The Cyber Defense eMagazine September Edition for 2024

The Importance of Data Anonymization 

In Safeguarding Sensitive Legal 

Information 

Lessons from the Global IT Outage of 

July 19, 2024 

Apple & OpenAI’s New Features: A First 

Look Through the Eyes of the US’ First 

Female CIO 

…and much more… 

Cyber Defense eMagazine – September 2024 Edition 1 

Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

` 

CONTENTS 

Welcome to CDM’s September 2024 Issue ----------------------------------------------------------- 10 

The Importance of Data Anonymization In Safeguarding Sensitive Legal Information-------- 22 

By Oscar Villanueva, CEO, Nymiz 

Lessons from the Global IT Outage of July 19, 2024 --------------------------------------------------- 29 

By Andrew Douthwaite, Chief Technology Officer, VirtualArmour 

Apple & OpenAI’s New Features: A First Look Through the Eyes of the US’ First Female CIO 33 

By Theresa Payton, Founder, Fortalice Solutions 

The Initial Engagement Process for Contracting with a vCISO -------------------------------------- 37 

By Pete Green, vCISO, Cybersecurity Consultant and Reporter for Cyber Defense Magazine 

Shifting The Focus: From Compliance to Secops In Supply Chain Security---------------------- 42 

By Emily Hodges, COO, Risk Ledger 

Preparing for EU AI Act from a Security Perspective -------------------------------------------------- 45 

By Manpreet Dash, Global Marketing and Business Development Lead, AIShield 

Steps To Protect Against Cybersecurity Threats During Mergers and Acquisitions ------------ 55 

By Saugat Sindhu, Senior Partner and Global Head, Advisory Services, Wipro Limited 

BYTE BY BYTE -------------------------------------------------------------------------------------------------- 58 

By Thomas Terronez, CEO, Medix Dental IT 

Why Manufacturing IT Leaders are Turning to AI-Powered Cybersecurity Training ------------- 62 

By Sam Zheng, PhD., CEO & Co-Founder, DeepHow 

A CISO’s Guide to Managing Risk as the World Embraces AI ---------------------------------------- 65 

By Karthik Swarnam, Chief Security and Trust Officer, ArmorCode 

A Cloud Reality Check for Federal Agencies ------------------------------------------------------------ 68 

By James Langley, Master Solutions Consultant, Hitachi Vantara Federal 

The Unsolvable Problem: XZ and Modern Infrastructure--------------------------------------------- 71 

By Josh Bressers, Vice President of Security, Anchore 

Autonomous, Deterministic Security for Mission-Critical IOT Systems -------------------------- 74 

By Tal Ben-David, VP R&D and Co-Founder, Karamba Security 



Benefits of Network Monitoring Systems ---------------------------------------------------------------- 81 

By Eddy Abou-Nehme, Owner and Director of Operations at RevNet 

Beyond Encryption: Advancing Data-in-Use Protection ---------------------------------------------- 84 

By David Close, Chief Solutions Architect at Futurex 

Big Faces, Big Spend, Low ROI: Why Ad Fraud is Increasingly Damaging Brands --------------- 88 

By Chad Kinlay, Chief Marketing Officer, TrafficGuard 

Breaking Up with Your Password: Why It’s Time to Move On ---------------------------------------- 91 

By Zarik Megerdichian, Founder and CEO, Loop8 

Cybersecurity At the Crossroads: The Role Of Private Companies In Safeguarding U.S. 

Critical Infrastructure --------------------------------------------------------------------------------------- 95 

By Chris Storey, Director of Business Development, Qriar Cybersecurity 

Ditch The Cloud Security Labels to Nail Detection and Response --------------------------------- 98 

By Jimmy Mesta, Co-Founder and CTO, RAD Security 

Is There a DDoS Attack Ceiling? --------------------------------------------------------------------------102 

By Gary Sockrider, Director, Security Solutions, NETSCOUT 

Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses----------105 

By Olga Kundzich, CTO and Co-founder, Moderne 

The Urgent Need for Data Minimization Standards ---------------------------------------------------109 

By Kathrin Gardhouse, Privacy Evangelist, Private AI and Patricia Thaine, CEO & Co-Founder, Private 

AI 

Securing the OT Stage: NIS2, CRA, and IEC62443 Take Center Spotlight ------------------------115 

By Vinny Sagar, Solution Architect, swIDch 

Best Practices in Cybersecurity With Exhaustive Static Analysis To Secure Software Integrity 

-------------------------------------------------------------------------------------------------------------------121 

By Gavin Hill, CMO, TrustInSoft 

Embracing The Intersection of Ethics and Digital Trust----------------------------------------------127 

By Pablo Ballarín, ISACA Emerging Trends Working Group, ISACA 

Driving Security Forward: How Automakers Can Stay Ahead of Cyber Threats and 

Compliance Challenge -------------------------------------------------------------------------------------130 

By Oron Lavi, Chief Technology Officer and Co-Founder, Argus Cyber Security 



Best Practices for Effective Privileged Access Management (PAM) ------------------------------134 

By Marcus Scharra, CEO at senhasegura 

Is Platform Engineering a Step Towards Better Governed DevOps? ------------------------------137 

By Kapil Tandon, VP of Product Management for Perforce 

Russia, Apple, And the New Front Line in The Fight for Internet Freedom -----------------------139 

By Sebastian Schaub, CEO, hide.me 

The Traditional Advocates of the Security Perimeter Don't Want You to Know about Data- 

Centric Security ----------------------------------------------------------------------------------------------142 

By Luis Ángel del Valle, CEO, SealPath Technologies 

Protect SAP Supply Chains by Preventing Cyber Attacks -------------------------------------------147 

By Christoph Nagy, CEO, SecurityBridge 

How To Navigate Certification Authority Distrust: Preventing Critical Incidents by Switching 

To A New Vendor ---------------------------------------------------------------------------------------------150 

By Debbie Hayes, Director of Product Marketing, GMO GlobalSign 

The Common Goods and Shared Threats of the Software Supply Chain-------------------------153 

By Frank Catucci, CTO and Head of Security Research, Invicti 

Fight Fire with Fire: 3 Strategies to Defeat Deepfakes -----------------------------------------------158 

By Hal Lonas, Chief Technology Officer, Trulioo 

Navigating the Security Risks and Efficiency Gains of GenAI in Healthcare --------------------162 

By Lior Yaari, CEO, Grip Security 

A Guide for SMB Defense Contractors to Achieve CMMC Compliance --------------------------166 

By Seth Steinman, Vice President, PreVeil 

The Role of AI in Evolving Cybersecurity Attacks -----------------------------------------------------170 

By Will Poole, Head of Incident Response, CYFOR Secure | Cyber Security 

The Fundamental Components to Achieving Shift-Left Success ----------------------------------173 

By Scott Gerlach, CSO and Co-Founder at StackHawk 

AT&T Breach 2024: Customer Data Exposed in Massive Cyber Attack ---------------------------176 

By Elena Thomas, Digital Content Strategist, SafeAeon Inc. 



The Key to AI-Enabled Multi-Coalition Warfare--------------------------------------------------------180 

By George Kamis, CTO, Everfox 

Four Steps Security Teams Can Take to Unlock Resources In Budget-Constrained 

Environments -------------------------------------------------------------------------------------------------183 

By Jennifer Leggio, Chief Operating Officer, Tidal Cyber 

Exploring CVSS 4.0’s Impact on Vulnerability and Threat Management -------------------------186 

By Alastair Williams, VP of Worldwide Systems Engineering, Skybox Security 

Guardians Of the Grid ---------------------------------------------------------------------------------------189 

By Rounak Singh, Senior Research Analyst - ICT, Marketsandmarkets Research Private Ltd. 

Elevating Security: The Crucial Role of Effective API Management in Today's Digital 

Landscape ----------------------------------------------------------------------------------------------------194 

By Jens-Philipp Jung, CEO, Link11 

Phishing in 2024: Navigating the Persistent Threat and AI’s Double-Edged Sword ------------200 

By Joe Loomis, Marketing Director for CryptoTrust LLC 

The Cyber Defense Emergency Room -------------------------------------------------------------------205 

By Steve Carter, CEO, Nucleus Security 

Data Decay and Cybersecurity: Understanding The Risks And Mitigating The Impact On Your 

Business -------------------------------------------------------------------------------------------------------208 

By JoAnn Fitzpatrick, COO — RealValidation 

Protecting Your Organization Against Advanced, Multi-Stage Cyber Attacks ------------------211 

By Gabrielle Hempel, Customer Solutions Engineer, Exabeam 

Air Gap ---------------------------------------------------------------------------------------------------------214 

By Christopher H. Baum, MBA PMP, Chief Compliance Officer, VotRite with Alan Pham, Graduate 

Student, Rowan University 

Exposure Management: A Strategic Approach to Cyber Security Resource Constraint ------218 

By Katie Inns, Head of Attack Surface Management at WithSecure 

The Advent of Quantum Cryptography and Zero Trust: A New Era In The World Of 

Cybersecurity ------------------------------------------------------------------------------------------------222 

By Gayatri Mohite, Senior Associate Content Writer @Allied Analytics 

SWARM: Pioneering The Future of Autonomous Drone Operations and Electronic Warfare 225 

By Adam Gazdiev 



Cybersecurity: How to Involve People in Risk Mitigation--------------------------------------------233 

By Enrico Frumento, Cybersecurity Research Lead, Cefriel 

Exploring the Vishing Threat Landscape ----------------------------------------------------------------237 

By Ozan Ucar, CEO, Keepnet 

Fortifying The Links ------------------------------------------------------------------------------------------242 

By Julio Padilha, CISO, Volkswagen | Audi South America 

Growing Enterprise Data is Creating Big Cybersecurity Risk ---------------------------------------245 

By Octavian Tanase, Chief Product Officer at Hitachi Vantara 

How Government Agencies Can Level the Cybersecurity Playing Field With AI/ML -----------248 

By Dr. Sarbari Gupta, Founder and CEO, Electrosoft Services, Inc. 

How To Fight Scattered Spider Impersonating Calls to The IT Help Desk------------------------251 

By Ori Eisen, Founder & CEO, Trusona, Inc. 

How To Privacy-Proof the Coming AI Wave ------------------------------------------------------------255 

By Benoit Chevallier-Mames, VP Privacy-Preserving Cloud and ML, Zama 

How to Use AI in Cyber Deception -----------------------------------------------------------------------258 

By Zac Amos, Features Editor, ReHack 

HTTP 1.1 Vs. HTTP 2: What Are the Differences? ------------------------------------------------------262 

By Russell Walter, Freelance writer 

7 Steps International Organizations Must Take to Defend Critical National Infrastructure--267 

By Chris Gibson, CEO, FIRST 

Is Unified Access Control Zero Trust’s Silver Bullet? ------------------------------------------------272 

By Denny LeCompte, CEO of Portnox 

Managing Sensitive Security Investigations in Remote Settings-----------------------------------277 

By Jakub Ficner, Director of Partnership Development at Case IQ 

Securing Election Integrity In 2024: Navigating the Complex Landscape of Modern Threats280 

By Karl Sigler, Senior Security Research Manager, SpiderLabs Threat Intelligence and IDS/IPS 

Research 

Passwords Are Out, Biometrics Are In ------------------------------------------------------------------284 

By Ajay Amlani, President and Head of Americas, iProov 



Operational Security: The Backbone of Effective Police Communication-----------------------287 

By Nicole Heron, Marketing Manager at Salt Communications 

The Power of Many: Crowdsourcing as A Game-Changer for Modern Cyber Defense --------292 

By Alla Yurchenko, Lead Coordinator of Threat Bounty Program at SOC Prime 

Tagged Files as a Road to Insider Threats --------------------------------------------------------------296 

By Milica D. Djekic 

The Age of Unseen Truths And Deceptive Lies ---------------------------------------------------------298 


The Cybersecurity Checklist: Top Methods and Tools for Protection And Mitigation ---------300 

By Vishwas Pitre, Chief Information Security Officer & DPO, Zensar 

The Frontier of Security: Safeguarding Non-Human Identities -------------------------------------305 

By Idan Gour, CTO and Co-Founder, Astrix Security 

Revolutionizing Investigations: The Impact of AI in Digital Forensics ----------------------------308 

By Yuri Gubanov, Digital Forensics Expert, Founder and CEO of Belkasoft 

The Relationship Between Network and Security: Why They're Ditching the "It's Your Fault" 

Game -----------------------------------------------------------------------------------------------------------316 

By Jaye Tillson, Field CTO, Distinguished Technologist, HPE Aruba Networking 

The Rise in Phishing Scams--------------------------------------------------------------------------------319 

By Marcelo Barros, Global Markets Leader – Hacker Rangers 

Three Big Reasons Ransomware Payments Are Up More Than 5X Over Last Year -------------322 

By John Gunn, CEO, Token 

Why Cybersecurity At The Olympics (And All Major Global Events) Shouldn't Take A Backseat 

-------------------------------------------------------------------------------------------------------------------327 

By Avani Desai, CEO of Schellman 

Why Cybersecurity Compliance in Rail Transportation Has Never Been More Important, Or 

More Challenging to Keep on Track ----------------------------------------------------------------------331 

By Robin Berthier, Co-Founder and CEO, Network Perception 



@MILIEFSKY 

From the 

Publisher… 

As Publisher, I am pleased to report that both Cyber Defense Magazine, and our parent company Cyber Defense Media Group 

(CDMG), are getting a significant response to new and valuable initiatives we offer for the benefit of our readers and followers. 

For example, our participation in Black Hat USA at the beginning of August. Several of our reporters at Black Hat USA 

interviewed many of the top infosec innovator finalists for 2024 on the expo floor and in private meetings. The current issue of 

Cyber Defense Magazine features articles by and about many of the participants, and our website carries many more 

informational and promotional features. 

SPOTLIGHT OPPORTUNITIES! Due to the high volume of contributed articles in the September issue of Cyber Defense 

Magazine, we have placed dozens of “Spotlight” articles on the magazine’s home page, under the “Spotlight” nav bar: 

https://www.cyberdefensemagazine.com/spotlight/ Note they are identified as “Publisher’s Spotlight” and “Innovator’s Spotlight,” 

depending on which of our professionals submitted the article. 

We would like to remind our readers that The Black Unicorn awards program is now part of the Top InfoSec Innovator awards 

program. Please see detailed information at the Conference and Awards website: 

https://cyberdefenseawards.com/top-infosec-innovator-awards-2024-apply-today/ 

The virtual red carpet is already set up, with the incredible high traffic website and social media marketing, and much more to 

help bolster the good news around our winners during our 2nd half of 2024, 12th anniversary and 12th annual awards during 

CyberDefenseCon 2024. 

REMINDER: World’s First Cyber Defense Genius 

For those readers who have not yet accessed this new facility, we are also pleased to remind you that Cyber Defense Magazine 

has launched the World’s First Cyber Defense Genius the world’s first AI GPT trained specifically on over 17,000 pages of 

infosec expertise and learning more, daily. It is now available on our home page at https://www.cyberdefensemagazine.com/ 

on the lower right side of the screen. We welcome your comments and feedback as you take advantage of this excellent 

professional resource. 

Our mission is constant - to share cutting-edge knowledge, real-world stories and awards on the best ideas, products, and 

services in the information security industry to help you on this journey. 

Warmest regards, 

Gary S. Miliefsky, fmDHS, CISSP® 

CEO/Publisher/Radio/TV Host 

P.S. When you share a story or an article or information 

about CDM, please use #CDM and @CyberDefenseMag 

and @Miliefsky – it helps spread the word about our free 

resources even more quickly 



@CYBERDEFENSEMAG 

G 

CYBER DEFENSE eMAGAZINE 

Published monthly by the team at Cyber Defense Media 

Group and distributed electronically via opt-in Email, HTML, 

PDF and Online Flipbook formats. 

EDITOR-IN-CHIEF 

Yan Ross, JD 

yan.ross@cyberdefensemagazine.com 

ADVERTISING 

Marketing Team 

marketing@cyberdefensemagazine.com 

CONTACT US: 

Cyber Defense Magazine 

Toll Free: 1-833-844-9468 

International: +1-603-280-4451 

https://www.cyberdefensemagazine.com 

Copyright © 2024, Cyber Defense Magazine, a division of 

CYBER DEFENSE MEDIA GROUP 

1717 Pennsylvania Avenue NW, Suite 1025 

Washington, D.C. 20006 USA 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 

PUBLISHER 

Gary S. Miliefsky, CISSP® 

Learn more about our founder & publisher at: 

https://www.cyberdefensemagazine.com/about-our-founder/ 

12 YEARS OF EXCELLENCE! 

Providing free information, best practices, tips, and 

techniques on cybersecurity since 2012, Cyber Defense 

Magazine is your go-to-source for Information Security. 

We’re a proud division of Cyber Defense Media Group: 

CYBERDEFENSEMEDIAGROUP.COM 

MAGAZINE TV RADIO AWARDS 

PROFESSIONALS 

WIRE 

CYBERDEFENSECONFERENCES 

WEBINARS 



Welcome to CDM’s September 2024 Issue 

From the Editor-in-Chief 

The September 2024 issue of Cyber Defense Magazine includes a record number of articles = 80! We 

are pleased to provide more quality as well as more quantity, as we continue to broaden our base of 

authors and readers. What does that mean? 

First, we believe that the scope of the numerous articles address the increasing number and breadth of 

cyber attacks (both successfully and unsuccessfully defended) against important sectors of our critical 

infrastructure. We cannot emphasize too much that the protection of critical infrastructure is not at all 

new. The most surprising aspect is that the 16 sectors have been recognized and discussed for over 25 

years – but the official responses to the obvious vulnerabilities are still reactive, not pro-active. 

In reviewing the breadth and depth of our articles, we note that one aspect our authors have in common 

is that they write predictively as well as in response to cyber threats already experienced. Not only do 

they serve the needs of CISOs and other cyber security professionals, but also a growing cadre of 

vendors and suppliers and clientele of the entire range of cyber rick management providers. 

As always, we strive to be the best and most actionable set of resources for the CISO community in 

publishing Cyber Defense Magazine and broadening the activities of Cyber Defense Media Group. With 

appreciation for the support of our contributors and readers, we continue to pursue our role as the premier 

provider of news, opinion, and forums in cybersecurity. 

Wishing you all success in your cybersecurity endeavors, 

Yan Ross 

Editor-in-Chief 


About the US Editor-in-Chief 

Yan Ross, J.D., is a Cybersecurity Journalist & U.S. Editor-in-Chief of Cyber 

Defense Magazine. He is an accredited author and educator and has provided 

editorial services for award-winning best-selling books on a variety of topics. He 

also serves as ICFE's Director of Special Projects, and the author of the Certified 

Identity Theft Risk Management Specialist ® XV CITRMS® course. As an 

accredited educator for over 20 years, Yan addresses risk management in the 

areas of identity theft, privacy, and cyber security for consumers and 

organizations holding sensitive personal information. You can reach him by e-mail at 

yan.ross@cyberdefensemagazine.com 









2001 2024 





















The Importance of Data Anonymization in Safeguarding 

Sensitive Legal Information 

By Oscar Villanueva, CEO, Nymiz 

Several high-profile and global law firms have been under the radar of cyber-security data breaches. For 

instance, the Mossack Fonseca firm experienced the Panama Papers leak in 2016, exposing sensitive 

financial information of numerous clients. DLA Piper was hit by a ransomware attack in 2017, disrupting 

operations across multiple offices. In 2020, Grubman Shire Meiselas & Sacks faced a ransomware attack 

that led to the exposure of confidential information of high-profile clients, including celebrities. There have 

been operational and financial repercussions to law firms due to the pervasive threat of data breaches, 

and cyber-attacks. A U.S. law firm specializing in serving marquee financial institutions faced a cyberbreach 

that exposed the personal data of more than 325,000 people. 

Big law firms like Orrick, Herrington & Sutcliffe, a U.S. law firm specializing in serving marquee financial 

institutions faced a cyber-breach in 2023 that exposed the personal data of more than 600,000 people. 

For over two weeks, the attacker accessed a portion of their network, including file sharing and storage 

containing information related to their clients. It is evident that the legal sector has been under a 

continuing threat of loss of client sensitive information and personal data. 

The repercussions of a data breach at a law-firm can be long-lasting and can severely impact the viability 

of the organization. First and foremost, failure to protect client information can impact the reputation of 

the organization and lead to loss of business. It bears the risk of losing current and prospective clients 

leading to financial losses. 

Second, there are several financial losses that an organization has to undertake for the purposes of 

investigation of the breach, remediation and cyber-security upgrades. This is exemplified in case of a 

global law-firm, like DLA Piper which faced a cyber-breach due to which their employees worldwide could 



not use their official telecommunication systems while some were unable to access basic documents for 

their work. To remediate the attack, the firm’s IT department worked more than 15,000 hours of paid 

overtime. Given the gravity and impact of the breach, the firm had to delete and redevelop its entire 

Windows environment. 

Third, any exposure of personal data invites regulatory consequences, which can lead to fines, sanctions 

and lawsuits. Any firm situated in a country with data privacy legislation needs to ensure that the personal 

data of their clients is protected. 

Fourth, any attack or data breach requires a proper investigation, and audit into the operations of the 

organization, and this consequently results in disruption of normal business operations. This reduces the 

productivity of employees, causes unsatisfactory client services, and increases the costs of the business. 

How does data anonymization assist in avoiding the aforementioned repercussions for your law firm? 

The demand for data anonymization is due to the rise in the data economy. There is an exponential 

growth of data in the legal sector, and this big data can be a game changer for law-firms. The utilization 

of volumes of data can be beneficial to the law-firms by analysing trends, patterns and correlations 

between these data sets. 

A good case for analyzing how global law firms utilise big data is Allen & Overy (A&O), due to the firm’s 

global status. It has worked on analytics, artificial intelligence, and ‘big data’ integrated solutions for its 

operations and customers. For example, in one M&A deal, A&O pioneered the use of data analytics to 

run through about 1300 contracts and completed the whole due diligence in a shorter span and at a lower 

cost to the client. 

By using big-data, law firms can predict the outcomes of a trial, understand the legal precedents, and can 

prepare case strategies with a better success rate. This data allows law firms to approach situations with 

a data-backed analysis which improves their rate of success, and efficiency assisting them in courts, as 

well as in negotiations. 

One of the pressing issues of the intersection of big data and the legal sector is data privacy and cyber 

breaches. The priority of law firms analysing big data is to ensure proper privacy compliance. Due to 

increased public scrutiny of data privacy regulations, law firms must adopt a strategy for privacy 

compliance. To protect client sensitive information, it is necessary to adopt data anonymization. 

It is pivotal to grasp the process of data anonymization and how it can benefit your organization. This 

process of data anonymization involves altering or removing personally identifiable information (‘PII’) from 

a piece of data to preserve the personal data of individuals and comply with privacy regulations. 

The anonymization process comprises masking and replacing personal data such as credit card details, 

resident and office addresses, visa or passport details, or social security numbers. Towards this end, 

values are replaced or removed, by using cryptographic techniques, or adding random noise, to protect 

the data. 

The essence of data anonymization is to protect these sensitive documents and encrypt them in a 

reversible or non-reversible manner so one can limit the ability of a user to view, share, edit, comment 



and download sensitive data with unauthorized access. Any process will ensure that only verified users 

can access private data based on internal security policies that verify user access continuously. This is 

like a digital camouflage that assists in protecting the privacy of an individual, while still allowing access 

to this data to the organization for research and analysis. 

Let’s show you with an example of how data anonymization works. For this purpose, we will use a tool 

called Nymiz, an AI based data anonymization and redaction platform designed especially for legal firms. 

Nymiz’s platform provides various workflows, both reversible and irreversible, including anonymization 

and pseudonymization. It also offers substitution methods like tokenization and synthetic data 

replacement to anonymize or redact data, tailored to the specific use case and the final goals of your 

organization. 

Why use AN AI based Data Anonymization platform vs Traditional Techniques? 

Organizations in the past have followed traditional anonymization techniques. The issues with these 

techniques are multi-fold. 



1. Operational Delays from Manual Anonymization Processes: 

The time-intensive nature of manual data anonymization processes can cause significant delays in legal 

operations and client service. 

2. Manual Data Anonymization Drains Resources: 

Extensive hours devoted to manually anonymizing data detract from valuable time that could be better 

utilized for core legal activities. 

3. Information Bottlenecks Due to Unshakeable Data: 

Difficulty in data sharing leads to the accumulation of isolated information pools, obstructing effective 

knowledge distribution and management within the firm. 

The current world is heavily dominated by technology and law firms do face the risk of cyber threats 

because of which important client data becomes at risk. The implications of data leaks go beyond 1 year 

incurring short-term costs; they can be calamitous to a firm’s reputation and its clientele. 

Due to the rising amounts of data produced in the legal industry, data privacy strategies are fast becoming 

crucial. There are different techniques of anonymizing data including pseudonymization and tokenization 

which help the firms achieve privacy of the personal data used in developing insights. Apart from adhering 

to strict privacy laws, these methods allow firms to examine the patterns and develop better services that 

seize their clients’ trust without compromising the latter’s privacy. When it comes to data management, 

law firms should develop strong data protection mechanisms, which helps to work through the issues of 

the data economy and protect the interests of their clients. 

Therefore, the legal sector must address the issue of increasing volumes of data coupled with the 

responsibility to safeguard the clients’ details. Due to increased development of cyber threats law firms 

have to implement data anonymization measures that will help them minimise risks and conform to 

privacy laws. 

Data privacy is not a luxury, but a necessity for the sustainability and credibility of legal business 

organizations. At this point, tools like Nymiz become crucial since they offer innovative solutions in data 

anonymization, empowering law firms to effectively protect sensitive information while maximizing the 

utility of their data assets. 



About the Author 

Oscar Villanueva, CEO, Nymiz, completed his Industrial Organization 

Engineer from UPC, MBA from UB. He also holds Executive Development 

Program certificate from IESE and a Disruptive Innovation Program 

certificate from MIT. Entrepreneur and co-founder of three startups, as well 

as a mentor and investor in startups. He has over 12 years of experience in 

technology and innovation working with REPSOL and PETRONOR. He is 

currently the CEO and Co-Founder of NYMIZ Software Company. Along with 

his co-founder, Oscar decided to launch Nymiz in 2020 to protect the privacy 

of peoples’ and companys’ sensitive data using AI. 

Oscar can be reached online at https://www.linkedin.com/in/oscar-villanueva-canizares/ and at our 

company website https://www.nymiz.com/. 



Lessons from the Global IT Outage of July 19, 2024 

By Andrew Douthwaite, Chief Technology Officer, VirtualArmour 

On Friday, July 19, 2024, the world experienced a massive IT outage that disrupted businesses, 

governments, and other users across the globe. The outage impacted numerous critical services—most 

notably medical services, emergency services, and airlines—and highlighted the vulnerabilities in our 

increasingly interconnected digital infrastructure. While regulators and industry leaders will rightly focus 

extensively in the coming months on what went wrong, it is equally important to focus on the broader 

lessons we can learn to mitigate future risks. 

Understanding the Outage 

Before delving into the lessons, we’ll first review the context of the outage. The incident was a result of a 

series of cascading failures that originated from a software update in a widely used security platform. The 

update, intended to enhance system performance and security, inadvertently introduced a bug that led 

to widespread system failures. 

The affected systems included cloud services, communication platforms, and financial transaction 

systems. The outage underscored how deeply intertwined our digital services are and how a single point 

of failure can propagate through the network, causing extensive disruption. 



Key Lessons 

1. The Importance of Redundancy and Resilience 

One of the primary takeaways from the outage is the critical need for redundancy and resilience in IT 

systems. While the benefits of cloud computing and centralized services are undeniable, they also pose 

a significant risk when those services encounter issues. 

Actionable Steps: 

• Implement Multi-Cloud Strategies: Organizations should consider adopting multi-cloud strategies 

to distribute their workloads across multiple cloud service providers. This approach can help 

mitigate the risk of a single point of failure. 

• Invest in Disaster Recovery: Regularly update and test disaster recovery plans. Ensure that data 

backups are not only frequent but also stored in multiple geographically dispersed locations. 

• Build Resilient Architectures: Design systems with failover capabilities and ensure that critical 

components have redundant systems in place. 

2. Robust Testing and Validation Processes 

The outage was triggered by a software update, highlighting the importance of rigorous testing and 

validation processes. Ensuring that updates do not introduce new vulnerabilities or bugs is crucial for 

maintaining system stability. While end users have limited control over these processes, there should be 

significant focus among software companies on improving both their standards and the controls to ensure 

those standards are consistently enforced. 


• Adopt Continuous Testing: Implement continuous integration and continuous deployment (CI/CD) 

pipelines with automated testing at every stage. This practice helps identify issues early in the 

development process. 

• Staging Environments: Use staging environments that closely mirror production systems to test 

updates thoroughly before rolling them out. 

• User Acceptance Testing (UAT): Involve end-users in the testing process to catch issues that 

automated tests might miss. 

3. Enhanced Monitoring and Incident Response 

Effective monitoring and rapid incident response can significantly reduce the impact of outages. Early 

detection and swift action are critical to containing issues before they escalate. Companies that had 

robust procedures in place to quickly identify and implement remediation steps were—for the most part— 

able to recover quickly from the outage with relatively minor impacts on the broader business. 




• Comprehensive Monitoring: Deploy comprehensive monitoring tools that provide real-time 

visibility into system performance and potential issues. Use advanced analytics and AI to predict 

and preemptively address problems. For many companies, utilizing a partner to assist with 24/7 

monitoring and response helps to ensure rapid detection—and subsequent response—even 

during off-hours. 

• Incident Response Teams: Establish dedicated incident response teams trained to handle various 

types of outages. Conduct regular drills to ensure readiness. 

• Communication Protocols: Develop clear communication protocols to keep all stakeholders 

informed during an outage. Transparency can help manage expectations and reduce panic. 

4. Collaboration and Information Sharing 

The global nature of the outage underscored the need for collaboration and information sharing among 

industry organizations, governments, and cybersecurity entities. Collective efforts can enhance our ability 

to respond to and recover from such incidents. While these efforts can be challenging for any but the 

largest companies to fully participate in, those who partner with a managed security provider can benefit 

from the collective experience and industry engagement of those specialized entities. 


• Industry Collaboration: Participate in industry forums and information-sharing organizations to 

stay informed about emerging threats and best practices. 

• Public-Private Partnerships: Foster strong public-private partnerships to leverage the strengths 

and resources of both sectors in mitigating cybersecurity risks. 

• Shared Threat Intelligence: Use shared threat intelligence platforms to gain insights into potential 

vulnerabilities and attack vectors. 

5. User Education and Preparedness 

End-users play a crucial role in the resilience of IT systems. Educating users about best practices and 

preparedness can reduce the impact of outages. While in the case the recent outage user behavior at 

affected companies didn’t play a role in causing the issue, inappropriate or faulty user actions are a 

significant contributor to most security and network availability incidents. 


Regular Training: Conduct regular training sessions on cybersecurity best practices and emergency 

procedures. Employees should complete training upon hire and at least annually. 

Phishing Simulations: Run phishing simulations to teach users how to recognize and respond to phishing 

attempts. Many organizations include this as part of annual penetration testing. 



Clear Guidelines: Provide clear guidelines on what to do in the event of an outage, including how to 

access alternative systems or support. 

Looking Forward 

The recent global IT outage was a wake-up call to business, IT, and government leaders. It highlighted 

our dependence on interconnected systems and the potential for widespread disruption when things go 

wrong. However, it also provides valuable lessons that, if heeded, can strengthen our resilience against 

future incidents. 

By prioritizing redundancy and resilience, adopting robust testing processes, enhancing monitoring and 

incident response, fostering collaboration, and educating users, we can build a more secure and stable 

digital infrastructure. The road ahead will undoubtedly present new challenges, but with these lessons in 

mind, we can navigate them more effectively and safeguard the digital services that are integral to our 

daily lives. 


Andrew has over 15 years of experience leading growth in managed 

network and cyber security services. He joined VirtualArmour—a managed 

network and cyber security company providing services to clients with 

operations across the globe—in 2007 as a senior engineer and has been 

instrumental in scaling the business to its current size, as well as maturing 

its 24/7 Network Operations Center (NOC) and Security Operations Center 

(SOC) operations with systems, policies, and processes. Andrew has deep 

expertise with multiple network and cyber security platform ecosystems, 

including Palo Alto, Fortinet, Cisco, SentinelOne, CrowdStrike, Stellar 

Cyber, and others. Andrew can be reached via VirtualArmour’s company 

website, www.virtualarmour.com. 



Apple & OpenAI’s New Features: A First Look Through the Eyes 

of the US’ First Female CIO 

By Theresa Payton, Founder, Fortalice Solutions 

Even before my time in The White House, I was – and continue to be – captivated by the intersection of 

technology and policy, which is why Apple’s recent announcement of integration with OpenAI piqued my 

interest. While the potential for increased productivity and innovation is energizing, it is crucial to address 

the significant questions about privacy, security, and responsible use that this integration raises. 

As I have delved more deeply into this partnership, three major red flags jump out at me: privacy 

concerns, security risks, and the potential misuse of this new technology. While the potential for increased 

productivity and innovation is energizing, it is crucial to address the significant questions about privacy, 

security, and responsible use that this integration raises. 

Privacy Concerns 

The news about this integration has left me with more questions than answers, privacy being my biggest 

concern. Apple assures its users that data will be protected but does not mention the exact 

implementation. Will our unique device IDs be linked to the queries we pose to OpenAI? Could these 



interactions be hacked and leaked? Will data be sold or shared with other entities? These are valid 

concerns. Data breaches are a constant threat, and the potential for sensitive personal information 

gleaned from OpenAI interactions to be exposed is chilling. Furthermore, the level of personal context 

being accessed and utilized might make some users rightfully uncomfortable. 

Security Risks 

Beyond privacy, the security implications of this integration must be addressed. The main question is the 

thoroughness of testing for vulnerabilities within this integration. What safeguards has Apple put in place 

to prevent malicious actors from compromising data and algorithms? There exists a real threat of system 

"poisoning," where bad actors could manipulate the AI to serve harmful agendas. This heightened 

vulnerability to hacking stems from integrating AI with personal data, and it underscores the urgent need 

for explicit security measures. 

Potential Misuse of Technology 

The capabilities of generative models, a core component of OpenAI's technology, also pose risks of 

misuse. These models could generate misleading content or even conduct phishing attacks and AI-driven 

spam, creating a potential nightmare scenario for internet users. Furthermore, the limitations of AI 

technology, such as errors in text generation, can lead to further misunderstandings, once again 

highlighting the need for a commitment to transparency and reliability in developing and deploying these 

tools. 

Technical Challenges and Ethical Considerations 

From a technical standpoint, compatibility and integration across different apps and devices pose a 

challenge. Third-party app developers must ensure their creations meet the security and privacy 

frameworks set by Apple Intelligence, which could lead to significant development hurdles. 

Additionally, AI's high computational demands can significantly impact device performance and battery 

life. Imagine your phone grinding to a halt or your battery draining in minutes because of an AI-powered 

task. Apple must address these concerns to ensure a smooth user experience. Can our devices handle 

this integration? It is a simple but central question. 

Ultimately, the ethical implications of this integration are another aspect we cannot ignore. AI algorithms 

can perpetuate biases, leading to unfair and non-neutral-generated content. If my years of experience 

and expertise have taught me anything, it is that the potential for bias against marginalized groups is very 

real and particularly concerning. Apple and OpenAI must be proactive in mitigating bias in their algorithms 

to ensure fair and neutral-generated content. 



