russian invasion of Ukraine, relations between North Korea and Russia were characterized by 

a utilitarian and transactional nature peppered with occasional diplomatic misunderstandings, despite the 

legacy of close relations that existed between North Korea and the Soviet Union since Russia is the major 

successor state to USSR and North Korea has been founded based on Soviet backing and conceived 

directly in Soviet Union between the Soviet leadership and then the country’s future first paramount leader 

Kim Il Sung. 

In 2015, Vladimir Putin invited the third generation Kim-dynasty North Korean leader Kim Jong-un to 

Russia on the occasion of celebrations of the seventieth anniversary of the end of World War II, but Kim 

was not ready for such a meeting at the time, given his ongoing consolidation of power at home. Russia 

also supported UN Security Council sanctions against North Korea until 2017 and failed to make progress 

in identifying mutually beneficial areas of economic cooperation. The 2019 summit between Kim and 

Putin, held months after the failure of the Hanoi summit between Kim and former US President Donald 

Trump, resulted in Putin's solo media briefing on the meeting, reflecting the inability of both sides to find 

compatibility in the interests of the two countries. 

The Russian invasion of Ukraine in 2022 provided the basis for a convergence of the political needs and 

material interests of the two countries. North Korea has provided political support to Russia by 

recognizing the independence of puppet governments in separatist provinces in Ukraine in exchange for 

Russia blocking further sanctions in the Security Council for launching long-range missiles in violation of 

Security Council resolutions. The respective autocratic leaders of Russia and North Korea have pledged 

to increase bilateral economic and security cooperation and North Korean state propaganda outlets 

published a commitment to push back against “common enemy”, referring to the United States and their 

security partners in Asia. The Russian state-controlled media issued statements on increasing security 

ties as a part of Russian strategic posturing in the region as the bulk of the Russian military is tied up in 

its war on Ukraine, where Russian progress has grinded down to a halt since the summer of 2022. 

North Korea and the impact on the war in Ukraine 

North Korea possesses substantial weapons stockpiles and also represents a possible base for the 

production of certain types of legacy Soviet design weapons Russia could use, particularly Soviet-caliber 

artillery ammunition, although within the constraints of the low efficiency and quality of North Korean 

factories and the lack of raw materials. Thus, North Korea will most likely send Russia mainly stockpiles 

of old artillery shells, anti-tank missiles and rockets for unguided salvo rocket launchers. All of these 

munitions, while effective and lethal, lack modern guidance systems and levels of technological 

sophistication. However, as Stalin aptly noted, quantity has a quality of its own, and Russian military 

doctrine has historically been based on this principle. The Russian military is doctrinally and structurally 

oriented toward the decisive use of overwhelming ground firepower, not firepower delivered to a target 

by airpower, as is the case in the United States or Japan. The Ukrainian army is still also largely based 

on legacy Soviet tactics, and thus sufficient stockpiles of artillery ammunition is one of the most important 



factors on both sides of the conflict on which the outcome of the war stands and falls, which is why North 

Korean artillery shells are very important to Russia. 

Kim Jong-un's tours of factories of the military-industrial complex after a recent pompous visit by the 

Russian defense minister could signal North Korea's desire to become a manufacturing base for 

supplying more weapons to Russia. However, this assistance will not be free, and the North Koreans will 

in return demand Russian support for the acquisition and development of advanced missile and satellite 

technology, the aforementioned nuclear submarine technology, as well as food aid, cheap oil and knowhow 

transfers, including in the cyber domain. However, it is not yet certain whether the two sides will be 

able to provide each other with the level and type of military support that will match the expectations. 

New dynamics in the region? 

The refurbished military relations between North Korea and Russia will resume two-way shipments of 

military equipment and dual-use goods, including technology long desired by the North Korean military 

but denied to it for decades by both China and Russia due to compliance with international sanctions. 

These include modernization for aircraft, sophisticated missile technology, submarine technology and 

other advanced weapons systems. 

In addition, North Korea signaled the geopolitical importance of closer relations between China, North 

Korea and Russia by hosting both Russian Defence Minister Sergei Shoigu and Chinese Communist 

Party Central Committee member Li Chung-chong in late July on the 70th anniversary of the signing of 

the Korean Armistice, which North Korea internally commemorates as 'Victory Day'. Also mentioned was 

the possibility of North Korea joining regular Sino-Russian military exercises, which would mark another 

step forward for this newly fortified coalition. 

This 'coalition' of China, North Korea and Russia is still a far cry from the alliance cohesion and deep 

coordination that the United States, Japan and South Korea pursue on bilateral basis, and which, in 

accordance with the diplomatic breakthroughs this summer, all three states intend to expand significantly 

in the face of regional threats (more on this topic in this Cyfirma research article). The emergence of 

these coalitions, with conflicting interests and visions for the direction of the region, in turn exacerbates 

tensions in Northeast Asia. Closer relations between North Korea and Russia partly mitigate North 

Korea's political isolation, strengthen Kim Jong-un's domestic political legitimacy and give North Korea 

the courage to continue developing missiles and satellites or launching cyber-attacks with impunity. 

Dictators’ priorities 

The summit between the two autocratic leaders presented a clear signal of a new level of strategic 

cooperation based on perceptions of interrelated strategic interests and similar perceptions of security 

threats. In his seminal work Cold War, leading American historian John Lewis Gaddis put Stalin's Cold 

War priorities in this way: 



Stalin’s postwar goals were security for himself, his regime, his country, and his ideology, in precisely 

that order. He sought to make sure that no internal challenges could ever again endanger his personal 

rule, and that no external threats would ever again place his country at risk. 

This can also be said of the Putin and Kim Jong-un duo, who are now finding common ground in the new 

Cold War as the current state of international relations is often characterized. So, while both autocratic 

leaders aimed to project solidarity against a global order dominated by the West in their statements, their 

strategic convergence actually stems from a more transactional logic spurred on by difficult 

circumstances for both leaders. 

The Cyber Angle: Potential for Russia-DPRK cooperation in cyberspace 

Russia's immediate interest in cultivating its relationship with North Korea is the prospect of Pyongyang 

supplying Russia's army with artillery ammunition, as expenditures have far exceeded Russian 

production capacity. There are, however, other potential areas of cooperation, notably in cyberspace. 

Prior to 2017, virtually all of North Korean internet traffic had passed through China and specifically 

through a single meta-network based in Shenyang, the largest Chinese city close to North Korean 

borders, where there strong North Korean cyber community is based due to insufficient infrastructure in 

the home country. However as of 2017, North Korea is also linked to Russia, presumably via cable 

running through the Friendship Bridge over the Tumen River that connects Khasan in Russia with 

Tumangang in North Korea and constitutes the only connection between the two countries. However, 

that is not the only instance of technological facilitation in the relationship. Given the general low level of 

technical expertise, general backwardness and very low internet connectivity in North Korea, the North 

Korean attacks are widespread and increasingly sophisticated, which leaves the experts to believe China 

and lately especially Russia were technical facilitators for Pyongyang, which would constitute a historical 

precedent for Russian state hackers sharing their know-how with their North Korean counterparts. 

Potential cooperation between Russia and North Korea in cyberspace wouldn't necessarily require much 

coordination. Most of North Korea's offensive cyber operations are already directed against countries 

whose relations with Russia are at least cool, if not downright adversarial. In 2023 alone, North Korean 

APTs have compromised defense companies 

in the Czech Republic, Finland, Italy, Norway and Poland – all countries with an adversarial stance to 

Russian aggression in Europe. At the same time, as outlined above, the relations between the two 

countries still remain largely transactional and the Russian government and defense industries remain 

targets for North Korean APTs as well. This spring alone, DPRK’s threat actor Ruby Sleet compromised 

an aerospace research institute in Russia, while another APT compromised a device belonging to a 

university in Russia with yet another group sent phishing emails to accounts belonging to Russian 

diplomatic government entities, only to be followed by targeting of a Russian defense industrial base 

organization specializing in missiles and military spacecraft by two important North Korean hacking 

groups ScarCruft and the notorious Lazarus. 



That being said, the Russian regime is under such pressure that it is likely to overlook such intrusions in 

pursuit of much higher and indeed existential priorities for itself. Russia may even use North Korean APTs 

as proxies in the future, since DPRK is already sanctioned almost to the maximum and in case of eventual 

diplomatic fallout has thus very little to lose. Thus, the digital flank of the Russia–Ukraine conflict which 

Russia tries to promote as a new-world-order-type-of-conflict between the West and loose anti-western 

coalition spearheaded by Russia and China and the ongoing tensions on the Korean peninsula are in 

risk of being greatly enhanced by closer collaboration between Russian and North Korea, that would 

bring a country with precious very little to lose to engage the West in the fifth domain. 

Conclusion 

Both North Korea and Russia are highly cyber-capable nations with a very high degree of willingness to 

use cyber as a tool of statecraft. Hackers of both countries can disrupt or break key infrastructure and 

steal sensitive information. Russia’s efforts in online fraud, disinformation and disruption to core 

infrastructure has become a significant threat to Western societies. North Korean cyber operations are 

also increasingly sophisticated. North Korean state hackers both collect intelligence and generate 

revenue for the state. The cyber espionage efforts are focused on the state’s perceived adversaries: 

mainly South Korea, the United States, and Japan; collecting intelligence on other countries’ military 

capabilities and stealing technologies that could be used by North Korean military – these efforts also 

include Russia and China as potential technology sources; and increasingly on stealing funds in the form 

of cryptocurrency that the state later uses to fund its UN sanctioned missile and nuclear programmes. 

The distinct North Korean threat actors have repeatedly shown overlaps in targeting in the recent past 

and their efforts have been increasingly sophisticated. 

An agreement to supply artillery shells is the most significant result of the Russia–North Korea 

cooperation but it is not the only one aspect of this deal, which paves the way for more dangerous 

technology and know-how transfers and it connects war in Europe more directly with tensions in Asia. 

Both Russia and DPRK have been showing contempt for international rules in recent years and have 

actively and unscrupulously used cyber to promote their agenda. North Korea is to remain focused on 

targets related to its political, economic, and defense interests in the region but the announced 

heightened security cooperation between the two regimes should be treated as portending increased risk 

in cyberspace, especially for USA, South Korea, Japan and European NATO countries. 




Resident International Relations Analyst at Cyfirma, working for 

technology companies in Southeast Asia and the US since graduation 

from International Security Studies at Charles University in Prague in 

2019. He focuses on international relations and security issues, 

especially on those revolving around West-East axis Stan can be 

reached online at (stan.vitek@cyfirma.com, 

https://twitter.com/FogOfWarCZ, etc..) and at our company website 

https://www.cyfirma.com 



Protecting Critical Infrastructure from Cyber 

Attack 

The enemy is using cyber weapons that are hard to track and even harder to fully attribute to an 

adversary, companies need to act now 

By Richard Staynings, Chief Security Strategist for Cylera 

Escalating geopolitical tensions in Europe and Asia place a very big target on western Critical National 

Infrastructure Industries (CNIs). What better way to attack your enemy than to do so using cyber weapons 

that are hard to track and even harder to fully attribute to an adversary. Whatsmore, when attribution 

finally does occur, it is often years later. By that time, the world has usually forgotten and moved on, or 

has been stunned by an even more destructive cyberattack. Nearly all cyberattacks and cyber-attackers 

thus far, have gone unpunished. This makes it the perfect crime for perpetrators. 

Use of criminal proxies, insider threat agents, and the manipulation of national discourse with false 

inflammatory narratives propagated by social media platforms, are all designed to weaken an opponent. 

Many of these tactics such as undermining of confidence in the western institutions of government are 

straight out of the 1950’s KGB playbook but have found new purpose in the 2020’s through the seemingly 

addictive mediums of Facebook, Twitter and TikTok. If late twentieth century warfare and nation state 



competition for power was marked by spies and threats of nuclear war, then the twenty first century 

appears to be marked by the development of grey warfare, societal manipulation, and cyber weapons of 

mass destruction. 

Indeed, the offensive cyber capabilities of America’s adversaries appear to out-match the nation’s 

domestic capabilities for cyber defense. China alone is thought to employ close to 100,000 Peoples’ 

Liberation Army (PLA) cyber warriors. The job of these special military units is to develop access to other 

countries’ IT systems, to establish footholds on sensitive networks, and to exfiltrate vast amounts of 

national secrets, intellectual property, and commercial trade secrets from western businesses. This all 

appears part of Xi Jinping’s ‘Made in China 2025’ plan, to boost China’s state-owned industries using 

stolen IP, and position China as the dominant global military and economic powerhouse. 

Russia too is well known for the voracity of its organized crime syndicates and mafia cyber gangs who 

exercise huge campaigns of cyber theft and cyber extortion against non-Russian language computer 

systems. This includes the 2021 Wizard Spider cyber-cartel attack against the Irish HSE (Health Services 

Executive) that resulted in $600m in damages, and the 2023 Lockbit ransomware attack against the 

Royal Mail that prevented international parcels being sent for several weeks. Combined, these types of 

cyber extortion attacks net billions of dollars each year in illicit earnings for the criminal Russian state. 

While seemingly opportunistic and motivated by the possibility of monetary gain even - if government 

entities refuse to pay ransoms, these attacks can also be ordered by the Kremlin for even darker 

purposes. In this case the Royal Mail attack occurred just after Britain had agreed to send longer range 

missile systems to Ukraine. Although full attribution has yet to take place, most cyber forensic 

investigators don’t believe in coincidence. 

Critical infrastructure in other countries has similarly been hit by Russian ransomware gangs. In 2021 the 

Colonial Pipeline which supplies gasoline and jet fuel to the US East Coast from refineries in the Gulf of 

Mexico was shut down for several days by DarkSide, a Russian gang. Supplying half the fuel to the US 

east coast as far north as New Jersey, the President was forced to declare a national emergency. 

The Baku–Tbilisi–Ceyhan (BTC) pipeline transports crude oil from Baku in Azerbaijan through Georgia 

to the port of Ceyhan in Turkey for export to the rest of the world. In 2008 it was blown up in a huge 

explosion in Refahiye in eastern Turkey, possibly by Kurdish PKK separatists, or possibly by a Russian 

cyberattack that over-pressurized the pipeline. The explosion conveniently occurred two days before the 

Russian invasion of Georgia and in the middle of the Russian backed Nagorno-Karabakh, Armenia - 

Azerbaijan war. It deprived Baku of its oil revenue for several months and Tbilisi of needed revenue in 

transportation fees. 

Whether or not the Kremlin was involved in these cyber-physical attacks, Russia has plainly developed 

some of the best cyber-kinetic offensive technologies and has been doing so since the 1990s and its 

wars against Chechnya, Georgia and elsewhere. The Ukraine electrical grid has been the victim of 

Russian cyber-attack many times since 2015 when the country failed to subvert itself to Russian 

hegemony following the invasion of Crimea or to put in place an east looking President following the 

Orange Revolution in 2014 and the un-ceremonial removal from office of Viktor Yanukovych a staunch 

Putin confident. Electrical power transformers have been overloaded and blown up, or the electrical grid 

turned off at the height of winter across parts of the country. Nor have hospitals and other CNIs been 



spared from the wrath of Russian hackers. Numerous hospitals have been cyberattacked, many far from 

the front lines where soldiers might receive treatment for wounds. The list of deliberately targeted medical 

facilities includes obstetrics and pediatrics hospitals and clinics – some of which have been targeted by 

missile attacks at the same time. 