Promising Potential, Urgent Need for Safeguards 

Despite these concerns, I remain cautiously optimistic about the collaboration between Apple and 

OpenAI. This technology harbors the potential to revolutionize how we engage with digital environments. 

However, the legal and regulatory landscape surrounding data privacy, security, and AI-generated 

content is still evolving. Unexpected regulatory challenges could hinder the use of this technology. 

Furthermore, the legal implications of AI-generated content must be clearly defined, especially in 

professional and official communications. 

Given these concerns, it is imperative Apple and OpenAI prioritize addressing these red flags through 

transparency, rigorous testing, and proactive mitigation of biases and security risks. As I continue my 

journey in the technology and security space, I strongly advocate for responsible innovation that 

prioritizes ethics, safety, and security. I urge these companies to work closely with policymakers and 

stakeholders to ensure this powerful technology is utilized ethically and responsibly. 




Theresa Payton is the Founder of Fortalice Solutions. She made 

history as the first female to serve as White House Chief Information 

Officer and currently helps organizations in both the public and 

private sectors protect their most valuable resources. As one of the 

nation’s most respected authorities on secured digital 

transformation, Theresa Payton is frequently requested to advise 

Boards of the Fortune 500, CEOs, and Technology Executives. 

Theresa is a visionary in the digital world leading the way as an 

inventor of new security designs and has an approved U.S. patent in 

security. She provides advice drawing from her experience as a 

technologist first and now veteran cybercrime fighter and 

entrepreneur, masterfully blending memorable anecdotes with 

cutting-edge insights. 

As the star of the former CBS TV series Hunted, Payton identifies emerging trends and techniques to 

help combat cyber threats, from the impact of AI, blockchain, cryptocurrency, the Internet of Things to 

securing Big Data. 

Before overseeing IT operations as CIO for President George W. Bush and his administration, she held 

executive roles in banking technology for two of the country’s top financial institutions. 

She founded Fortalice Solutions in 2009 and is the CEO. Among Payton’s list of awards, she was named 

one of the Top 25 Most Influential People in Security by Security Magazine, featured in the book 100 

Fascinating Women Fighting Cybercrime and honored as the 2019 Woman Cybersecurity Leader of the 

Year. Business Insider named her one of the top 50 Cybersecurity Leaders of 2020, CISO Magazine 

named her Cybersecurity Crusader of the Year in 2020, and Awards Magazine named her one of the 

Top 50 Women in Tech in 2021. She is the author of several publications on IT strategy and cybersecurity, 

including Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth, an Amazon #1 

hottest new release when it was released in 2020. Cyber Security Experts named her one of the 100 

Most Influential People in Cyber Security in 2021. 

Payton is sought out by media news outlets to explain complex security issues and help viewers 

understand how to protect their privacy. She has been featured on “Last Week Tonight with John Oliver” 

and was on “The Daily Show with Jon Stewart”. She has been a frequent guest on The Today Show, 

Good Morning America, Fox Business, and Fox News and has been featured on CBS News, CNN, NBC 

News, and MSNBC, as well as the BBC, and Canadian and Irish news outlets. 

Theresa can be reached online at fortalice@society22pr.com, https://x.com/FortaliceLLC, 

https://www.facebook.com/FortaliceSolutions and at our company website 

https://www.fortalicesolutions.com/. 



The Initial Engagement Process for Contracting with a vCISO 

A Primer for Small to Medium Enterprises (SMEs) 

By Pete Green, vCISO, Cybersecurity Consultant and Reporter for Cyber Defense Magazine 

Introduction 

In today’s fast-paced digital world, organizations face a myriad of cybersecurity challenges that demand 

expert guidance and strategic oversight. Enter the Virtual Chief Information Security Officer (vCISO), a 

role that brings top-tier security leadership without the commitment of a full-time, on-site executive. Hiring 

a vCISO can be a game-changer, but getting the initial engagement right is crucial. This article takes you 

through the process, focusing on crafting a solid Statement of Work (SOW) and addressing the key legal 

considerations to ensure a smooth and effective partnership. 



Understanding the Need for a vCISO 

The decision to bring on a vCISO often stems from a few key motivations. For many organizations, 

especially small to medium-sized enterprises (SMEs), it’s about balancing the books. Full-time CISOs 

command hefty salaries, and not every organization has the budget for such an investment. vCISOs offer 

a cost-effective solution, providing the same level of expertise on a more flexible basis. Beyond cost, it’s 

the breadth of experience that vCISOs bring to the table. They’ve seen it all, having worked across 

various industries and tackled a wide range of security challenges. And then there’s the scalability. Need 

more hands on deck for a major project? Scale up. Tight on budget next quarter? Scale down. It’s this 

flexibility that makes vCISOs an attractive option for many organizations. 

The Journey Begins: Discovery Phase 

The engagement process kicks off with what we call the discovery phase. Picture it as a getting-to-knowyou 

session, but with a lot more technical jargon. This is where the organization and the prospective 

vCISO sit down (virtually or in-person) and start talking specifics. What are the organization’s pain points? 

What’s the current state of their cybersecurity infrastructure? What are their goals? This phase is all about 

laying the groundwork. 

Once the role is clearly defined, the next step is to review the qualifications and experience of potential 

vCISO candidates. A strong candidate should have a robust background in cybersecurity, demonstrated 

by relevant certifications such as CISSP, CISM, or CISA, and extensive experience in managing 

cybersecurity programs. Reviewing their professional history, case studies, and references provides 

insights into their ability to handle complex security challenges and their track record of success. 

Additionally, assessing their familiarity with industry-specific regulations and standards is crucial for 

ensuring they can address the unique compliance requirements of your organization. 

The interview process itself should be comprehensive and multi-faceted, involving several rounds of 

discussions with different stakeholders within the organization. Initial interviews typically focus on the 

candidate’s technical expertise and experience. These discussions should delve into their approach to 

risk management, incident response, and security strategy development. Scenario-based questions can 

be particularly effective, allowing candidates to demonstrate their problem-solving skills and strategic 

thinking in real-world contexts. 

Subsequent interviews should explore the candidate’s soft skills and cultural fit within the organization. A 

vCISO must not only possess technical acumen but also the ability to communicate effectively with 

various stakeholders, from IT teams to executive leadership. Assessing their communication style, 

leadership abilities, and collaborative approach helps ensure they can integrate smoothly into the 

organizational structure and effectively advocate for cybersecurity initiatives. Not every vCISO is going 

to work for every organization and finding the right cultural fit – someone who is not too opinionated or 

not opinionated enough – will help determine if the vCISO is right for your organization. 



Why a vCISO Might Not Be the Right Fit for Your Organization 

Hiring a Virtual Chief Information Security Officer (vCISO) can offer numerous advantages, particularly 

for small to medium-sized enterprises seeking expert cybersecurity leadership without the expense of a 

full-time executive. However, there are several reasons why this arrangement might not work for every 

organization. One significant drawback is the lack of on-site presence. A vCISO typically operates 

remotely, which can be a disadvantage for organizations requiring frequent in-person interactions and 

hands-on management of complex security issues. Additionally, a remote vCISO might struggle to fully 

understand the unique culture, dynamics, and internal politics of the organization, which are crucial for 

effectively implementing security policies and fostering a security-conscious environment. 

Effective communication is another challenge when working with a vCISO. While modern communication 

tools facilitate remote collaboration, they can sometimes lead to miscommunication or delayed 

responses. Time zone differences and varying communication styles can further complicate the timely 

and clear exchange of information. 

Integrating a vCISO with existing IT and security teams can also be problematic. There might be 

resistance from internal staff accustomed to working with an in-house CISO, leading to potential conflicts 

or misunderstandings regarding roles and responsibilities. Additionally, a vCISO might be balancing 

multiple clients, resulting in inconsistent availability, which can be problematic for organizations requiring 

constant, dedicated attention, especially during security incidents that need immediate action. 

Specific industry requirements and cost considerations also play a role in determining the suitability of a 

vCISO. Certain industries, such as healthcare, finance, and government sectors, have specific regulatory 

and compliance needs that necessitate a deep understanding and continuous involvement, which might 

be difficult for a vCISO to provide remotely. 

While vCISOs are often more cost-effective than full-time, in-house CISOs, there can still be significant 

costs involved if the organization requires a high level of involvement or frequent on-site visits. This can 

quickly negate the financial benefits. Furthermore, building trust and ensuring accountability can be more 

challenging with a remote vCISO. 

Organizations may have concerns about the level of commitment and the ability to hold the vCISO 

accountable compared to an in-house executive who is part of the daily organizational fabric. Therefore, 

while vCISOs offer flexibility and expertise, they may not be suitable for all organizations, and companies 

need to carefully assess their specific needs, industry requirements, and internal dynamics before opting 

for a virtual cybersecurity leader. 

Crafting the Blueprint: Statement of Work (SOW) 

Now, let’s talk about the Statement of Work (SOW), arguably the most critical document in this process. 

Think of it as the blueprint for the engagement. It outlines what the vCISO will do, when they’ll do it, and 

how success will be measured. If the need for a vCISO is realized in the organization and all of the 

preliminary qualities of the vCISO “check-out” for the organization, it’s time to put the relationship into a 

contract. 



Firstly, the service description. This section should clearly spell out the vCISO services. Are we talking 

about a one-time security assessment? Ongoing strategic advice? Regular security training for staff? 

Whatever it is, detail it here. Then there’s the matter of deliverables and milestones. These are the 

tangible outputs the vCISO will produce, along with deadlines for each. It could be anything from a 

comprehensive risk assessment report to a fully developed incident response plan. You may also want 

to focus the vCISO’s efforts on specific system requirements and KPIs that will drive the cyber security 

organization. 

Equally important are the roles and responsibilities. This section clarifies who does what. What authority 

does the vCISO have? Who do they report to? What’s expected of the hiring organization in terms of 

support and resources? Laying this out clearly can prevent a lot of headaches down the road. 

We also need to establish performance metrics. How will we measure the vCISO’s effectiveness? These 

could be quantitative metrics, like the number of vulnerabilities addressed, or qualitative ones, like 

improved staff awareness of cybersecurity best practices. 

The SOW should also cover compensation and payment terms. This includes not just the rates and fees, 

but also the payment schedule and any penalties for late payments. 

Finally, confidentiality and data protection clauses are non-negotiable. The vCISO will have access to 

sensitive information, so robust confidentiality agreements are a must. This topic alone could fill an entire 

article, but just be aware this section needs to be water-tight and clearly communicated in terms which 

all parties can agree to. 

Navigating the Legal Landscape 

Crafting the right contract involves more than just the SOW. There are several legal considerations to 

ensure both parties are protected. 

Confidentiality and non-disclosure agreements (NDAs) are fundamental. These agreements protect 

sensitive information shared during the engagement. They define what information is confidential, how 

long the confidentiality lasts, and any exceptions. 

Indemnification clauses are another key element. These clauses protect against losses or damages 

arising from the vCISO’s actions or negligence. It’s essential to clearly define the scope of indemnification 

and any limitations and will be discussed in a follow-up article focused on cybersecurity insurance for the 

vCISO. 

Liability and limitation of liability clauses outline the extent to which each party is responsible for breaches 

or failures. These clauses help cap the amount of damages one party can claim from the other, protecting 

both from excessive financial exposure. 

Termination and exit strategy clauses define the conditions under which either party can terminate the 

contract. This might include breach of contract, failure to meet performance metrics, or changes in 

organizational needs. An exit strategy ensures a smooth transition and continuity of security operations. 



Intellectual property rights should also be addressed. This includes the ownership of any intellectual 

property created during the engagement, such as reports, policies, and other deliverables. It’s important 

to clarify whether the organization will own the IP or if it will be licensed for its use. 

Lastly, compliance with laws and regulations is crucial. The contract should require compliance with 

applicable laws and regulations, such as data protection laws (GDPR, CCPA) and industry-specific 

standards (HIPAA, PCI-DSS). The vCISO should be knowledgeable about these requirements and 

incorporate them into their services. 

Conclusion 

Engaging a vCISO can significantly enhance an organization's cybersecurity posture. By providing 

strategic leadership and expert guidance, a vCISO can help organizations navigate complex 

cybersecurity challenges. However, the initial engagement process is critical to ensuring a successful 

partnership. Developing a comprehensive SOW and addressing key legal considerations can help 

establish a productive and legally sound relationship with the vCISO. This sets the foundation for 

improved security and resilience, ensuring that the organization is well-protected against evolving cyber 

threats. 


Pete Green, vCISO, Cybersecurity Consultant and Reporter for Cyber 

Defense Magazine. Pete has over 20 years of experience in Information 

Technology related fields and is an accomplished practitioner of Information 

Security. He has held a variety of security operations positions including LAN 

/ WLAN Engineer, Threat Analyst / Engineer, Security Project Manager, 

Security Architect, Cloud Security Architect, Principal Security Consultant, 

Manager / Director of IT, CTO, CEO, and Virtual CISO. Pete has worked with 

clients in a wide variety of industries including federal, state and local 

government, financial services, healthcare, food services, manufacturing, 

technology, transportation, and hospitality. 

Pete holds a Master of Computer Information Systems in Information Security from Boston University, an 

NSA / DHS National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA 

/ CD), and a Master of Business Administration in Informatics. 

Pete can be reached online at greenish@gmail.com, @petegreen, https://linkedin.com/in/petegreen and 

at our company website www.cyberdefensemagazine.com. 



Shifting The Focus: From Compliance to Secops in Supply 

Chain Security 

To significantly enhance Third-Party Risk Management (TPRM), we must urgently transition it 

from a compliance exercise to the realm of security operations. 

By Emily Hodges, COO, Risk Ledger 

There are two main reasons why supply chain attacks are on the increase. First, there is a general trend 

of companies outsourcing more critical business functions to external providers, and doing so often 

makes good business sense. 

Secondly, while threat actors' focus and methods remain the same, they target the weakest link. 

Outsourcing has led to increased suppliers, which is now becoming an organisation's weakest link, and 

the threat actors know it. 

Most organisations find suppliers challenging because they are outside their direct control. It is much 

easier to look at and control when it is inside the perimeter. It's much more challenging to ensure the 

safety of any third parties we do business with. 



The problem with Third-Party Risk Management. 

The challenge with how people run their TPRM program is that it is often treated as a governance and 

compliance exercise. The overall goal then becomes to demonstrate that we provide adequate assurance 

rather than pursuing the fundamental objective of reducing security risks. 

It means that people don't see it as constructive and valuable, creating a vicious cycle in which, because 

people see it as a necessity for compliance, they don't put the required effort into it, which means the 

value depreciates. We need to break free from that vicious cycle and take a different approach to make 

it more effective and reduce the challenges. 

Embracing a More Robust and Collaborative Approach with Our Suppliers. 

We need to start with open and transparent communication channels with our suppliers early in the 

relationship. Approaching our conversations with suppliers from the angle of an audit assurance process 

incentivises them to be less forthcoming with their information, especially when discussing security 

weaknesses. They often don't want to open up about their weak points because they're trying to win or 

retain a contract, and you don't get an accurate view of their security posture. 

So, it's creating those communication channels, creating a trusted relationship with your suppliers right 

from the beginning, so that when something happens, we have these relationships in place and can 

quickly collaborate on threats when they arise and reduce the impact of incidents as much as possible. 

These relationships, however, have to be built with the security teams at our suppliers - our natural allies 

- and not with customer success teams that traditional TPRM programmes or procurement teams would 

mainly be interacting with. 

Moving Third-Party Risk Management into SecOps. 

Crucially, however, we need to start approaching TPRM as an operational challenge rather than a pure 

governance one and involve our Security Operations teams. The first point of call is talking to in-house 

threat intelligence teams or external providers. Raising and utilising critical threat intelligence data to 

appreciate where our suppliers sit and what risks they could face is incredibly useful for responding to 

attacks in an operational way. 

Third-party risk management and incident response are usually split between the Governance and the 

SecOps teams, which is not a helpful way to look at the problem of how to reduce the likelihood and 

impacts of attacks against our corporate supply chains. It raises the question: What do we do when a 

supply chain incident strikes? Do we have to contact our Governance, Risk and Compliance (GRC) teams 

since they are supposed to have a relationship with the suppliers in question, or should this be our 

SecOps teams responsible for handling the incident response? 

It can work if TPRM programmes build a comprehensive database of suppliers and establish collaborative 

relationships with their security teams. Every supplier assurance review is a real opportunity to gather 



threat intelligence data on our suppliers and develop strong relationships, helping us build that 

comprehensive database of security data and create alliances. 

So, when an incident happens in the future, whether there's an incident at that supplier in particular or a 

more industry-wide incident such as the MOVEit Transfer attack, we are in the position to quickly reach 

out and collaboratively address any problems in partnership with that supplier. It also allows you to build 

a system where you can quickly search and draw insights from our databases to ascertain which suppliers 

in your ecosystem could be most vulnerable to a specific attack, or what kind of risks they could pose to 

us if affected, which will further increase our ability to respond to attacks when they strike quickly. 

Conclusion. 

As an industry, we are learning that collaboration between organisations, whether within a sector, across 

geographies or industries, and crucially with our suppliers, is not only important but also the key to 

success when dealing with a security incident. 

We witnessed a sea change when the Solarwinds attack happened a few years ago, and security experts 

realised that one organisation could not address this problem alone. If we look at the SolarWinds incident, 

numerous organisations in that supply chain ecosystem were affected by the fallout, and it was only 

through collating data that they held between them that we could learn the routes the attackers had taken 

and what had transpired. 

Especially with so much outsourcing happening today in the context of rapid digitalisation of business 

processes, we need to find ways to collaborate more effectively and overcome barriers like commercial 

competition between our organisations and legal obstacles to realise that we are all in this together and 

that we have to Defend-as-One to stand a chance against increasingly sophisticated threat actors and 

an ever-growing attack surface. 

Finally, we must consider supply chain security not only as a compliance exercise but also as a critical 

operational problem. Only by shifting TPRM into the operational space will we have a tangible impact on 

our ability to prevent and respond to supply chain incidents when they happen. 


Emily Hodges is Chief Operating Officer at Risk Ledger, a UK-based startup 

working to secure the global supply chain ecosystem. With a background in 

mathematics and cryptography, Emily spent a few years in PwC's cyber security 

consulting practice before starting a new consultancy aimed at using human 

understanding to make tangible improvements to security. She is now driving a step 

change in supply chain security, challenging the status quo with Risk Ledger. 

Emily Hodges can be reached online at emily@riskledger.com, 

https://www.linkedin.com/in/emhodges/ and at our company website 

https://riskledger.com/index.html. 



Preparing for EU AI Act from a Security Perspective 

What does it mean for security teams of organizations innovating, building, and deploying AI? 

By Manpreet Dash, Global Marketing and Business Development Lead, AIShield 

The world’s first artificial intelligence law, the EU AI Act, finally came into effect on 1 Aug 2024, 4 years 

after it was initially proposed by the European Commission. After years of political debates and 

negotiations that culminated in this decision, what does this mean for us and the broader AI community 

in 2024? 

Artificial Intelligence (AI) is transforming our world in unprecedented ways. From personalized healthcare 

to self-driving cars and virtual assistants, AI is becoming ubiquitous in our daily lives. However, this 

growing use of AI has raised many concerns about its impact on fundamental rights and freedoms. In 

response to this, the European Union (EU) has taken a significant step to regulate AI. 

The EU AI Act, also known as the Artificial Intelligence Act, is the world's first concrete initiative for 

regulating AI. It aims to turn Europe into a global hub for trustworthy AI by laying down harmonized rules 

governing the development, marketing, and use of AI in the EU. The AI Act aims to ensure that AI systems 



in the EU are safe and respect fundamental rights and values. Moreover, its objectives are to foster 

investment and innovation in AI, enhance governance and enforcement, and encourage a single EU 

market for AI. 

Stakeholders: Who is affected? 

The AI Act has set out clear definitions for the different actors involved in AI: providers, deployers, 

importers, distributors, and product manufacturers. This means all parties involved in the development, 

usage, import, distribution, or manufacturing of AI models will be held accountable. Moreover, the AI Act 

also applies to providers and users of AI systems located outside of the EU, e.g., in Switzerland, if output 

produced by the system is intended to be used in the EU. 

• AI system providers: Organizations and individuals who develop or create AI systems, including 

software developers and technology firms. 

• AI system deployers: Organizations who deploy and use AI systems in their operations, irrespective 

of the sector or industry. 

• Importers and Distributors: Organizations who bring AI systems from outside of EU and 

place them in EU markets. 

• Product Manufacturers: Organizations who place the AI systems in their offerings and 

products. 

• Regulators and supervisory bodies: Authorities responsible for monitoring and ensuring 

compliance with the AI Act, including data protection agencies. 

• Consumers and the public: Indirectly affected, as the Act aims to safeguard their rights and 

safety in relation to AI use. This new law will apply to non-EU organizations offering AI services 

in the EU market or to EU citizens, reinforcing global standards. 

Figure 1: Stakeholders in the EU AI Act 



What is required? 

Step 1: Model inventory – understanding the current state. 

To understand the implications of the EU AI Act, companies should first assess if they have AI models in 

use and in development or are about to procure such models from third-party providers and list the 

identified AI models in a model repository. Many financial services organizations can utilize existing 

model repositories and the surrounding model governance and add AI as an additional topic. 

Organizations which have not needed a model repository so far should start with a status quo assessment 

to understand their (potential) exposure. Even if AI is not used at present, it is very likely that this will 

change in the coming years. An initial identification can start from an existing software catalogue or, if 

this is not available, with surveys sent to the various business units. 

Actions to take: From the start of a project, you need a clear understanding of the regulatory compliance 

that might be required for taking your model into production. This needs to be combined with an 

achievable plan on how to fulfill regulatory requirements now and in production. Without sufficient logging 

and reporting functionality it might be difficult if not impossible to comply with the regulatory requirements. 

Step 2: Risk classification of models 

Based on the model repository, the AI models can be classified by risk. The act sets out AI governance 

requirements based on risk severity categories, with an additional designation for systemic risk general 

purpose AI (GPAI): 

Figure 2: Risk Classifications of AI Models 



1. Unacceptable Risk: 

The Act lays out examples of models posing an unacceptable risk. Models falling into this category 

are prohibited. Examples include the use of real-time remote biometric identification in public 

spaces or social scoring systems, as well as the use of subliminal influencing techniques which 

exploit vulnerabilities of specific groups. Few examples are: 

o 

o 

o 

o 

o 

Prohibited AI Practices: AI systems that manipulate behavior subliminally or exploit vulnerabilities 

due to age, disability, or socio-economic status. 

Social Scoring Systems: AI systems that evaluate or classify individuals over time based 

on their social behavior or personal characteristics, leading to detrimental treatment. 

Biometric Misuse: AI systems used for untargeted scraping of facial images for facial 

recognition databases, or biometric systems that infer sensitive data. 

Crime Prediction: AI systems used for predicting the likelihood of individuals committing 

crimes. 

Emotion and Biometric Recognition Restrictions: Use of emotion recognition and biometric 

categorization in workplaces and schools, except for specific reasons like medical 

or safety. 

2. GPAI Systemic Risks 

All providers of GPAI are subject to transparency obligations. They are required to take steps to 

maintain public summaries of content of data used to train models, enhance transparency, 

accountability, and compliance with EU’s copyright laws, prepare and maintain technical 

documentation of the model (including training and testing processes, and the result of model 

evaluations) and provide certain model information to who use the model. 

GPAI models are considered systemic risk when the cumulative amount of compute used for 

training exceeds 1025 FLOPS (Floating Point Operations Per Second, which is a measure of 

computing power). It includes AI systems designed for broad use case across various functions 

such as image and speech recognition, content and response generation, and others. Examples 

of General Purpose AI (GPAI) tools that could potentially pose systemic risks include GPT 3, GPT 

4, DALL-E, ChatGPT, AI-powered Bing Search and Edge Browser. 

Mandatory Compliance: For GPAI models with systemic risk, it is mandatory to conduct 

standardized model evaluations and adversarial testing, assess and mitigate potential systemic 

risks (read this blog for a more detailed understanding of LLM risks), track and report serious 

incidents, and ensure adequate cybersecurity protections. 

3. High Risk: 

High-risk models are permitted but must comply with multiple requirements and undergo a 

conformity assessment. This assessment needs to be completed before the model is released on 



the market. Those models are also required to be registered in an EU database which shall be 

set up. Operating high-risk AI models requires an appropriate risk management system, logging 

capabilities and human oversight respectively ownership. There shall be proper data governance 

applied to the data used for training, testing and validation as well as controls assuring the cyber 

security, robustness, and fairness of the model. 

Examples of high-risk systems are models related to the operation of critical infrastructure, 

systems used in hiring processes or employee ratings, credit scoring systems, automated 

insurance claims processing or setting of risk premiums for customers. 

o 

o 

o 

o 

o 

Critical Infrastructure Management: AI systems used in the operation of critical digital 

and physical infrastructures. 

Employment and Creditworthiness: AI systems involved in recruitment, worker management, 

or evaluating creditworthiness for essential services. 

Election Influence: AI systems used to influence election outcomes or voter behavior. 

Safety Components: AI systems that act as safety components in products covered by 

EU safety laws (e.g., vehicles, lifts, medical devices). 

Mandatory Compliance: These systems require defined governance architecture, including 

but not limited to risk management systems, data governance, documentation, record 

keeping, testing, and human oversight and register the AI system in an EU database. 

4. Limited Risk: 

The remaining models are considered limited or minimal risk. For those, transparency is required, 

i.e., a user must be informed that what they are interacting with is generated by AI. Examples 

include chat bots or deep fakes which are not considered high risk but for which it is mandatory 

that users know about AI being behind it. 

o 

o 

o 

Interactive AI: AI systems that directly interact with users, like chatbots. 

Content Generation: Systems that generate synthetic content or 'deep fakes'. 

Transparency Obligations: Providers and deployers must disclose certain information to 

users, ensuring transparency in operations. Transparent labeling and a code of conduct 

for the deployment of AI in interactions with people to ensure end-user awareness and 

safety is necessary. 

5. Minimal Risk: 

These applications are permitted without restrictions. However, for all operators of AI models, 

the implementation of a Code of Conduct around ethical AI is recommended. For tools and 

processes that fall under “minimal risk,” the draft EU AI Act encourages companies to have a 

code of conduct ensuring AI is being used ethically. 

o 

General AI Applications: AI systems with minimal implications, such as AI-enabled video 

games or email spam filters. 



o 

Voluntary Compliance: These systems are encouraged to adhere to voluntary codes of 

conduct that mirror some high-risk requirements, but compliance is not mandatory. 

These categories reflect the EU’s approach to regulate AI based on the potential risk to individuals’ rights 

and societal norms. 

Step 3: Prepare and get ready. 

If you are a provider, user, importer, distributor or affected person of AI systems, you need to ensure that 

your AI practices are in line with these new regulations. To start the process of fully complying with the 

AI Act, you should initiate the following steps: 

• assess the risks associated with your AI systems 

• raise awareness 

• design ethical systems 

• assign responsibility 

• stay up-to-date 

• establish a formal governance 

By taking proactive steps now, you can avoid potential significant sanctions for your organization upon 

the Act coming into force. Please note that this article refers to an ongoing legislative process which might 

lead to changes of the requirements. 

Figure 3: Compliance Steps for High-Risk AI Systems 



Which senior roles are most affected? 

• Chief Executive Officer (CEO): Responsible for overall compliance and steering the company’s 

strategic response to the EU AI Act. 

• Chief Technology Officer (CTO) or Chief Information Officer (CIO): Oversee the development 

and deployment of AI technologies, ensuring they align with regulatory requirements. 

• Chief Data Officer (CDO): Manage data governance, quality, and ethical use of data in AI 

systems. 

• Chief Compliance Officer (CCO) or Legal Counsel: Ensure that AI applications and business 

practices adhere to the EU AI Act and other relevant laws. 

• Chief Financial Officer (CFO): Oversee financial implications, investment in compliance infrastructure 

and potential risks associated with non-compliance. 

• Human Resources Manager: Address the impact of AI systems on employee management 

and training, ensuring AI literacy among staff. 

• Chief Information Security Officer (CISO): Handle cybersecurity and data protection aspects 

of AI systems to ensure data integrity and prevent any unauthorized use. 

• Chief Privacy Officer (CPO) or Data Protection Officer (DPO): Ensure that AI systems adhere 

to the privacy principles, are explainable and transparent, and have safeguards in place 

to preserve the fundamental rights and freedoms of individuals. 

These roles play a crucial part in adjusting business operations, refining technology strategies, and aligning 

organizational policies to comply with the EU AI Act. While some organizations have already appointed 

a Chief AI Officer, we foresee the emergence of a new senior role: the Chief AI Risk Officer. 

Implications for non-compliance 

The EU AI Act imposes fines for noncompliance based on percentage of worldwide annual turnover, 

underscoring the substantial implications for global companies of the EU’s stand on AI safety: 

• For prohibited AI systems — fines can reach 7% of worldwide annual turnover or €35 million, 

whichever is higher. 

• For high-risk AI and GPAI transparency obligations — fines can reach 3% of worldwide annual 

turnover or €15 million, whichever is higher. 

• For providing incorrect information to a notified body or national authority — fines can reach 1% 

of worldwide annual turnover or €7.5 million, whichever is higher. 

AI Security for EU AI Act Compliance 

The EU AI Act is a new legal framework for developing AI that the public can trust. It reflects the EU’s 

commitment to driving innovation, securing AI development, national safety, and the fundamental rights 

of people and businesses. The fast-paced evolution of AI regulation requires organizations to stay informed 

and compliant with current and future standards, ensuring AI deployments meet ethical and transparency 

criteria. 



AI Security is a crucial pillar of Responsible AI and Trustworthy AI adoption and is key to governance and 

compliance aspects in the context of EU AI Act. In the DevOps context, this means: 

• Developers require a straightforward solution that can scan AI/ML models, identify vulnerabilities, 

and assess risks, and automatically remediate them during the development phase. 

• Deployers and operators, including security teams, need tools such as endpoint detection and 

response (EDR) specific to AI workloads. They need to rely on solutions capable of detecting and 

responding to emerging AI attacks to prevent incidents and reduce the mean time to detect 

(MTTD) and mean time to resolve (MTTR). 

• Managers need visibility into the security posture of the AI/ML models they deploy to ensure 

better governance, compliance, and model risk management at an organizational level. 

Toward this end, the security industry needs a two-tiered approach that encompasses both predictive 

and proactive security to create safe and trustworthy AI systems. AI developers & AI Red Teams should 

anticipate and preemptively address potential attacks in the initial design phase by vulnerability testing. 

Additionally, we recommend incorporating robust defense measures into the AI system itself to shield 

against any real-time attacks. 

How AI Security Platform Helps Secure AI Models & Reduce AI Risk 

AI security platforms integrate multiple tools to ensure robust, compliant, and secure AI initiatives. They 

typically consist of components that target distinct aspects of AI security, offering comprehensive 

coverage from development through operation, to ensure your AI initiatives are robust, compliant, and 

secure. 

• Early Vulnerability Detection: Focus on early-stage vulnerability detection within your AI code, 

leveraging Static Application Security Testing (SAST) to unearth and mitigate potential security 

breaches before they escalate. You may utilize open-source utilities which can auto discover AI 

models in repositories and do a comprehensive scan of models and notebooks and categorize 

scans into distinct risk levels. There exist tools, such as Watchtower, which offer zero-cost AI/ML 

asset discovery and risk identification, coupled with insightful, actionable reporting that enables 

developers to reinforce their models against vulnerabilities. 

• Dynamic and Interactive Security Testing: Utilize a dynamic and interactive application security 

(DAST and IAST) approach, ensuring vulnerabilities and AI security risks are identified and rectified 

in real-time. As your AI transitions from development to operation, AISpectra is one such tool 

that provides the vigilant defense needed to preempt threats. 

• Endpoint Defense Systems: Implement real-time endpoint defenses to protect AI models in operation. 

These systems are essential for supporting security operations and governance teams, 

providing continuous oversight of the AI assets' security posture, and enabling prompt detection 

and remediation of any breaches. For Generative AI business applications, including tools like 

Large Language Models, using guardrails as cybersecurity middleware can help mitigate a wide 

range of risks, ensuring operations are safe, secure, and compliant with regulatory standards 

such as the EU AI Act. Consider exploring various capabilities in this area, including model validation 

and the implementation of guardrails (for example, Guardian) to ensure secure usage. 



Summarizing, a comprehensive AI Security Platform’s ability to provide independent, on-premises 

deployment is particularly relevant to your needs: 

• Conduct AI security assessment, standardized model evaluations (ML/LLM) and adversarial testing 

to assess and mitigate potential risks in Blackbox and Greybox settings, helping preserve 

model privacy during security assessments. 

• Delve deeper into AI security risk assessments, quantitative insights into model security posture; 

utilize sample attack vectors for adversarial retraining (for model security hardening); defense 

model for real-time endpoint monitoring. 

• Have a real-time defense system that facilitates tracking and reporting serious incidents and to 

ensure adequate cybersecurity protections. 

• Report security incidents via SIEM connectors to platforms like Azure Sentinel, IBM QRadar and 

Splunk to bolster Security Operations and Governance. 

Figure 4: View of AI Security Platform Capabilities Mapped across the AI/ML Lifecycle 

With a comprehensive AI Security Platform, organizations can: 

• Discover personal and sensitive information in AI training sets, including secrets and passwords, 

customer data, financial data, IP, confidential, and more. 

• Adopt AI safely by mitigating security risks before and after deployment for ML models and GenAI 

or GPAI systems. 

• Manage, protect, and govern AI with robust privacy, compliance, and security protocols, enabling 

zero trust and mitigating insider risk. 

• Assess AI model security risk, improve security posture and quickly provide reporting to EU regulatory 

authorities. 

To explore how AIShield can help your organization reduce risk and comply with requirements within 

the EU AI Act, please visit https://www.boschaishield.com/. 




Manpreet Dash is the Global Marketing and Business Development Lead 

of AIShield, a Bosch startup dedicated to securing artificial intelligence 

systems globally (AI Security) and recognized by Gartner, CES Innovation 

Awards and IoT industry Solution Awards. His crucial responsibilities span 

across marketing, strategy formulation, partnership development, and 

sales. Previously, Manpreet worked with Rheonics - an ETH Zurich spinoff 

company based in Switzerland, building next-generation process 

intelligence. Manpreet holds dual degrees in mechanical and industrial 

engineering and management from IIT Kharagpur and received the IIT 

Kharagpur Institute Silver Medal for graduating top of class. He has 

contributed to over 15 publications and talks in journals, webinars, trade 

magazines and conferences. Besides his professional and academic 

achievements, Manpreet’s commitment to innovation, technology for 

good, and fostering young talent is evident as a co-founder of the IIT KGP Young Innovators’ Program 

and as a Global Shaper of the World Economic Forum. Manpreet can be reached at 

manpreet.dash@bosch.com and at our company website https://www.boschaishield.com/. 