However, the Russian military establishment, through groups like ‘Sandworm’, part of the Russian GRU, 

(the Main Directorate of the General Staff of the Armed Forces of the Russian Federation) takes the prize 

for the singularly most costly and destructive cyberattack of all time when in 2017 ‘Not Petya’ a viral 

wiperware attack was launched upon the world. It took down many global businesses and cost the world 

somewhere between $8 and $12bn US dollars. This Russian military supply chain cyberattack was 

targeted at Ukrainian tax accounting software vendor M.E. Doc and intended to cripple Ukrainian 

businesses, however it quickly spread beyond the borders of Ukraine to every organization that does 

business in the country including an alarming number of Russian companies. The cyberattack therefore 

also takes the prize for the largest ‘home-goal’ of all time, negatively impacting the Russian economy 

along with the rest of the world. It is unknown just how many of those involved in the Not Petya attack 

later fell from balconies, but by all accounts, Putin was not pleased. Russia has so far not paid 

compensation to those who suffered losses. 

Smaller nation-states like Iran and North Korea also play a part in this game of gray warfare through 

attacks against CNIs including US power companies many of which were thought to have been infiltrated 

by Iranian attackers a decade ago. Meanwhile the DPRK has raided national banks such as the Bank of 

Bangladesh and launched indiscriminate ransomware attacks like WannaCry against Asian banks and 

healthcare providers such as the NHS. 

The prospect of a small hospital system, an electrical distributor, or telco provider having to defend itself 

from a determined and well-resourced nation state adversary, makes absolutely no sense. These 

defenders will be out-gunned every time and don’t stand a chance. It is perhaps no surprise then, that so 

many CNIs have been easily attacked and held to ransom, impacting national economies and society in 

general. National governments therefore not only have a duty of care to protect and defend CNIs from 

cyberattack but need to play an active role in the protection of their citizens from pariah state adversaries 

via these highly vulnerable attack vectors. 

Today however, government agencies which in the US include the FBI, Secret Service, and CISA - part 

of Homeland Security, play only a very limited role. This mostly includes the sharing of threat intelligence 

via FBI and InfraGuard briefings, or assistance with forensic investigation following an attack or breach. 

Given the criticality of CNIs to the economy, perhaps it’s time that the government did more. The trouble 

is that in the United States, most CNIs are privately held. As an example, outside of military DHA 

hospitals, the Veterans Administration, and state clinics, the vast majority of US healthcare providers are 

privately owned and operated. Nearly all of these suffer from chronic cybersecurity underfunding and 

under-staffing and have only limited capabilities to protect or defend against a regular cyberattack, let 

alone a state sponsored one. Other CNIs suffer from a similar predicament. 

As health systems continue to modernize and adapt to the changing nature of providing critical health 

services to patients and communities, they become especially vulnerable to cyberattacks. A sprawling 

digital footprint of vast lakes of medical data, AI-based medical applications, and a growing number of 



unmanaged connected IoT devices, all compound historic underinvestment in security. Most providers 

have a hard time understanding what connects to their networks, let alone what internal vulnerabilities 

and risks urgently need to be addressed – even with adequate resources to do so. 

The danger is that a concerted and coordinated nation-state attack against US CNIs would undoubtedly 

be designed in such a way as to distract and divert key resources away from the battlefield. If nine key 

substations are knocked out, the U.S. could suffer a crippling coast-to-coast blackout for 18 months — 

or longer since spare transformers are not available and are no longer being constructed. Aside from the 

deaths of those reliant upon electricity to power their medical devices once battery backups run out, 

millions more city dwellers would die within weeks of a public health crisis as lack of drinkable water or 

the ability to pump and treat sewage resulted pandemic diseases the United States has not witnessed 

since the 19 th century. As a result, society would most likely quickly break down resulting in anarchy. This 

may prove a very attractive and convenient attack vector for an adversarial nation-state to weaken and 

disable the United States, without ever firing a shot and while all the time hiding behind plausible 

deniability. 

The United States and other western nations are particularly vulnerable to such an attack, given our 

reliance upon critical industries. The absence of air traffic control would ground all flights, while trains and 

trucks would cease to transport goods to markets. Highly developed western countries are far more 

dependent upon CNIs than Russia and China where the majority of each population continues to grow 

its own food, or North Korea where electricity is highly unreliable and largely not available outside of 

Pyongyang. A reciprocal attack by the west would therefore have only limited impact. With few 

disincentives, what is to prevent an adversary from launching such an attack? 

Perhaps it’s time that western governments looked a lot closer at the weakness and vulnerabilities of 

their critical industries in the light of modern cyber weapons and recent attacks. Given a responsibility to 

defend and protect citizens, perhaps the US Congress should spend less time infighting and consider 

how best to protect the US population, US businesses and remaining US industries from those who would 

like to weaken and damage the country. 




Richard Staynings is a globally renowned thought leader, author, and 

public speaker. A thirty-year veteran of cybersecurity, he has served 

as a subject matter expert on government Committees of Inquiry into 

some of the highest profile healthcare breaches. 

Richard is currently Chief Security Strategist for Cylera, a pioneer in 

the space of medical device security. He is author of Cyber Thoughts, 

teaches postgraduate courses in cybersecurity, and health 

informatics at the University of Denver, and is a retained advisor to a 

number of friendly governments and private companies. 

Richard Staynings can be reached online at info@cylera.com and at 

our company website https://www.cylera.com/ 



Ruthless Prioritization Is a Myth: Aim for 

Risk-Less Prioritization Instead 

By Craig Burland, CISO, Inversion6 

In a world driven by technology, innovation and rapid change, companies often find themselves touting 

the mantra of "ruthless prioritization." The idea sounds pragmatic: with limited resources and time, you 

must mercilessly cut away the unnecessary to focus on the truly important. Yet, the reality for many 

companies is that they're ill-equipped to genuinely practice this level of prioritization. This is especially 

true in the cyber security domain as the overwhelming barrage of project and operational demands, 

coupled with finite resources, puts mid-level managers in a precarious position. These leaders must 

constantly juggling priorities, often having to choose between stretching resources to the limit, defaulting 

on commitments, or both. The veneer of "ruthlessness" fades quickly, revealing a chaotic mess of 

competing interests and tasks. Instead of the much-touted ruthlessness, there's a more grounded, 

practical approach for cyber teams: prioritize based on risk reduction. 



The Illusion of Ruthless Prioritization 

The very notion of "ruthless prioritization" evokes images of decisive leaders making hard choices with 

an unwavering focus on the most critical tasks and sharing those decisions clearly to the teams doing 

the work. With clear goals in front of them, teams make great progress, striving together reach a common 

objective. However, the implementation of this principle in real-world scenarios often falls short. In the 

intricate web of a company's operational requirements, deciding which projects are the most "critical" 

requires discipline, data and collaboration. Leaders must continually assess new opportunities, evaluate 

available resources and collectively agree on any change. Both large and small companies fail on 

multiple elements of this process. Even pulling back from project level to determining the critical 

strategies is beyond the ability of most organizations. The result is a form of project Darwinism that may 

or may not yield the best outcomes for the organization. The projects that survive may have the most 

persistent project managers, C-level visibility or an urgent deadline – all attributes that may or may not 

make them valuable to the organization’s success. 

Within cyber security, where the stakes are high and the threats are dynamic, this question becomes 

even more complex. Mid-level managers in cyber security find themselves overwhelmed with an array 

of operational demands. From patching vulnerabilities to ensuring compliance, from monitoring threats 

to implementing new security solutions, the list is extensive and ever-growing. Without a finely tuned 

system of ruthless prioritization, these managers often find themselves in a conundrum. Do they stretch 

resources farther, risking burnout or reduced efficiency? Do they opt to ignore operational threats to 

weigh in on a new effort, risking a potential incident? Do they choose to say ‘No’ – a principle of Ruthless 

Prioritization -- risking the political fallout of not being a good partner? These are all lose-lose scenarios. 