Steps To Protect Against Cybersecurity Threats During Mergers 

and Acquisitions 

By Saugat Sindhu, Senior Partner and Global Head, Advisory Services, Wipro Limited 

Transactions involving U.S. targets and acquirers continue to represent a substantial percentage of 

overall deal volume, with U.S. M&A exceeding $1.26 trillion in 2023, according to research from the 

Harvard Law School Forum on Corporate Governance. Stakeholders must consider various factors, 

including political agendas and regulation rules, to ensure mergers are approved. While cybersecurity 

may not be at the top of the list of hurdles companies must overcome during a merger, it should be. 

Frequently, while two companies are working closely to merge, cybercriminals are taking advantage of 

security gaps. 

Company leaders must take a holistic view of cybersecurity to ensure a successful merger. To understand 

a company’s capabilities to identify, protect, detect, respond, and recover from cybersecurity threats, 

companies should focus on three core areas: 

• Protect against potential data breaches. 

• Simplify integration of critical operational and security systems. 

• Take a security-by-design approach. 



Protect Against Potential Data Breaches 

The role of cybersecurity is more important than ever. Hackers are located worldwide, are equipped with 

the most advanced technologies, and are always looking for system weaknesses and vulnerabilities, 

which makes safeguarding corporate systems and data challenging. Companies entering or are currently 

engaged in a merger must prioritize cybersecurity measures to minimize security breaches, as these 

incidents can greatly reduce company valuation. Strong data security measures include planning on 

multiple levels and the implementation of processes, controls, and technology, such as access controls, 

network security, operation systems integration, and encryption. 

One of the primary areas to focus on is securing systems that integrate personal and business data and 

business-critical information. These systems contain essential data critical to a company's success, and 

exposing sensitive information could be disastrous. It’s prudent to first focus on systems related to HR, 

benefits, and payroll, as they house sensitive personal information. Breaches in these areas can result 

in legal actions, substantial financial losses, and erosion of employee and investor trust. Additionally, 

cybersecurity issues can lead to public data leaks, damaging the company’s value and market 

reputation. 

Management must adopt robust cybersecurity strategies to protect employees, customers, partners, and 

investors. This strategy should include thorough risk assessment, implementation of advanced security 

measures, and ongoing monitoring of newly integrated systems to ensure that all sensitive data is 

protected. 

Simplify Integration of Critical Operational and Security Systems 

Companies should take four steps to overcome security challenges: pre-merger, execution, transition, 

and post-merger integration. Addressing these challenges in four distinct phases helps ensure a 

smoother transition. 

1. Pre-merger: Create an overview of the company's cyber landscape, both currently and what is 

expected during the next few years. Examine all systems to determine the starting point and work 

closely with experts to follow essential regulations. 

2. Execution: After examining all systems, identify potential threats and establish steps to address 

them. 

3. Transition: Develop an integration strategy that includes addressing system redundancies. Pay 

attention to fixing weaknesses in the system. 

4. Post-merger: Once the transition has been completed, troubleshoot any new issues and identify 

what worked and what surprised the IT team. 

Take a Security-by-Design Approach 

One of the primary challenges during the M&A process is promoting awareness among all employees 

about the importance of cybersecurity. Developing and implementing a thorough merger integration plan, 



one that is supported by management and IT, along with input from the corporate compliance team, is 

critical to achieving success. Attention to detail, particularly regarding how system integration affects daily 

business operations, is crucial. 

Collaboration between the two companies is essential. The acquiring company must give the target 

company the flexibility to adopt the integration and cybersecurity strategy without disrupting existing 

business processes. Doing so will benefit everyone, ranging from increasing employee collaboration to 

alerting all employees to the importance of adhering to cybersecurity policies. 

One option during the M&A process is to consider insurance for cyber risks. While the coverage depends 

on the potential impact of damages, the focus should be on “cost per record”. If a breach happens and 

bad actors demand a ransom, the question is, what is typically the average cost per compromised record? 

Understanding the sensitivity of data being managed is the primary issue. There are different types of 

insurance coverage for this situation, so research options thoroughly before making any final decisions. 

Lastly, include other teams in the integration discussion, including management teams. These teams can 

contribute in many ways, from ensuring future operating models to addressing daily business processes. 

Planning for Today Leads to a Better Tomorrow 

M&A is challenging enough for both companies, let alone the implications of IT integration and addressing 

cybersecurity issues. Identifying and addressing existing cybersecurity threats before the merger puts 

the new company in a stronger position to succeed. 

Having a carefully designed integration plan, based on the four steps outlined above, helps ensure that 

both companies are better protected. Seamless integration is never easy, yet it is critical to protecting the 

integrity, reputation, and profitability of both companies. Shining a light on the importance of cybersecurity 

throughout both organizations and building a solid culture around cybersecurity dramatically reduces 

risks and sets the new company up for success. 


Saugat Sindhu is the Senior Partner and Global Head, Advisory Services of 

Wipro Limited. He leads a diverse group of practitioners globally, providing 

management consulting and business advisory services at Wipro focused on 

cybersecurity and risk, and related technology integration and transformation 

services for commercial and public sector clients. He is responsible for leading 

strategy development and execution planning, industry motions, solution 

innovation, and client service for Wipro’s Cyber Advisory business. His major 

industry expertise includes Media, Technology and Telecom. Saugat can be 

reached online at https://www.linkedin.com/in/saugatsindhu/ and at our 

company website https://www.wipro.com. 



BYTE BY BYTE 

How Ransomware is Sinking its Teeth into Dental Practices 

By Thomas Terronez, CEO, Medix Dental IT 

In an era where digital transformation is reshaping healthcare, dental practices find themselves caught 

in a perfect storm of cybersecurity vulnerabilities. As ransomware attacks surge across the healthcare 

sector, dental offices have become prime targets, facing risks that threaten not just patient data, but the 

very core of their operations. Let's drill down into this pressing issue and extract some actionable insights 

for dental IT leaders and healthcare CISOs. 



The Root Canal of the Problem: Ransomware's Evolution 

Ransomware attacks in healthcare aren't just a cavity in the system - they're a full-blown abscess. These 

digital extortionists have evolved from opportunistic script kiddies to sophisticated criminal enterprises, 

targeting the healthcare sector with surgical precision. Why? Because health data is the crown jewel of 

personal information, and dental practices are often the weakest link in the chain. 

The modus operandi is simple yet devastating: encrypt critical data, demand a ransom, and watch as 

practices scramble to maintain operations. But here's the kicker - paying the ransom is like trying to fill a 

cavity with cotton candy. It might provide temporary relief, but the underlying issue remains, and you're 

likely to face more pain down the road. 

X-Ray of Vulnerability: Why Dental Practices are Prime Targets 

Now, you might be wondering, "Why are dental practices such juicy targets?" Well, let's take a panoramic 

view of the situation: 

1. Cloud Adoption Lag: While other industries have migrated to the cloud faster than a tooth 

extraction, dental practices are still largely reliant on local servers. This creates an ideal petri dish 

for ransomware to grow and spread. 

2. Software Privileges: Many dental software solutions require elevated system privileges to 

function correctly. It's like giving every patient a key to the medicine cabinet - a recipe for disaster. 

3. IT Support Shortcomings: Most dental practices rely on small IT providers who, bless their 

hearts, are about as prepared for cybersecurity threats as a toothbrush is for a root canal. Their 

focus on immediate, visible results often comes at the expense of crucial behind-the-scenes 

security measures. 

4. Training Gaps and High Turnover: The dental industry's lack of consistent cybersecurity 

training, combined with high staff turnover, creates a revolving door of vulnerability. It's like 

constantly changing the combination to your safe but forgetting to tell anyone the new code. 

5. Underreporting of Incidents: Many ransomware attacks on individual practices go unreported, 

creating a false sense of security that's about as reliable as a chocolate toothpaste. This 

underreporting stems from a lack of understanding about legal obligations and a desire to avoid 

negative publicity. 

The Painful Bite of Ransomware: Impact on Dental Practices 

When ransomware strikes a dental practice, the pain is felt far beyond the initial sting. Let's break down 

the broader impacts: 

1. Operational Paralysis: Imagine walking into your practice one morning to find all your patient 

records, appointment schedules, and billing information locked away. It's like showing up to 

perform a root canal with your hands tied behind your back. 



2. Financial Hemorrhage: The costs of a ransomware attack extend far beyond any potential 

ransom payment. There's the lost revenue from appointment cancellations, the expense of hiring 

cybersecurity experts, and potential legal fees. It's enough to make even the most successful 

practice feel like it's been put through the financial wringer. 

3. Reputational Decay: In an age where patient trust is as fragile as enamel in a soda bath, a data 

breach can erode years of carefully built reputation. Patients might start looking for a new dental 

home faster than you can say "open wide." 

4. Regulatory Headaches: HIPAA violations resulting from a data breach can lead to hefty fines 

and increased scrutiny. It's like getting a surprise audit from the dental board, but with potentially 

more severe consequences. 

Filling the Cavities: Best Practices for Prevention 

So, how can dental practices protect themselves from this digital decay? Here are some best practices 

to implement: 

1. Embrace the Cloud: It's time to pull that old server like an impacted wisdom tooth. Cloud 

solutions offer better security, automatic updates, and off-site backups. 

2. Implement Least Privilege Access: Not everyone needs the keys to the kingdom. Restrict 

access rights to the minimum necessary for each role. 

3. Invest in Cybersecurity Training: Regular training sessions for all staff members are as crucial 

as teaching proper brushing techniques to patients. Make it engaging, make it frequent, and make 

it stick. 

4. Backup, Backup, Backup: Implement a robust backup strategy that includes off-site and offline 

backups. It's your practice's dental insurance against data loss. 

5. Partner with Cybersecurity Experts: Your IT provider should be as specialized in security as 

you are in dentistry. Don't settle for jack-of-all-trades support when it comes to protecting your 

practice. 

6. Implement Multi-Factor Authentication: This simple step can be as effective in preventing 

unauthorized access as flossing is in preventing gum disease. 

7. Stay Updated: Keep all software and systems patched and updated. Outdated software is like 

an open cavity - a breeding ground for problems. 

8. Develop an Incident Response Plan: Have a clear, documented plan for responding to a 

ransomware attack. It's like having an emergency kit ready - you hope you never need it, but you'll 

be glad it's there if you do. 

Conclusion: A Call to Action 

The threat of ransomware to dental practices is not a matter of if, but when. As healthcare IT leaders and 

CISOs, it's crucial to recognize the unique vulnerabilities of dental practices and take proactive steps to 

protect them. By implementing robust cybersecurity measures, we can ensure that dental practices 



continue to focus on what they do best - caring for patients' oral health - without the looming threat of 

digital extortion. 

Remember, in the fight against ransomware, an ounce of prevention is worth a pound of cure. Don't wait 

for a breach to occur before taking action. Start implementing these best practices today, and help create 

a future where dental practices are as secure digitally as they are sterile physically. 

After all, we want our patients smiling because of our excellent care, not grimacing at the thought of their 

data being held hostage. Let's bite back against ransomware and keep our practices - and our patients - 

safe and sound. 


Thomas Terronez is the CEO and Founder of Medix Dental IT. With over 20 

years of experience in dental IT, Thomas is one of the nation's renowned 

dental technology leaders. Thomas' mission is to lead dental organizations 

through operational and scaling challenges by leveraging technology. He has 

a forward-thinking outlook and is solution-focused, which has led him to work 

with the top dental vendors on evolving and developing the technology 

infrastructure for the industry's future. Presently, Thomas consults with dental 

groups, software companies and DSOs across the country on technology 

strategy. Thomas can be reached online at tom@medixdental.com and at our 

company website https://medixdental.com. 



Why Manufacturing IT Leaders are Turning to AI-Powered 

Cybersecurity Training 

By Sam Zheng, PhD., CEO & Co-Founder, DeepHow 

In the rapidly evolving digital landscape, cybersecurity has emerged as a critical concern, particularly for 

the manufacturing sector. Recent data highlights a staggering 165% surge in cyber-attack attempts on 

manufacturing facilities, a rate significantly higher than in other industries. This alarming trend 

underscores not only the vulnerability of manufacturing operations to cyber threats but also the 

paramount importance of robust cybersecurity training. 

Cybersecurity training methods must evolve to ensure the highest level of safety for both manufacturing 

organizations and their respective individual employees. Cyber threat actors have often manipulated 

individual employees with information related to their position or to senior leadership. Effective training 

methods to prevent common scams must be employed to ensure that every employee, at every level, is 

equipped with the necessary knowledge to identify the signs of an attempted attack. 

The Rise of Cyber Threats in Manufacturing 

Manufacturing facilities increasingly integrate digital technologies, making them prime targets for 

cybercriminals. These facilities often deal with sensitive data, proprietary manufacturing processes, and 

critical infrastructure systems that, if compromised, could lead to severe operational disruptions, financial 



losses, and safety hazards. The variety of threats ranges from sophisticated ransomware campaigns to 

intricate phishing schemes, each designed to exploit specific vulnerabilities. 

In 2023, manufacturing was the third-most targeted industry for ransomware and fourth for business email 

compromise. In addition to frequency, which has continued to rise year after year, the median cost of a 

manufacturing ransomware attack is now $500,000 USD. For example, in August 2023, Clorox, a wellknown 

manufacturer and marketer of consumer and professional products, fell victim to a cyber-attack. 

Hackers infiltrated the company’s systems and deployed ransomware, encrypting critical files and 

demanding a ransom. 

To contain the spread of the ransomware, Clorox shut down its systems upon detection. Although the 

production systems themselves were not directly compromised, the disruption to operational support 

systems made it difficult to process orders effectively. This led to a halt in production, causing a supply 

shortage and resulting in recovery costs that exceeded $50 million. 

The Shift to AI-Powered Cybersecurity Training 

Given the complexity and frequency of these threats, traditional cybersecurity training methods are no 

longer sufficient. Manufacturing IT leaders are turning to AI-powered solutions to enhance their 

cybersecurity training programs. Here's why AI is becoming indispensable in this field: 

Personalization: AI technologies enable personalized training experiences that cater to the unique 

needs and learning paces of individual employees, which is crucial in a field as complex as cybersecurity. 

Scalability: AI-powered platforms can easily scale up to accommodate new users and update training 

modules as new threats emerge, ensuring that the cybersecurity training is always current and relevant. 

Simulation and Testing: Through realistic simulations, AI-driven training platforms can create scenarios 

that mimic actual cyber threats, providing employees with hands-on experience in identifying and 

mitigating risks without the real-world consequences. 

Efficiency: AI significantly reduces the time and resources required to train employees, allowing for more 

frequent training sessions and updates, which are essential in keeping pace with the dynamic nature of 

cyber threats. 

Benefits of AI-Driven Cybersecurity Training in Manufacturing 

The implementation of AI-driven training programs has several tangible benefits: 

Enhanced Threat Recognition: Employees trained through AI-enhanced programs are quicker and 

more accurate in recognizing potential cyber threats, reducing the likelihood of successful breaches. 

Faster Response Times: In the event of a cyber-attack, a well-trained workforce can respond more 

swiftly and effectively, minimizing damages. 



Cost Savings: By preventing cyber-attacks, companies save on the potential costs of data breaches, 

which can include regulatory fines, legal fees, and reputational damage. 

Future Outlook 

As cyber threats continue to evolve, so too will the technologies designed to combat them. AI in 

cybersecurity training will play an increasingly critical role in ensuring that employees across all levels of 

an organization are equipped not just to respond to cyber threats, but to anticipate and neutralize them 

proactively. 

Manufacturing IT leaders are at the forefront of adopting AI-driven cybersecurity training solutions, 

recognizing that these advanced tools are no longer just advantageous but essential. The shift towards 

AI-powered training is not just about keeping up with technological trends but about making a strategic 

investment in the security and resilience of manufacturing operations. 

As the landscape of cyber threats grows more complex, the role of AI in cybersecurity training becomes 

more critical. For manufacturing sectors, where the stakes are exceptionally high, it is imperative to 

leverage the best tools available. AI-driven cybersecurity training represents a forward-thinking approach 

that not only addresses current challenges but also sets a foundation for enduring security. 


Sam Zheng, CEO and Co-Founder of DeepHow, spearheads a rapidly evolving 

startup, backed by esteemed investors. DeepHow revolutionizes skilled 

workforce training with an innovative, AI-powered, video-centric knowledge 

capturing and transfer platform. 

Prior to DeepHow, Sam dedicated over a decade to Siemens, driving digital 

innovation across various industries. His noteworthy projects, such as the Cloud 

Digital Inspection Jacket, have significantly improved technical knowledge 

sharing, efficiency, and user experience, earning his team the prestigious 

Siemens Innovation Award. 

Simultaneously, Sam serves as an Adjunct Professor of Psychology at Tsinghua University and holds a 

Ph.D. in Engineering Psychology and a Master’s in Statistics from the University of Illinois at Urbana- 

Champaign. 

Sam Zheng can be reached online at sam.zheng@deephow.com. 



A CISO’s Guide to Managing Risk as the World Embraces AI 

Leveraging Ai to Identify, Prioritize, And Remediate Our Highest-Risk Vunerabilities 

By Karthik Swarnam, Chief Security and Trust Officer, ArmorCode 

As Generative AI becomes more deeply integrated into our digital landscape, organizations face a 

growing need to manage application, technology, and cybersecurity risks effectively. The rapid evolution 

of AI technology amplifies the ease, potential, and complexity of cyberattacks. To better navigate this 

dynamic environment, organizations can adopt innovative approaches to prioritize risk management, 

optimize security and developer team collaboration, and improve performance metrics. 

Risk Prioritization in the Face of AI 

The proliferation of AI-driven applications and systems has led to an explosion of new security 

vulnerabilities. Common vulnerabilities and exposures (CVEs) have surged 500 percent in the past 

decade, making it increasingly challenging for organizations to manage and prioritize risks. Traditional 

methods of assessing vulnerabilities based solely on technical severity are no longer sufficient. Instead, 

taking a comprehensive approach that considers unique business contexts and real-time threat 

intelligence is essential. 



Modern risk prioritization tools can provide organizations with a unified view of security findings, 

contextualized by their potential business impact. By normalizing the severity of findings across different 

security tools and assessing the business implications of affected assets, organizations can generate a 

single adaptive risk score. This approach allows security teams to focus on the most critical vulnerabilities 

first, optimizing remediation efforts and improving overall security posture. 

To take it a step further, an AI-powered platform can ingest data from multiple security scanners/sources, 

normalize the findings and produce a prioritized list of risks based on business context and active threat 

intelligence. This method not only reduces time and resources spent on low-priority issues but also 

enhances security effectiveness by targeting the vulnerabilities that pose the greatest risk to the 

organization. 

Leveraging AI for Enhanced Security 

AI itself plays a key role in improving cybersecurity risk management. AI-driven platforms can analyze 

vast amounts of data from diverse sources to uncover trends and issues, and provide deeper insights 

and more accurate threat detection. Machine learning algorithms and natural language processing can 

also enable these platforms to correlate findings from different security tools, providing a more holistic 

view of the security landscape than using a single solution without AI. 

One of the other key benefits of AI-powered application security solutions is their ability to reduce 

duplicate findings and false positives across various scanners. For example, the same vulnerability might 

be reported by both static application security testing (SAST) and dynamic application security testing 

(DAST) tools. AI can correlate these findings, eliminate redundancy and streamline the remediation 

process. This capability not only reduces the workload for security and development teams but also 

accelerates the mean time to remediation (MTTR). 

Moreover, AI enhances the precision of vulnerability assessments. By integrating pre-production and 

runtime analysis, AI-powered platforms can provide strong signals about the real impact of identified 

issues. This enables security teams to address the root causes of vulnerabilities more efficiently, 

improving the speed and accuracy of remediation efforts. 

Collaboration Between Security and Development Teams 

Effective cybersecurity risk management also requires seamless collaboration between security and 

development teams. AI-powered platforms facilitate this collaboration by providing a unified view of risks 

and remediation priorities. This shared perspective helps both teams to align their efforts and focus on 

what matters most. 

One of the significant challenges in application security is the disconnect between security findings and 

their resolution. Developers often receive numerous security alerts without clear guidance on 

prioritization, leading to inefficient remediation processes and delayed software releases. AI-powered 



platforms bridge this gap by correlating security findings with development workflows, ensuring that 

appropriate issues are promptly routed to the appropriate teams. 

Additionally, remediation workflows should be automated based on risk scores. By automating routine 

tasks and providing actionable insights, AI-powered solutions can enhance security team productivity 

and enable faster, more secure software releases. This collaborative approach not only improves security 

outcomes but also fosters a culture of shared responsibility and continuous improvement. 

Holistic Governance Layer Across Risks 

To protect against threats, CISOs need a comprehensive governance layer to see across their full scope 

of risk, including perspective on all tools and teams from developers to cloud security. As AI continues to 

reshape the digital landscape, managing cybersecurity risk will be more complex and critical than ever. 

Furthermore, proper governance helps determine the ideal time to change an organization’s scanners or 

shift security sources by keeping their efficacy more transparent. When that governance layer is 

overseeing a security approach based on risk, it is able to provide the modularity necessary to keep 

programs effective. 

The ability to identify, prioritize, and remediate the highest-risk vulnerabilities efficiently is essential. AIpowered 

platforms offer a new model for cybersecurity risk management, empowering organizations to 

stay ahead of emerging threats and maximize the ROI of their security investments. Organizations should 

prioritize their greatest business risks, use AI to enhance their security, and foster collaboration between 

security and development teams. By doing so, they can navigate the challenges of the AI era and improve 

their risk and security posture. 


Karthik Swarnam is Chief Security and Trust Officer at ArmorCode. He is a 

Cybersecurity Leader with over 25 years of experience, including former 

CISO roles with Kroger, DIRECTV, and TransUnion. Karthik can be reached 

on LinkedIn and more information can be found on ArmorCode’s website 

https://www.armorcode.com/. 



A Cloud Reality Check for Federal Agencies 

By James Langley, Master Solutions Consultant, Hitachi Vantara Federal 

The move to cloud is not slowing down – spending by Federal civilian agencies on cloud computing could 

reach $8.3 billion in Fiscal Year (FY) 2025. But despite years of guidance (from Cloud First to Cloud Smart) 

on how agencies should tackle that journey, cloud adoption remains an unfulfilled priority for the 

government. 

In fact, the 17 th Federal IT Acquisition Reform Act (FITARA) scorecard included a new cloud scoring 

category – which subsequently caused agency scores to decline. This isn’t necessarily a bad thing – the 

low scores highlight clear areas of improvement for Federal agencies. Despite guidance and a clear path 

forward, agencies are grappling to unlock cloud’s full potential. 

The Right Road to Cloud 

Cloud adoption is not a mere checkbox exercise, it is a strategic initiative that has the potential to offer 

scalability and efficiency improvements. To successfully adopt cloud technologies, agencies should start 

by conducting thorough cost-benefit analyses to understand the financial implications of different cloud 

adoption strategies and make informed decisions that fit their budgets and operational needs. 

Unpredictable costs often limit agencies' ability to secure essential funds for cloud infrastructure and 

services. While it’s inexpensive to move data into the cloud, it costs a lot to get the data out. The costs 

associated with cloud adoption – like access or egress fees – are difficult to model and while agencies 



can leverage the cloud for more availability when needed, they can’t always reduce that capacity. This 

leaves agencies paying for cloud capabilities they aren’t using. Further, traditional government budget 

cycles do not match the flexible, on-demand nature of cloud spending, posing expense management and 

cost-efficiency challenges. 

To alleviate these concerns and manage costs, agencies should regularly review and optimize resource 

allocations. By establishing clear governance policies for cloud spending, like setting budget limits and 

defining approval processes, agencies can promote accountability and ensure smart spending 

department-wide. 

When it comes to modernization, a phased approach is wise. It allows agencies to migrate workloads 

gradually and strategically, minimizing risks and disruptions. Prioritizing applications based on complexity 

and impact helps manage the migration smoothly. Hybrid cloud solutions are also beneficial, letting 

agencies blend their existing on-premises infrastructure with cloud resources at their own pace. This way, 

they maintain control over critical applications and data while embracing modern cloud capabilities 

effectively. 

Aligning Cloud Adoption with Mission Objectives 

It is crucial for agencies to take a mission-driven approach when pursuing cloud initiatives. This means 

clearly understanding how cloud technologies can directly contribute to achieving their core goals, 

improving service delivery, and enhancing overall operational efficiency. By developing a strategic plan 

that outlines specific outcomes, key milestones, and performance metrics, agencies can effectively map 

out their cloud journey to align with broader organizational objectives. This should be a dynamic 

document, regularly reviewed and updated to adapt to evolving priorities and new opportunities. 

Involving stakeholders is equally essential. Engaging IT staff, business leaders, and end-users when 

developing the strategy ensures that all perspectives and needs are considered from the outset. This 

collaboration not only enhances the quality of decision-making but also fosters a sense of ownership and 

commitment to the cloud adoption strategy throughout the organization. By involving stakeholders early 

on, agencies can leverage their expertise to identify potential challenges, refine strategies, and maximize 

the benefits of cloud technologies in achieving mission success. 

Tailored Cloud Adoption for Strategic Modernization 

For Federal agencies to achieve successful cloud adoption, it requires a holistic approach tailored to their 

specific operational needs. Instead of opting for generic solutions, agencies should customize their cloud 

implementations to maximize the benefits of modern technology. This not only enhances operational 

efficiency but also supports mission objectives more effectively. 

Prioritizing stringent security protocols is also crucial. Agencies must implement and continuously monitor 

these measures to safeguard sensitive data and comply with Federal regulations, reducing cloud 

adoption risks. Additionally, modernizing legacy systems requires strategic refactoring rather than a 



simple "lift and shift" approach. By refactoring applications to utilize cloud-native features fully, agencies 

not only enhance performance but also prepare for long-term scalability and innovation in the cloud. 

By embracing these principles – holistic customization, robust security, and strategic modernization— 

Federal agencies can navigate the complexities of cloud adoption and realize the full benefits, like greater 

operational agility, cost-efficiency, and mission success. 


James Langley is the Master Solutions Consultant of Hitachi Vantara 

Federal, a wholly owned subsidiary of Hitachi Vantara, with more than 20 

years of experience in the IT industry and a decade as a trusted adviser 

for federal civilian, defense and intelligence agencies. James can be 

reached at james.langley@hitachivantarafederal.com or at our company 

website www.hitachivantarafederal.com/. 



The Unsolvable Problem: XZ and Modern Infrastructure 

By Josh Bressers, Vice President of Security, Anchore 

The ongoing prevalence (and rise) of software supply chain attacks is enough to keep any software 

developer or security analyst up at night. The recent XZ backdoor attack is finally behind us, and luckily 

there was no widespread reach of the backdoored library. If you hadn’t heard, this software supply chain 

attack was a malicious effort that targeted Linux systems, and this attack had been years in the making. 

There’s no denying that an event like XZ will happen again, and we may not be so lucky next time. But 

what hasn’t been discussed is how what happened with XZ isn’t a problem we can solve with best 

practices today. So, if we can’t solve this problem of backdoor supply chain attacks, how do we chart a 

safe route forward? 

The Unsolvable Problem 

Sometimes reality can be harsh, but the painful truth about this sort of backdoor attack is that there is no 

solution, we simply don’t know how to solve this one. Many projects and organizations are happy to 

explain how they keep you safe, or how you can prevent software supply chain attacks, by doing this one 

simple thing. However, the industry as it stands today lacks the ability to prevent an attack created by a 

motivated and resourced threat actor. In fact, the Anchore 2022 Software Supply Chain Security Report 



shows that the security of open source software containers is ranked as the number one challenge by 

24% of respondents, so this is not an isolated business concern. The same survey also reports that more 

than half of respondents say that securing the software supply chain is a top or significant focus. This 

indicates that recent, high-profile attacks like the XZ attack have put software supply chain security on 

the radar for the majority of organizations. 

If there is a malicious open source maintainer, we (as an industry) lack the tools and knowledge to prevent 

this sort of attack, as you can’t actually stop such behavior until after it happens. When we use open 

source software, there is so much of it, we can’t possibly vet it. We rely on the community to help find 

and fix problems, which is exactly what happened with the XZ backdoor attack. 

However, that doesn’t mean we are helpless. We can take a page out of the playbook of the observability 

industry. Sometimes we're able to see problems as they happen or after they happen, then use that 

knowledge from the past to improve the future, that is a problem we can solve. And it’s a solution that we 

can measure. If you have a solid inventory of your software, past, present, and future, then looking for 

affected versions of XZ becomes simple and effective. 

Today and Tomorrow 

Looking for a vulnerable version of XZ, specifically versions 5.6.0 and 5.6.1, sounds like it should be an 

easy task, but trying to solve a problem like this at scale is always a challenge. We don’t know what we 

will need to quickly search for in the future. Will it be a binary file, a python package, or maybe just a 

checksum. Since we don’t know what the next attack will be, an accurate inventory will be important. 

The industry is currently putting a focus on using a software bill of materials, or SBOM, as the way to 

track the contents of software. We see a focus on these inventories in new development standards such 

as the secure software development framework, or SSDF. By using an SBOM to track software inventory, 

we have a standardized way to not only track our own software, but to also share those inventories with 

our customers and partners, and to receive an SBOM from our suppliers. SBOMs aren’t perfect, but they 

are the first step to having software inventories we can use in the future. 

What Now? 

Anyone who has been following industry news is probably wondering what supply chain story will happen 

next. The size and complexity of open source software is enormous and growing more complex every 

day. Open source is so embedded in our products and services now there’s no way we can stop using 

it, it’s here to stay, so what responsibilities do we have? If it’s too big to fail, and too big to fix, we have to 

figure out how we can use open source in ways that make sense. We have technologies now to help 

keep track of your open source software components, but just keeping track is the first step. It’s just as 

important to move quickly when the next XZ shows up. If we’re going to use open source, we have to 



move at the speed of open source. We can’t solve the problem that brought us to XZ, but we can make 

sure when the next one happens, we can start responding in minutes instead of days. 


Josh Bressers is the Vice President of Security at Anchore, a modern 

software composition analysis company that focuses on automated software 

compliance to save time and reduce risk. 

At Anchore he guides security feature development for the company’s 

commercial and open source solutions. He is a co-lead of the OpenSSF 

SBOM Everywhere project, and is a Co-Founder of the Global Security 

Database project at the Cloud Security Alliance. 

Bressers can be reached on LinkedIn or by visiting www.anchore.com/. 



Autonomous, Deterministic Security for Mission-Critical IOT 

Systems 

From Cybersecurity Principles to Effective Protection 

By Tal Ben-David, VP R&D and Co-Founder, Karamba Security 

Mission-Critical Iot Systems: Cybersecurity Principles 

In creating an effective cybersecurity strategy for IoT systems, software architects examine obstacles that 

limit the security options for their target systems. 

To deliver a proactive cyber defense without risking business continuity, cyber threat protection must 

overcome: 

• Business continuity interruption due to remediation lag 

• Zero-day and day-one attacks 

• False positives 

• Slowed performance 

The obstacles that hinder cybersecurity for IoT systems must be addressed to achieve the level of 

security and performance needed in these systems. 



With this goal in mind, we have identified five primary defense strategies: 

• Automatically-generated multi-dimensional allow lists 

• Automatically-embedded access control 

• Automatically-embedded Control-Flow Integrity 

• Enabling vendor-sourced updates 

• Eliminating developer disruption 

The solution involves hardening mission-critical IoT systems to their factory settings, where each layer 

of protection seals the device’s software against different types of attacks. 

Automatically-generated multi-dimensional allow lists 

To overcome multiple challenges, the backbone of cybersecurity should be deterministic (a detailed look 

at Deterministic Security can be found later in this article.) 

Such solution leverages the deterministic nature of IoT systems. Any change, which was not authorized 

by the system’s vendor must imply a hacking attempt. Hardening the binaries against changes and 

deterministically preventing any unauthorized attempt to change them means stopping hackers before 

they succeed in exploiting zero-day or day-one attacks. 

Allow-list of executables 

The allow-list enforcement component should integrate with the OS program-loading and file-access 

services. All executables can be checked against the allow list, including files (operating system and 

applications), shared objects, and scripts. Each time any binary is loaded, its unique signature is 

calculated based on the content of the file and compared to a database of approved application 

signatures. 

If the binary is on the allow list, it is permitted to run. If not listed, it is not a legitimate component originating 

within the device’s factory settings. As soon as malicious code attempts to be loaded to memory, the 

security filter stops the binary from loading. 

An additional dimension of protection can allow for definition of associative execution, in which only 

specified applications are allowed to run each of the executables on the Allow List. 

This security policy is signed with a private key to prevent tampering. The signed policy and the public 

key can then be embedded in the device. 

Automatically-embedded access control 

A protected application should perform a set of finite operations, as defined in the systems’ production 

software. 



When applying the protection, it should be possible to specify files that will have restricted operations and 

access during runtime. Selected applications, identified by their hashes, can be granted access to 

restricted operations on the protected files. 

For example, it should be possible to block remove, chmod and chown operations, and limit Read and/or 

Write access as needed. 

Automatically-embedded Control-Flow Integrity (CFI) 

CFI is essentially an allow-list at the function graph level for the application. It enables performing realtime 

integrity validation of function calls and function returns, to make the system self-defending and 

impervious to in-memory attacks such as buffer overflows and heap overflows. 

A static analysis engine is used to analyze the binaries (not the source code) of the build. The engine 

then automatically maps all valid function-call sequences and call locations. With this call graph, the CFI 

engine ensures in runtime that only legitimate function calls are executed. It also blocks any attempt to 

load malware directly into memory. 

The resulting system is no longer a potential attack surface. Once a deviation of a function call or a return 

pointer from the pre-defined control flow graph is identified, it deterministically infers an attempt to exploit 

an in-memory vulnerability within the device’s software. Proactive measures can then be taken to prevent 

the attack before it takes control of the targeted device. 

Enabling vendor-sourced updates 

Cybersecurity “overkill” needs to be avoided. If a protection mechanism is designed to block all changes 

blindly, it would block legitimate software updates made by the vendor. When a feature is added or 

enhanced, the security solution must be flexible enough to allow these updates and generate 

corresponding policy changes. 

The update mechanism should be able to incorporate new validation rules seamlessly any time the 

software of the IoT device is updated, so that new components are allow-listed in the same secure manner 

as they were during the original build. 

Eliminating developer disruption 

There is an inherent conflict between better security and the need to shorten development life cycles to 

increase the competitive position of the product. Any solution must harden the system without developer 

intervention, and without adjusting development processes. 



Why Is Autonomous, Deterministic Security Crucial? 

Deterministic security is superior to heuristic security: deterministic validation is a distinct outcome of 

given circumstances, while heuristic conclusions are based on past statistics and learned behavior 

patterns. It is not feasible, however, to aim for deterministic protection in all types of systems and 

scenarios. Heuristics are therefore applied in cases where deterministic security cannot: Where changes 

occur frequently, and a safe baseline (“known good”) cannot be established, let alone be identical across 

many systems. 

Heuristic methods, and related analytics and machine- learning techniques, have become the de-facto 

standard in IT/cloud environments, for enterprises or data centers. However, this approach fails when it 

is applied to environments in which it cannot deliver: namely, constrained environments. In environments 

such as connected/IoT devices, routers, gateways, or ECUs in vehicles, heuristics can increase risk 

rather than reducing it. 

The cybersecurity approach must be adapted to the target environment it is protecting. The 

IT/DataCenter/Cloud environment is resource-rich while the IoT device environment has limited CPU 

speed, I/O throughput, storage and memory capacities. Newly-deployed applications on data center 

servers and endpoints are diverse, while those of IoT systems are limited and pre-defined. In addition, 

data centers can rely on continuous internet connectivity and frequent updates, and IoT devices cannot. 