Risk-less Prioritization: A Practical Alternative 

Given the challenges of implementing ruthless prioritization, it's time for cyber security professionals to 

consider an alternative approach: risk-less prioritization. Instead of trying to decide which tasks or 

projects are more "important" in abstract terms, this method emphasizes understanding and reducing the 

most significant risks. 

In the realm of cyber security, not all tasks are created equal. Some actions might mitigate severe threats 

that could cripple an organization, while others address minor vulnerabilities that have a low likelihood of 

exploitation. By prioritizing based on risk, cyber teams can focus their energy and resources where they 

will have the most substantial impact. This approach aligns with the very essence of cyber security: 

protecting critical assets from the most significant threats. 

Implementing risk-less prioritization involves a few key steps: 

• Risk Assessment: Regularly assess the cyber security landscape to understand the most pressing 

threats to the organization. Use tools, analytics, and threat intelligence to gain insights into 

potential vulnerabilities and the likelihood of their exploitation. 



• Quantify Impact: Understand the potential consequences of different threats. Which vulnerabilities 

could lead to significant financial losses? Which ones might damage the company's reputation or 

result in regulatory penalties? 

• Allocate Resources: Once the risks are assessed and quantified, allocate resources based on the 

potential impact. Focus on the most significant threats first, ensuring that they're mitigated before 

attending to the lesser ones. 

• Communicate: Ensure that the right people know the risks being mitigated and which ones are 

being temporarily accepted. This is key to validating the decisions made during the assessment 

phase and solidifying support. 

• Iterate and Review: The cyber landscape is dynamic, with new threats emerging regularly. It's 

vital to continuously revisit the risk assessment, ensuring that priorities shift as the threat 

landscape changes. 

Conclusion 

Ruthless prioritization, while a commendable ideal, often remains a myth for many companies. Especially 

within cyber security, the challenges of implementing such an approach are many, given the array of 

pressing demands. However, by shifting the focus from a vague notion of "importance" to concrete risk 

reduction, cyber teams can navigate their priorities more effectively. Risk-less prioritization provides a 

practical, impactful and grounded approach, ensuring that cyber teams protect their organizations against 

the most significant threats first. In a world riddled with cyber threats, it's time to prioritize not ruthlessly, 

but wisely. 


Craig Burland is CISO of Inversion6. Craig brings decades of pertinent 

industry experience to Inversion6, including his most recent role leading 

information security operations for a Fortune 200 Company. He is also a 

former Technical Co-Chair of the Northeast Ohio Cyber Consortium and a 

former Customer Advisory Board Member for Solutionary MSSP, NTT 

Global Security, and Oracle Web Center. Craig can be reached online at 

LinkedIn and at our company website http://www.inversion6.com. 



Ditch the Worry - Switch to Secure WhatsApp 

Alternative 

By Nicole Allen, Senior Marketing Executive at Salt Communications 

Many organisations use WhatsApp for routine business interactions even though it has been designed 

as a personal and social messaging service. The fact that almost everyone has it downloaded on their 

phone provides a significant threat to businesses where WhatsApp is being used. 

Organisations across the globe continue to use WhatsApp more regularly, as well as the likes of Signal. 

By turning a blind eye to the use of these insecure messaging platforms, you are posing an additional 

threat to the organisation and the security of the information being exchanged. 

The following are some of the key reasons that your company should reconsider using WhatsApp for 

communication: 

WhatsApp literally states it shouldn’t be used for business purposes 

The fact that using WhatsApp for business purposes is officially against their own policy is one of the 

crucial reasons why private and public sector organisations should not use it. WhatsApp makes it clear 

that the use of their system for professional matters is against its terms of service. 

"You will not use (or assist others in using) our Services in ways that: 

(f) involve any non-personal use of our Services unless otherwise authorised by us." 



Your employees are putting your organisation at considerable danger of security breaches and data 

breaches if they use WhatsApp for work-related communications on their personal or corporate mobile 

devices. Employees continue to use WhatsApp for business interactions every day despite the numerous 

legal, security, moral, and financial hazards that come with it. 

How did WhatsApp become the preferred tool for businesses? 

Although the usage of illicit communications predates COVID, the pandemic increased the practice as 

the boundaries between personal and professional lives blurred. This trend has continued as remote and 

hybrid working has carried on in a post COVID era. During the pandemic and after, organisations put a 

focus on productivity rather than security and in some cases, compliance. It meant that when lockdown 

hit, professionals operated within a home environment with no monitoring as there would be in an office. 

Therefore, if employees are using unauthorised apps for work communications, organisations need to 

consider data governance risks that could occur. There is a higher level of control if people use an 

authorised application to communicate, such as establishing retention periods to protect the users holding 

sensitive information for an extended period, and compliance configurations. 

Any organisation that uses consumer messaging platforms for business communication runs the risk of 

having confidential information stored and published without restriction if personal and business data are 

combined. Organisations have zero control over private communications, which poses a significant 

security and compliance risk. 

It is proving costly to some of the world’s largest organisations 

While WhatsApp could be deemed to be a practical tool for companies to communicate with customers 

or colleagues, some of the biggest financial institutions in the world have found themselves feeling the 

significant impact of why you should not be using WhatsApp, Signal and other systems for business 

communications. 

Last year, more than a dozen powerful banks, including JPMorgan and Goldman Sachs, paid fines 

totaling more than $2 billion (£1.6 billion) for failing to keep an eye on messages exchanged through non 

compliant consumer messaging apps like WhatsApp. In recent news you may have also seen the Security 

and Exchange Commission (SEC) has just levied eye-watering fines on some of the largest FIs in the 

world, totaling $549 million for the same reason as well as using Signal, another consumer messaging 

system which provides no control to the organisation. 

Consumer messaging systems are a real threat to all organisations. Whether it’s client communications 

where legal or financial advice is being provided or if employees are conversing with one another on 

unsecure messaging apps and their conversations occasionally touch on work-related issues, then those 

conversations would be governed by the data protection law. However the use of WhatsApp, Signal and 



others are continuing to increase across every vertical, from finance, to law firms for internal comms and 

client communications, to even policing, handling national security matters through these means of 

communication. With no control, organisations have no security or compliance boundaries. 

Make the right switch for your business 

The general public can be excused for not being aware of the dangers associated with using WhatsApp 

but it is getting increasingly difficult for businesses to ignore the matter. 

Numerous departments face difficulties with regard to information security and compliance due to 

WhatsApp security threats on a daily basis. When employees use WhatsApp for work without 

authorisation, these are the greatest hazards because security and compliance personnel are blind to 

the risk exposure. 

A dedicated secure communications system created specifically for workplace communication is without 

a doubt the most effective way to keep your business communications secure and your staff more 

engaged when all of the aforementioned concerns are taken into account. To meet the needs of 

governance and risk requirements, organisations must have complete visibility and control all of their 

communications at all times. That control ranges from controlling who is invited to the system, who those 

users can then communicate with when on the system, data storage and retention policies, and further 

integrations which may be required. 

If you want total control over your communication system, consider Salt Communications as either a 

SaaS or on-premise solution. The Salt solution can be readily installed on your preferred infrastructure 

and is perfect for regulatory compliance and advanced security requirements that consumer messaging 

apps wouldn’t protect your organisation against. 

There is no reason why you shouldn't be able to maintain total control over your corporate data if a secure 

communications system is in place. Ditch the worry today by using a secure WhatsApp alternative. 

To ditch the worry of insecure communications, contact us today on info@saltcommunications.com 

About Salt Communications 

Salt Communications is a multi-award winning cyber security company providing a fully enterprisemanaged 

software solution giving absolute privacy in mobile communications. It is easy to deploy and 

uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications 

offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and 

secure communications, to protect their trusted relationships and stay safe. Salt Communications is 

headquartered in Belfast, N. Ireland, for more information visit Salt Communications. 