While in IT environments there are countless combinations and configurations, with constant updates 

and tolerance of a certain degree of error, networking-device and closed environments are resourceconstrained, 

cannot rely on internet updates, and run a defined set of functions within limited space. 

For a mission-critical IoT system, it is possible to define a “known- good” configuration ("factory settings"), 

and define a deterministic security policy, whereas each deviation from this known good can be 

deterministically prevented. 

By automatically hardening the system at the binary level, Autonomous Security aims to create selfprotecting 

devices. This solution reduces the need to urgently patch against newly-discovered attacks, 

which are deterministically prevented as changes to the device’s original binaries. The need for updates 

and day-to-day management, which impede both product roll-out and subsequent maintenance, is thus 

significantly reduced. 

Turning Strategies Into Effective Protection 

The Autonomous Deterministic Security model puts the conclusions drawn above into practice, effectively 

removing security constraints to create self-protecting devices. 

Deterministic Security can protect devices against hacking attempts automatically, including zero-day 

attacks and exploits of known, unpatched, vulnerabilities. It does not require developers’ intervention, and 

does not delay product time to market. 



Deterministic Protection: Embedding Native Security 

Unlike laptops and servers, IoT systems are immutable. The binary code in a device can thus be sealed 

to prevent unauthorized changes; Only the vendor is able to modify the device, when needed. In this 

way, cybersecurity remains stable over the life of the device, significantly reducing the need for 

continuous malware signature updates and security patches. 

Measuring Performance 

Cybersecurity protection cannot be added to IoT systems at the expense of hampering functionality due 

to slow performance. Any proposed solution must be tested for acceptable levels of added processing 

associated with validation. There are also additional memory requirements for data structures accessed 

by validation code. 

Impact can be estimated by a set of performance indicators, an increase in file system size, and/or a 

decrease in available system RAM. Final system-performance tests ensure that measurements remain 

within the product performance specification’s allowed limits after security is added. 

Incident Response and Forensic Reporting 

The Autonomous Deterministic Security mechanism can issue instantaneous threat alerts as soon as an 

attack is detected and blocked. These alerts identify which part of a system is being attacked, to inform 

the incident response team. 

In accordance with best practices, self-protected solutions record any anomalous activity or attempts to 

access systems. These incident logs are then sent to forensic experts for analysis. 

With this goal in mind, the following elements can be logged to create a detailed threat analysis report: 

• File system operations 

• Network operations 

• Process and thread operations 

• Debugging attempts 

This information is used to create analytic reports that include all forensic data collected on the system 

around the time of the attack, including: 

• The exploited process 

• External connections involved 

• The type of attack (e.g., malicious application or code injection) 

• The malicious binary trails in the file system 

This type of data enables software developers to identify and fix the vulnerabilities that leave missioncritical 

systems exposed to potential threats. 



Anti-Tampering 

Any cybersecurity solution must protect itself against any attempts to modify its own policies, remove 

enforcement engines, or hide malicious activities. 

This type of immutability can be achieved through a combination of software and, when available, 

hardware capabilities that verify the integrity of the policies and protection mechanisms. 

Ease of Deployment 

Another practical aspect of Autonomous Security relates to the time and budget constraints under which 

software developers operate. With a cybersecurity tool that automatically develops a customized security 

policy, there is no prerequisite training for the development team. The software build is enhanced 

automatically with allow-listing on multiple levels, and optimizations are put in place at the binary level. 

Automating Protection for The Life Of The Device 

The build process that includes an effective security solution must meet these security requirements 

without placing a burden on software developers. Developers should not be required to learn how to 

deploy, configure, and manage cybersecurity solutions; nor expose the product to coding errors that could 

produce new vulnerabilities. 

Cybersecurity solutions must be lightweight, since most resource-constrained devices are overloaded. 

Any security process that significantly increases the usage of the RAM or significantly degrades CPU 

performance will impact system operation and may result in compromised functionality. 

For these reasons, we recommend the described lightweight embedded solution that automatically 

generates the security policy during the software build process. Overhead is minimized, so there is 

negligible performance penalty in both original and updated releases. 

Conclusions 

Manufacturers following Autonomous Deterministic Security guidelines can achieve unparalleled 

protection of mission-critical IoT systems, while complying with industry regulations and standards. 

Deterministic embedded solutions provide numerous advantages: 

• Installed and operated without the need for developer resources or ongoing administration 

• Harden system binaries against foreign code or unallowed changes in runtime 

• Reduce the risk of false negatives and false positives 

• Provide immunity to zero-day and day-one in-memory and dropper attacks, regardless of 

unpatched vulnerabilities. 

• Can protect software running in containers and on hypervisor VMs 



• Automate the security development process, reducing the time to market 

• Operate 24/7 without human intervention or Internet connectivity 

• Deliver detailed threat data for comprehensive forensic analysis 

• Secure embedded systems over the lifetime of the device 

About Karamba Security 

Karamba Security is the world leader in End-to-End product security for Automotive and IoT devices. 

Mission-critical IoT product manufacturers such as HP, Samsung SDS, Volvo, Stellantis and Hitachi rely 

on Karamba’s products and services to seamlessly protect their IoT devices against cyberattacks. 

Karamba’s award-winning software enables IoT device manufacturers to secure their products against 

cyberattacks and meet industry regulations without interfering with their R&D teams or delaying their 

products’ time to market. 


Tal Ben-David is the VP R&D and Co-Founder of Karamba 

Security. He has over 25 years of experience in software 

development for high-scale, customer-facing security products. At 

Karamba, Tal manages the development, delivery and customer 

success of Karamba’s embedded security and posture 

management products, which are deployed in millions of devices 

globally. 

Tal can be reached online at Tal.bendavid@karambasecurity.com 

and at our company website https://karambasecurity.com. 



Benefits of Network Monitoring Systems 

By Eddy Abou-Nehme, Owner and Director of Operations at RevNet 

Maintaining a resilient, secure, and efficient network infrastructure is more important than ever. Network 

monitoring systems, which encompass both hardware and software tools, play a pivotal role in achieving 

this goal. By providing real-time and historical insights, these systems enable businesses to proactively 

detect and resolve potential issues before they escalate into critical problems. Beyond just problem 

detection, network monitoring enhances security, optimizes performance and efficiency, and offers 

significant cost savings by minimizing downtime. 

As organizations strive to stay ahead of the curve, investing in a comprehensive network monitoring 

solution becomes not just a technical necessity but a strategic imperative for long-term success. Here, 

we explore the myriad benefits of network monitoring systems and highlight why they are essential for 

future-proofing your business against the ever-evolving challenges of the digital age. 

What are Network Monitoring Systems? 

A network monitoring system includes both hardware and software tools to track different aspects of a 

network’s operation. This may include monitoring traffic, bandwidth use, and uptime, among other 



metrics. They allow network administrators to quickly detect device and connection failures that could 

cause issues for employees or consumers. 

Real-time network monitoring can catch issues as they happen, allowing you to react quickly to any 

problems that arise, while historical monitoring will give you data on events that have already occurred. 

Both types of monitoring are helpful, as they can alert you to repetitive issues that may represent an 

underlying problem. This can give you insights into ways to improve or adapt your network. 

Proactive Problem Detection and Resolution 

Network monitoring systems can help you detect potential issues before they become critical. By 

leveraging real-time, automated alerts, you can be updated about a situation as soon as it’s detected, 

allowing you to respond just as quickly. This allows problems to be dealt with more easily before they 

create major interruptions for employees and customers. 

Enhanced Network Security 

Automated alerts on real-time monitoring can help to identify security breaches by informing you of 

anyone attempting to get unauthorized access to secure information. This helps to keep sensitive data 

safe and can also ensure that you meet regulatory compliance requirements for data protection. The 

landscape of regulatory compliance is constantly evolving, but a network monitoring system can help 

ensure your operations meet the strictest regulations. 

Improved Network Performance and Efficiency 

Both real-time and historical network monitoring can give you a better understanding of how bandwidth 

and other resources are allocated throughout your system. By checking these logs, you can see if 

resources need to be reallocated or optimized to help manage and improve your networks’ performance 

and efficiency. 

Cost Savings 

With proactive problem detection and resolution, you can effectively reduce your network downtime and 

create a preventative maintenance schedule based on network usage and other requirements. 

The initial effects of unplanned downtime are twofold as it can have immediate negative financial impacts 

on your business, as potential customers may be turned away and never come back and reduced 

employee productivity. Similarly, postponing system maintenance until the last moment can lead to 

suboptimal network performance for extended periods, thereby decreasing operational efficiency, 

consuming valuable employee time, and adversely affecting morale. 



Informed Decision-Making 

Network monitoring systems can provide you with valuable information for data-driven decision-making. 

By using both the real-time and historical data that it’s gathered, you can see repetitive patterns and 

potential trends for the future, allowing you to address resolved issues while also planning ahead. 

Identifying data trends can help you with strategic IT planning and development, as it may point to areas 

where your team may need additional training or support before a similar issue arises. 

Scalability and Flexibility 

Having tools that can fit your business as it is and scale as it grows is vital for success. Network monitoring 

systems can expand alongside your network, allowing you to take on new partners and more customers 

and employees with ease. This sets your operations up with a customizable solution, allowing you to 

choose which services will most benefit your business. 

Implementing Network Monitoring Systems 

Implementing a robust network monitoring system is crucial for maintaining a resilient, secure, and 

efficient network infrastructure. These systems provide real-time and historical insights that enable 

proactive problem detection and resolution, enhance network security, improve performance and 

efficiency, and facilitate cost savings through reduced downtime and optimized resource allocation. By 

leveraging the data-driven insights offered by network monitoring systems, businesses can make 

informed decisions that support strategic IT planning and development. Additionally, the scalability and 

flexibility of these systems ensure they can grow and adapt alongside your business, making them an 

invaluable tool for sustaining long-term success. 

Investing in a comprehensive network monitoring solution is not just a technical necessity but a strategic 

move to future-proof your organization against the evolving demands of the digital age. 


Eddy Abou-Nehme is the Owner and Director of Operations at RevNet. Eddy's 

journey into the world of IT began at Carleton University, where he graduated 

in 2002 with a Bachelor of Science in Computer Mathematics. As the demand 

for Ottawa IT services grew, Revolution Networks has increased its service 

offerings accordingly to include Managed IT Services, IT Consulting, IT 

Assessments, Network Cabling & Wiring, Remote Backups, and much more to 

provide the most comprehensive and detail-focused managed IT services and 

network support. Eddy can be reached online at sales@revnet.ca and at our 

company website https://www.revnet.ca. 



Beyond Encryption: Advancing Data-in-Use Protection 

By David Close, Chief Solutions Architect at Futurex 

In the ever-evolving landscape of cryptography, traditional encryption methods safeguarding data at rest 

and in transit remain foundational to cybersecurity strategies. However, the security of decrypted data 

actively used within applications continues to be a pressing concern, exposing vulnerabilities to cyberattacks, 

including malicious redirects and malware intrusions. This critical issue has driven the 

development of data-in-use protection technologies, which secure data during active processing, 

ensuring a fortified environment even when data is decrypted and most susceptible to threats. 

The Rising Challenge of Data Breaches 

Data breaches are escalating both in frequency and severity. A significant breach in 2024 compromised 

over 26 billion records, underscoring the increasing threat landscape. Decrypted data, being more 

accessible during active use, presents an attractive target for cybercriminals compared to encrypted data 

at rest or in transit. For example, a massive data breach in April 2019 involving a prominent social media 

platform resulted in the leakage of over 540 million user records, including sensitive details such as 

account names and phone numbers. This incident highlights the urgent necessity for robust measures to 

protect data-in-use. 



Understanding Privacy Enhancing Technologies (PETs) 

Privacy Enhancing Technologies (PETs) have emerged as vital tools in the encryption domain, aimed at 

securing decrypted data. These technologies encompass a range of tools and strategies designed to 

prevent unauthorized data access and ensure data privacy and integrity. 

Key Components of PETs 

1. Hardware Security Modules (HSMs) and Key Management Servers: HSMs provide a secure 

enclave for storing and managing encryption keys, ensuring that keys remain isolated and 

protected from unauthorized access even if the data is compromised. Key management servers 

complement HSMs by securely managing the lifecycle of cryptographic keys. 

2. Cryptographic Management Platforms: These platforms automate and streamline the 

management of encryption keys throughout their lifecycle, minimizing risks associated with 

human error and unauthorized access. They ensure that keys are generated, distributed, stored, 

and destroyed in a secure manner. 

3. Public Key Infrastructure (PKI) and Certificate Authorities (CAs): PKI systems establish a 

framework for secure communications, ensuring that only authorized entities can access sensitive 

data. Certificate authorities issue digital certificates that authenticate the identities of entities 

involved in electronic transactions. 

4. Point-to-Point Encryption (P2PE): P2PE encrypts data directly between communication 

devices, protecting it from interception during transit. This technology is crucial for securing 

sensitive information such as payment card data. 

5. Vaultless Tokenization: This approach replaces sensitive data with secure tokens that have no 

meaningful value without the corresponding decryption keys. Vaultless tokenization ensures data 

security even if unauthorized access occurs. 

Real-World Applications of PETs 

PETs are not merely theoretical constructs; their practical applications span various sectors, offering 

significant benefits to businesses, governments, researchers, and the general public. 

Healthcare 

In the healthcare industry, PETs are employed to securely share patient data among researchers, 

enhancing privacy and compliance with regulations such as the Health Insurance Portability and 

Accountability Act (HIPAA). By using PETs, healthcare organizations can collaborate on research 

initiatives without compromising patient confidentiality. 



Collaborative Innovation 

PETs facilitate secure data sharing among companies, fostering innovation while safeguarding sensitive 

information from competitors. By enabling collaborative efforts without risking data breaches, PETs help 

businesses leverage collective knowledge and drive technological advancements. 

Financial Transaction Anonymization 

In the financial sector, PETs enable the tokenization of sensitive data, such as credit card numbers, 

enhancing transaction security and reducing fraud risks. Tokenization ensures that actual data is never 

exposed during transactions, thereby protecting customer information. 

Advanced Cryptographic Methods for Data-in-Use Protection 

The introduction of data-in-use protection technologies represents a significant shift in cryptographic and 

encryption strategies. These advanced technologies employ sophisticated cryptographic methods to 

protect data during active processing, allowing secure computations on encrypted data while preserving 

privacy and integrity. 

Secure Multi-Party Computation (SMPC) 

Secure multi-party computation enables multiple parties to collaboratively compute a function over their 

inputs while keeping those inputs private. This method is particularly useful for collaborative data analysis 

and shared research projects, where participants can gain insights from combined data sets without 

revealing their individual data. 

Balancing Performance and Security 

While the benefits of data-in-use protection technologies are substantial, their deployment is not without 

challenges. Key concerns include potential performance overheads, increased system complexity, and 

user experience issues. Achieving a balanced approach that maximizes security without compromising 

performance or usability is critical to the successful adoption of these technologies. 

Performance Overheads 

Implementing advanced cryptographic methods such as homomorphic encryption and SMPC can 

introduce performance overheads due to the computational complexity of these processes. Organizations 

must carefully evaluate the trade-offs between enhanced security and system performance to ensure 

that their applications remain efficient and responsive. 



System Complexity 

The integration of data-in-use protection technologies can increase system complexity, necessitating 

additional resources for implementation, maintenance, and monitoring. Organizations must invest in 

training and infrastructure to manage this complexity effectively and ensure the seamless operation of 

their security measures. 

User Experience 

Ensuring a positive user experience while maintaining robust security is a delicate balance. Organizations 

must design their systems to minimize any negative impact on usability, ensuring that security measures 

do not hinder productivity or user satisfaction. 

The Future of Data-in-Use Protection 

As digital threats continue to evolve, the role of PETs in the cybersecurity landscape becomes 

increasingly crucial. Organizations seeking to enhance their data security measures and ensure 

regulatory compliance must consider adopting PETs as part of their overall strategy. By improving their 

security posture, companies can protect their data assets, build trust with customers, and maintain a 

competitive edge in the market. 

The evolution of cryptographic methods and the introduction of data-in-use protection technologies mark 

a significant advancement in cybersecurity. By employing PETs and advanced cryptographic techniques, 

organizations can secure data during active processing, preserving privacy and integrity. While 

challenges such as performance overheads, system complexity, and user experience concerns must be 

addressed, the benefits of enhanced security and compliance are undeniable. 

For organizations looking to stay ahead in the cybersecurity landscape, adopting data-in-use protection 

technologies is becoming indispensable. By leveraging these advanced solutions, companies can 

safeguard their data, ensure regulatory compliance, and build a foundation of trust and credibility in the 

market. 


David Close is Futurex’s Chief Solutions Architect and leads the Solutions Architect 

team where he uses his industry knowledge and cryptographic expertise to develop 

enterprise architectures for applications related to PKI, symmetric key management, 

cryptographic processing, and payment cryptographic environments. His leadership 

has been key in expanding the Solutions Architect team at Futurex and driving client 

success globally. 



Big Faces, Big Spend, Low ROI: Why Ad Fraud is Increasingly 

Damaging Brands 

By Chad Kinlay, Chief Marketing Officer, TrafficGuard 

Brands are increasingly seen to be employing familiar and expensive faces to ambassador ad campaigns 

and new products. However, with an estimated 26% of ad spend lost to ad fraud, businesses are wasting 

big money on big faces instead of targeting pain points. 

Simply put, you can’t get the ROI you deserve if you aren’t protecting budgets when investing heavily in 

famous faces. 

The disconnect between big brand campaigns and the realities of digital marketing in the AI-era is growing 

unmanageable. Too many companies are spending big on building brands but not seeing that turn into 

new users, customers, or ROI. 

In a 2023 Statista survey, 26% of respondents said they spend more than 40% of their marketing budget 

on influencer marketing. With companies spending such an enormous chunk of their profits on marketing 

products through famous faces, they must be implementing rock-solid fraud protections to keep hold of 

that hard-earned cash, right? Wrong. 



The Risk in Advertising 

A report published by Juniper Research reveals 22% of all digital advertising spend in 2023 was attributed 

to fraud, which is a huge $84 billion. If nothing is done to halt fraudsters, the trend will continue and is 

projected to reach $172 billion by 2028. 

In today's tough economic landscape, businesses must maximize the impact of every click. They can no 

longer take for granted that all traffic from their pay-per-click (PPC) campaigns or new AI-based ads 

comes from genuine leads. The increasing prevalence of fraudulent traffic is undermining campaign 

effectiveness and causing significant revenue losses. As consumers become more cautious with their 

spending, it is crucial for advertisers to connect with real potential customers and avoid wasting their 

budgets on hefty influencer costs. 

Invalid traffic (IVT) and ad fraud can severely affect campaign ROI while creating the illusion of generating 

legitimate traffic. This situation is particularly frustrating for digital marketers, as they struggle to assess 

the quality of the traffic they attract. Meanwhile, fraudsters continue to exploit campaigns and distort traffic 

data. 

With businesses putting more and more budget into influencer branding, ads are becoming heightened 

targets for fraudsters. However, instead of cutting budgets, organizations should delve deeper into 

analyzing the effectiveness and efficiency of their campaigns. 

Unlocking Ad Potential 

Before launching costly ad campaigns, organizations must evaluate their ad fraud protection services. 

Invalid traffic (IVT) is non-human traffic or traffic that doesn’t contribute to growth. Fraudsters exploit 

campaigns with IVT, often going unnoticed. AI-driven campaigns like Google’s Performance Max (PMax) 

aim to enhance marketing efficiency but struggle to identify fraudulent activity. AI assumes all user 

engagement is positive, allowing fraudsters to bypass detection and skew campaign data. 

This unfiltered traffic undermines the effectiveness of campaigns like PMax, providing unreliable data 

that hampers organizational growth. IVT causes campaigns to optimize for fraudulent sources with no 

intention of converting, rather than legitimate ones. Consequently, marketers lose potential profit and 

misdirect future efforts, compounding losses over time. 

Without proper traffic analysis, advertisers risk depleting their budgets unknowingly, diverting funds from 

more effective strategies such as influencer campaigns. By filtering out fraudulent activity, businesses 

can unlock the full potential of their digital ad campaigns and achieve increased revenue. 

Protecting Campaign Profits 

Return on Advertising Spend (ROAS) is crucial for assessing the success of paid campaigns, especially 

influencer-led ones. To maximize ROAS, it's essential to optimize advertising budgets fully, making fraud 

prevention solutions critical. 



Here are some steps to enhance preventative measures and achieve a higher ROI: 

• Analyze and Optimize Campaign Traffic: Fraudsters use bots to generate IVT, which AI 

platforms struggle to detect. By leveraging analytics and reporting tools, organizations can spot 

irregular patterns caused by fraudulent activity. Exposing and blocking false engagement allows 

for better optimization of ad spend toward legitimate sources. 

• Improve Audience Signals: Targeting the correct audience is vital for conversion success. 

Audience signals help identify appropriate groups based on behavior and demographics. Refining 

these signals by excluding IVT enables AI ad campaigns to tailor ads more effectively to the right 

audience. 

• Enhance Initial Security Measures: Implementing security measures before launching costly 

ad campaigns ensures that advertising spend is directed towards attracting genuine customers 

and legitimate spenders. 

Organizations can protect against fraudulent tactics by taking a proactive stance. The right solutions can 

enable real-time data scanning and identification of fraudulent engagement. This proactive approach 

allows organizations to counter fraud effectively and safeguard their investments, providing bigger 

budgets for bigger stars going forward. 

Maximizing Campaign Value 

The prevalence of influencer campaigns and the success they can achieve make them increasingly 

tempting targets for fraudsters. Bad actors are constantly evolving their methods to infiltrate systems 

undetected, and if it continues, marketing and advertising teams won’t be able to reap the full benefits of 

their campaigns. 

There is time, however, to stop bad actors and preserve the integrity of campaigns. Taking an active 

stance against fraud will allow organizations to stop interference with their data, ultimately protecting their 

advertising budgets. This way, they can capture revenue in the long term with their attractive, fame-filled 

campaigns. 


Chad Kinlay, Chief Marketing Officer, TrafficGuard is a driven, open-minded, 

creative senior marketer with a strong sense of dedication and commitment. With 

over 15 years of progressive international experience in marketing and 

communications management, Kinlay has a credible history of commercial 

success. 

Chad can be reached online at our company website https://www.trafficguard.ai. 



Breaking Up with Your Password: Why It’s Time to Move On 

By Zarik Megerdichian, Founder and CEO, Loop8 

Data breaches impacted more than 1 billion users in the first half of 2024, up 409% from this time last 

year, emphasizing the importance of maintaining stealth cyber hygiene. The truth is, as long as there are 

passwords, there will be breaches. Even passkeys offer insufficient data protection, essentially giving 

hackers a master key that unlocks all the user’s data. 

With advancements in technology and increasing cybersecurity threats, it’s time for users to embrace 

more secure, efficient alternatives including biometric identity authentication or multi-factor 

authentication. These solutions will enhance security, improve user experience and save businesses 

money. 



The Problems with Traditional Passwords 

Almost every day we read about a new data breach that has affected millions – and sometimes billions 

– of people, putting their personal information at risk. Bad actors are easily gaining access to millions of 

passwords. Yahoo was subject to the largest known data breach in history with names, email addresses, 

phone numbers, birth dates and security questions of its three billion users compromised. And this breach 

went undetected for three years. 

Most users choose passwords that are easy to remember and most of the time, those are the weakest 

ones. Weak passwords open the door to unwanted access by cybercriminals who can steal information, 

impersonate the user or disrupt operations. Many users also reuse the same password across all 

accounts, increasing the risk of cybercriminals easily gaining access to multiple accounts. 

The very best passwords are complex, making them hard for the user to remember. This leads to frequent 

password resets which can be time consuming and frustrating. This daunting and time-consuming task 

can create resistance among users that ultimately leads to the creation of less secure or repetitive 

passwords. Additionally, managing multiple passwords without a password manager can be a 

cumbersome task and the password management platform will require a password of its own, making it 

just as vulnerable. 

A solution to manage accounts that is both convenient and secure is necessary as security continues to 

evolve. 

Alternatives to Passwords 

The use of biometric authentication can enhance security, provide user convenience and speed up the 

time it takes to log in to accounts. Biometric authentication verifies a user's identity using their unique 

biological characteristics. Fingerprints and facial recognition are already becoming more widely used to 

log in to smartphones, laptops and apps. Voice recognition is an emerging technology that analyzes 

various features of a user’s voice such as pitch, tone, frequency and speech patterns. 

Another alternative that is even more popular is multi-factor authentication, combining something you 

know with something you have or something you are. For example, a user could enter their password to 

log in and be prompted to then receive a code from a separate authenticator app on a secondary device, 

enter a code that was sent to their mobile device via text or phone call or using hardwire tokens. These 

security tokens can provide one-time passwords. They can also be USB or smart cards that interact 

directly with the device. 

The most secure alternative are completely passwordless authentication solutions, like single sign-on 

(SSO) which provides one set of credentials to access multiple applications. Users can also incorporate 

magic links or email-based one-time login links. 



Benefits of Moving Beyond Passwords 

Regular passwords are no longer sufficient to thwart bad actors. Account security must become more 

complex to enhance the safeguarding of user information. Passwordless solutions reduce the risk of 

phishing attacks as it is harder for hackers to obtain biometrics or intercept MFA or SSO tokens. 

Passwordless solutions can also eliminate brute force attacks as there would be no password to crack. 

Businesses are a prime target for this type of attacks as usernames and passwords for new employees, 

shared platforms and other administrative attacks are often generic credentials, such as, “admin” or 

“123456.” These administrative accounts will often hold employee and client information and confidential 

company information including names, banking information and more. 

With the adoption of passwordless solutions also comes improved user experience. Authenticating and 

logging into accounts becomes seamless without the need to remember complex passwords. Accounts 

are safe and the login process is efficient, reducing friction for users. 

On a global scale, the average cost of a data breach is $4.45 million, which is a 15% increase over the 

last year, according to IBM’s 2023 report. IBM also reports that it takes an average of 204 days to identify 

a data breach and an additional 73 days to contain. Breaches are resource intensive and without them, 

the time and money spent to manage them could be reallocated. On an operational level, businesses will 

see cost savings benefits once a passwordless solution is incorporated. Password resets will be 

eliminated therefore lessening the burden on IT support. Without the interruption of password 

management, employees will be able to seamlessly move from task to task, increasing productivity. 

Addressing Concerns and Challenges 

With any type of stored data, there will always be concerns for privacy and security. It is imperative for 

those using biometrics in lieu of passwords to securely store the data to ensure there is as little chance 

of misuse as possible. It is best practice to store biometric data on the user’s device, lessening the chance 

of a mass data breach where all an organization’s customers become victims of a bad actor. This practice 

makes targeting the organization less attractive to bad actors as they will not receive much data and will 

look put their efforts elsewhere. 

If an organization does decide to use biometrics as a passwordless solution, they should provide clear 

explanations and obtain consent from users. The misuse of biometrics can have catastrophic impacts on 

a user and an organization. Users must be clear on how and why an organization is asking for this data, 

how they will be using it and where it will be stored. 

Organizations must also address accessibility issues before implementing biometrics as a passwordless 

solution. Users who suffer from impairments like loss of vision, voice tremors or dexterity challenges may 

struggle to use biometrics. Organizations should implement alternative passwordless solutions for those 

who are unable to use biometrics. 



The Future of Data Protection 

Just as hackers evolve their tactics, businesses and users have to remain nimble and on the cutting 

edge. Investing in research and development in the cybersecurity sector is worthwhile, especially if it 

helps you skirt emerging threats and spot new, safer authentication options. Staying up to date on data 

regulations and compliance as well as unofficial industry standards will enable you to be the example of 

best practices versus the victim. 

In tandem with going passwordless, businesses need to redefine what information is – and is not – 

essential to their business. For example, a streaming service does not need your social security number 

to provide its service. Hackers can’t steal data from businesses that they don’t store on their servers. 

A Risk Worth Taking 

Change is hard but when it comes to data security, you have to choose your hard. Would you rather 

report you’ve been breached and have it been one of the first things people see when they search for 

your business? Or go through a transition period where you learn and adopt a new way of signing into 

your devices and accounts? It’s a no brainer that the latter is the best approach. One of the first and 

easiest steps to test out a passwordless digital footprint is to use readily available features on your 

smartphone such as facial identification and the alternate identification options. 

By adopting more secure, user-friendly authentication methods, we can enhance security, improve user 

experience and streamline processes both for individuals and businesses. 


Zarik Megerdichian is the CEO and Founder of Loop8, a cutting-edge solution that 

protects personal data and privacy using advanced biometric technology and strong 

encryption protocols to ensure data security without the need for conventional 

passwords. A self-proclaimed passwordless crusader, Zarik sees Loop8 as a tool 

for the masses that gives users complete control of their personal information while 

eliminating human error. Zarik can be reached online on LinkedIn and at our 

company website https://l8p8.com. 



Cybersecurity At the Crossroads: The Role of Private 

Companies in Safeguarding U.S. Critical Infrastructure 

By Chris Storey, Director of Business Development, Qriar Cybersecurity 

In an era where we are completely reliant on digital connectivity, the security of our critical infrastructure 

is paramount. CISA defines 16 sectors of US critical infrastructure; each unique and yet each deeply 

interconnected. Most believe that it is safe because, after all, the government controls most of it and thus 

it must be well protected. Leaving aside the false assumption that if it were controlled by the government, 

that it would be protected, the reality is that a staggering 65% of the U.S. infrastructure is privately owned 

while state and local governments own 30%, and the federal government just 5%. This means that the 

security of the complex web of goods and services that our country sits atop is almost entirely dependent 

on the cybersecurity practices and investments of these private companies. 

If we take our national security seriously, we should acknowledge the deep vulnerabilities of this privately 

kept infrastructure to our country. We have seen the repercussions of cyberattacks on private companies 

like these; the millions of lives that are affected, the panic, the price surges, etc. The ransomware attack 

on Colonial Pipeline was one of the most prominent examples of this with fuel supply shortages, price 

increases, and a significant geographic impact. This was despite the warnings by the Director of National 

Intelligence back in 2019 that pipelines were particularly vulnerable to cyberattacks and that they could 

cause lengthy shutdowns. In the healthcare sector, the ransomware attack on Change Healthcare not 



only exposed the personal health, identity and financial information of possibly one-third of all Americans, 

but the life-threatening impact prevented healthcare providers from delivering care, filling prescriptions, 

and processing insurance claims. 

Each of these attacks was on a single sector, but the obvious what-if questions concern the fear that a 

similar attack would occur simultaneously across multiple organizations within a sector, across sectors, 

or both. We are seeing an increase in coordination among cyber criminal organizations. The logical 

conclusion is that this cooperation will lead to larger scale attacks. Due to the interconnectedness of our 

critical infrastructure and our supply chains, a coordinated, multi-org, cross-sector attack would mean 

cascading, widespread detriment across the country. To date, the average person has had little in the 

way of personal impact from cyberattacks compared to the very personal impact this type of attack would 

cause. 

Disrupting multiple sectors is increasingly being done via supply-chain attacks. We saw with the COVID 

outbreak how delicate our supply chains are, and how even a small interruption or delay causes large 

ripples. We assume that our supply chains are made up of large companies with big budgets for security, 

but small companies, whether it be a software or a product supply chain, are often involved all along the 

way. These small organizations, small municipalities, etc., lack the skills and ability to adequately defend 

themselves and lack the resources necessary to outsource it. They usually have one or two IT people, 

zero dedicated cybersecurity staff, and subpar tools. 

The situation is further complicated by geo-political issues. We have nation-state threat actors, funded, 

staffed, and in some cases housed within foreign military branches, targeting US corporations. Imagine 

a foreign military landing on the shores of Virginia with the intent of invading the capital and taking control 

of the state. It seems so far-fetched. Our military would intercept the threat long before they were 

anywhere near US soil. Now imagine the same threat, but the adversaries make it to the Virginia 

shorelines, and when the governor calls for help the federal government says, “we are sorry, but we do 

not have the resources to defend you, you are on your own.” This is unimaginable, but this is basically 

the state of cybersecurity in the US. The Director of the FBI, Christopher Wray, recently said that FBI 

cyber staff is outnumbered 50 to 1 by just the hackers from China. There is no other scenario in which a 

private US organization would be alone in direct conflict with foreign attackers. Our companies, 

specifically the IT and cybersecurity staff within these companies, are serving on the frontlines. When an 

attack happens, these men and women become active combatants in cyber warfare. Most of them fail or 

fail to start because they do not know where to begin. They are not trained and are not battle-tested. The 

same can be said for many within larger organizations as well. Given the gravity of the situation and the 

depth of the vulnerability, increased regulatory intervention along with federal investment seems 

unavoidable. 

Regulation alone is not a solution, but it does establish baseline security standards and provide muchneeded 

funding to support defenses. Standards have come a long way and are relatively mature. Though 

there is still a tremendous amount of gray area, and a lack of relevance or attainability for certain 

industries and smaller organizations. The federal government must prioritize injecting funds into 

cybersecurity initiatives, ensuring that even the smallest entities managing critical infrastructure can 

implement strong security measures. With this funding, we must build a strong defense posture and cyber 

resiliency within these private sector organizations. This involves more than deploying advanced tools; it 



equires developing skilled personnel capable of responding to incidents and defending against attacks. 

Upskilling programs should focus on blue teaming and incident response, ensuring that organizations 

have the expertise to manage their security proactively. 

A critical component of effective cybersecurity is understanding and applying the standard risk formula: 

Risk = Threat x Vulnerability x Consequence. This formula emphasizes that risk is determined by 

evaluating the likelihood of an attack (Threat), the weaknesses in defenses (Vulnerability), and the 

potential impact of a breach (Consequence). By focusing on this risk assessment approach, 

organizations are better positioned to recognize and respond to attacks more quickly. 

During this training period and beyond, maintaining a relationship with a battle-tested incident response 

team who also aids in the development and management of a strong incident response plan is essential. 

Consulting organizations and service providers must enhance the focus on in-depth security automation 

and dispense with the profit-driven cafeteria menu of vendors. Managed detection and response (as well 

as automation to this end), cyber threat intelligence, attack surface analysis, and risk-driven threat 

consulting should be standard operating procedure for organizations of all sizes involved in US critical 

infrastructure. 

While the situation seems dire, hope must remain ever-present. Our national security, from a cyber 

perspective, hinges on the cybersecurity capabilities of private sector entities. The stakes are high, but 

failure is not an option. By honestly recognizing the vulnerabilities, investing in cybersecurity, and uniting 

and upskilling our cyber personnel to serve on the frontlines, we can build a resilient defense against the 

ever-evolving landscape of threats. All industries and sectors, both private and public, must work in 

tandem and become radically open to information sharing. This fight can only be won together. The time 

to act is now, ensuring that our essential services are secure in the face of growing digital dangers. 


Chris Storey currently serves as the Director of Business Development at 

Qriar, a company known for its expertise in implementing, integrating, and 

customizing cybersecurity products and services, spanning EDR, Attack 

Surface Management, Privileged Access Management, Identity 

Governance and Administration, SIEM, and Secure API Management. He 

brings over eight years of experience in business development, sales, and 

account management, with a specialized focus on cybersecurity solutions. 

His passion is rooted in delivering exceptional customer service and 

cultivating enduring client relationships. Chris possesses a knack for 

unraveling complex issues and fashioning tailored solutions. Certified in Identity and Access 

Management, Privileged Access Management, and Threat and Vulnerability Management, he blends 

innovation with time-tested approaches. Chris's ultimate aim is to be a dedicated cybersecurity partner 

and advocate, helping companies fulfill their security and business objectives. 



Ditch The Cloud Security Labels to Nail Detection and 

Response 

By Jimmy Mesta, Co-Founder and CTO, RAD Security 

Today’s cloud security categories don’t do practitioners any favors when it comes to identifying the key 

requirements for detection and response in the cloud. This is because various detection and response 

capabilities cut across other cloud security categories like Kubernetes Security Posture Management 

(KSPM), Identity Threat Detection and Response (ITDR), Cloud Workload Protection (CWPP), Cloud 

Native Application Protection Platforms (CNAPP) and more. 

But, despite a projected 95% of new application workloads being deployed on cloud-native platforms by 

2025, 90% of organizations running containers and Kubernetes report recent breaches. Meanwhile, 95% 

of IT security leaders feel the skills gap is affecting their teams. With the rise of zero-day threats like the 

XZ Backdoor, shoring up the ability to detect and respond to cloud attacks has never been more 

important. 

So how can you navigate the evolving threat landscape? The first step is to look beyond the traditional 

categories to understand what truly matters in detection and responding to cloud attacks. 



What Do the Attacks Tell Us? 

In February 2024, the Cybersecurity and Critical Infrastructure Agency CISA issued a warning about new 

tactics by SolarWinds attackers targeting cloud infrastructure and non-human identities. The Scarleteel 

attack of 2023 showcased how attackers exploit cloud environments, moving fluidly from workloads 

through Kubernetes to steal credentials and use valid programs for malicious purposes. In the entire 

attack killchain, only botnet installation and data exfiltration were clearly malicious. 

In 2023, attacks like Dero, Monero, and RBAC-Buster exploited Kubernetes RBAC misconfigurations and 

gained anonymous authentication. The XZ Backdoor supply chain attack in March 2024 further 

emphasizes the rising threat that software supply chain attacks pose to cloud environments. 

Together, these incidents underscore three criteria: 

1. The need for robust detection and response strategies that address normal processes that are 

used in malicious ways, instead of just looking for overtly malicious activities in cloud 

environments. 

2. The need to include identity as critical context for investigation and response. 

3. Cloud Detection and Response (CDR) must detect software supply chain attacks. 

What CDR Is Not 

Categories overlap, there is no way around this. So, it is helpful to clearly delineate what CDR is not. 

First, a CDR tool is not a Security Information and Event Management (SIEM) solution. When was the 

last time you expected your SIEM tool to detect a zero day, in and of itself? 

A CDR is also not a Security Operations Center (SOC), though they are 100% complementary. Your 

SOC will NEVER be focused exclusively on the cloud . . . while CDR provides the very nuanced, specific 

tactics and detection methods for the cloud. The purpose of your SOC is broader and takes into account 

cloud plus on-premises environments. 

A CDR is also not a Cloud Native Application Protection Platform (CNAPP) or a Cloud Security Posture 

Management (CSPM) solution because those solutions can’t determine effective responses to cloud 

attacks. At best, a CNAPP combines real-time, signature-based runtime alerts with static Kubernetes and 

cloud configurations. And at best, this gives teams reactive detections to known attacks (that are easy to 

bypass), and inactionable configuration recommendations for ephemeral workloads. You can’t detect and 

respond to novel cloud attacks without real-time insight and signature-less, behavioral detection. 

The categories tell us that a CDR is not a CNAPP, SIEM or SOC. A CDR requires real-time insight and 

technology that can detect zero days (aka not signatures). 



Should a CDR Be Focused on Applications? 

Cloud use-cases are broad, but top attention must go to applications, which are central to all cloud 

functions. With Kubernetes increasingly managing tasks like messaging and observability—showing a 

211% usage increase from 2021 to 2022—security teams must prioritize adapting to cloud-native tools 

used in application development for effective cloud detection and response. There is probably room for 

the CDR capability to be further defined as CADR—Cloud Application Detection and Response. 

The usage of the cloud tells us that a CDR must have the nuanced detection and response capabilities 

required for Kubernetes and cloud native environments. 

Criteria for Detecting and Responding to Cloud Attacks 

Now that we know what is in and out for effective CDR, what are some examples of actual technical 

criteria under each criteria? 

What’s In: 

• Techniques that can detect zero days; not signature-based 

o Detection goes beyond syscalls and attackers’ known techniques: Attacks that are 

completed within the application layer don’t make syscalls. For example, an attacker 

writing information to a different file than usual will have hidden among existing syscalls 

and gone undetected. Also, many times, a clustering of non-malicious syscalls might 

denote an issue, whereas looking at those syscalls individually will not show anything 

malicious. 

• Applies to software supply chain attacks 

o Immediately search for a workload with a log4j vulnerability, or any other new Kubernetes 

3rd party vulnerability, across running clusters: A software supply chain security attack 

could be caused by exploiting a zero day CVE, like log4j. It's important to know where the 

CVE exists in your running workloads, not just in your pre-deployment code, because your 

running deployments should guide your priorities. 

• Effective with Kubernetes and containers 

o Admission control policies that can limit both the RBAC policy factor as well as Kubernetes 

policy configurations: Admission control is the method by which response actions would 

stop malicious activities in a Kubernetes environment, so they are a critical requirement 

of any cloud detection and response solution. 

• Includes Cloud Identity Context 

o Identity Risk score that takes into account usage: Identity risk score that includes context 

from actual usage and other relationships with runtime, the cloud, image CVEs and K8s 

misconfigurations 

• Can determine valid processes used as part of a malicious campaign 

o Implements drift or anomaly detection: The lightest, easiest way to perform threat 

detection is via drift from a behavioral baseline of runtime behavior. Detecting drift 

between container images prior to deployment, and runtime behavior, compared to 



detecting drift from a baseline of ‘good’ in your environment, is hugely inefficient. Container 

images contain a fair amount of bloat, and many of the pieces in that bloat contain a 

vulnerable attack surface. Tying drift from a container image to what should be happening 

in runtime is not the right comparison (though immutability is appealing as a concept!). 

What’s Out: 

• SIEM 

• CNAPP 

• CSPM 

• SOC 

Conclusion 

The truth is, there are more items, and more levels to dive when it comes to determining what is in and 

out of CDR. But by now, we should know that there is more than meets the eye when it comes to using 

tools in the classic categories of cloud security for detection and response. Navigating the cloud security 

landscape requires a clear understanding of what truly matters for effective detection and response. 

To combat the evolving threat landscape, organizations must prioritize robust detection and response 

strategies that go beyond surface-level classifications. This includes focusing on real-time, signature-less 

detection techniques, understanding the critical role of identity context, and addressing software supply 

chain attacks (not just vulnerabilities in open source software). By cutting through the clutter of cloud 

security categories and honing in on these essential criteria, practitioners can better protect their cloud 

environments from sophisticated attacks and ensure a more secure future in the cloud. 


Jimmy Mesta is the Founder and Chief Technology Officer at RAD Security. He is 

responsible for the technological vision for the RAD Security platform. A veteran 

security engineering leader focused on building cloud-native security solutions, 

Jimmy has held various leadership positions with enterprises navigating the growth 

of cloud services and containerization. Previously, Jimmy was an independent 

consultant focused on building large-scale cloud security programs, delivering 

technical security training, producing research and securing some of the largest 

containerized environments in the world. 

You can connect with Jimmy on Linkedin https://www.linkedin.com/in/jimmymesta/ or by visiting 

https://rad.security/. 



Is There a DDoS Attack Ceiling? 

By Gary Sockrider, Director, Security Solutions, NETSCOUT 

Today, it’s rare for a month to pass without reports of new distributed denial-of-service (DDoS) attacks. 

Lately, geopolitical instability and hacktivist groups (e.g., Anonymous Sudan and NoName057(16)) have 

driven attacks, and these types of attacks show no sign of stopping anytime soon. One thing is sure: 

businesses need to implement safeguards into their overall cybersecurity posture to mitigate an evolving 

array of DDoS attacks. The relentless barrage of attacks may also make IT practitioners consider whether 

there will be a ceiling at some point and whether DDoS attacks will indeed level off. 

While there isn't a predefined ceiling for DDoS attacks, the practical limitations and risks of launching 

such attacks mean that they're typically constrained within certain bounds. However, the evolution of 

technology and tactics means that attackers continually adapt, and defenses must evolve accordingly to 

mitigate the impact of DDoS attacks. Let’s dive deeper into how some hacktivist groups work to engineer 

new DDoS attacks. 



Unpacking Hacktivist Groups to Understand Increasing DDoS Threats 

Infamous for its widespread cyber operations, NoName057(16) garnered notoriety for developing and 

distributing custom malware, notably the DDoSia attack tool, the successor to the Bobik DDoS botnet. 

The group strategically concentrates its efforts on targeting European nations. NoName057(16)'s 

motives are geopolitical, aligning closely with pro-Kremlin interests. 

NoName057(16) relies on free or low-cost public cloud and web services as a launchpad for DDoS 

botnets that flood target web servers. In addition, the attacks are almost exclusively HTTP/HTTPS floods 

meant to consume targets' bandwidth and resources. NoName057(16) gamifies DDoS by offering digital 

currency payments via Project DDoSia to crowd-sourced participants who conduct attacks and rack up 

"points" as incentivized top performers. So, not only is it straightforward for groups such as 

NoName057(16) to orchestrate DDoS attacks, but they also incentivize bad actors to join their exploits. 

By encouraging ideologically motivated volunteers to deliberately provision cloud computing and VPN 

nodes with their multi-platform DDoS-capable botnets, NoName057(16) has essentially outsourced the 

growth and maintenance of their attack infrastructure while at the same time seeking to make it more 

challenging for defenders to successfully mitigate attacks due to the presence of these botnet nodes on 

the networks of well-known computing, content, and networking services. 

Similarly, Anonymous Sudan is a highly prolific threat actor conducting DDoS attacks to support its pro- 

Russian, anti-Western agenda. Although the attacks attributed to this adversary are of political and 

(ostensibly) religious motivation, this group also retaliates against messaging platforms that restrict its 

communications. 

Staying Ahead of The Hacktivists 

Furthermore, Anonymous Sudan appears to use standard DDoS-for-hire services and botnet rentals, 

breaking from the traditional hacktivist mentality and capabilities and behaving more like an organization 

with substantial financial backing. Their DDoS attacks are predominantly multi-vector—a combination of 

TCP-based direct-path and various UDP reflection/amplification vectors. 

Anonymous Sudan and NoName057(16) are just the latest in a long line of hacktivist groups engineering 

new attacks. Although these threat actors often use well-known DDoS attack vectors and methodologies, 

their propensity to follow through on threatened occurrences, combined with unpreparedness on the part 

of targeted organizations, ensures that they have achieved a relatively high attack success rate to date. 

How can the IT department help organizations mitigate this new onslaught of attacks? 

Real-time threat intelligence's role in an actual DDoS defense strategy can’t be stressed enough. Attacks 

are now more adaptive and continue to change course to evade defenses. Today, threat intelligence 

solutions exist for businesses to use machine learning (ML) from rich data lakes of known DDoS attack 

vectors, sources, and behavioral patterns. Additionally, DDoS defenses are now sophisticated enough to 

identify changing attack vectors. This analysis is continuously updated as characteristics of the atypical 

traffic change. All of that means that the value of having better visibility tools with actionable threat 

intelligence to remediate attack vectors is a step in the right direction for any organization. Having better 



visibility means an improved ability to contend with shifting DDoS attacks from highly sophisticated 

hacktivist groups and other bad actors. 

In theory, there is a maximum throughput for DDoS attacks based on a variety of internet and 

infrastructure constraints. There is also no way to fully eradicate these types of attacks, and it’s more so 

a matter of when they will happen, and how organizations choose to protect themselves. Bad actors will 

continue to conduct meticulous research to get past even the most astute security teams. Despite this 

inconvenient reality, enterprises can stay one step ahead of hacktivist groups and other threat actors. By 

leveraging decades of attack mitigation experience combined with ML algorithms, IT departments can 

ensure that business-critical services don’t fall prey to future attacks that will persist in the years to come. 


Gary Sockrider, Director, Security Solutions, NETSCOUT, is an industry veteran 

bringing over 20 years of broad technology experience including routing and 

switching, data center, wireless, mobility and collaboration but always with a focus on 

security. His previous roles include security SME, consultancy, product management, 

technical marketing, and customer support. Gary seeks to understand and convey the 

constantly evolving threat landscape, as well as the techniques and solutions that 

address the challenges they present. Prior to joining Netscout in 2012, he spent 12 

years at Cisco Systems and held previous positions with Avaya and Cable & Wireless. 



Four Ways to Harden Your Code Against Security Vulnerabilities 

and Weaknesses 

By Olga Kundzich, CTO and Co-Founder, Moderne 

The specter of security vulnerabilities is a constant concern in today's digital landscape. They're the 

hidden pitfalls that can undermine even the most meticulously crafted code. But what if you could turn 

the tables on these threats? There’s a way to harden your code to stand tall against these attacks without 

developers having to become cybersecurity experts themselves. 

This article provides an overview of the four ways you can fortify your code against some of the toughest 

application security problems—even the OWASP Top 10—using automated code refactoring, 

remediation, and analysis recipes available from the open source OpenRewrite ecosystem. 

#1: Code analysis to find exposed secrets and API insecurities 

Too often, an organization’s codebase is a black box. (Not something a security pro wants to hear!) It’s 

hard to visualize and understand all the intricate dependent relationships of code managed through a 

growing assortment of application programming interfaces (APIs). 



It’s important to have a detailed view of all direct and transitive dependencies across a codebase, 

enabling users to extract rich, meaningful insights that help improve application security. Examples of the 

type of data you can retrieve include: 

• Find API endpoints — Identify all the API endpoints that an application exposes to more readily 

analyze impact and risk. 

• Find sensitive API endpoints — Find data models exposed by REST APIs that contain sensitive 

information like PII and secrets. 

• Find secrets — Locate secrets that are stored in plain text in code for a large assortment of tools 

and technology. This includes data used to authenticate, authorize, or encrypt communication 

between various components of an application or between the application and external services. 

#2: Static Application Security Testing (SAST) with automated source code fixes 

Static code analysis is critical to a comprehensive application security practice. It enables you to build 

more secure source code by identifying security weaknesses and compliance issues early in the 

development process, as well as to continually improve your security posture. 

OpenRewrite recipes provide robust static code analysis and take SAST to another level by also fixing 

security weaknesses in the source code your team develops. It’s like having a security expert for 

developers who not only discovers issues and shares security knowledge but also automates the manual 

work of fixing them. Developers only have to review and accept the changes. 

It’s important to use both control flow and data flow analysis when you are assessing code for both 

insecure operational order performance, as well as looking for issues by understanding how data values 

propagate through a program (great for finding injection and encoding problems). 

Examples of auto-remediation that are important to address include: 

• Common static analysis issues — Find and resolve the common static analysis issues that are 

typically reported by traditional SAST tools. It’s essential to have a consistent code style to make 

code easier for everyone on the team to read. Engineers naturally pick up and internalize best 

practices when followed ubiquitously, making good code easier for everyone on the team to write. 

Teams will benefit from fewer operational disruptions from bugs and increases in performance. 

• Remediate vulnerabilities from the OWASP Top 10 — Identify and remediate vulnerabilities found 

in the OWASP Top Ten list, such as broken access control, cryptographic failures, and security 

misconfigurations. 

• Partial path traversal vulnerability — Fix the code to prevent a common directory traversal attack. 

• Zip slip—Find and fix the Zip Slip vulnerabilities in your codebase. Zip slip is a specific form of 

directory traversal whereby an attacker can overwrite executable files, invoke them remotely (or 

wait for the system or user to call them), and achieve remote command execution on the victim’s 

machine. 

• Enable CSRF attack prevention — Guard against Cross-Site Request Forgery (CSRF) attacks, a 

type of attack that occurs when a malicious website, email, blog, instant message, or program 



causes a user’s web browser to perform an unwanted action on a trusted site when the user is 

authenticated. 

#3: Software composition analysis with automated dependency upgrades 

Third-party and open-source dependencies, which change and evolve at their own pace, create a larger 

attack surface for teams to manage. Software vulnerabilities can be introduced by anyone at any time, 

and vulnerabilities can be dormant until they are exploited. That’s why software composition analysis 

(SCA) is vital to managing the security of today’s complex, assembled codebases—to more proactively 

manage security concerns from open-source and third-party components. 

It's possible to accelerate third-party code security through comprehensive visibility into dependencies— 

direct and transitive—across your entire codebase. Teams can then take steps to mitigate risks when 

armed with SCA capabilities, such as updating vulnerable dependencies, replacing components with 

more secure alternatives, or ensuring that licensing requirements are met. Here are a few examples of 

best practices: 

• Find and fix vulnerable dependencies — Analyze and upgrade dependencies with publicly 

disclosed vulnerabilities, leveraging the GitHub Security Advisory Database. 

• Exclude unused dependencies — Exclude a specified dependency from any dependency that 

transitively includes it, which is useful if a dependency is known to have security vulnerabilities 

that cannot be easily patched or mitigated. 

• Find licenses in use in third-party dependencies — Locate and report on all licenses in use to 

ensure your existing codebase (or even a codebase involved in a merger or acquisition) is 

compliant. 

#4: Automated migration of third-party software to eliminate known vulnerabilities 

While some vulnerabilities can be closed by upgrading dependency versions with available patches, all 

too often resolving a security vulnerability requires changes to the application's source code. Some fixes 

are straightforward, like changing an API signature. Others are more complex, involving multiple major 

lifts and requiring the expertise of migration engineers. 

Code migration work is labor-intensive, chaotic, and clerical. It typically involves migrating not just one 

framework but a collection of cascading dependencies that must also be updated across the codebase. 

Examples of automating code migrations include: 

• Migrate to Spring Boot 3.3 — Modify an application's build files, make changes to 

deprecated/preferred APIs, and migrate configuration settings that have changed between 

versions (plus additional framework migrations). 

• Migrate to Java 21 — Upgrade to Java 21 by updating and/or adding dependencies, replacing 

deprecated APIs, updating build files and plugins, etc. 



• Migrate from Log4j to SLF4J — Migrate usage of Apache Log4j to use Simple Logging Facade 

for Java (SLF4J) directly to eliminate the potential for exposure. 

• Marshaling (e.g., SnakeYAML constructor, Jackson default typing): Configure common 

serialization libraries to prevent the deserialization of maliciously crafted data, preventing the 

execution of hidden malicious code. 

The journey to harden your code against security vulnerabilities involves balancing the urgency of fixing 

issues with the continuous delivery of business value. Security scans often interrupt the developer's 

workflow, highlighting vulnerabilities that must be rapidly resolved to prevent deployment blocks. This 

remediation work, while critical, can divert resources from other valuable projects. That’s why 

automation—and tools like the open source OpenRewrite project that automate code refactoring—are 

critical for analyzing and addressing security vulnerabilities quickly. 

The ultimate goal is to ensure that application security improvements and business objectives advance 

harmoniously, creating a resilient and productive development environment. How is your organization 

balancing these demands? 


Olga Kundzich, CTO & Co-Founder of Moderne, has extensive experience 

building enterprise software solutions. Previously, she worked as a technical 

product manager at Pivotal focused on application delivery and management 

solutions (e.g., Spinnaker). She was also a lead software engineer and 

manager at Dell EMC, working closely with enterprise users on implementing 

data protection practices. Olga is a co-author of “Automated Code 

Remediation: How to Refactor and Secure the Modern Software Supply 

Chain” (O’Reilly). 

Olga can be reached online at olga@moderne.io and at our company website https://www.moderne.ai/. 



The Urgent Need for Data Minimization Standards 

Establishing Clear Standards for Data Minimization to Foster Confidence, Innovation, and Privacy 

Protection 

By Kathrin Gardhouse, Privacy Evangelist, Private AI and Patricia Thaine, CEO & Co-Founder, 

Private AI 

A central principle in many data protection laws around the globe is data minimization. But we are 

currently facing a serious issue: we don’t have legal clarity on what exactly the laws require when they 

demand data minimization. Lack of specificity directly affects organizations' lack of confidence that the 

products they are building are responsible and truly comply with regulatory requirements. As a result, 

apprehension can often surround the process of bringing innovative technologies into production. 

It is clear that data minimization will have different requirements for different use cases. On one side of 

the spectrum is the redaction of direct identifiers such as names, or payment card information such as 

credit card numbers. On the other side of the spectrum lies anonymization, where re-identification of 

individuals is extremely unlikely. Within the spectrum, we also find pseudonymization, which, depending 

on the jurisdiction, often means something like reversible de-identification 

Many organizations are keen to anonymize their data because, if anonymization is achieved, the data 

falls outside of the scope of data protection laws as they are no longer considered personal information. 

But that’s a big if. Some argue that anonymization is not possible. We hold that the claim that data 



anonymization is impossible is based on a lack of clarity around what is required for anonymization, with 

organizations often either wittingly or unwittingly misusing the term for what is actually a redaction of 

direct identifiers. Furthermore, another common claim is that data minimization is in irresolvable tension 

with the use of data at a large scale in the machine learning context. This claim is not only based on a 

lack of clarity around data minimization but also a lack of understanding around the extremely valuable 

data that often surrounds identifiable information, such as data about products, conversation flows, 

document topics, and more. 

Years of research in structured data de-identification have contributed to much of what is understood 

about the balance of data minimization and data utility. 

Given the stark differences in how structured and unstructured data are processed and anonymized, a 

one-size-fits-all approach to privacy standards and re-identification risk thresholds may not be 

appropriate. Each type of data presents unique challenges and risks that need tailored approaches. 

Without that clarity, even organizations with the best intentions will not consistently get it right and will be 

left to their best guesses. Many people misinterpret anonymizing data to mean removing names and 

social security numbers but ignoring quasi-identifiers like religion, approximate location, rare disease, 

etc. 

Why we need data minimization standards 

Why is not having clear data minimization standards a problem? For one, in the absence of clear 

standards, organizations disclosing data can do a poor job of de-identifying the data and then still claim 

that they have been anonymized. Inevitably, this will lead to the re-identification of some individuals, even 

if only by hacktivists trying to prove a point. In a worse scenario, poor de-identification practices can lead 

to data breaches, which are costly both financially and reputationally. 

Secondly, a common refrain among critics is that "true" data anonymization is a myth. These criticisms 

frequently stem from well-publicized incidents where supposedly "anonymized" data was re-identified. 

But a closer look at these instances often reveals a salient point: the data in question was not properly 

anonymized in the first place or anonymization was simply not the right privacy-preserving technique to 

use for the task at hand. 

These ill-informed claims diminish the trust in the kinds of capable technologies that are currently being 

developed and can effectively and reliably identify personally identifiable information, redact it, add noise 

and permutations, generalize values, aggregate data, and compute data accuracy and re-identification 

risks. Such claims may also lead to resistance to data minimization as a whole given a perceived futility 

of the effort, or an unwarranted hesitancy to share information that has been de-identified in light of the 

uncertainty of whether it’s good enough. 

Either way, current technological capabilities will not be used to their full potential due to unwarranted 

distrust that is very hard to disprove without certifying bodies for the resulting datasets or technologies. 

This will negatively impact the availability of securely de-identified or anonymized data for beneficial 

secondary purposes, e.g., for the development and training of generative AI models. 



How we know clear standards can (responsibly) accelerate innovation 

HIPAA (Health Insurance Portability and Accountability Act) in the U.S., for instance, is an example of a 

law that contains a clear de-identification standard. It has provisions that require health data to meet 

certain criteria to be considered “de-identified” and even provides two distinct methods: Expert 

Determination and Safe Harbor. 

The Expert Determination method hinges on a knowledgeable individual's analysis that the risk of reidentification 

is “very small” (§164.514(b)(2) HIPAA Privacy Rule). Safe Harbor, on the other hand, 

prescribes specific identifiers that must be removed for health data to no longer be deemed personal 

information. These methods are illustrative of a flexible, and in the case of expert determination, rigorous 

approach to data de-identification—one that can inspire other industries. For small organizations that do 

not have the resources to employ a privacy technology expert to ensure secure de-identification, there 

can still be clear guidance on what is required in terms of removing direct and indirect identifiers before 

the data can be considered safe for disclosing it to third parties to enable innovative products and 

research. 

The Safe Harbor rule has rightly been criticized as insufficient for anonymization of data as understood 

under the GDPR, for example. It is questionable whether unrestricted publication of data sets that fall 

under the Safe Harbor rule is the right approach. More on that below. 

The Data De-Identification Framework – ISO/IEC 27559:2022 developed by the International Standards 

Organization is another example of helpful, yet non-mandatory, guidance on how to properly de-identify 

data. We have summarized this framework here. This framework offers an advantage over HIPAA by 

including an appendix that establishes specific numerical thresholds for identifiability. 

Another example of a successful application of a judicially set standard supplemented by expert guidance 

is revealed by the Office of the Privacy Commissioner of Canada’s investigation of complaints against 

the Public Health Agency of Canada (“PHAC”) and Health Canada (“HC”) under the Privacy Act. Mobility 

data obtained from TELUS and other data providers was properly de-identified beyond the "serious 

possibility" for re-identification threshold before using it in the fight against the COVID-19 pandemic. This 

standard was decided upon in Gordon v. Canada (Health), 2008 FC 258 by the Federal Court and the 

Treasury Board Secretariat and other experts have since provided more actionable guidance down to 

the range of acceptable cell sizes. 

Following this guidance, stripping data of personal identifiers alone was by no means all the parties 

involved did in this case. Rather, they: 

• Hashed each identifier more than once using SHA 256 hashing 

• Limited access to the data to a limited number of individuals 

• Monitored access and use 

• Implemented permitted use restrictions 

• Restricted access and export via the enclave model 

• Allowed only import of data that was aggregated in accordance with accepted standards 



To reiterate what access controls and use restrictions have to do with data de-identification: Since 

determining proper de-identification or even anonymization is a statistical calculation, the likelihood of reidentification 

is an important factor. This likelihood is generally considered in the context of the risk to the 

data itself, namely, who has access to it and which security controls are put in place. 

In addition to anonymization, data minimization in the form of redaction has shown to benefit from specific 

standards that take into account not only the information to be removed but also the security infrastructure 

surrounding the data. For example, data minimization is a risk mitigator under PCI DSS where information 

like account numbers and cardholder names need to be removed from call and contact center 

information. Especially when used appropriately and in conjunction with cybersecurity safeguards, 

redaction in this context prevents crimes like identity theft. 

The work that still needs to be done 

While we have seen huge improvements in the capabilities of tools that can help with the de-identification 

of data, even unstructured data, it is possible that in parallel with the advance of de-identification tools, 

the technologies enabling re-identification advance as well, and more data becomes publicly available 

against which records can be compared, increasing the risk of re-identification. 

Moreover, while HIPAA Safe Harbor brings clarity, it does not take into account several pieces of 

information that may be used to re-identify an individual. As Khaled El Emam in “Methods for the deidentification 

of electronic health records for genomic research” argued in 2011, not requiring the removal 

of longitudinal data, such as length of stay and time since the last visit, can mean a much higher risk of 

patient re-identification. For reasons like this, HIPAA Expert Determination, where an expert determines 

whether the likelihood of re-identification is low enough to be considered de-identified, is the method of 

choice for many healthcare organizations. 

We must also pay more attention to unstructured data when having a dialogue about data deidentification 

and anonymization. Unstructured data, according to estimates, make up 80 percent of all 

recorded data. As we explained, unstructured data comes with the unique difficulty of identifying where 

personal data are. This is not terribly hard in a table with columns labelled “SSN” or “name.” However, it 

is a more complicated problem with unstructured data given the disfluencies, complicated contexts, 

different formats, and multilinguality of unstructured data. However, similar to lacking in data minimization 

standards, there likewise exists no accepted standard of how accurate the identification of personal 

information should be. Organizations therefore have little guidance regarding the required level of 

accuracy of identification of identifiable information, often opting for a band-aid solution made up of 

regular expressions and inaccurate machine learning models which may even be built for a different task. 

Note that not only does getting this step wrong prevent an accurate assessment of risk with the data, but 

also prevents the reliable redaction of the data, let alone the anonymization of it. Identifying the data 

elements in the unstructured data is the difficult but essential groundwork required before re-identification 

risk can be tackled automatically. 



What we can already do today 

With the recent advances in machine learning (ML), we can now teach machines to do the identification 

work for us, and much more reliably than regular expressions (regexes) - the technique most commonly 

used for data identification, but which often fails in particular with unstructured data. For example, using 

ML, we are able to use the context of a conversation to determine whether something constitutes personal 

information or not. Instead of searching for set patterns, the ML model can learn from exposure to training 

data prepared by privacy experts. By annotating the data elements that are personal identifiers, privacy 

experts can effectively train the model to identify highly complex, natural language patterns based on 

which it can detect personal information in data it hasn’t seen before. 

While we don’t have a set standard for personal information detection tools, Private AI builds AI-driven 

de-identification software that meets and exceeds industry standards. Refer to our Whitepaper for details 

on how we compare to our competitors or request a sample report on how the output data from our 

system has passed HIPAA Expert Determination. Anything lower than what the best technology in the 

industry has to offer in terms of personal data identification will, as it necessarily carries through to the 

de-identification stage, increase the re-identification risk intolerably. With accurately identified and 

categorized personal information, these identifiers can then be removed or replaced as needed for the 

use case, maximizing data privacy and utility. 

Conclusion 

Embracing rigorous data minimization protocols isn't just a compliance requirement; it's a pledge to 

protect individual privacy while harnessing the full potential of data for the collective good. The current 

ambiguity surrounding data de-identification, anonymization, and personal information identification 

standards poses significant challenges. While we have examples in HIPAA and ISO/IEC 27559:2022 and 

other sources, more comprehensive and universally accepted standards are imperative. Otherwise, we 

are at risk of falling behind our current capabilities of making safe data available for responsible innovation 

and other beneficial purposes. 


Kathrin Gardhouse is Private AI's Privacy Evangelist and a German- and 

Ontario-trained lawyer specializing in data and AI governance. Her experience 

includes developing comprehensive privacy and data governance programs 

for a Toronto-based financial institution and data and AI governance 

consulting for several boutique firms. 

Kathrin’s influence in data and AI governance spans multiple domains. She 

actively shapes responsible AI policy at a national level while simultaneously 

offering thought leadership to innovators in privacy-enhancing technologies and advising start-up 

founders in privacy and AI governance matters. Kathrin can be reached through her LinkedIn and our 

company website https://www.private-ai.com/. 



Patricia Thaine is the Co-Founder & CEO of Private AI, a Microsoft-backed 

startup that raised their Series A led by the BDC. Private AI was named a 

2023 Technology Pioneer by the World Economic Forum and a Gartner Cool 

Vendor. Patricia was on Maclean’s magazine Power List 2024 for being one 

of the top 100 Canadians shaping the country. She is also a Computer 

Science PhD Candidate at the University of Toronto (on leave) and a Vector 

Institute alumna. Patricia is a recipient of the NSERC Postgraduate 

Scholarship, the RBC Graduate Fellowship, and the Ontario Graduate 

Scholarship. She is the co-inventor of one U.S. patent and has 10 years of 

research and software development experience, including at the McGill 

Language Development Lab, the University of Toronto’s Computational 

Linguistics Lab and Department of Linguistics, and the Public Health Agency of Canada. Patricia can be 

reached through her LinkedIn and our company website: https://www.private-ai.com/. 



Securing the OT Stage: NIS2, CRA, and IEC62443 Take Center 

Spotlight 

Ensuring Cyber Resilience in Critical Infrastructure 

By Vinny Sagar, Solution Architect, swIDch 

In the dynamic landscape of Operational Technology (OT), 

robust cybersecurity measures are paramount. As the digital 

transformation accelerates, protecting critical infrastructure 

becomes more challenging. Fortunately, three key 

standards—NIS2, CRA, and IEC 62443—have emerged to 

fortify the OT sector against cyber threats. In this article, we 

explore how these standards synergize to create a unified 

front in OT cybersecurity. 



NIS2 (Network and Information Systems Directive 2) 

NIS2 expands upon the original NIS legislation, broadening its scope to include vital sectors such as 

energy, water, and transportation. Here’s what you need to know: 

• Stricter Regulations: NIS2 introduces stronger security requirements and incident reporting 

obligations. It emphasizes supply chain security, recognizing that vulnerabilities often stem from 

interconnected systems. 

• EU-Wide Cooperation: NIS2 encourages collaboration and information exchange across the 

European Union. Non-compliance now carries steeper penalties. 

• OT Relevance: NIS2 mandates that entities ensure an appropriate level of security, particularly 

relevant for OT systems. 

CRA (Cyber Resilience Act) 

CRA focuses on safeguarding consumers and businesses using products or software with digital 

components—common scenarios in OT environments: 

• Mandatory Requirements: Manufacturers and retailers must adhere to CRA’s cybersecurity 

requirements throughout a product’s life cycle. 

• Complementing NIS2: CRA ensures that network-connected products meet elevated security 

standards, complementing NIS2’s efforts. 

IEC 62443: A Global Best Practice 

Unlike NIS2 and CRA, which carry EU-specific mandates, IEC 62443 transcends borders. It provides 

tailored cybersecurity standards for Industrial Automation and Control Systems (IACS) and OT: 

• Industrial Context: IEC 62443 addresses unique security challenges in industrial environments. 

It balances data confidentiality and productivity. 

• Defense-in-Depth: The standard outlines a defense-in-depth model, guiding organizations in 

building robust cybersecurity management systems (CSMS). 

• Risk Assessment: IEC 62443 assists in risk assessments, helping organizations choose security 

products and service providers effectively. 



Unpacking the impact on OT? 

Imagine a medieval kingdom as an organization. The kingdom is the “Operational Technology” (OT) 

environment, and needs to be protected from various threats. 

NIS2 is like the kingdom’s laws and policies, established by the king (the governing body). These laws 

mandate that every village (critical infrastructure) within the kingdom must have defenses (cybersecurity 

measures) appropriate to the threats they face, and they must report any attacks (cyber incidents) to the 

king’s council (regulatory authority) to help protect the entire realm. 

CRA is akin to the blacksmiths’ guild (product manufacturers). They are required to forge weapons and 

armor (digital products and software) that meet certain standards of quality and durability before they can 



e used by the kingdom’s warriors (end-users). This ensures that the frontline defenders are equipped 

with reliable gear from the start. 

IEC62443 is comparable to the master builders and engineers (cybersecurity professionals) who design 

and construct the kingdom’s fortifications (security controls and measures). They follow a set of blueprints 

and guidelines (technical standards) to ensure that every castle and wall is built to withstand sieges and 

protect the inhabitants effectively. 

Together, these three elements create a robust defense system for the kingdom: 

• The laws and policies (NIS2) ensure that everyone is aware of the threats and knows how to 

respond. 

• The quality equipment (CRA) means that defenders are well-prepared to face any adversary. 

• The strong fortifications (IEC62443) provide a secure environment that can withstand attacks. 

This analogy illustrates how NIS2, CRA, and IEC62443 work in concert to provide a comprehensive 

cybersecurity strategy, safeguarding the organization from potential threats at every level. 