References: 

https://www.nytimes.com/2023/05/22/business/meta-facebook-eu-privacy-fine.html 

https://www.makeuseof.com/tag/4-security-threats-whatsapp-users-need-know/?newsletter_popup=1 

https://saltcommunications.com/news/how-secure-are-whatsapp-voice-calls/ 

https://www.washingtonpost.com/investigations/2021/07/24/whatsapp-pegasus-spyware/ 

https://www.whatsapp.com/legal/businessterms#:~:text=Company%20must%3A%20(a)%20maintain,our%20Business%20Services%20or%20if 

https://www.bloomberg.com/news/articles/2022-09-27/wall-street-whatsapp-probe-poised-to-result-inhistoric-fine 


Nicole Allen, Senior Marketing Executive at Salt Communications. 

Nicole has been working within the Salt Communications Marketing 

team for several years and has played a crucial role in building Salt 

Communications reputation. Nicole implements many of Salt 

Communications digital efforts as well as managing Salt 

Communications presence at events, both virtual and in person events 

for the company. 

Nicole can be reached online at (LINKEDIN, TWITTER or by emailing 

nicole.allen@saltcommunications.com) and at our company website 

https://saltcommunications.com/ 



Shifting Left Means Shifting Smart: Managing 

Software Risk With ASPM 

By Natasha Gupta, Senior Security Solutions Manager, Synopsys Software Integrity Group 

As organizations embrace digital transformation efforts to speed up software delivery, security practices 

have had to evolve. Development teams are increasingly shifting toward the software factory model— 

setting up a scalable framework across people, processes, and tools for standardizing how applications 

are developed and maintained. This has implications for how security workflows are implemented, 

particularly when looking at testing automation, validating security controls, and building more secure 

code. To keep up with the pace of modern development, application security programs need to achieve 

the following: 

• Enforce checks at each stage of the software development lifecycle (SDLC): Organizations 

need solutions that can integrate assessment, controls, remediation, and validation within 

pipelines to maintain continuous compliance. This includes centrally defining and enforcing 

policies that orchestrate testing and prioritization. 

• Provide accountability and transparency: Security and development teams need an accurate, 

global perspective of all applications, components, and associated security data. This context is 



equired to understand the full scope of software risk, and the effectiveness of current security 

tooling and teams. 

• Connect key data sources, tools, and workflows within the existing environment: It is vital 

to enable a frictionless path to security adoption across multiple development teams by 

connecting existing tools, issue-tracking, and software delivery frameworks within a uniform user 

experience. This simplifies training, breaks siloes across interrelated teams, and above all, 

standardizes security visibility across all sources of software. 

In practice, many organizations achieve these capabilities in a piecemeal fashion using a variety of tools 

including vulnerability management platforms, application security testing (AST) tools, and homegrown 

methods for issue-tracking and reporting. While these methods provide data and context on issues that 

are uncovered at various stages of the SDLC, they offer an assortment of snapshots that can’t be easily 

pieced together. The expanding threat footprint has accelerated the need for solutions that unify 

fragmented tools, data, and workflows to provide a holistic view of software risk. This has driven the 

evolution of application security posture management (ASPM). 

What is ASPM? 

ASPM solutions consolidate security data, visibility, and enforcement of controls across software 

development, deployment, and operations. They enable organizations to distill security signals across 

multiple sources of security data, orchestrate tooling, and view risk posture across all applications within 

a single management layer. According to a recent Gartner study, over 40% of organizations developing 

proprietary software applications will adopt ASPM by 2026 to rapidly identify and resolve application 

security issues. There are several key capabilities that ASPM solutions provide to accelerate security 

efficacy. 

• Integrates with your existing tools: Often, organizations use security tools from multiple 

vendors to cater to different scanning needs (SAST, SCA, IAST, DAST, API scanning, and more). 

Each of these tools provides their own assessment of risk, but lacks the larger context of other 

testing results or the business criticality of key software components and assets. ASPM solutions 

provide value by integrating with all third-party security and developer tooling, and normalize data 

from these tools to provide a single source of truth with a common risk taxonomy. This is central 

to how ASPM solutions provide context on vulnerable software assets, and map out visibility of 

all relevant issues at every stage of the SDLC. 

• Provides a way to define, manage, and enforce policies: Setting universal security policies is 

key to implementing guardrails which prevent issues from going downstream. ASPM solutions 

provide a way to specify policies which define criticality thresholds, remediation SLAs, and testing 



triggers to allow for a more standardized enforcement of security practices. This takes the 

guesswork out of security decisions and eliminates redundant testing cycles. 

• Enables teams to prioritize the right work: ASPM solutions allow you to define risk criteria to 

identify which security work to prioritize, and how issues should be triaged. This criteria can 

include context on business-critical software assets, compliance violations, and issue severity. 

With these capabilities, developers can eliminate unnecessary escalations and focus on the 

security work that matters most. 

• Provides a holistic summary of software risk: An ASPM solution provides context about where 

an organization’s most vulnerable software resides, whether issues have been resolved, and any 

policy or compliance violations. This provides a way for teams to gauge the effectiveness of their 

overall application security program, and enables them to audit their software accurately. 

Today, most organizations understand that software risk equals business risk, and bridging the process 

gap between development and security teams is key to addressing that risk. With ASPM, organizations 

can substantially reduce the threat to their business by shifting their application security model to keep 

pace with modern development, and amplify the value of their existing security tooling. 


Natasha is a Senior Security Solutions Manager at Synopsys, driving goto-market 

strategy for Software Risk Manager, an Application Security 

Posture Management (ASPM) solution. She has worked for ten years in 

the cybersecurity and enterprise networking space. Prior to Synopsys, 

Natasha was with ServiceNow, where she managed product marketing 

initiatives for ServiceNow Security Operations, a SOAR platform for 

incident and vulnerability management. 

She has also held previous roles in product marketing and software 

product management at Imperva and A10 Networks. Visit our company 

website: https://www.synopsys.com/software-integrity.html 



The Crumbling Castle 

By Jaye Tillson, Director of Strategy, Axis Security 

In the realm of IT security, the traditional "castle and moat" strategy involved building a strong perimeter 

around the corporate network, like a medieval castle surrounded by a moat, to keep threats at bay. 

However, in today's modern workplace, this approach no longer provides adequate protection for the 

modern workforce. 

The Changing Landscape of IT Security 

The old castle and moat design worked well when corporate data and applications resided primarily within 

a physical data center, and employees accessed it from fixed locations using company-owned devices. 

However, several key factors have reshaped the IT security landscape, rendering this approach obsolete: 



• The Rise of Remote Work: The COVID-19 pandemic accelerated the shift toward remote work 

and today, employees access corporate resources from various locations and from a multitude of 

devices which blurs the lines of the traditional perimeter. 

• Cloud Computing: Over the last few years cloud services have become integral to modern IT 

infrastructures. Many organizations are increasingly relying on cloud providers like AWS, Azure, 

and Google Cloud, which operate outside the castle's walls. 

• Mobile and BYOD Policies: Bring Your Own Device (BYOD) policies are now commonplace in 

organizations, allowing employees to use their personally owned devices for work. Often, these 

devices do not meet the same security standards as company-owned and purchased devices. 

• IoT Expansion: The proliferation of Internet of Things (IoT) devices has a large number of diverse 

endpoints, many of which are increasingly challenging to secure and are often vulnerable to 

attacks. 

• Sophisticated Threats: Cybercriminals have evolved to bypass many of the traditional security 

measures. They use advanced tactics such as social engineering, phishing, and zero-day 

exploits, which render once very strong castle's walls ineffective. 

Why the Castle and Moat Approach Fails 

The castle and moat approach focuses on defending the perimeter, assuming that threats originate from 

the outside. However, modern threats can emerge from within the network, making this strategy 

insufficient. The design lacks visibility into user and device activities once they breach the perimeter. 

These blind spots often lead to delayed threat detection and response. 