Timelines 

CRA 

The CRA agreement received formal approval by the European Parliament in March 2024. As of writing 

this article, it still requires formal adoption by the Council before being enforced. Much of the CRA 

becomes enforceable approximately three years after enactment, around 2027 



NIS2 

By 17 October 2024, Member States must adopt and publish the measures necessary to comply with the 

NIS2 Directive. They shall apply those measures from 18 October 2024. 

IEC62443 

In 2021, the IEC approved the IEC62443 family of standards as 'horizontal standards'. This means that 

when sector specific standards for operational technology are being developed by subject matter experts, 

the IEC62443 standards must be used at the foundation for requirements addressing cybersecurity in 

those standards. 



Enhancing OT Cybersecurity: The Triad of NIS2, CRA, and IEC62443 

In the intricate dance of securing Operational Technology (OT), three key players—NIS2, CRA, and 

IEC62443—take the stage. Together, they harmonize their efforts, covering different facets of security 

across the product life cycle. 

NIS2 focuses on the operational aspect and resilience of critical infrastructure. It sets out requirements 

for risk management, reporting, and security measures, which are essential for the OT sector’s day-today 

operations. 

CRA targets the product aspect, ensuring that digital products and software entering the market have 

robust cybersecurity measures in place from the design phase. This act ensures that the hardware and 

software used in OT environments are secure by default. 

IEC62443 provides a technical framework with specific standards and practices for securing industrial 

control systems. It offers detailed guidance on how to implement security controls and manage 

cybersecurity risks in OT environments. 

Together, they create a comprehensive cybersecurity ecosystem: 

• NIS2 ensures that operators of essential services maintain high levels of security and report 

incidents, which is crucial for the OT sector’s overall resilience. 

• CRA complements this by making sure that the products used in these sectors are secure from 

the start, reducing the risk of vulnerabilities. 

• IEC62443 bridges the gap by offering technical standards that apply to the specific needs of OT 

systems, providing a common language and set of practices for industry stakeholders. 

Together, NIS2, CRA, and IEC62443 form a formidable alliance. They strengthen the resilience of the 

OT sector against cyber adversaries. By adopting these standards, organizations gain a structured 

approach to managing cyber risks. So, whether you’re safeguarding a power plant, a smart grid, or an 

autonomous vehicle fleet, remember: Cybersecurity is our collective shield! 


Vinny Sagar is a Solution Architect at swIDch. With over 15 years of 

experience in pre-sales, consulting, and software development in the 

identity and cybersecurity space, Vinny has helped many clients across 

various industries and regions design and deploy Zero Trust solutions that 

meet their specific needs and challenges. Vinny can be reached online at 

vinny@swidch.com, on LinkedIn or through the swIDch website 

https://www.swidch.com/. 



Best Practices in Cybersecurity with Exhaustive Static Analysis 

to Secure Software Integrity 

Utilizing Rigorous Analysis Techniques to Detect and Eliminate Software Vulnerabilities 

By Gavin Hill, CMO, TrustInSoft 

Introduction 

The complexity of modern software systems, coupled with the increasing sophistication of cyber threats, 

underscores the critical need for robust security measures. Ensuring software integrity is not merely a 

technical necessity but a business imperative, as vulnerabilities and runtime errors can lead to severe 

financial, operational, and reputational damage. The Crowdstrike outage on July 19, 2024, that impacted 

over 8.5 million Windows devices and a 13 percent drop in share prices shows the importance of software 

integrity and testing. 

TrustInSoft, a leader in application security testing tools and services, addresses these challenges 

through the innovative application of exhaustive static analysis. This technique offers a comprehensive 



approach to detecting and eliminating vulnerabilities and runtime errors within software code, ensuring 

that applications are both reliable and secure. By leveraging exhaustive static analysis, organizations can 

significantly enhance their cybersecurity and operational posture, safeguarding their systems against a 

myriad of potential threats. 

Key Points: 

• Exhaustive static analysis rigorously examines software to detect and eliminate undefined 

behaviors, significantly reducing vulnerabilities that can lead to severe operational disruptions and 

security breaches. 

• By ensuring the integrity of embedded systems, exhaustive static analysis helps prevent runtime 

errors and operational interruptions, which are critical in industries such as automotive and 

aerospace. 

• TrustInSoft Analyzer helps organizations meet stringent industry standards like ISO 26262 and 

ISO 21434, ensuring their software meets functional requirements while achieving high security 

and reliability standards. 

The Challenge of Undefined Behaviors in Software 

Undefined behaviors (UBs) in software, particularly in languages like C and C++, present a significant 

cybersecurity challenge. UBs are code constructs that the language standard does not define, leading to 

unpredictable and often hazardous software behavior. These behaviors can result in software crashes, 

data corruption, or vulnerabilities that attackers can exploit, making their identification and elimination 

crucial for software security. 

Consider the infamous case of the Ariane 5 rocket failure in 1996. The rocket, one of the most advanced 

of its time, exploded merely 37 seconds after launch due to a software error. The issue stemmed from 

an unhandled arithmetic overflow, an example of UB, during the conversion of a 64-bit floating-point 

number to a 16-bit integer. The failure resulted in a loss of over $370 million which was one of the most 

expensive software bugs of its time. 

Similarly, the Boeing 787 Dreamliner faced a critical software vulnerability related to an integer overflow. 

The software managing the aircraft's electrical systems contained a UB that could lead to a complete 

loss of power after 248 days of continuous operation. The potential risks associated with the UB could 

result in loss of life. This itself emphasizes the need for rigorous testing and validation processes to 

ensure software reliability and safety with formal verification. 

The global outage caused by a CrowdStrike faulty update on July 19, 2024 was triggered by invalid 

memory usage, specifically a NULL pointer dereference in the C++ code. This resulted in widespread 

disruptions across various sectors, including banking, airlines, and media outlets. This type of runtime 

error, which is common in C++ applications, could have been detected and prevented through exhaustive 

static analysis with tools like TrustInSoft Analyzer. 



Undefined behaviors often lie dormant within software, escaping detection during conventional testing 

phases. These hidden vulnerabilities can be exploited by attackers to gain unauthorized access, execute 

arbitrary code, or disrupt normal operations. As software systems grow more complex, the likelihood of 

encountering UBs increases, posing a significant threat to both security and functionality. 

To mitigate these risks, exhaustive static analysis offers a powerful solution. This technique involves a 

thorough examination of the software code, identifying all possible states and behaviors to guarantee 

that no UB remains undetected. By systematically addressing these vulnerabilities, organizations can 

prevent potential exploits and enhance the overall security of their software applications. 

TrustInSoft's approach to exhaustive static analysis demonstrates best practices in addressing UBs. By 

integrating this method into their development workflows, organizations can achieve a higher level of 

assurance in their software's reliability and security. This proactive measure not only mitigates risks but 

also supports compliance with industry standards and regulations, further strengthening the cybersecurity 

framework of the organization. 

Importance of Exhaustive Static Analysis 

Exhaustive static analysis is a critical technique in ensuring software security and reliability. This method 

involves a thorough and comprehensive examination of the software code, utilizing abstract interpretation 

to evaluate all possible states and paths of a program. Unlike traditional static analysis, exhaustive static 

analysis guarantees the identification of all undefined behaviors (UBs), offering a higher level of 

assurance in detecting potential vulnerabilities. 

By leveraging abstract interpretation, exhaustive static analysis provides a mathematical guarantee of 

software correctness. This rigorous approach is essential in detecting and mitigating runtime errors that 

could lead to operational interruptions. For embedded systems, where software malfunctions can have 

severe consequences, exhaustive static analysis ensures the highest levels of safety and security. 

TrustInSoft Analyzer systematically explores every possible execution path and input combination in the 

software, identifying vulnerabilities that might be missed by other methods. This ensures that the software 

operates reliably and securely under all conditions, significantly reducing the risk of runtime errors and 

enhancing overall system stability. 

Best Practices for Implementing Exhaustive Static Analysis 

To maximize the benefits of exhaustive static analysis, organizations should adopt several best practices. 

These guidelines will ensure effective integration of this powerful technique into the software 

development lifecycle. 

• Early Integration: Incorporate exhaustive static analysis early in the development lifecycle. By 

integrating this method at the initial stages, developers can detect and address vulnerabilities 

before they become deeply embedded in the software. Early detection reduces the cost and 

complexity of fixing bugs later in the process. For example, the average recall cost per vehicle is 



about $500 in the automotive industry. With most modern cars containing up to 100 million lines 

of code there is a lot that can go wrong. 

• Continuous Integration and Deployment (CI/CD): Embed exhaustive static analysis tools into your 

CI/CD pipeline. Automated analysis during each build ensures that new code does not introduce 

new vulnerabilities. Continuous integration allows for regular checks, maintaining high standards 

of code quality and security. 

• Comprehensive Training: Provide thorough training for development teams on the use of 

exhaustive static analysis tools. Understanding how to effectively utilize these tools is crucial for 

identifying and addressing vulnerabilities. TrustInSoft offers extensive support and resources to 

help teams master these techniques. 

• Regular Code Audits and Reviews: Conduct regular code audits and reviews using exhaustive 

static analysis. Continuous monitoring and analysis help maintain high standards of code quality 

and security. Regular reviews ensure that any new vulnerabilities introduced during development 

are promptly identified and addressed. 

• Focus on Critical Code Paths: Prioritize the analysis of critical code paths, especially in embedded 

systems where operational interruptions can have severe consequences. Ensuring the reliability 

of these paths is key for system stability and security. By focusing on high-risk areas, developers 

can mitigate the most significant threats to software integrity. 

By following these best practices, organizations can effectively integrate exhaustive static analysis into 

their development workflows, ensuring robust and secure software. 

Addressing Common Cybersecurity Challenges with Static Analysis 

Exhaustive static analysis addresses numerous cybersecurity challenges by employing abstract 

interpretation, a technique that evaluates all possible states and paths of a program, namely: 

• Managing Software Complexity: As software systems become more complex, the risk of 

introducing UBs and runtime errors increases. Exhaustive static analysis, using abstract 

interpretation, provides a thorough solution by evaluating all possible states and paths, ensuring 

that no UB goes undetected. This meticulous approach is crucial for maintaining the integrity and 

security of complex software systems, especially in industries like automotive and aerospace, 

where embedded systems play a critical role. 

• Ensuring Continuous Feature Updates: Continuous updates are necessary to maintain software 

relevance and functionality. However, these updates can introduce new vulnerabilities. By 

integrating exhaustive static analysis into the development workflow, organizations can 

confidently release updates without compromising security, thus preventing operational 

interruptions. 

• Mitigating Internal and External Threats: By detecting vulnerabilities early, exhaustive static 

analysis mitigates the risk of both internal and external threats. This proactive approach prevents 

potential exploits that could lead to data breaches or system failures. TrustInSoft Analyzer’s ability 

to identify runtime errors and UBs is crucial for protecting software from both malicious attacks 

and accidental errors, which can be particularly damaging in embedded systems. 



• Embedded Systems Security: For embedded systems, which are often critical in applications such 

as automotive, aerospace, and telecommunications, ensuring software security is paramount. 

Exhaustive static analysis helps identify and eliminate vulnerabilities that could lead to operational 

interruptions or safety hazards. 

Compliance with Industry Standards 

Adhering to industry standards is crucial for ensuring software safety and security. Exhaustive static 

analysis helps organizations meet compliance requirements such as ISO 26262 for automotive safety 

and ISO 21434 for cybersecurity in road vehicles. By providing a mathematical guarantee of software 

correctness, TrustInSoft Analyzer supports the rigorous verification needed to achieve and maintain 

these standards. 

• Automotive Industry Compliance: The ISO 26262 standard outlines the requirements for 

functional safety in automotive systems. TrustInSoft Analyzer helps automotive companies 

comply with this standard by ensuring that their software is free from UBs and runtime errors. This 

rigorous analysis supports the development of safe and reliable automotive systems, reducing 

the risk of operational interruptions and safety incidents. 

• Aerospace Industry Compliance: In the aerospace industry, software must comply with standards 

such as DO-178C, which sets the guidelines for software used in airborne systems. TrustInSoft’s 

exhaustive static analysis ensures that aerospace software meets these stringent requirements, 

providing a high level of assurance in the software’s reliability and safety. 

• Cybersecurity Standards: For cybersecurity compliance, standards like ISO 21434 focus on the 

security of road vehicles. TrustInSoft Analyzer’s ability to detect and eliminate vulnerabilities 

supports compliance with these standards, ensuring that automotive software is secure against 

potential cyber threats. This compliance is essential for maintaining the trust and safety of 

automotive systems in an increasingly connected world. 

By adopting exhaustive static analysis and leveraging tools like TrustInSoft Analyzer, organizations can 

ensure that their software meets the highest standards of safety and security. This proactive approach 

not only mitigates risks but also supports compliance with industry standards, strengthening the 

cybersecurity framework of the organization. 

Guaranteeing Software Integrity with Mathematical Precision 

Exhaustive static analysis, with its comprehensive and rigorous approach, provides a robust solution to 

the complex challenges of software security. By adopting best practices for implementation and 

leveraging advanced tools like TrustInSoft Analyzer, organizations can safeguard their systems against 

vulnerabilities and achieve compliance with industry standards. As the cybersecurity landscape continues 

to evolve, the importance of rigorous software verification through exhaustive static analysis will only 

increase, securing the future of software development. As we look to the future, the integration of such 



igorous methods will be paramount in defending against the complexities and dangers of an increasingly 

connected world. 


Gavin Hill is the Chief Marketing Officer at TrustInSoft where he is 

responsible for go-to-market strategy and execution of products and 

services. He has held leadership positions in Product Management, Product 

Marketing and Marketing at Human Security, Secureworks, Bitdefender, 

Bromium (HP), Venafi and Trend Micro. With 25 years’ experience in cyber 

security, he has a broad range of knowledge, including Application Security, 

Email Security, Cloud Security, Encryption, PKI, Keys & Certificates, 

Endpoint Security, EDR, Network Traffic Analytics, Isolation, Hypervisor 

Security, Sandboxing, and VDI Security. 

Gavin can be reached online at gavin.hill@trust-in-soft.com and at our 

company website https://www.trust-in-soft.com/. 



Embracing The Intersection of Ethics and Digital Trust 

In today's rapidly evolving technological landscape, the intersection of ethics and digital trust is 

becoming increasingly critical. 

By Pablo Ballarín, ISACA Emerging Trends Working Group, ISACA 

The Ethical Dimension of Emerging Technologies 

Ethics, fundamentally, deals with moral values and codes of conduct within societies and social groups. 

Traditionally, ethical considerations have permeated various human domains such as politics and 

business. However, in the 1970s, this influence expanded significantly into healthcare, medicine, 

biological research, biotechnology, and environmental issues. This expansion gave birth to bioethics, 

which addresses critical concerns like organ donation and transplantation, genetic research, assisted 

dying, and environmental conservation. 

Today, as we confront the challenges posed by emerging technologies, we face new ethical risks such 

as various forms of bias, lack of transparency, addiction, information bubbles, social manipulation, and 

threats to democracies, which are evident in elections worldwide. 



Addressing Ethical Challenges in AI and Emerging Technologies 

Recent years have seen the development of ethical frameworks and legislation specifically tailored to AI 

and other emerging technologies. These frameworks aim to translate ethical theories into actionable 

steps for creating responsible technologies. However, the key questions now arise: What are the 

fundamental principles of these frameworks? How can we effectively implement them, and what types of 

competencies are required to do so? 

These questions are crucial as we endeavor to balance technological advancement with ethical 

responsibility. Ensuring that progress benefits society while safeguarding fundamental values and rights 

is a delicate balancing act. 

European Business and IT Professionals Utilise AI with Limited Organisational Training 

A recent ISACA study highlights a critical issue: European business and IT professionals are increasingly 

utilizing AI with limited organizational training. This gap in training can lead to significant ethical and 

cybersecurity challenges. Without proper training, professionals may inadvertently deploy AI systems 

that are biased, lack transparency, or are vulnerable to cyber threats. The study emphasizes the need 

for comprehensive training programs that encompass both technical and ethical dimensions of AI. This 

aligns with the importance of integrating ethical and trust considerations into the development and 

deployment of AI technologies. A professional way to handle these issues is offered by auditing tools 

such as the AI Audit Toolkit by ISACA. It provides a structured approach to evaluate the ethical and 

technical aspects of AI implementations including guidelines for assessing compliance with ethical 

frameworks, identifying biases, and ensuring transparency. 

The Trust Gap: Companies Value Digital Trust but Little Progress is Being Made to Implement It 

Another significant issue is the trust gap in digital technologies. According to an ISACA report, while 

companies value digital trust, there is little progress in implementing it. This gap can undermine the 

effectiveness of both cybersecurity measures and ethical frameworks. Building digital trust requires a 

holistic approach that integrates ethical principles into all aspects of technology development and 

deployment, as stated in the ISACA paper "Using the Digital Trust Ecosystem Framework to Achieve 

Trustworthy AI." This includes transparent communication, robust security measures, and a commitment 

to ethical standards. 

As we navigate an era where technology profoundly impacts every aspect of life, it is essential to integrate 

ethical considerations into our approach to cybersecurity. In this context, the upcoming ISACA Europe 

Conference 2024 on October 23 - 25 will explore these issues in depth, providing a platform for experts 

and practitioners to share insights and strategies. Presentations will explore how digital trust and ethical 

frameworks can inform the development and deployment of emerging technologies, drawing on lessons 

from bioethics and recent developments in AI ethics. Among the speakers, author Pablo Ballarin will be 

presenting a session titled "Ethics, Dilemmas, and Digital Trust with AI." 



For more information on the ISACA Europe Conference 2024 and to register, visit ISACA Europe 

Conference. 


Pablo Ballarín, who is active in the ISACA Emerging Trends Working Group, 

is an experienced cybersecurity professional with over 25 years in the field, 

specializing in information security, risk management, and compliance. 

Pablo has extensive experience in working with global organizations, 

including telecommunications companies, public agencies, retailers and 

financial institutions. He is a recognized speaker and educator in 

cybersecurity, holding different industry certifications, and frequently 

appears on different Spanish media discussing the challenges of technology 

and its impact on society. 

Website: www.isaca.org 

Twitter: www.twitter.com/ISACANews 

LinkedIn: www.linkedin.com/company/isaca 

Facebook: www.facebook.com/ISACAGlobal 

Instagram: www.instagram.com/isacanews 



Driving Security Forward: How Automakers Can Stay Ahead of 

Cyber Threats and Compliance Challenge 

By Oron Lavi, Chief Technology Officer and Co-Founder, Argus Cyber Security 

As technology revolutionizes the way OEMs build cars, this software-powered shift has also introduced 

new risks and challenges. As cars become more connected, they are exposed to more cyber security 

threats. Software vulnerabilities and open-source code can be exploited by hackers to compromise 

safety-critical systems, access personal data, or even start a car from a remote location. In addition, due 

to the increasing complexity of the vehicle software ecosystem, integration and maintaining code quality 

have also become more difficult. 

Let's examine some practical steps that OEMs and Tier 1 suppliers can take to reduce security risks, 

achieve regulatory compliance, and streamline the automotive software development cycle. 

Meeting regulatory expectations 

Over the last few years, we have seen dramatic changes in standardization and regulation of cyber 

security practices in automotive. Some notable ones are ISO 21434, ASPICE cybersecurity extension 

and UNR155, which have become a de-facto way of ensuring a cyber security-minded development 



process and product. While UNR155 is mostly applicable in the EU, many other countries follow it or 

have similar guidelines or regulations in place. Moreover, due to the global nature of the automotive 

market, EU regulation has a tremendous impact on non-EU manufacturers as well. 

With the introduction of such expectations, the industry is slowly shaping itself to comply and meet these 

new requirements. This is a slow process, which has an impact on many different departments of all 

automotive manufacturers and their suppliers. It also has an impact on auditors and assessors who need 

to learn how to inspect that the new regulatory expectations are met. 

These changes introduce new steps into the development cycle, and throughout the rest of the vehicle 

lifecycle (production, post-production, etc.). New efforts mean additional work and increased costs for 

manufacturers. 

So how are OEMs and Tier 1s coping with these new efforts, which require the investment of more time 

and materials into an already extremely tight project framework? 

Shift left and automation 

The answer is doing what all industries have always done. If you consider how automotive manufacturers 

and suppliers deal with quality aspects, you’ll see there is an ongoing effort to perform verification and 

validation as early in the process as possible (“shift left”) for each phase. By doing so, manufacturers 

reduce the impact of a potential mistake and the time it takes to fix it. 

The other key element is automation. This is especially true for situations that require large scale. By 

automating the processes of requirement tracing, deployment, performance analysis, functional testing 

and others, each small change can be tested and undesired impacts on the project and product can be 

immediately reported and addressed. 

As the industry implements tools and processes to meet the new cyber security regulatory requirements, 

it’s becoming clear that the same principles still hold. Slowly, we are seeing an emerging landscape of 

tools and methods for automating and “shifting left” the necessary cyber security phases that help reduce 

the effort and time required to meet compliance. 

Working smarter, not harder (in practice!) 

Part of what we do at Argus is supporting automotive companies with their processes related to cyber 

security and regulatory compliance. Through these interactions, we’ve identified some useful actions an 

OEM/supplier can take to become more efficient in implementing cyber security. For example, using 

internal expertise more effectively and relying less on outsourcing certain activities. 

In this context, two important activities mandated by these new regulations that can help OEMs and Tier 

1 suppliers detect and resolve security issues early in the development process are penetration testing 

(fuzz testing) and vulnerability management. 



Automated fuzz testing 

Fuzz testing is a software testing technique that involves feeding invalid, unexpected, or random data 

inputs to a program in order to uncover vulnerabilities, bugs, or unexpected behaviors. In the context of 

the automotive industry, fuzzing is used to assess the security and robustness of automotive software 

systems. For fuzzing to be effective, it must take into account automotive protocols, use cases and 

automated testing procedures. If implemented correctly, such tests will reveal flaws and vulnerabilities 

with minimal effort in the early project stages and beyond. 

Most manufacturers today rely heavily on simulation systems to check the end product for functionality 

and safety. While there are many different implementations and vendors of such simulation and testing 

products, some are beginning to offer “cyber security” suites or tools as part of their solution. By deploying 

an automated Fuzzing test into your HIL/SIL setup, you can automatically increase the level of security 

in the system. Some products even provide automated reports referencing regulatory requirements 

tested by specific tests, so these can be easily used as evidence to achieve compliance. 

Not just fuzzing 

There are many other tools which can be used by the development or testing team to more easily detect 

security issues that are not necessarily part of a heavy-duty Hardware-in-the-Loop/Software-in-the-Loop) 

(HIL/SIL) system. Some tools are open source and completely free. One such example is “pythonudsoncan”. 

This utility can be used by an engineer to interact with a UDS server in different ways and 

detect security flaws. Taking this one step further, an engineer with sufficient security expertise could 

create automated tests to ensure the correctness of the UDS functionality from a security perspective, 

and have these tests executed with every new software version. 

Vulnerability Management 

As vehicles become more and more software based, with more software libraries from different sources 

being integrated together, the risk of one of these pieces of code containing a vulnerability increases. 

What happens if two years after a vehicle hits the road, a vulnerability is published which affects one of 

the software libraries used in the vehicle? How do you know which vehicles are affected? How do you 

assess the potential impact and how do you respond? 

This issue has been addressed by regulations and standards such as UNR 155 and ISO 21434 which 

directly require that a Software Bill Of Materials (SBOM) be kept and tracked throughout the vehicle 

lifetime. The SBOM should be continuously monitored, so newly published vulnerabilities are quickly 

identified and addressed. This activity must be done at an early stage of a project. By scanning your 

software early, automatically and with every new version, any known vulnerabilities that were introduced 

into the product are detected immediately, and can be addressed by the responsible engineer or 

supplier. 



Performing this kind of scan only at a late release stage can create delays and/or a situation where risky 

compromises must be taken. A proper Vulnerability Management solution - one that automatically 

generates the SBOM from each new software release and provides a report of known vulnerabilities that 

affect it - dramatically reduces manual efforts involved in identifying and treating these issues. 

Bottom Line 

In today's complex software-driven ecosystem, vehicle manufacturers have come to realize the 

importance of integrating security measures early in the development process. This "shift left" security 

approach enables automotive software developers to improve the overall quality and security of their 

products, while at the same time accelerating time-to-market and reducing development costs. 

Incorporating advanced cyber security tools and processes, such as fuzz testing and vulnerability 

management, as an integral part of the software development process can help OEMs and Tier 1s to 

streamline product development and meet their compliance objectives. 


Oron Lavi is the Chief Technology Officer and Co-Founder of Argus Cyber Security, 

a pioneering company established in 2014. With a wealth of experience in the tech 

industry, Oron previously served as a senior software engineer at Salesforce.com 

and as the CTO at CBVW. He holds a Bachelor of Science degree in Computer 

Engineering, graduating magna cum laude from Tel Aviv University. 

Oron can be reached online at https://www.linkedin.com/in/oron-lavi-10777b3/ and 

at our company website https://argus-sec.com/. 



Best Practices for Effective Privileged Access Management 

(PAM) 

By Marcus Scharra, CEO at senhasegura 

Privileged accounts are highly coveted targets for malicious attackers due to the extensive access they 

provide. According to the 2024 Verizon Data Breach Investigation Report, nearly 40% of data breaches 

involve privileged accounts. Additionally, breaches involving these accounts incur higher costs. Research 

from IBM and the Ponemon Institute indicates that while the average cost of a data breach is $4.35 

million, breaches involving privileged accounts average $4.50 million. 

These accounts, often referred to as "keys to the kingdom," enable critical actions such as modifying 

system settings or transferring financial resources. The proliferation of privileged accounts, driven by 

digital transformation initiatives like 5G, cloud computing, and IoT, has compounded the challenge. With 

stringent regulatory requirements such as GDPR (Europe), LGPD (Brazil), and CCPA (California), 

protecting privileged credentials is essential for reducing cyber risks, avoiding hefty fines, and ensuring 

business continuity. 



Challenges in Privileged Access Management 

• Discovery and Management: Identifying and managing all privileged access is a significant 

challenge, especially with the shift to cloud environments (IaaS and PaaS) and development 

settings. 

• Third-Party Access: The rise in third-party consultants, vendors, and experts necessitates 

temporary privileged access. The Ponemon Institute found that 66% of companies are unaware 

of the number of third-party relationships they have or how they are managed. Furthermore, 61% 

have experienced breaches associated with third parties. 

• Privilege Abuse: Implementing the Principle of Least Privilege (PoLP) is difficult due to the 

complexity of determining necessary privileges and the time required to assign them. Excessive 

permissions can be exploited by attackers if not revoked timely. 

• Insider Threats: Traditional security models based on perimeter defense are inadequate as 

threats increasingly come from within. The 2024 Verizon Data Breach Investigation Report states 

that 40% of data breaches are caused by internal actors. 

• Stolen Credentials: Phishing and social engineering attacks lead to credential theft. Verizon’s 

DBIR report indicates that nearly 40% of breaches occur through stolen credentials. 

Customer Preferences and Requirements for PAM Adoption 

• Flexibility: PAM solutions must adapt to various deployment topologies and integrate seamlessly 

with existing methodologies and infrastructure, including support for different configurations for 

high availability and disaster recovery. 

• Scalability: Essential for accommodating a range of organizational sizes and workloads, including 

managing multiple deployment locations and supporting numerous concurrent users. 

• Usability: A user-friendly PAM solution reduces training efforts and minimizes disruption to daily 

operations. 

• Integration: Compatibility with multiple assets, including legacy systems, is critical for a smooth 

adoption process. 

• Compliance and Reporting: With growing regulatory requirements, PAM solutions must offer 

comprehensive auditing and reporting features to help organizations comply with regulations like 

LGPD, GDPR, HIPAA, and SOX. This includes detailed logs of privileged access and actions 

taken during those sessions. 

• Cost-Effectiveness: Balancing advanced security features with cost-efficiency is crucial for 

organizations seeking the best value for their investment. 

Best Practices for Implementing a PAM Program 

• Stakeholder Mapping and Requirements: Identify stakeholders and key PAM requirements across 

different organizational areas. Define roles and responsibilities, and establish groups for access 

segregation. Securing top management support is critical from the project's inception. 



• Milestone-Based Implementation: Implement PAM in stages, starting with basic use cases before 

advancing to more complex ones. This phased approach ensures steady progress and minimizes 

disruption. 

• Mapping Use Cases to PAM Functionalities: Align identified use cases with appropriate PAM 

functionalities. Deploy specialized PAM tools like senhasegura to address specific needs. Select 

vendors based on availability, compliance, and support capabilities, and conduct a Proof of 

Concept (PoC) to determine the best fit. 

• User Training: Ensure that users understand the benefits of PAM and are adequately trained to 

operate the deployed tools. Effective training fosters better adoption and compliance. 

• Continuous Monitoring and Improvement: Regularly review and update PAM policies and 

practices to adapt to evolving threats and organizational changes. Continuous monitoring ensures 

that privileged access remains secure. 

Conclusion 

Cyberattacks are inevitable, and their impact can be devastating. Privileged credentials are often at the 

center of these attacks, making a robust PAM program essential. By following these best practices and 

considering key customer preferences, organizations can significantly enhance their cybersecurity 

posture and reduce the risks associated with privileged access. Implementing a comprehensive PAM 

strategy should be a top priority for information security leaders across all industries. 

By focusing on these critical areas, organizations can better protect their sensitive assets, comply with 

regulatory requirements, and ensure long-term business resilience. 


Marcus Scharra, Co-Founder and CEO at senhasegura, a computer 

engineer and has a master’s degree from São Paulo’s University in 

Information Security and Artificial Intelligence for pattern recognition in 

corporate environments using artificial neural networks. 

With a series of articles and published works, he’s been an entrepreneur for 

over twenty years, as the founder of six tech companies. senhasegura is one 

of the solutions developed by the first of its companies, MT4 Technology, 

currently present in more than 60 countries. In the last few years, 

senhasegura was placed as a Leader by many analysts, such as KuppingerCole and Software Reviews, 

and considered by Gartner as a Challenger technology in the 2021 Magic Quadrant report for PAM. His 

companies have received several renowned recognitions, such as the ISC² Annual Americas Information 

Security Leadership Awards. 

LinkedIn Profile: www.linkedin.com/in/marcusscharra/ 

Company Profile: https://senhasegura.com/ 



Is Platform Engineering a Step Towards Better Governed DevOps? 

By Kapil Tandon, VP of Product Management for Perforce 

Since 2010, Puppet’s annual State of DevOps Report has tracked trends in IT, including security and, 

more recently, the growth of platform engineering. 2024’s edition, which includes the results of a survey 

of over 600 IT professionals worldwide, shows that security and platform engineering are now closely 

intertwined, with platform engineering teams now taking on more responsibility for security. Plus, the 

results show that these teams are making a tangible difference. 

Before diving into more details, it is crucial to understand what platform engineering provides. Platforms 

aim to give end users — especially software developers within organizations — fast and simplified selfservice 

access to the technologies they need to do their jobs. These platforms are managed by platform 

engineering teams, who provision and manage all workflows, tools, and platforms involved. Platform 

engineers typically come under operations or engineering as part of teams or separate ones. They could 

even be part of product teams. Their area of focus is ensuring that their primary customer, the developers, 

get what they need to deliver at speed on the organizational needs. 

Platform engineering is not just some fad. Gartner has predicted that 80% of global organizations plan to 

have a team dedicated to platform engineering by 2026. The State of DevOps Report found that 43% of 

respondents have had a platform team for at least three years and a quarter for six to nine years. 65% 

said that platform engineering teams will receive continued investment. 



Platform engineering offers multiple benefits to businesses and their employees. First, it reduces the 

volume of support requests to IT operations teams, allowing them to focus on tasks other than firefighting. 

Second, developers can concentrate on their core work, knowing that what they need is being provided 

without the need to search for it or verify its accuracy. 

The value of all this cannot be underestimated, given the growing complexity and scale of many software 

development environments today. Software development is the point at which vulnerabilities can occur, 

leaving the door open for future exploitation. Think of platform engineering teams as the protective barrier 

between developers and potential chaos. 

And it is working. When asked about the benefits of platform engineering, 31% of respondents in the 

State of DevOps survey reported a reduced risk of security breaches. Improved compliance and security 

was also the third-highest use case (49%), surpassed only by improved productivity and automated, 

standardized processes. 

This demonstrates a significant shift in DevOps: security is being integrated up-front and considered right 

at the start of platform strategies. 70% claim that security was built into their platforms from the beginning. 

A further 60% cite security and compliance as the leading benefit of platform engineers. This is a sea 

change. Previously, while security may have been acknowledged as necessary, implementation was 

typically left to individual teams to implement. 

With platform engineering, security management can become controlled and consistent across 

organizations. In addition, they are increasingly likely to have a platform dedicated to security (and other 

platforms for other functions). Having specialized platforms allows teams to focus on the excellence of 

what they do rather than over-centralizing and forcing people to potentially use tools and take on 

responsibilities they don’t want or need. The survey found that 56% have five or more platforms, with 

almost 10% reporting they have at least 10. 

Platform engineering has evolved significantly in just a few years, and its value is now well understood 

by many organizations. We see it as a crucial stepping stone in creating more governed DevOps. 

Embracing platform engineering’s contributions to better security and compliance is important, as is 

managing an estate that is continuously patched to ensure uptime. The trend of delivering patches to the 

estate automatically, rather than through manual patch management, is growing and is expected to 

continue throughout 2024 and beyond. 


Kapil Tandon is the VP of Product Management for Perforce Software. He has more 

than 25 years of experience in product roles within tech, and has previously served 

as the VP of product growth for Tricentis and as a principal PM lead for Microsoft. 

Tandon holds a master’s in marketing from Pace University. Kapil Tandon can be 

reached online at kapil.tandon@perforce.com, https://x.com/kapilt, 

https://www.linkedin.com/in/kapilt/. 



Russia, Apple, And the New Front Line in The Fight for Internet 

Freedom 

By Sebastian Schaub, CEO, hide.me 

Russia's reputation for suppressing internet freedom and free expression is well documented. VPNs have 

long had a contentious relationship with the Russian state, and in recent years they have been permitted 

only if they are approved by the government. Earlier this year, the Russian government went a step 

further, turning the screw on internet freedom by making it illegal to provide public instructions for setting 

up a VPN. 

At the time, it was clear that this escalation would mark a steady and insidious move towards total online 

censorship, with the end goal of dismantling the very frameworks that support the existence of VPNs and 

their continued development. 

And then last week, the Kremlin's internet regulator, Roskomnadzor, went even further. In a striking move, 

Apple – the $3.6 trillion market cap tech giant – has removed 25 VPN services from the Russian App 

Store at Roskomnadzor's request. Our app, hide.me, is one of them. 

There are two key issues here that are deeply worrying and pose a grave threat to internet freedom. 



Firstly, when state bodies force private companies to remove or change their services or products, it’s a 

serious problem. This is true in repressive regimes and liberal democracies alike. You might argue, 

"Apple Inc. is a multi-trillion-dollar company with immense power, surely it can handle some government 

pressure?" 

However, the Russian VPN ban illustrates why this argument is fundamentally flawed and even 

dangerous. Most would agree that Roskomnadzor pressuring Apple to remove 25 VPNs from the App 

Store is bad. It’s the people – us, you, those advocating for a freer world – who suffer. Limiting the power 

of a tech giant like Apple only strengthens the state's hand. 

In this case, hostility to internet freedom looks like an obviously authoritarian state coercing a private 

company into restricting its citizens' internet access. It's easy to see Russia's actions as wrong and 

harmful. But remember, whenever any government – whether ‘good’ or ‘bad’ – tries to control the tech 

we access, there are significant risks. 

What’s particularly frustrating about this case is that many of these VPNs are developed by people who 

understand Russia’s censorship machine intimately, designing their products to bypass state restrictions. 

The fact that Apple felt enough pressure to ban these apps outright, something the Russian authorities 

haven’t always achieved effectively themselves, is deeply disappointing. 

This brings me to the second, bigger issue: the state of internet freedom. 

It is terrifying that free and uninhibited internet access can be so easily taken away from individuals in 

authoritarian regimes. Governments that control what citizens can see and access feed the oppression 

machine. At hide.me, one of our core principles is universal access to a free and open internet. We 

believe fiercely in the power of information to break free from oppression, and we believe in VPNs as a 

vehicle for accessing this information, protecting user privacy, and freeing communities from statecontrolled 

narratives. A free world needs access to a free and open internet. 

So, what can be done? 

Sadly, hostility to VPNs isn’t new for Russia, and hide.me won’t be the last VPN to face the wrath of 

Russia’s internet regulators. 

But if Apple wants to be bold, to stand for internet freedom and the rights of users everywhere – not just 

in America or the Western world – then it should take a page from Mozilla Firefox’s book. Just last month, 

several of Mozilla’s browser extensions were suddenly made unavailable in Russia at Roskomnadzor's 

request. Mozilla initially complied, considering regulatory implications and the safety of their staff and 

community, but then they did something remarkable: they reinstated the extensions. 

This bold move should be championed. Internet freedom won’t die overnight; if we lose it, it’ll be because 

we stood by and watched as it was gradually chipped away. And while it’s true that individuals will always 

find ways to push back against state control, it’s a dark day when the tools to do so are taken away. This 

demonstrates a clear intent from these states to control the flow of information completely. 

All of us who care about internet freedom – tech giants included – must push back against oppressive 

regulators and make a stand for freedom of expression and access to a free internet. Companies like 



Apple ultimately have the power and responsibility to resist these state pressures and set a precedent 

for defending digital rights. The stakes are high, and the cost of inaction is the erosion of our fundamental 

freedoms. 

What’s next? Well, it’ll be interesting to watch how Apple plays its cards now. Will they capitulate to 

authoritarian demands, or will they champion the cause of internet freedom? 

The world is watching, and the future of a free and open internet hangs in the balance. 


Sebastian Schaub is the CEO and founder of hide.me VPN and he has been 

working in the internet security industry for over a decade. He started hide.me 

VPN to make internet security and privacy accessible to everybody. 



The Traditional Advocates of the Security Perimeter Don't Want 

You to Know about Data-Centric Security 

The Crucial Role of Data-Centric Security in Today's Enterprises 

By Luis Ángel del Valle, CEO, SealPath Technologies 

In an era defined by continuous media announcements of organizations that have suffered both 

government and private data breaches and thefts, the security of this invaluable asset has never been 

more of prime importance. Every day, enterprises face the daunting task of safeguarding sensitive 

information against an ever-evolving array of threats. As someone who has navigated the complexities 

of data security for over a decade, I have witnessed firsthand the shifting paradigms and challenges that 

organizations encounter. This article aims to illuminate the path forward, proposing a fundamental 

realignment towards data-centric security as a robust approach to the pressing concerns of today. Join 

me in exploring why adopting this strategy is not only strategic but essential for enterprises aiming to 

thrive in this context. 



Data Security Concerns in the Modern Enterprise Context 

Today's businesses operate in an environment where traditional security perimeters have all but 

dissolved. The transition to remote work and ‘Bring-Your-Own-Device’ (BYOD) policies, a direct 

consequence of recent global events, has further exacerbated this trend. These blurred lines, combined 

with the sophistication of modern cyber threats, have significantly heightened the risks of data breaches, 

reputation damage, and regulatory penalties. 

Data breaches rose by 72% between 2021 and 2023 according to the 2023 Data Breach Report by The 

Identity Theft Resource Center (ITRC), which has underscored the importance of robust data security. 

The main risks include phishing attacks, Zero-Day vulnerabilities, malware infections such as 

ransomware, insider threats, and insufficient encryption, all of which can result in significant financial loss, 

$4.45 million on average according to IBM Cost of a Data Breach Report 2023. Since 2020, the average 

cost of a data breach has increased 15.3% from $3.86 million. The costs are expected to reach $5 million 

within the next few years based on this trend. 

Since Cybercriminals have discovered new ways to profit, they have not stopped evolving, and they know 

that data is a gold mine. Their main motivation is to gain access to the most critical documents and data 

of companies to make a profit. 

At the heart of these concerns lies the challenge of controlling who can access data, under what 

conditions, and ensuring that it remains protected – regardless of its location. The stakes are higher than 

ever, as data exfiltration can mortally wound an organization's standing, not to mention the severe 

implications imposed by ever-tightening regulations across the globe. 

Towards a Data-Centric Security Approach 

To address these growing concerns, a paradigm shift 

is essential. Moving toward a data-centric security 

approach ensures that the focus is placed squarely on 

protecting the data itself, irrespective of where it 

resides. This strategy offers a solution that aligns with 

the current organizational landscape, where data flows 

freely beyond the confines of traditional network 

borders. By encrypting the data and controlling access 

directly, we create a resilient protective layer that 

moves with the information. This alignment not only 

enhances security but also offers greater flexibility, an 

indispensable trait in today's fluid work environments. 



There are different key elements for an effective data-centric security approach: 

• Identification of sensitive information: The target of an attacker, whether internal or external, is 

usually the most sensitive and valuable information: data through which he can directly or 

indirectly obtain benefits. On the other hand, there are also data related to some type of regulation 

such as EU-GDPR, PCI, or others. In some organizations this is stored in certain repositories 

known to the teams, however, it can also be distributed. 

• Data-centric protection: Data-centric security controls focus on securing the organization’s 

valuable content so that it can be protected from potential unauthorized egress from the network, 

cloud, or data leakage. We can know where the sensitive information of the organization is, but it 

will be of little use, if we don’t apply measures to protect this information wherever it travels. 

• Audit and monitoring of access to data: To determine the level of risk on corporate data, it is 

important to be able to analyze its use and determine if the behavior patterns of users on the data 

are outside a certain standard. 

• Administration and management of data policies: Who should or shouldn’t have permissions to 

access the data isn’t something that is established in a static and lasting way. You must be able 

to apply dynamic policies on the data so that if you stop collaborating with someone or if it is 

detected that a certain person may be at risk, we can revoke access to it or try to prevent it from 

leaving the corporate network. 

The Crucial First Steps 

Before diving headlong into the implementation of data-centric solutions, it is vital to conduct a thorough 

analysis to identify the most at-risk information within an organization. Understanding what data is being 

generated, how it's used, and most importantly, how it's shared, forms the bedrock of a successful datacentric 

security strategy. An exhaustive examination of data flows within an organization will reveal the 

critical assets that demand the highest protection. This prioritization not only ensures that resources are 

allocated efficiently but also significantly improves the return on investment in data security technologies 

by safeguarding the most vulnerable information first. 

Many organizations haven't conducted a thorough analysis of the information they handle, generate, and 

share. SealPath has been recommending that for the past 10 years. As experts in data-centric security, 

we know that having a report that identifies the most vulnerable information is crucial to apply the most 

effective measures, tailored to the nature of each type information. This can only be done with an 

analytical method. 

In the past, we noticed that when helping organizations to establish different types of policies or rules to 

protect their information, they hardly knew how to differentiate the level of sensitivity of each type of 

information, the context in which it is handled and even the different categories of information. This made 

it very difficult to advise them on the best security policies or rules, as these must be adapted to the 

nature of each type of information in order to be effective. 



After deep documentation of the company data and flows, I recommend to calculate general risks by type 

of information, such as legal, financial, reputational or operational. The objective is to obtain the level of 

risk to which a type of information, such as strategic data, is exposed. 

Once we know the general risks, I recommend to calculate the risks by typology, to quantify the risk by 

type of file and impact on the 5 dimensions of information security: Confidentiality, Integrity, Availability, 

Traceability and Authenticity. As a result, we will identify which specific files are most at risk. An example 

could be, for example, designs with intellectual property. 

SealPath is distributed by its certified integrator, BNS UEP, a data solutions provider that enables 

organizations to establish and strengthen their Data Lifecycle Management and Security Posture. The 

starting point in the lifecycle is a clean, accurate and current data inventory, where compliant (e.g., PII, 

CCPA, other US Data Privacy Acts, GDPR, HIPAA), non-compliant, and critical (e.g., IP, Trade Secrets, 

Classified) data can be identified, delineated, isolated, accurately tagged, labeled, and classified. This 

combined with Access Governance including role and attribute-based access controls, least privileged, 

the ability to revoke access and encrypt data at rest, in use, and in transit is essential for any organization. 

The SealPath and BNS unified services solution delivers quick, relevant insights into reducing data & 

access risks (financial, legal & regulatory compliance, operational) while providing enforcement for File 

& Data Integrity with Enterprise Rights Management & DLP. 

Conclusion 

The journey toward robust data security is both complex and ongoing. However, by shifting our 

perspective towards a data-centric approach, we position ourselves to better combat the multifaceted 

threats of the current era. It is imperative that we do not rush into deploying solutions without first gaining 

a profound understanding of our data landscape. The insights garnered from such an analysis are 

invaluable, guiding our strategic decisions and ensuring that we invest wisely in technologies that provide 

tangible results. 

Ultimately, I know that finding the right time to conduct such an analysis and putting the effort into it is 

difficult for many CISOs. But doing so has an unquestionable long-term benefit: knowledge is power, and 

in this case, it is profitability. Having a real and detailed vision of the data assets that your organization 

manages, as well as their risks, will not only avoid the worst consequences in cases of data breaches, 

but will also minimize their impact on your organization. 

The world of data security is at a crossroads, and the direction we choose now will define the safety and 

resilience of enterprises for years to come. Let's embark on this path towards data-centric security, armed 

with the knowledge and strategies that will safeguard our future. 




Luis Ángel, CEO and Founder of SealPath, has more than 20 years of 

experience in leading technology and cybersecurity companies such as 

the multinational Motorola or the Spanish Panda Security. As a 

telecommunications engineer, he has a privileged vision in the 

development of innovative products and their commercialization, being 

able to get involved in depth to an unusual technical level. After 13 years 

leading SealPath and taking its data protection technology to more than 

30 countries and 100 partners around the world, del Valle is positioned as 

one of the relevant voices in the field of data security, with in-depth 

knowledge of current and emerging threats, as well as the needs most in 

demand by the main organizations, both public and private. 

Luis Ángel can be reached online at https://www.linkedin.com/in/ladve/ and at our company website 

https://www.sealpath.com/. 



Protect SAP Supply Chains by Preventing Cyber Attacks 

By Christoph Nagy, CEO, SecurityBridge 

Highly advanced and extremely dangerous cyberattacks are targeting SAP (from the company originally 

called “System Analysis Program” Development) software supply chains with an alarming increase in 

frequency. By taking advantage of vulnerabilities within SAP's infrastructure, particularly during the 

software implementation phase, these attacks jeopardize critical operations of enterprises worldwide. 

This article will examine the nature, impacts, and measures SAP administrators and IT security personnel 

can take to prevent these attacks. 

Where Do the Vulnerabilities Lay? 

No system, including SAP systems, is immune from supply chain attacks. The defense needs to focus 

on third-party vendors and the deployment process. The weak spots are SAP transport requests, which 

implement code changes. 

A little-known feature in SAP programs is that transport requests allow for changes, and malicious actors 

find this allowance their point of attack. Transport requests are vehicles for source code deployment and 

are vulnerable to attack because they allow for modifications. With proper authorization, third-party 



coders and rogue employees can affix payloads to transport requests that get around the defensive 

barriers and activate malicious scripts when imported into the production system. 

Attack Vectors 

Malicious code can be hidden in legitimate SAP code. Attackers can inject their codes via third-party 

software packages. Digital signatures will not secure the packages because third-party vendors are not 

allowed to sign them. Ironically, the signature process leaves a window of vulnerability in the verification 

process. This weakness is where hackers can use relied-upon software packages to deliver damaging 

payloads. 

Another vector of attack can occur with the change management process. This process can be altered 

to reverse the release status of a transport request from "Released" to "Modifiable," thus allowing the 

injection of malicious objects that execute upon deployment. If the attackers understand an organization's 

internal processes and protocols, this manipulation can be tricky to detect and mitigate. 

In addition, threats to SAP systems can come from inside and outside; employees with proper access 

can also be the bad guys. Those with official clearance can change transport requests after export. This 

authorized ability to modify requests requires rigid security protocols to protect the deployment process. 

Steps For Protection 

A varied and sophisticated approach is needed to secure SAP supply chains. Routine patch management 

can handle known vulnerabilities. SAP announces its updates on the second Tuesday of every month, 

and organizations must pay attention to this date. For example, SAP's security advisory SNOTE 3097887, 

which fixes the vulnerability CVE-2021-38178, is critical for guarding file systems and preventing 

manipulation. 

• Real-time monitoring is another significant detection mode for abnormalities in the SAP 

landscape. Any deviations from baseline configurations can be set to trigger automated alerts in 

real-time for swift defensive reaction. Implementing extensive patching and vulnerability 

management strategies to bolster infrastructure and applications is also crucial. To complement 

that, routine security audits and implementing advanced threat detection systems can significantly 

assist security. 

• Code security must be assured during the implementation and deployment phases. Automated 

code scanners and manual review processes can be significant measures for detecting and 

mitigating vulnerabilities before they enter production environments. Intensified change 

management controls that include extra checks and verifications can prevent unauthorized 

changes and ensure that only vetted changes are deployed. 

• Protect the SAP supply chain by checking vendor security practices. Be sure to require the same 

level of security from third-party vendors as your organization and verify the integrity of third-party 

software packages before deployment. 



• Build a security foundation for DevSecOps from initial coding to final deployment. This foundation 

will ensure security is embedded in every development lifecycle stage. By taking this tact, 

organizations can identify and mitigate risks early in the development process, thus lessening the 

chances of unleashing vulnerabilities into the production environment. 

• Implement routine audits and reviews of transport logs to detect tampering before production 

imports. This proactive step will help address potential threats before they hit the system. Regular 

security training will educate employees about current threats and introduce them to best 

practices for securing SAP systems. 

Conclusion 

The SAP software supply chain is a prime target for cyberattacks due to its critical role in global enterprise 

operations. Organizations can protect themselves from supply chain attacks if the vulnerabilities are 

understood and robust security measures are taken. Regular patch management, real-time monitoring, 

hardened infrastructure, secure code implementation, enhanced change management, vendor security 

practices, and DevSecOps are all excellent steps for safeguarding SAP environments. Remaining vigilant 

and instilling a proactive posture will go a long way toward ensuring the integrity and security of SAP 

systems, thus allowing reliability and efficiency of operation. 


Christoph Nagy is a founding member and CEO at SecurityBridge–a global 

SAP security provider, serving many of the world's leading brands and now 

operating in the U.S. Christoph has 20 years of working experience within 

the SAP industry. Through his efforts, the SecurityBridge Platform for SAP 

has become renowned as a strategic security solution for automated 

analysis of SAP security settings, and detection of cyber-attacks in real-time. 

Before SecurityBridge, Christph applied his skills as a SAP technology 

consultant at Adidas and Audi. He can be reached online at 

christoph.nagy@securitybridge.com and at https://securitybridge.com/. 



How To Navigate Certification Authority Distrust: Preventing 

Critical Incidents by Switching to A New Vendor 

In the fast-paced world of enterprise security, choosing the right partner for your digital security 

needs is critical 

By Debbie Hayes, Director of Product Marketing, GMO GlobalSign 

In the ever-evolving landscape of digital security, maintaining trust is paramount. When a Certification 

Authority (CA) is no longer trusted by browsers like Google, as was demonstrated on June 27th, it can 

lead to significant disruptions for businesses relying on their services. This article explores the 

implications of such a scenario and demonstrates how a Certification Authority can seamlessly issue new 

certificates, preventing any short-term critical incidents and ensuring continued trust and compliance. 



Understanding CA Distrust and Its Implications 

Google, like other major tech companies, regularly assesses and enforces stringent security standards 

for Certification Authorities. When a CA fails to meet these standards, it can result in browsers no longer 

trusting certificates issued by that CA. The consequences of this distrust include: 

• Website Inaccessibility: Users may be greeted with alarming security warnings, leading to loss of 

traffic and trust 

• Data Security Risks: Without a trusted certificate, data transmitted between your website and its 

users could be vulnerable to interception and tampering 

• Compliance Issues: Organizations might fall out of compliance with industry regulations, risking 

fines and reputational damage 

Immediate Action: Issuing New Certificates with a CA 

When businesses are faced with the need to switch from a distrusted CA, a Certification Authority 

provides a reliable and trusted solution. Here’s how they can assist in issuing new certificates to prevent 

any short-term critical incidents: 

1.Rapid Certificate Issuance 

• Immediate Response: A team should be ready to act quickly, ensuring that new certificates are 

issued without delay 

• Automated Tools: Look for automated tools to expedite the issuance process, minimizing 

downtime and ensuring a smooth transition 

• Bulk Certificate Issuance: For organizations with multiple certificates, seek out a CA with bulk 

issuance capabilities that streamline the replacement process 

2.Trusted Security Solutions: What to Look For 

• Robust PKI Infrastructure: Be sure to work with a CA that operates a highly secure and scalable 

PKI infrastructure, and one that is trusted by major browsers and platforms worldwide 

• High-Assurance Certificates: Also, be looking for a company that offers a range of certificates, 

including Extended Validation (EV), Organization Validation (OV), and Domain Validation (DV), 

ensuring you get the right level of assurance for your needs 

3.Proactive Certificate Management 

• Discovery and Inventory: helps you discover and manage all certificates across your network, 

providing visibility and control 

• Automated Renewal: prevent lapses in security, our automated renewal service ACME, ensures 

that your certificates are always up to date 

• Centralized Management: allows you to oversee all certificates from a single interface, simplifying 

administration and reducing risk 



Partnering with a Certification Authority: Beyond Certificates 

Working with trusted CA offers more than just a switch in providers—it’s a partnership for enhanced 

security and operational efficiency. 

• Expert Support: Seek out a CA with a team of security experts who are available to provide 

guidance and 

• Scalable Services: Whether you’re a small business or a large enterprise, consider a CA that can 

scale to meet your needs 

Losing trust in your CA can be a daunting experience, but it also presents an opportunity to strengthen 

your security posture. By switching to new CA and issuing new certificates immediately, you can prevent 

short-term critical incidents and maintain the trust and security of your digital assets. Discover, manage, 

and design your security infrastructure with a provider that’s trusted by leading organizations worldwide. 

Make the switch today and ensure your digital trust remains uncompromised. 


Debbie Hayes currently serves as the Director of Product Marketing at 

GlobalSign. She stands as a driving force behind the company's 

strategic initiatives, bringing a wealth of expertise and a proven track 

record to the table. Debbie is a seasoned professional with over 30 

years of invaluable experience in the dynamic realms of the IT industry 

and cybersecurity. Throughout her extensive career, Debbie has honed 

her skills and is a results-driven individual, demonstrating a deep 

understanding of business management and marketing. Her proficiency 

in project management and communication has consistently positioned 

her as a key player in shaping successful marketing campaigns and 

fostering collaborative, cross-functional efforts. 

Debbie can be reached at debbie.hayes@globalsign.com and at GlobalSign’s website 

https://www.globalsign.com/en. 



The Common Goods and Shared Threats of the Software Supply 

Chain 

By Frank Catucci, CTO and Head of Security Research, Invicti 

Perhaps the defining quality of the software supply chain is complexity. Amid the countless lines of code 

that the modern world runs on there is potentially infinite scope for mistakes, vulnerabilities and malicious 

manipulation. 

The nature of software development also means that code and tools are constantly being re-used, which 

in turn are being used to build other applications. From there, the vulnerabilities that might be embedded 

within one application or code repository - spread quickly out to everywhere else it is used. 

In this complex, fast moving supply chain - security debt builds up quickly. Bugs, problems and 

vulnerabilities get embedded deeply within the software that finally comes to market. From there all it 

takes is a failure in the right place, or a particularly capable adversary to bring about catastrophe. 

Pressures on software development 

Our entire world runs on software. That has only become more apparent in recent years and demands 

for new applications, tools, products and services have exploded. That is reflected in the growing demand 



for software developers for whose world population is expected to reach 28.7 million by the end of this 

year, growing by 3.2 million over the last four years. 

That said, problems scale along with everything else. That explosion in demand has resulted in a massive 

increase of pressure on software developers. They’re being asked to develop quicker, do more and 

release to ever tighter deadlines. Of course, this comes with huge potential for deleterious effects on the 

final quality of the product. 

Our 2022 Fall AppSec Indicator revealed that nearly half - 45% - of developers will in fact skip crucial 

security steps in order to make those ever tightening deadlines. It’s not hard to see why - 80% of those 

developers agreed that even those crucial security processes delay delivery. The AppSec indicator found 

that 74% of respondents admitted to regularly releasing insecure applications. On top of that, 1 in 3 issues 

under remediation apparently make it to production without being caught in testing or development. 

Furthermore, the sheer amount of code being pushed through to production puts pressure on the code 

review process. This is a stage which requires meticulous concentration and focus, and the specialists 

who conduct it can and do suffer from overwork and burnout. These pressures can become risky in a 

single application or service, but they can also spring up at any time throughout the software supply chain 

as one release goes out to customers or as other developers build upon it. As those releases get passed 

onto the next link in the chain, so do the errors and bugs that come with them. 

That’s just what can happen in a single link, but if we zoom out to the buzzing morass of actors in this 

supply chain, it’s almost impossible to miss the glaring structural problems too. 

Open Source 

Make no mistake, modern software development relies on the communal philosophy of Open Source. 

This is a design philosophy in which people make their code publicly available - thus allowing anyone to 

use, change and distribute that software. This has become a bedrock resource for software developers 

in both open-source and private sectors. 

The numbers bear it out too. A report from the 2024 Open Source Security and Risk Analysis Report 

found that open source components are nearly everywhere. Literally. The report found that 96% of all the 

codebases it reviewed contained open source components. It’s not just that it’s found in nearly all 

applications - there’s a lot of it too. The report adds that over three quarters - 77% - of the code in those 

reviewed codebases was open source. It goes further to reveal that “every industry codebase scanned 

contained open source - most at percentages for 99% to 100%.” 

Yet as well-meaning as the philosophy of open source might be - its openness allows for all kinds of 

errors and the trust that software developers place in it makes those errors particularly dangerous. 

That danger emanates from two areas - both perfectly innocent as well as malicious. The first simple 

point is that the sheer scale of open source components used all along the software supply chain opens 

up huge scope for vulnerabilities. In fact, given the exponential growth of software, that scope is 

expanding. 



In fact, new vulnerabilities in this huge category open up every single day. A quick Google search will 

reveal new vulnerabilities cropping up in open source tools almost every day. Recently, for example, 

security researchers found four vulnerabilities in the widely popular GOGs Git Service, with three of them 

rated as critical severity. 

Of course, vulnerabilities here make their way into the hands of consumers and businesses regularly. 

Security researchers at EVAsec recently discovered three vulnerabilities - one of which was a decade 

old - in CocoaPods, an open source tool used to incorporate software libraries into existing applications. 

CocoaPods - the researchers added - can be found in over three million applications: “Such an attack on 

the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations 

vulnerable to catastrophic financial and reputational damage.” 

These were quickly patched by CocoaPods, but only because they were discovered by security 

researchers - tellingly known as “ethical hackers” - first. Had they been discovered by a malicious party - 

then the outcome could have been destructive for users of Apple products everywhere. 

Then again, attackers know this and are constantly trying to abuse and corrupt open source components 

to get a foothold into that shared stream of resources that eventually make their way into every sector. 

Introducing a vulnerability in one of these components, could provide a vulnerability everywhere else it is 

used. 

In fact, attacks on the open source supply chain have skyrocketed in recent years. In 2023, Sonatype 

revealed that they had seen over 245 thousand attacks against the open source supply chain, showing 

a 280 percent growth from the previous year. 

One particularly destructive example of this is happening right now - Polyfill.io is an enormously popular 

javascript CDN which thousands of other websites use to nullify the differences that emerge from different 

versions of a given browser. After a new firm took over the domain early in 2024, the Polyfill.io CDN 

started delivering malicious javascript to the over 100,000 websites that have embedded cdn.polyfill.io 

which include jstor and the World Economic Forum. 

Supply chain invasion 

Of course, attackers don’t actually need to abuse the baseline trust of open source components in order 

to infect the supply chain and multiply the effectiveness of a given attack. In fact, a 2024 survey from 

Enterprise Strategy Group has found that 91% of organizations had experienced a software supply chain 

incident in the previous 12 months. The top vector for those incidents was zero-day exploits from 

vulnerabilities within third party code. 

Software companies that provide widely used applications are also a major target. In the 2020 

SUNBURST attacks, attackers inserted malicious code into the update mechanic of Orion - Solarwinds’ 

flagship infrastructure monitoring and management platform - potentially spreading that malicious code 

to all the customers who updated - including international businesses, governments and many more. 

Thankfully, that attack was stopped but only months after it attackers had initially made the initial 

compromise. 



Artificial Intelligence 

Looking ahead, Artificial Intelligence may be a game-changer - for good or ill. 

Even basic publicly available LLMs - like ChatGPT - have become indispensable tools for software 

developers. Given the above-mentioned pressures, these tools are now allowing developers to write code 

even faster. These tools, however, are not infallible and there are plenty of recorded cases of them 

introducing bugs into the code they generate. Yet another risk emerges when we consider how the ability 

of these tools to scale code output, will likely result in a scaling of those vulnerabilities within that code. 

In fact, a recent study from Stanford University has actually shown that code written without AI-assistance 

was generally more secure. Those study participants that did use AI-tools to help them write code, turned 

up significantly more vulnerabilities. Crucially, however, those that used those AI tools imagined that the 

code they had written was actually more secure than their counterparts. The authors of the paper note - 

“participants who had access to the AI assistant were more likely to introduce security vulnerabilities for 

the majority of programming tasks, yet were also more likely to rate their insecure answers as secure 

compared to those in our control group.” 

Feeling dizzy yet? 

It’s a headache-inducing amount of complexity to deal with, especially when we consider that these are 

the supply chains on which we all rely to create and use safe software. In some sense the problem boils 

down to how hard it is to actually see into these long and complex supply chains. In fact, these are 

invisible to most. A 2024 survey from Cycode revealed that 72% of IT pros labeled software supply chain 

security as their biggest blind spot. 

It’s also important to realize that these problems don’t just do damage at the end of the supply chain, 

when it’s finally in users hands. In fact, these problems can emerge and wreak destruction at any part 

throughout it - especially because different links on that chain can also be characterized as users as well. 

Businesses need to think of themselves both as potential victims as well as potential origins of new 

problems. 

There is a limited amount an individual business can do to combat this problem on an systemic level - 

it’s a function of the incredible demand for software and the lack of broader guardrails across borders, 

sectors and businesses. That said, making sure that they don’t become a victim or originator of software 

supply chain insecurity is a comparatively simple task. 

It can start with a robust AppSec programme which can provide an accurate picture of the entire threat 

landscape with continuous automated scanning which is integrated in CI/CD workflow so it can pick up 

on vulnerabilities as they emerge in the software development process. On top of that, a Zero Trust 

approach will help enormously in mitigating supply chain risk, making sure that entities assets and third 

party components are examined thoroughly throughout development and treated with the correct amount 

of suspicion to offset risks. 



The price of not dealing with these risks are well known. However, even if the threat of cyberattack, 

reputational damage, lost revenue or customer flight don’t prompt businesses to action, then regulation 

just might. The European Union’s NIS2 is on the horizon, coming into enforcement by October 2024. 

Much like the General Data Protection Regulation, NIS2 comes with heavy fines for the non-compliant. 

Unlike the GDPR, however, it makes compliant organizations account for the security of their supply 

chains. This should underline the need for each individual business and organization to take account for 

the underlying security of their software providers and partner organizations. 

The software supply chain is a channel on which we all rely. As a result, each link in that chain is only as 

good as the links it connects to. It is incumbent upon every party within it to thoroughly assess the security 

of the software they both produce and receive. This is not merely a matter of personal interest for 

businesses, but personal integrity too. 


Frank Catucci is CTO and Head of Security Research at Invicti. He is a Global 

Application Security Technical Leader with over 20 years of experience, 

designing scalable application security specific architecture, partnering with 

cross-functional engineering and product teams. Frank is a past OWASP 

Chapter President and contributor to the OWASP bug bounty initiative and 

most recently was the Head of Application & Product Security at Data Robot. 

Prior to that role, Frank was the Sr. Director of Application Security & 

DevSecOps and Security Researcher at Gartner, and was also the Director of 

Application Security for Qualys. Outside of work and hacking things, Frank 

and his wife maintain a family farm. He is an avid outdoors fan and loves all 

types of fishing, boating, watersports, hiking, camping and especially dirt bikes 

and motorcycles. 

Frank can be reached online at frank.catucci@invicti.com and at our company website 

https://www.invicti.com/. 



Fight Fire with Fire: 3 Strategies to Defeat Deepfakes 

By Hal Lonas, Chief Technology Officer, Trulioo 

Generative AI deepfakes represent another skirmish in the ongoing clash between two forces that never 

stop innovating 

I was there when AI and machine learning entered the battlefield. I started a cybersecurity company in 

the early 2000s that used machine learning to classify the internet long before that technology was 

commonplace. 

When I moved to the identity space, the parallels were obvious. There are bad actors constantly looking 

for attack vectors to compromise a system and an opposing team trying to shore up the defenses and 

stay ahead of the threat. 

Deepfakes are another attack vector and illustrate tremendous strides in AI in the past decade. We see 

the world based on visual presentation, and when people create faces or videos that can pass for us, it 

poses a threat to identity at its core. 



But sophisticated AI can detect sophisticated AI. We can use AI in mathematical ways to spot details that 

are too flawless or that have artificially injected imperfections. It’s an ability that’s becoming more 

prevalent among AI platform capabilities, including selfies, image detection and pictures of pictures. 

Bad actors, though, won’t stop innovating. So how do you defend against the latest state-of-the-art 

attacks and prepare for whatever comes next? There are three key strategies. 

1. Use a Layered Defense 

Many identity verification providers are either in the data-only category or focus just on document or 

biometric verification, and they tend to be firm about which way is better. 

But when you bring all those techniques together and apply different technologies for different use cases, 

you’re essentially killing the concept of verification categories. That’s how you beat the bad actors’ AI, 

which might be able to defeat a single technology. 

We’re going to see that layered defense becoming more prevalent in identity. 

Document verification, for instance, already applies layered tactics. A person takes a photo of the ID and 

takes a selfie to match the document’s picture. Liveness detection, which can measure aspect ratios and 

pixelation, then shows the image wasn’t taken from a screen. 

As organizations layer on verification capabilities, they gain more assurance in a customer’s identity, and 

the information starts to line up and match across databases. That assurance doesn’t have to come with 

higher costs, longer verification times or a more complicated mix of vendors. 

Just as fraudsters continue to innovate, so too do those who stop them. Cutting-edge technology driven 

by AI and machine learning can deliver every verification layer across one platform. 

2. Raise Defenses to the Network Level 

A network capability takes layered defenses to a higher level. It’s a way to see patterns across a broad 

spectrum of data to identify a class of attack and stop it. 

Bad actors, for instance, try to use the same synthetic identities in different environments and contexts. 

They might blend real and fake data or get a good photo and put it on different government-issued IDs 

to see what gets through. 

The network has the ability to see that photo or data multiple times and build a defense. 

The network effect also can apply to industries. Bad actors trying to access a particular industry will work 

their way down the list of organizations trying to get in. A network model allows the industry to 

cooperatively stop fraud. 



Is there interest in an industry network model now? There is to some degree. Would that grow stronger 

if fraud becomes a bigger problem? It could. 

3. Evolve With Identity 

As fraudsters get more sophisticated, organizations will face the choice of either applying more friction to 

users to identify themselves or evolving with identity technologies. 

The future of identity is that we’ll likely become more reliant on a digital assistant or personal device that 

we present when challenged for verification. We certainly trust the security features on our phones to 

protect everything from bank accounts to travel data, so it’s not a big leap to identity. 

People, for example, can own proven self-sovereign identities and present them in a secure exchange 

medium through their phones. 

Of course, a new class of bad actors will follow. They’ll double-down on breaking into phones, or they’ll 

get more sophisticated about inserting themselves into the conversations between the self-sovereign 

identity and authentication authority. 

But self-sovereign identity likely will remain a complicated, fragmented space for the foreseeable future 

because many different entities, public and private, want to be involved. 

Reasons for Hope in a Perilous Digital World 

Fraudsters are great innovators. They’re creative at uncovering holes in a digital system and quickly 

exploiting them. 

They help each other. People can buy kits to carry out attacks. They have access to computing power 

and tools that were never before available. 

That could keep anyone up at night. But there are two sides to this duel, and that should give us hope. 

The computing power and AI fraudsters use can also stop them. For every innovation that gives them an 

edge, there’s another that dulls their blade. 




Hal Lonas is the Chief Technology Officer for Trulioo. Hal brings more than 25 

years of technology leadership to his role guiding the Trulioo product and 

technology vision. He is a recognized innovator in cloud security and machine 

learning and a long-standing champion of automation technology. Prior to 

joining Trulioo, Hal was senior vice president and chief technology officer for the 

SMB and Consumer business unit at OpenText, where he oversaw the 

organization’s technology and product strategy. Hal also was chief technology 

officer at Webroot and Carbonite, where he led the creation of the first cloudnative 

security platform. He co-founded and was vice president of engineering for BrightCloud and has 

held key engineering management positions with Websense and ADP. Hal also co-authored several 

patents and holds a degree in aeronautics and astronautics from the Massachusetts Institute of 

Technology. 

Hal can be reached online at https://www.linkedin.com/in/hal-lonas-4555b1/ and at the company website 

https://www.trulioo.com/. 



Navigating the Security Risks and Efficiency Gains of GenAI in 

Healthcare 

By Lior Yaari, CEO, Grip Security 

SaaS technology and artificial intelligence (AI) are revolutionizing patient care, drug development, and 

health and wellness practices. Today, AI processes massive datasets of biological and chemical 

information to identify potential drug candidates, and machine learning algorithms analyze diverse data 

sources to predict the efficacy and safety of new compounds. Yet, the healthcare and BioTech industries 

are cautious towards employees using GenAI tools—and rightly so. 

From administrative to marketing to medical teams and support staff, GenAI tools boost productivity and 

drive outcomes. But while technology is fueling innovation, it’s also introducing new risks and expanding 

the organization’s attack surface. Previously, IT departments had control over software procurement and 

deployment, ensuring security measures were firmly in place. Now, SaaS and GenAI technology have 

changed the game. 