Managing access control for remote workers, BYOD devices, and cloud services within a castle and moat 

model is also overly complex, leading to vulnerabilities. As organizations grow and adopt new 

technologies, expanding the castle's walls becomes impractical and costly. 

The castle and moat approach also hinders user experience with cumbersome authentication processes 

and restricted access that reduce productivity and are inefficient. 

Modernizing IT Security: A New Paradigm 

To adapt to the evolving IT landscape, I believe that architects must embrace a modern security paradigm 

that prioritizes the following principles: 

• 

Zero Trust: Implement a Zero Trust security model assumes threats can exist both outside and 

inside the network. It is important in this new world that trust is never assumed and is continuously 

verified for users, devices, and applications. 

• Identity-Centric Security: We need to shift the focus from network perimeters to user and device 

identities. Strong identity and access management (IAM) solutions are critical in ensuring secure 

access regardless of location or device. 



• Continuous Monitoring: Deploying robust monitoring and analytics tools will help us gain real-time 

visibility into our user activities and potential threats. 

• Cloud-Native Security: Integrating security into cloud services and adopting cloud-native security 

tools and practices will help protect data and applications wherever they reside. 

• User Education: Educating employees and communicating security best practices, including how 

to identify and report potential threats like phishing attempts helps change organizational culture 

to be more security-focused. 

Conclusion 

I believe that the days of relying solely on a castle and moat design for IT security are long gone. As our 

digital landscape evolves, we architects should begin to adapt our security strategies to meet the 

challenges posed to us by remote work, cloud computing, and a multitude of devices. 

Embracing a Zero Trust, identity-centric approach with continuous monitoring and cloud-native security 

measures will help us to better protect our users, their devices, and our applications in this ever-changing 

world. 

I believe it's now the time to leave the crumbling castle behind and build a new, resilient fortress for this 

new digital age. 




Jaye Tillson is a Field CTO at Axis Security, boasting over 25 years of 

invaluable expertise in successfully implementing strategic global 

technology programs. With a strong focus on digital 

transformation, Jaye has been instrumental in guiding numerous 

organizations through their zero-trust journey, enabling them to thrive in 

the ever-evolving digital landscape. 

Jaye's passion lies in collaborating with enterprises, assisting them in their 

strategic pursuit of zero trust. He takes pride in leveraging his real-world 

experience to address critical issues and challenges faced by these businesses. 

Beyond his professional pursuits, Jaye co-founded the SSE Forum and co-hosts its popular podcast 

called 'The Edge.' This platform allows him to engage with a broader audience, fostering meaningful 

discussions on industry trends and innovations. 

In his leisure time, Jaye indulges in his passions for motor racing, savoring delectable cuisine, and 

exploring the wonders of the world through his travels. 



The Cybersecurity Bridge: A Necessary 

Connection for IT and Communications 

By Jeff Hahn, principal of Hahn, and Kenneth Holley, Principal and chairman of Silent Quadrant 

With the increasing unpredictability and sophistication of cyber threats, IT and communications 

departments must align and build a joint cybersecurity strategy to protect client information and 

stakeholders from costly negative impacts. 

Statista reports between 2023 and 2028, the global estimated cost of cyber crime is forecasted to 

increase by $5.7 trillion. By 2028, the cost of cybercrime worldwide is estimated to more than double to 

$13.82 trillion. 

To further understand what may be causing a disconnect between IT and communications departments 

on prioritizing cybersecurity, Hahn and Silent Quadrant interviewed senior-level communication 

executives and IT professionals across the U.S. 

Among the majority of participants, the findings showed the current level of cyber attack preparedness is 

low with unclear implementation. A majority of IT respondents had a rapid response plan in place but 

didn’t know how or who was responsible for communicating it. Most of the communications executives 

admitted never seeing a rapid response plan, or if they did, it was confusing. 



In terms of prioritization, out of eight items, cybersecurity was ranked fifth overall. All participants 

mentioned their companies prioritized other goals over cybersecurity, such as client satisfaction and 

business growth. However, most participants agreed cybersecurity should be a higher priority because 

of its potential to affect core business operations. 

For most participants, cyber attacks are handled internally until external resources are needed. When 

determining whether to bring in an external vendor, IT considered expertise and certifications, while 

communications focused on confidentiality. Smaller companies who may not have the right expertise inhouse 

are more likely to hire an external vendor. 

It’s often unclear what steps a company can take to persuade leadership on the importance of 

cybersecurity and effectively build and communicate a plan. Following the survey, three key solutions 

emerged on how to bridge the cybersecurity gap between IT and communications departments. 

Build a cyber-aware culture: 

Oftentimes, leadership can’t visualize how cybersecurity can impact the bottom-line or think cybersecurity 

insurance is enough to cover damages. Therefore, they don’t prioritize or put funding towards it. 

Companies can appoint a Chief Information Security Officer to oversee cybersecurity initiatives and 

ensure it’s integrated and communicated throughout an organization. The Hahn team undergoes 

quarterly cybersecurity reviews with Silent Quadrant to ensure proper security controls are in place and 

operating effectively. Our team acts as a human firewall by training monthly on how to recognize and 

respond to threats. 

Build a joint cyber rapid response plan with regular updating and testing: 

Cybersecurity is an ongoing investment and requires time and funds for regular updates and 

maintenance. However, the cost outweighs potential risks, affecting jobs, operations, reputations and 

client trust. Many companies believe the chances for a data breach are low or their current security 

measures are sufficient. Unfortunately, as we saw with the disastrous Colonial Pipeline hack, even just 

one attack can come with severe effects. Hahn’s information security program is built upon the Silent 

Quadrant Cybersecurity Framework, which exceeds National Institute of Standards and Technology 

standards. With the help of a cybersecurity experts and rapid response workshops, companies can build 

a functional plan and continually assess one’s current security posture by testing for vulnerabilities. 

Build an effective method to communicate the plan: 

For a cyber rapid response plan, remove any technical jargon which could be misinterpreted or lead to 

confusion. Make sure everyone fully understands the procedure, roles and responsibilities. Hahn, with 

Silent Quadrant’s support, teaches clients to make security best practices instinctual by inviting internal 



stakeholders –– from legal and human resources to procurement and environment, health & safety –– to 

the training table. 

Having an aligned, companywide cyber rapid response plan will help companies respond more quickly 

to cyber attacks, deliver consistent communication to all stakeholders and take timely remedial actions. 

This is a necessary responsibility as gatekeepers of client information to provide that level of security and 

trust. 

About the Authors 

Jeff Hahn is the principal of Hahn, an Austin-based predictive marketing firm, 

and author of Breaking Bad News. He is a crisis communication expert with 

30 years experience in communications and public relations. He can be 

reached on LinkedIn or by email at jeff.hahn@hahn.agency. 

Kenneth Holley is the principal and chairman of Silent Quadrant, a digital 

protection agency. He founded Silent Quadrant in 1993, and since then, it’s 

delivered incomparable digital security, digital transformation, and digital 

risk management within the world's most influential government affairs 

firms, associations, and US businesses. With a particular focus on 

infrastructure security and data protection, he’s assisted many clients, 

including foreign sovereignties, ensure brand and profile security. He can 

be reached on the Silent Quadrant website, LinkedIn or by email at 

kenneth@silentquadrant.com 



Three Things to Know About the New SEC 

Rules on Sharing Information and Breach 

Disclosure Deadlines 

SEC's New Guidelines Prompt Proactive Cyber Risk Management 

By Meghan Maneval, Director of Technical Product Management at RiskOptics 

Recently, the Securities and Exchange Commission (SEC) adopted rules about the handling and 

reporting of cyber risks and breaches. With these new guidelines and regulations, public companies and 

organizations must disclose cybersecurity incidents experienced in a timely manner and any information 

regarding their cybersecurity risk management, strategy and governance annually. These new rules will 

bring both consistency and timeliness to reporting with the goal of more accurate reports. 

While the SEC previously announced guidelines in 2011 and 2018 regarding the reporting of cyber 

incidents, they left room for frequent delays and a need for more sufficient details. Since then, the SEC 

has spent over a year deliberating the nuances of the proposed rules and collecting feedback from 

cybersecurity professionals and companies to refine the content. With these new guidelines, companies 

now must report “material” cyber incidents within four days, provide information and updates on 



previously disclosed incidents each quarter, annually report on cybersecurity risk management strategy 

and adopt controls to mitigate cyber risk. 

Although these new rules and guidelines may seem excessive to some, they’re an essential step towards 

a stronger and more proactive approach to cyber risk management. Let’s look at a few key takeaways 

from this ruling and what they might mean to your organization. 

1) Organizations should always be audit ready and then some. 

The primary concern many organizations may have with these new rules is the requirement to report a 

material incident within four days. This can be difficult if you don’t have integrated systems that share 

and aggregate data. This can lead to delays in investigations and potentially missing the required 

disclosure date. To accomplish the new rule’s requirements, organizations need to be proactive in 

collecting data and continuously monitoring their controls. The bottom line is that auditors and hackers 

are looking for the same thing - control failures. If organizations are continuously monitoring and testing 

for them, it’s less likely hackers will find an opening, meaning that audit-ready organizations that are also 

incident-ready! 

Being audit-ready means having a holistic approach to security and compliance that includes risk 

assessment, real-time continuous compliance monitoring, training for employees and effective 

communication. Having these critical pieces in place and automating the right processes is extremely 

important for organizations in the wake of this rule because it enables them to meet the reporting 

requirements faster, with less effort, and with less disruption to ongoing activity. 

To have the best understanding of where risk lies in the business, organizations should leverage a risk 

management and compliance tool. By auditing against compliance standards, organizations are able to 

see where their inherent business risk lies, and in turn, make decisions to remediate that risk and reduce 

exposure. Additionally, a robust risk management tool will allow security leaders to quickly understand, 

evaluate and convey the impact of risk on the business aspects they care about the most. 

2) Boards need to have a deeper understanding of cyber risk and security than ever before. 

Part of the rule requires companies to disclose how much the board knows about cybersecurity and how 

their organization is implementing cybersecurity tactics and best practices. This begins with general 

education on cybersecurity and the current threat landscape. Organizations can accomplish this with 

trainings, providing educational materials or appointing an expert in cybersecurity to the board to help 

guide conversations. This foundational step is critical to acting with purpose. 

It’s also essential to consider the board members’ awareness of what’s going on within the organization, 

what initiatives are currently in place and what risks impact success. To do this effectively, security 

leaders must translate cyber risk and its impact into a language that board members will understand – 

dollars and cents. 



For example, if a security leader notes a non-conformity with the California Consumer Privacy Act, the 

board may not know why it is a concern. Instead, communicating that the organization has an increased 

risk of reputational damage or fines for noncompliance ensures the impact is conveyed and they can 

invest in the right areas to reduce those risks. Security leaders should re-visit their current cybersecurity 

plan, showing the board where investments are needed to close the cyber risk gap. 

3) The new rules will significantly benefit companies that talk more about their risk. 

Most importantly, this ruling emphasizes the need to take a proactive approach to risk management. 

Organizations must understand their cyber risk posture, and the context of their risks, so they are 

prepared to act if a risk is realized. 

As the SEC sets this precedent, it benefits companies to make risk a part of every conversation. By doing 

so, key stakeholders can understand the full impact of said initiatives on the business and propel forward 

based on those risk-informed decisions. This requires having a 360-degree view of cyber risk and its 

constituent parts (such as vulnerabilities, threats and third parties) to enable action within the required 

timeframe. 

Although these new rules seem scary and intimidating, they are not going to upend enterprises. 

Ultimately, if companies have been doing what they were supposed to be doing all along, this new 

timeframe will only further encourage transparency and accountability. With a proactive approach to 

cybersecurity and risk management, companies will be further prepared to monitor for threats and 

vulnerabilities, reporting them quickly as they arise. 


Meghan Maneval is the Director of Technical Product Management at 

RiskOptics. She leads RiskOptics’ Technical Product Management 

team- tasked with developing and evangelizing innovative ways to solve 

industry problems. 

Fun fact about Meghan- she was a RiskOptics customer before joining 

the team! After more than 15 years managing security, compliance, 

audit, governance, and risk management programs in highly-regulated 

industries, Meghan joined RiskOptics in 2022 to help drive product 

innovation and empower our customers to achieve their objectives. 

Meghan is a passionate security and risk evangelist, DIBs champion, and home-renovation enthusiast 

specializing in process improvement and program iteration. Meghan enjoys giving back to the security 

and risk community through blogs, whitepapers, webinars, conference presentations, and podcasts. 

Meghan can be reached online on LinkedIn and at our company website https://riskoptics.com/. 



Striking The Right Balance: Cloud and Cyber 

Priorities for SMEs 

By Mark Allen, Head of cyber, CloudCoCo 

As small and medium-sized enterprises (SMEs) embark on their digitalization journey, they face a crucial 

dilemma: Should they prioritize the adoption of cloud solutions or enhance their cyber security defences? 

Both aspects are essential, but finding the perfect equilibrium can be a daunting task, especially when IT 

budgets are tight. 

In this article, we turn to Mark Allen, head of cyber security at UK-based technology firm CloudCoCo, to 

gain insights into the most pressing priorities for SMEs. 



Cloud adoption has witnessed a significant surge in recent years, and for good reason. It offers scalable 

infrastructure, enhanced collaboration tools, and cost-efficiency, among other benefits. The ability to 

streamline operations, scale services on demand, and respond rapidly to market dynamics has made it 

an indispensable force in the modern business landscape. 

Nevertheless, digital transformation brings its own set of challenges. With more data storage, networking 

components, and virtualized resources in the cloud, the potential for threat actors to exploit vulnerabilities 

increases. As such, SMEs must carefully weigh the advantages against potential security and privacy 

risks. 

Establishing trust among customers and stakeholders is vital for organizations aiming to carve out a 

strong market presence. However, an excessive focus on cyber security might impede the seamless 

support that cloud adoption can offer. Striking the perfect balance between these two priorities is 

essential. 

Assessing priority factors 

Cyber security should serve as a foundational consideration that informs cloud strategy, rather than act 

as an afterthought. Just as every organization has unique needs, the extent of security measures required 

varies. For instance, a financial services firm handling sensitive customer data will likely need more robust 

security than a creative agency. Growth aspirations also play a pivotal role; as a business expands, 

so does the blast radius of potential cyber attacks. 

Contrary to popular belief, SMEs don't have to exhaust their financial resources. Cyber security can be a 

significant but necessary investment, but it's about focusing on smart strategies that provide robust 

protection during the transition to the cloud. These investments should not solely revolve around 

prevention though, as perpetrators are often one step ahead. Identifying, isolating, and remediating risks 

at the earliest opportunity should be the focus, as even well-intentioned employees can make mistakes. 

Securing endpoints should be a top priority. 

Conducting an in-depth analysis of an SME's existing tech infrastructure – including legacy on-premises 

systems and elements already in the cloud – can reveal vulnerabilities that are compromising your firm’s 

security posture and uncover redundant systems that may be inflating budgets. This analysis ensures 

that systems are truly optimized before proceeding with the cloud transition, as integrating security midmigration 

poses greater risks. 

While hyperscalers like AWS, Microsoft, and Google offer valuable services, organisations' cyber security 

responsibilities do not vanish when migrating to the public cloud. Factors like firewalls, encryption, and 

endpoints still require careful consideration. 



Security matters 

As the migration progresses, cyber security should no longer be viewed in isolation but as an integral 

part of the broader cloud adoption project. A comprehensive approach — combining expert guidance, 

advanced technology, and continuous evaluation — is key to achieving a successful, integrated strategy. 

Cyber threats evolve constantly, rendering today's measures potentially inadequate for tomorrow. SMEs 

must stay at the forefront of technology to effectively combat ever-changing challenges. Seeking the 

assistance of a cloud-agnostic security expert for a comprehensive review can significantly enhance 

proactive measures, whilst keeping costs from spiraling. 

Cyber risk assessments, often incorporating AI and automation alongside human expertise, provide a 

holistic view of an SME's security posture. This analysis yields a general security score that guides further 

development to mature the cloud roadmap. 

In the world of cyber security, just as in academics, it's wise not to grade your own homework. With 

higher stakes and increasing risks, SMEs shouldn’t treat their digital tech estateany differently. 


Mark Allen is the Head of Cyber at CloudCoCo. He is the latest 

addition to the Cloud CoCo senior team, bringing with him 18 years 

of technical and commercial industry experience. Having worked 

for a number of telecoms, software, and digital transformation 

organisations during his career, his last three roles have centered 

on strengthening the MSP offerings within UK ISPs. Attracted by 

CloudCoCo’s ambition to become a modern MSP with a difference 

— not least due to it’s recently unveiled multi-cloud proposition for 

customers that want to hyperscale — he now leads on the firm’s 

cybersecurity offering. 

Mark can be reached online at (Mark.Allen@cloudcoco.co.uk, 

https://www.linkedin.com/in/mark-allen-61a8a31a/) and at our 

company website https://cloudcoco.co.uk/. 



The Tech Jobs That AI Will Not Disrupt 

By Michael Gibbs, CEO — Go Cloud Careers 

Artificial intelligence is the most exciting innovation to hit the tech world in decades. It has unleashed new 

capabilities that promise to significantly reshape the way tech work is done. It also has millions of tech 

workers worried. 

Media reports suggest that AI could replace as many as 5 percent of full-time technology roles each year 

over the next four to five years. That would account for 250,000 jobs a year in the US alone. 

The good news for tech workers is AI has its limitations. The key for today’s tech worker is understanding 

which jobs AI can’t do. 



Capitalizing on AI’s weaknesses 

Artificial intelligence is a disruptive technology that changes how we work and how we live. The 

businesses that leverage it gain a competitive advantage, while those who don’t find themselves unable 

to compete. 

The disruption that AI is bringing to the cybersecurity space can already be seen. Recent reports show 

that AI-assisted cybersecurity dramatically shortens the length of data breach lifecycles, reducing them 

by more than 100 days and saving organizations nearly $2 million in breach-related costs. AI delivers 

cybersecurity results that are faster, more precise, and more effective than those provided by humans 

alone. 

Still, AI is incapable of accomplishing a lot of tasks conducted in the tech space. It cannot lead teams of 

people, establish meaningful connections with clients and coworkers, or convince a CEO of the need to 

commit resources to enhancing technology platforms. 

Tech workers who want to thrive in the AI era will need to focus on developing and delivering those types 

of human skills. 

Developing future-proof skills 

The tech workers who want to be safe as AI evolves must move beyond mastering technology to become 

experts at leveraging technology to improve business performance. Those who cultivate business 

acumen have key insights into the ways finances, operations, strategy, and competition impact business 

success. Bringing that understanding to the tech space allows them to deliver solutions rather than just 

products. 

Executive presence is another skill that can help tech workers to become future-proof. It allows them to 

step into meetings with C-suite level leaders, speak their language, understand their issues, and address 

their concerns. AI may be able to detect malware faster than a human, but it can’t explain to a CEO the 

return on investment his company will get from an AI-driven cybersecurity platform. 

Emotional intelligence is being cited as one of the most important skills for workers to develop in the age 

of AI. EQ generally allows workers to build better relationships with clients and coworkers by 

understanding and managing emotions. Employees with high EQ are also considered to be highly flexible 

and adaptable, which are critical skills to have in today’s ever-changing workplace. 

AI does not bring any of these important skills to an organization, which means those who can provide 

them will be in high demand. Tech workers who are relying on technical, hands-on skills, however, may 

find themselves quickly replaced by AI. 



Examples of tech jobs that will survive 

Cloud architects and enterprise architects stand as great examples of tech positions AI won’t replace. 

Architects design solutions that improve business performance. To do that, they must deliver all of the 

future-proof skills listed above. 

The architect must interview clients to identify their business goals. This requires business acumen, 

executive presence, and emotional intelligence. Consider also that in some cases the key conversations 

between an architect and a client take place over dinner or on a golf course, two very human venues 

where AI offers little value. 

Once architects understand clients’ needs, they must lead a team of tech pros who bring solutions to life. 

This requires overseeing the creation of a tech blueprint that delivers the proper solution. Emotional 

intelligence and leadership are key qualities that architects bring to this process. 

Those in the right positions — which are those heavily dependent on human skills — shouldn’t doubt 

their job security in the age of AI. In fact, they may even see salary growth as they leverage AI to develop 

even more effective and efficient technology solutions. 

For those whose expertise is limited to hands-on positions, now is the time to consider developing the 

skills that will allow you to shift to new technology roles. AI can already do many hands-on tech jobs 

cheaper, faster, and with higher accuracy than the humans who previously managed them. As the 

technology evolves, it promises to automate more and more positions within the tech space. 


Michael Gibbs is the CEO of Go Cloud Careers, a global organization that 

provides training for elite cloud computing careers. Go Cloud Careers is 

focused on helping individuals achieve their dream technology careers by 

getting hired. Michael has 25 years of experience in networking, cloud 

computing, and IT security. 

Michael can be reached online at info@gocloudcareers.net, YouTube, 



















CyberDefense.TV now has 200 hotseat interviews and growing… 

Market leaders, innovators, CEO hot seat interviews and much more. 

A division of Cyber Defense Media Group and sister to Cyber Defense Magazine. 



Free Monthly Cyber Defense eMagazine Via Email 

Enjoy our monthly electronic editions of our Magazines for FREE. 

This magazine is by and for ethical information security professionals with a twist on innovative consumer 

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our 

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best 

ideas, products and services in the information technology industry. Our monthly Cyber Defense e- 

Magazines will also keep you up to speed on what is happening in the cyber-crime and cyber warfare 

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of 

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here 

to sign up today and within moments, you’ll receive your first email from us with an archive of our 

newsletters along with this month’s newsletter. 

By signing up, you’ll always be in the loop with CDM. 

Copyright (C) 2023, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. 

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a 

CyberDefenseAwards.com, CyberDefenseConferences.com, CyberDefenseMagazine.com, 

CyberDefenseNewswire.com, CyberDefenseProfessionals.com, CyberDefenseRadio.com, and 

CyberDefenseTV.com, is a Limited Liability Corporation (LLC) originally incorporated in the United States of 

America. Our Tax ID (EIN) is: 45-4188465, Cyber Defense Magazine® is a registered trademark of Cyber 

Defense Media Group. EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide. 


All rights reserved worldwide. Copyright © 2023, Cyber Defense Magazine. All rights reserved. No part of this 

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, 

recording, taping or by any information storage retrieval system without the written permission of the publisher 

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of 

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may 

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect 

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content 

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at 



276 Fifth Avenue, Suite 704, New York, NY 1000 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 


www.cyberdefensemagazine.com 

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA) 

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 11/02/2023 



Books by our Publisher: https://www.amazon.com/stores/Gary-Miliefsky/author/B07KQJM1GP (with others coming 

soon...) 

11 Years in The Making… 

Thank You to our Loyal Subscribers! 

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know What You Think. 

It's mobile and tablet friendly and superfast. We hope you like it. In addition, we're past the five 

nines of 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content 

Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and 

CyberDefenseMagazine.com up and running as an array of live mirror sites. We successfully 

launched https://cyberdefenseconferences.com/and have another amazing platform coming 

soon.

The Cyber Defense eMagazine November Edition for 2023

Create successful ePaper yourself

Delete template?

Save as template?