The Growth of SaaS, Identities, and Risks 

In the past, IT environments were closely managed, with IT departments controlling software 

procurement and deployment. The rise of SaaS (Software as a Service) has significantly changed this 

dynamic. While core SaaS applications usually go through a formal purchase and security review 

process, many SaaS tools are now being adopted by individual employees on their own. SaaS 



applications are easy to acquire and deploy—employees can sign up and start using them with just an 

email and a few clicks, often bypassing traditional IT oversight. 

When employees independently adopt SaaS tools, IT departments lose visibility into which applications 

are used, how they are used, and by whom. This occurrence, known as shadow IT, increases the risk of 

data breaches, as unvetted applications may not meet the organization's security standards or regulatory 

requirements. 

Each new SaaS application expands the organization's attack surface. Identity risks grow because each 

account can become a target for cybercriminals, who can use it to gain access to other corporate 

resources, leading to unauthorized access, data exfiltration, and other malicious activities. Recent highprofile 

breaches like Change Healthcare, Broward Health, and L’Assurance Maladie highlight the 

importance of protecting and securing identities and the costly consequences when compromised. 

SaaS Identity Risk Management: A More Modern Approach for Healthcare 

The shift from a closely governed IT environment to one where every employee can independently adopt 

technology requires rethinking SaaS security. To safeguard biotech and healthcare organizations 

effectively, the focus must be on enhancing visibility, control, and security compliance across all 

applications used within the organization. Enter SaaS identity risk management (SIRM), a strategic 

approach tailored to address the unique challenges posed by the widespread adoption of SaaS. 

Traditional IT security frameworks fall short in a decentralized IT environment; however, SIRM provides 

a comprehensive framework designed to secure access, maintain compliance, and protect data within a 

decentralized and rapidly evolving IT ecosystem, ensuring that an organization can safely leverage the 

benefits of SaaS while mitigating the associated risks. A SIRM framework addresses the entire lifecycle 

of a SaaS and GenAI tool: 

Image by Grip Security; all rights reserved 



The foundational elements of a SIRM program include: 

• Identity Lifecycle Risk Governance: Establish and enforce policies for managing the digital 

identity lifecycle, including discovering and revoking user access to SaaS applications as 

necessary. 

• Access Management: Involves implementing and managing secure access controls such as 

single sign-on (SSO), multi-factor authentication (MFA), and robotic process automation (RPA) to 

ensure that only authorized users can access SaaS applications. 

• Compliance Management: Ensure adherence to relevant regulatory and industry standards, 

such as HITECH, HIPAA, NIST, SOC2, ISO27001, ISO/IEC 2382:2015, and others, particularly 

concerning securing access to applications and data. 

• Security Incident Management and Response: Establishes comprehensive procedures for 

detecting, analyzing, and responding to security incidents affecting SaaS applications. 

• Enterprise Risk Management: Evaluate and control risks posed by a SaaS application to the 

enterprise, distinct from assessing the risk profile of the SaaS vendor. 

SaaS Identity Risk Management Outcomes 

The objectives of a SIRM program are designed to address the unique challenges and risks associated 

with using SaaS and GenAI applications in an organization. These goals are critical for ensuring the 

security, compliance, and efficient management of identity-related aspects in a SaaS environment. The 

primary outcomes typically include: 

• Implementing Robust Access and Identity Risk Management: Enforce strong access control 

mechanisms such as Multi-Factor Authentication (MFA) and Single Sign-On (SSO) to manage 

user access to SaaS applications securely. Efficiently manage the lifecycle of user identities from 

onboarding to offboarding. 

• Mitigating Risks Associated with SaaS Usage: Identify and address security risks unique to 

SaaS environments, including those stemming from shadow IT, where employees use 

unapproved but tolerated SaaS applications. 

• Ensuring Regulatory Compliance: Align SaaS usage with regulatory and compliance 

requirements, ensuring organizational adherence to relevant standards and legal mandates. 

• Improving Visibility and Control: Gain comprehensive visibility into SaaS application usage 

across the organization. Establish control over who accesses what applications, when, and how. 

• Adapting to Evolving Threat Landscape: Develop the agility to quickly adapt to new threats 

and changes in the SaaS ecosystem to ensure ongoing protection and risk management. 

• Enhancing Operational Efficiency: Streamline identity risk and access management processes 

for SaaS applications to improve operational efficiency and reduce administrative overhead. 

SIRM takes a programmatic approach to discovering and managing risks from Gen AI services and SaaS 

applications. By focusing on identifying and mitigating threats related to identity sprawl, shadow IT, and 

shadow AI, SIRM supports regulatory compliance and ensures effective management of identity-related 



isks, providing the most comprehensive approach for securing SaaS applications in today’s rapidly 

shifting technology environment. 


Lior Yaari is one of Israel's most esteemed cybersecurity experts. Before founding 

Grip Security, he served as CTO for YL Ventures and was a member of the YL 

Ventures Insiders Network. Lior also led as the Chief of Cyber Training for the Israeli 

Intelligence Corps, Unit 8200. Learn more about Grip Security. 

Lior can be reached at our company website https://www.grip.security. 



A Guide for SMB Defense Contractors to Achieve CMMC 

Compliance 

CMMC Timelines, Requirements, and Ways to Reduce Costs 

By Seth Steinman, Vice President, PreVeil 

The Department of Defense (DoD) created the Cybersecurity Maturity Model Certification (CMMC) 

program to defend the vast attack surface of the Defense Industrial Base (DIB). CMMC is expected to 

become law by the end of 2024 and start appearing in contracts by Q1 2025. 

For Small and Medium-Sized businesses (SMBs) operating within the DIB, CMMC compliance can seem 

like a daunting task. However, with proper preparation, the right partners, and a strategic approach, 

achieving compliance can be manageable and even beneficial. This article will explore the requirements 

of CMMC, outline the roadmap to compliance, and discuss how companies can save money & expedite 

compliance. 



CMMC Compliance Levels 

CMMC establishes three compliance levels, based on the type of information DIB organizations are 

working with. 

• Level 1 is for organizations working with Federal Contract Information (FCI) only 

• Level 2 is for organizations working with Controlled Unclassified Information (CUI) 

• Level 3 is for organizations working with CUI and subject to Advanced Persistent Threats (APTs) 

Third Party Assessment Requirements 

Importantly, CMMC doesn’t change existing cybersecurity requirements— it just steps up enforcement. 

Until now, organizations have been permitted to self-assess their compliance, but under CMMC, the vast 

majority of defense contractors handling CUI will need to pass independent third-party assessments. 

CMMC Timeline 

CMMC is on track to become law by the end of 2024 and is expected to start to appear in DoD contracts 

in early 2025, as shown below: 

SOURCE: https://www.preveil.com/blog/cmmc-timeline/ 

It’s important for contractors to understand that even though CMMC will be phased in over time, it does 

not necessarily follow that you have more time to achieve certification. Your organization, for example, 

could be far down the supply chain from a contractor subject to CMMC early on, in which case that 

contractor must flow down CMMC requirements to your organization at that point. 

It takes typical SMBs between 12-18 months to meet CMMC Level 2 requirements, which is past the date 

in which CMMC requirements are expected to appear in DoD contracts. Now is the time to get started on 

CMMC certification. 



Preparing for CMMC Level 2 Compliance: Key Steps for SMBs 

While CMMC compliance may seem like a major undertaking, taking a proactive approach can make the 

process faster and more cost-effective. Here are some key steps SMB defense contractors should take 

to prepare: 

1. Familiarize Yourself with the CMMC Framework: Reading this article is a great first step; 

PreVeil also offers a CMMC whitepaper that’s been downloaded by over 5,000 defense 

contractors outlining all the details you need to know. 

2. Scope your compliance Boundary: Determine the people, devices, and processes that access, 

process, and store CUI. The smaller you can make your CUI enclave, the cheaper, faster, and 

easier compliance will be to achieve because you will have fewer endpoints to secure and fewer 

people to train on CMMC compliance protocols. 

3. Adopt a Platform to secure CUI: If you’re using Microsoft 365 Commercial or Google 

Workspace, you cannot support CMMC compliance and you’ll need to make a switch. You must 

ensure any Cloud Service Provider or technology vendor meets the following: 

o Meets FedRAMP Moderate Baseline or Equivalent 

o FIPS 140-2 certificate for encryption 

o Meets DFARS 252.203-7012 c-g for incident reporting 

4. Develop robust documentation: Achieving CMMC compliance requires more than just 

safeguarding CUI. The DoD estimates that generating the necessary documentation like a 

System Security Plan and Standard Operating Procedures will take 168 hours at a cost of 

$40,000. 

5. Conduct a self-assessment against NIST 800-171A and execute POA&MS: The selfassessment 

should be conducted according to the DoD’s Assessment Methodology, which is 

spelled out in NIST 800-171A. It specifies 320 objectives spread across the 110 security 

requirements. Know that perfect scores of 110 are quite rare for self-assessments done early in 

your compliance journey; Your organization likely will have some controls that are unmet. Create 

POA&Ms for those items and specify the technologies and procedures you will use to close those 

gaps and by when a score of 110 will be achieved. 

6. Schedule your C3PAO assessment: CMMC Level 2 assessments are conducted by CMMC 

Third Party Assessment Organization (C3PAOs), who will start with their own review of your 

readiness, then check your documentation and assess your compliance with NIST 800-171. They 

will also conduct employee interviews, and spot checks for artifacts such as records of training 

sessions, that prove compliance. 

Ways to Reduce Costs 

1. Reduce your compliance boundary: If only a portion of your organization handles CUI, then it makes 

sense to narrow the scope of the security requirements by creating a separate enclave. This translates 

into a simpler assessment process that saves you time and money. Some solutions like Microsoft GCC 

High often need to be deployed across entire organizations, adding significant costs and complexity. 



2. Choose a platform that’s easy to use and deploy: Platforms like Microsoft GCC High often require 

expensive consultants, separate email addresses, and a full rip-and-replace. Look for a solution that can 

be deployed in hours, uses your existing email addresses, and integrates directly with the tools you’re 

already using, like Outlook, Gmail, File Explorer and MacFinder. 

3. Deploy a solution with proven CMMC credentials: If your organization has migrated to the cloud, 

know that standard commercial cloud services such as Microsoft 365 Commercial do not meet CMMC 

requirements for storing, processing and transmitting CUI. You want to verify that it has FIPS 140-2 

encryption modules, meets DFARS c-g, is FedRAMP Moderate or Equivalent, and has been used to pass 

multiple DoD assessments. 

4. Use pre-filled compliance documentation to save you time and money 

To pass an assessment, contractors will need detailed, evidence-based documentation clarifying how 

the controls are addressed within their company. This can be a daunting, time-consuming and costly task 

so look for a solution that offers pre-filled documentation including a System Security Plan (SSP) and 

Standard Operating Procedures. 

Conclusion 

CMMC is on track to become law by the end of 2024. Even today, if your organization handles CUI, you 

have a DFARS 252.204-7012 clause in your contract that requires you to comply with NIST 800-171. 

Now is the time to get started on CMMC compliance and protect your business from penalties and 

contract loss. 

While CMMC may seem overwhelming, find a proven partner who can help you achieve CMMC Level 2 

faster and more affordably. To learn more about how PreVeil can help your organization achieve CMMC 

Level 2 compliance, visit preveil.com for a free 15-minute consultation with our compliance team. 


Seth Steinman is the Vice President of Marketing at PreVeil. He is a recognized 

thought leader with over 15 years of experience in technology and security. He is a 

regular speaker at the Cybersecurity Marketing Conference, an advisor to leading 

companies like UserGems and Archilogic, and has published articles in respected 

publications like Security Boulevard, Security Clearance Jobs, and Digital Guardian. 

Seth can be reached online at ssteinman@preveil.com and at our company website 

https://www.preveil.com/. 



The Role of AI in Evolving Cybersecurity Attacks 

Exploring the Rise of AI and Its Impact on Evolving Cybersecurity Threats 

By Will Poole, Head of Incident Response, CYFOR Secure | Cyber Security 

In the ever-expanding digital landscape, cybersecurity remains a critical concern for individuals, 

businesses, and governments alike. As technology advances, so do the tactics of cybercriminals. One of 

the most significant developments in recent years has been the integration of Artificial Intelligence (AI) 

into cyber attacks, leading to a new wave of threats that challenge traditional security measures. 

But how exactly is AI aiding cybercriminals, and what implications does this have for the future of 

cybersecurity? 

Sophistication Meets Efficiency 

The landscape of cyber threats is constantly evolving, with attackers leveraging technological 

advancements, including AI, to launch more sophisticated attacks. By harnessing AI capabilities, 

cybercriminals can cause greater damage with less effort and a reduced risk of detection. This shift 

towards AI-driven attacks requires a heightened level of awareness among cybersecurity professionals 

to detect and mitigate these threats effectively. 



The cost of cyber-attacks is staggering, with data breaches alone estimated to have cost businesses 59 

trillion dollars globally in 2023, with the average cost of a singular breach in the US estimated to cost 4.45 

million dollars (IBM.com). As attacks become more tactically significant, organisations must invest in AIdriven 

cybersecurity infrastructure to safeguard against these risks. 

The Rise of AI-Driven Cyber Attacks 

AI-driven cyber-attacks have been steadily increasing in recent years and are projected to continue 

growing in the future. These attacks outwit traditional security measures by leveraging machine efficiency 

against human effort. With AI, attackers can identify vulnerabilities, craft targeted attacks, and execute 

them with unprecedented speed and sophistication. 

The tools for launching AI-driven cyber-attacks already exist, presenting a formidable challenge to 

cybersecurity professionals. These attacks are not only faster and more unpredictable but also more 

difficult to detect and defend against. 

Mitigating AI-Driven Threats 

In the face of these evolving threats, it’s crucial to understand the risks associated with AI in cybersecurity 

and take proactive measures to protect against them. Some of the strategies for defending against AIdriven 

attacks include: 

o 

o 

o 

o 

o 

Limiting Information Sharing – Be cautious about sharing personal information, especially 

through automated systems. 

Enhancing Data Security – Implement robust data security measures to safeguard sensitive 

information. 

Employee Training – Provide comprehensive training to your employees to enhance awareness 

of cybersecurity threats and best practices. 

AI Incident Response – Develop a clear plan for responding to AI-driven cyber-attacks, including 

steps for remediation and recovery. 

Vulnerability Management – Stay vigilant against emerging threats and promptly address any 

vulnerabilities in systems and networks as soon as possible. 

Leveraging AI for Cyber Defence 

While AI presents new challenges in cybersecurity, it also offers powerful tools for defending against 

evolving threats. By harnessing AI capabilities, organisations can improve cyber threat detection, predict, 



and prevent attacks, and strengthen overall security posture. From phishing detection to incident 

response, AI-driven solutions play a vital role in safeguarding against cyber threats. 

In conclusion, the integration of AI into cyber attacks represents a significant challenge for cybersecurity 

professionals. However, by understanding the nature of these threats and implementing robust defence 

strategies, organisations can effectively mitigate the risks posed by AI-driven cyber-attacks and protect 

against emerging threats in the digital landscape. 


Will Poole is Head of Incident Response, CYFOR Secure. At CYFOR, Will 

serves as our Head of Incident Response for Cyber and Corporate. In his 

nearly one year with us, he has proven to be an invaluable asset to the 

entire team. With over six years of experience in cybersecurity and a 

background in software engineering focused on website and application 

development, Will brings a deep well of knowledge and expertise to his 

role. His passion for problem-solving and his fascination with seeing 

projects "come to life" inspired his transition into cybersecurity early in his 

career. Will's dedication and skill have made a significant impact on both 

our team and our clients. 

Will can be reached online at LinkedIn and at our company website https://cyforsecure.co.uk/. 



The Fundamental Components to Achieving Shift-Left Success 

By Scott Gerlach, CSO and Co-Founder at StackHawk 

“Shift-left” is a familiar concept to CISOs and security practitioners across the globe. A term coined to 

promote the integration of security practices earlier in the software development lifecycle (SDLC) in a bid 

to dwindle escalating application security risks. Boasting the ability to deliver more efficient and secure 

software, scale responsibilities and empower developers to fix security bugs, it’s no surprise that the 

concept has garnered significant industry attention in recent years. However, despite its proliferated 

awareness, security teams continue to face challenges with shift-left buy in and its implementation. 

There are several obstacles to shifting security left. The first, and perhaps most prevalent, is a lack of 

understanding within organizations about their current locality on the shift-left journey. This challenge is 

closely coupled with insufficient resources available to actually shift-left, both monetary and personnel. 

Identifying and understanding the stages of shift-left adoption is key to its successful implementation, and 

being able to depict the resource allocations required at each stage. Yet, it remains an untapped 

phenomenon amongst industry peers, creating obstacles and roadblocks throughout the shift-left 

journey. 

The shift-left journey comprises four fundamental stages: box-checking basics, shift-left curious, shift-left 

committed, and continuously secure. A core component of this process is the seamless integration of 

people, processes, and tools. Building and nurturing a culture that integrates security, instituting robust 

processes, and leveraging the right tools, organizations will possess the means to proceed through every 

stage, bolstering security posture throughout their entire software development lifecycle. 



Bye Bye Basics 

Many organizations’ shift-left journey begins with basic box checking activities. Organizations are fixated 

on reactively adhering to compliance regulations, in lieu of proactively enhancing their security posture. 

At the ‘box checking basics’ stage, application security teams’ efforts are often solely focused on testing 

applications in production, creating tickets, and leaving developers to independently resolve issues as 

they prove to audit teams that they have a process. There is zero collaboration between those developing 

applications and the security team at this stage, resulting in the belated discovery of security flaws, 

inflated mitigation costs, and setbacks in timelines for product releases. However, shift-left success 

hinges on deep collaboration between security teams and developers. 

With expediting release cycles, and heightened security risks, simple box-checking basics initiatives are 

insufficient to protect organizations from modern bad actors. With an urgent need for change, 

organizations can start their shift-left journey by starting with small, controlled implementations of shiftleft 

practices, specifically initiatives that demonstrate its value to ease the transition and avoid resistance. 

Successful pilot programs can serve as proof of concept, encouraging broader adoption and fostering a 

more integrated approach to security. 

Shift-Left Curious 

As an enterprise makes the shift from box checking basics and evolves into a shift-left curious phase, 

where there is inherently more desire to reform security practices, oftentimes organizations will have a 

dedicated security champion who can drive these efforts. However, without a comprehensive strategy, 

and key initiatives driving shift-left adoption, such leaders and their organization will ultimately encounter 

roadblocks and lack of buy-in. While many dive head first, and try to scale shift-left practices rapidly, 

starting small is the key to success, along with forging deep collaboration between AppSec and 

engineering teams. 

Organizations should strive to cultivate a culture that encourages the sharing of knowledge between 

these two important teams, aligning security objectives and value delivery. This practice will lead to a 

clearer understanding of security risks and where they persist and the steps required for successful 

mitigation. This phase is a great place to go and sit with delivery teams and listen to how they work and 

the tools and processes they use to understand an effective adoption of shift-left methodologies. 

shift-left Committed 

Once organizations have fostered a culture of collaboration, and determined the required tools and 

processes for shift-left success, organizations will start to affirm their commitment to the practice. This 

phase will see organizations beginning to integrate security processes throughout all stages of 

development workflows. There are some challenges that can manifest throughout this process. 

Oftentimes, organizations will encounter issues with technical tooling, especially when trying to scale 

testing processes. 



Similar to the shift-left curious stage, it is essential to maintain a deep collaborative relationship between 

security teams and developers in this phase to nurture a security-conscious culture and embed 

automated security checks within CI/CD pipelines. This will ensure uninterrupted security throughout the 

development process. It is also important to regularly evaluate shift-left tools and processes to ensure 

that they meet industry compliance requirements and can withstand evolving security risks. 

Consistent Security 

The ideal outcome of shift-left is to attain a state of "continuously secure," whereby AppSec and 

development teams jointly take responsibility for the security of applications and fully commit to a shiftleft 

mindset. A deep cultural shift that empowers teams to proactively identify and address potential 

vulnerabilities early on, minimizing the attack surface and reducing the risk of costly breaches. At this 

stage, organizations have, in most instances, tried and tested various security tooling and have adopted 

a suite of solutions that fit their unique needs and that automate tasks to streamline many processes. 

This forward-thinking strategy not only strengthens an organization's overall security posture, but also 

builds trust with users by showcasing a dedication to protecting their information and privacy. 

Walk Before You Run 

Depending on the nature of an organization's business operations, as well as their size and industry, 

shift-left adoption techniques and processes will ultimately vary. Unfortunately, there is no one cohesive 

formula to its success. However, understanding each stage of the journey and the people, processes and 

tooling required at every phase will enable organizations to craft a strategy that will improve their security 

posture and create more secure applications. shift-left is a continuous journey, one that takes some trial 

and effort. By deeply integrating security processes across the entire development lifecycle, 

organizations can forge a more secure path forward. 


Scott Gerlach, CSO at StackHawk, has more than 20 years of experience in 

information security. Scott is a passionate Security Officer with expertise in 

identifying security gaps and working with companies to develop safe and 

effective policies and procedures to mitigate those risks. His expertise spans 

developing, implementing, and managing IT security strategy and policy, risk 

management, intrusion detection, vulnerability assessment, network security 

design, application security and incident response. Prior to founding 

StackHawk, he was CSO at Twilio. He also spent nearly a decade in security 

at GoDaddy. LinkedIn and company website: https://www.stackhawk.com/. 



AT&T Breach 2024: Customer Data Exposed in Massive Cyber 

Attack 

By Elena Thomas, Digital Content Strategist, SafeAeon Inc. 

In a shocking breach of customer privacy, AT&T said in April 2024 that almost all the data of its cell 

customers had been stolen. Records of most of AT&T's customers' call and text conversations were 

stolen during the cyberattack, which happened between April 14 and April 25, 2024. The information that 

was stolen is from May 1, 2022, to October 31, 2022, with a few records from January 2, 2023. 

The event, which has been connected to a larger attack aimed at Snowflake customers, shows how even 

the biggest companies can be hit by clever cyber threats. Even though AT&T has told the public that the 

stolen data does not include call or text content or private information like Social Security numbers, the 

sheer amount of data that was made public is very worrying about how it might affect people's privacy. 

The breach has caused a lot of controversy and calls for all kinds of industries to take more security 

steps. As the attack is still being looked into, it is still not clear how bad the harm was. This event is a 

stark reminder of how important it is to have strong data security plans to keep private consumer data 

safe. 



How Big the Breach Was 

It's hard to believe how big the AT&T data breach is. The information that was stolen is from May 1, 2022, 

to October 31, 2022, with a few records from January 2, 2023. This means that the call and text data of 

at least 10 million Americans was made public. AT&T has said that the stolen data does not include the 

content of calls or texts or private information like Social Security numbers. However, the huge amount 

of data that has been made public is very worrying for privacy. The records show who users called or 

texted, how long the conversations lasted, and sometimes even where the cell towers from which the 

calls were made. 

What Will Happen to Customers 

There are many effects of this breach. If someone gets their hands on this much info, they could use it in 

a lot of bad ways. This information could be used by cybercriminals to target phishing attacks, steal your 

name, or even demand money. Cybercriminals can make more effective phishing schemes if they know 

specific details about people, like their phone numbers and how often they call. The data could also be 

used to figure out personal things about people, like their relationships, health, or finances, which could 

then be used for bad things. 

People no longer trust AT&T to keep their customer info safe after the breach. A lot of customers aren't 

sure about the company's security methods and whether their personal information is really safe. This 

breach shows how important it is to have stricter rules on data protection and for businesses to put a lot 

of money into defense. Because of this breach, there is less trust in AT&T, which could cost them 

customers and make officials look more closely at their business. 

What Came Next 

Because of the breach, regulators, politicians, and the public have been very close to AT&T. The business 

said it is working closely with the police to look into what happened and bring the criminals to justice. At 

the same time, AT&T has put in place stronger security steps to stop similar breaches from happening 

again. These steps include tighter controls on access, better encryption protocols, and closer tracking of 

network activity. 

A bad name for AT&T is expected to last for a long time, though. The business will have to put in a lot of 

work to earn back its customers' trust and show that it cares about data security. As a stark warning, this 

breach shows that even the biggest and most well-known companies can be hacked. To fix its image, 

AT&T will need to do more than just improve its technology. It will also need to be open and honest with 

its customers about the steps it is taking to keep their data safe. 



More Than One Issue 

The AT&T breach is not the only one that has happened. In the past few years, there have been a lot 

more data hacks affecting big businesses in a lot of different fields. A scary amount of private information 

is being leaked in all kinds of fields, from healthcare to business. For example, 147 million people's 

personal information was made public when Equifax was hacked in 2017, and about 500 million guests' 

information was made public when Marriott was hacked in 2018. These events make it clear that 

cybersecurity needs to be tackled thoroughly, with the government and businesses working together. 

Keeping Yourself Safe 

Some people may not be affected by the AT&T breach right away, but it's still important to protect your 

personal information. Here are some ideas: 

Watch out for phishing attacks: Phishing emails are a common way for hackers to get people to give 

up personal information. Watch out for emails you didn't ask for, and don't click on links or download files 

from people you don't know. If you get an email from someone you don't know or one that asks for 

personal information right away, this could be a sign of a scam. 

Keep an eye on your credit reports: Check your credit reports often for any strange behavior. This 

could help you catch identity theft early. Through AnnualCreditReport.com, you can get a free credit 

report from each of the three big credit bureaus once a year. These are Equifax, Experian, and 

TransUnion. 

Strong, unique passwords are important: Make sure all of your online accounts have complicated 

passwords, and use a password manager if you need to keep track of them. Don't use information that 

is easy to figure out, like dates or everyday words. A good password generator can make complicated 

passwords for you and keep them safe. 

Turn on two-factor authentication: This makes your accounts safer by needing a second way to prove 

who you are, like a code sent to your phone. Two-factor authentication (2FA) can make it much less likely 

that someone will get into your accounts without your permission. 

When you share personal information online, be careful: You shouldn't share too much personal 

information on social media and other websites. Keep in mind that information that seems harmless can 

be used to figure out private things about you. Check the protection settings on your social media 

accounts to limit who can see your stuff. 

Conclusion 

There have been a lot of effects from the AT&T breach, not just on the customers who were affected but 

also on the company's image and finances. People are more careful with their personal information now, 

and they don't trust AT&T as much as they used to. It's clear from this event how important it is to be 



open and move quickly after a breach. Companies should not only work to stop cyberattacks, but they 

should also have a strong plan for what to do after an attack to limit the damage and rebuild trust. 

To fix the problems caused by the AT&T breach, every business needs to look at its security plans again. 

Important steps include using cutting-edge security technologies, conducting regular security audits, and 

giving workers ongoing cybersecurity training. A safety net in case of a breach can also be bought by 

purchasing complete cyber insurance. Businesses can make their defenses stronger and better protect 

their customers' info in the future by learning from this event. 


Elena Thomas is the Digital Content Strategist at SafeAeon, a leading cybersecurity company, where 

she combines her passion for digital marketing with her unwavering dedication to 

enhancing online security. With a career spanning over a decade in the 

cybersecurity realm, Elena has emerged as a prominent figure in the industry. 

Her expertise lies in crafting innovative digital strategies that empower individuals 

and organizations to safeguard their digital assets. 

Beyond her professional life, Elena is a true cybersecurity enthusiast. She 

devotes her spare time to educating the public about the ever-evolving cyber 

threats and how to stay protected in the digital age. Elena's commitment to a safer 

digital world shines through in her informative and engaging writing, making her 

a sought-after contributor to blogs and publications in the cybersecurity space. 

When she's not immersed in the world of cybersecurity, Elena enjoys outdoor adventures and exploring 

new cuisines. 

Elena can be reached via email at elena.thomas@safeaeon.com and at our company website 

http://www.safeaeon.com/. 



The Key to AI-Enabled Multi-Coalition Warfare 

By George Kamis, CTO, Everfox 

In February, the top artificial intelligence (AI) official at the Department of Defense (DoD) laid out his 

vision for AI-enabled warfare. “Imagine a world where combatant commanders can see everything they 

need to see to make strategic decisions,” he said, “[and] the turnaround time for situational awareness 

shrinks from a day or two to 10 minutes.” This level of speed and awareness can be the difference 

between life and death on the battlefield. 

For AI at the tactical edge to become a reality, though, the DoD must also implement cross-domain 

technology—particularly to make the most of collaboration with coalition partners. In Ukraine, for 

example, the U.S. is spearheading a coalition of more than 50 allies. It’s imperative that data from all 

partners, networks, and classification levels can be fed into AI engines to inform decision-making without 

sacrificing security—which cannot happen without cross-domain solutions. 

The importance of cross-domain technology 

It’s no secret that AI is only as effective as the data it’s fed. For AI-enabled warfare to become a reality, 

clean, high-quality data must be brought together from multiple security levels and coalition networks to 

form data repositories. But such data sharing must be done with the proper security measures in place. 



For example, when data from a classified U.S. network is shared with a mission partner, sensitive 

information—such as how the data was obtained—should be stripped out and only the most pertinent 

information should remain. 

On the flip side, the U.S. and its partners must also be able to take open-source intelligence from 

unclassified sources, sanitize it by removing all malicious content, and push it up to higher classification 

levels. 

Triangulating intel 

Securely bringing together disparate data to inform decision-making is only one side of the coin, though. 

In addition to working across classification levels and coalition networks, warfighters should also be able 

to run the same query on multiple AI engines, including those at the unclassified level, to triangulate intel. 

For instance, it could be extremely useful for warfighters to leverage standard open-source data on 

sentiment or threats, and to then compare that against classified AI engines. Similarly, a query run on a 

coalition network could be compared to a U.S. classified network to have a more comprehensive 

understanding of the situation. 

The ability to run the same query on different engines can create a competitive advantage on the 

battlefield. But also, it highlights the importance of keeping a human in the loop. AI-enabled warfare 

doesn’t mean the AI is making and acting on a decision all on its own. It’s simply another way to collect 

and present information—information that must be vetted by trained personnel before any action takes 

place. Internet AI engines have their own shortcomings, which must be considered in any decisionmaking. 

Still, more information is always better. 

The bottom line 

To keep pace with its adversaries, the DoD must enable warfighters operating near the tactical edge to 

seamlessly leverage data and AI. Personnel must be able to access data whenever and wherever it’s 

needed, regardless of network or domain—something that can only be done using cross-domain 

technology. Securely and efficiently managing the flow of data across classification levels and networks 

ensures algorithms are analyzing as much relevant data as possible. 

While the ability to bring together data from disparate domains and networks is integral to collaborative, 

AI-enabled warfighting, using a variety of AI engines can further supercharge such efforts. When 

warfighters can quickly and effectively query a variety of AI engines with cross-domain access technology 

and triangulate that intel, they have an even greater competitive advantage, as a diversity of perspectives 

offers warfighters an even more comprehensive understanding of the situation at hand. 




George Kamis is the Chief Technology Officer (CTO) at Everfox. 

He works closely with Information Assurance and Cyber Security 

industry leaders, government executives, and Forcepoint 

executive management team to help guide their long-term 

technology strategy and keeps it aligned with federal and industry 

requirements. By leveraging his wealth of over 30 years of 

experience in Cyber Security, he has helped lead Forcepoint to 

become the leader in Cross Domain Solutions (CDS) and cyber 

security products. 

Prior to his role as CTO, he served as Vice President of Engineering for 10 years at Trusted Computer 

Solutions and ran both the Professional Services and Development organizations. Raytheon acquired 

Trusted Computer Solutions in 2010. Trusted Computer Solutions, along with other Raytheon 

acquisitions, formed as Forcepoint in January 2016. 

Prior to Trusted Computer Solutions, Mr. Kamis worked for the US Naval Research Laboratory, Center 

for High Assurance Computer Systems. In this role, he managed the development of multilevel secure 

systems for the Navy and lead one of the first multilevel system to be deployed in the Navy. He was also 

involved with the testing and deployment of US Navy communication security (COMSEC) devices. 

Mr. Kamis is also an active member of the Technology Committee and Supervisory Committee for the 

NextMark Federal Credit Union and consults on information technology and cyber security related 

matters. 

He holds a degree in Electrical Engineering with honors from West Virginia University and holds active 

memberships Armed Forces Communications and Electronics Association (AFCEA). 

Mr. Kamis can be reach at everfox@req.co or through our company website https://www.everfox.com/. 



Four Steps Security Teams Can Take to Unlock Resources In 

Budget-Constrained Environments 

By Jennifer Leggio, Chief Operating Officer, Tidal Cyber 

Imagine walking into a board meeting with a tool that shows your board exactly how protected the 

organization is, based on the investment they have allowed you to make. 

Or, imagine getting a call from your CEO, who saw something on X (formerly Twitter) about the “threat 

of the day,” and being able to show immediately how protected the organization is from that threat with 

the resources you have in place. 

These capabilities can give boards and CEOs confidence, from a governance perspective, that there is 

coverage. But more important at this time with security budget constraints, is the ability to see if your 

defensive stack is up to the task. And if not, show what steps the team can take to optimize defenses 

and the resources needed – people, processes, and technology. 

How can you make these scenarios a reality? 

Staying Ahead of the Biggest Threats 

Gartner talks about continuous threat exposure management (CTEM) as a strategy to prioritize whatever 

most threatens your business, and estimates the approach can help organizations reduce breaches by 

two-thirds over the next two years. With more than 70% of organizations feeling they’ve wasted 25-100% 

of their cybersecurity budget, it makes sense that CTEM is one of the top five cybersecurity trends for 



2024. CTEM is comprised of multiple processes and capabilities like Breach and Attack Simulation (BAS) 

and Threat-Informed Defense (TID) that work together to advance your CTEM strategy. 

BAS tools provide an important baseline function because they test and validate that your security 

controls are working against threat intelligence available in MITRE ATT&CK®. They are higher fidelity 

than purely analysis-based evaluation and have broader coverage than human-powered penetration 

testing and red teaming. BAS tools automate the process to provide faster, more accurate results and 

can be run repeatedly with dashboards and analysis for reporting of test results. 

Illustrating Security Team Value and Investment Justification 

Testing tool efficacy provides a critical function within CTEM, but you can’t stop there. To bring those 

boardroom and CEO scenarios to fruition, Threat-Informed Defense comes into play to help you optimize 

defenses and strategically manage exposure to threats. 

Here are four steps security leaders can take with a TID approach to show how well the organization is 

protected, and what’s needed for improvement. 

1. Build on testing. Your test results may indicate what you tested is working, but you still may not 

have everything you need to secure the organization because threat actor tactics, techniques, 

and procedures (TTPs) are changing rapidly. Recent examples include Scattered Spider’s shift 

to SaaS and new techniques that came out of left field, the use of APT40 in new campaigns and 

new geographic regions, and Black Basta’s adoption of unusual TTPs to trick users into using a 

Window feature to compromise the system. And what about the tools you didn’t test and those 

that didn’t pass? 

2. Keep up with evolving threats. TID tools complement testing to help you assess your threat 

exposure across your entire defensive stack, not just select tools. Automatically mapping your 

existing security stack against a knowledge base that includes threat intelligence in MITRE 

ATT&CK, and other threat intel sources that are updated more frequently, provides a complete 

picture of how protected you are against the threat of the day. 

3. Understand your optimization options. Using insights derived by continually tracking different 

tools’ capabilities and how you have them deployed, coupled with intel on threats that matter most 

to your organization, a TID tool will provide recommendations for what to do next to optimize your 

defensive posture. You may learn that you can optimize what you already have with configuration 

changes or by adding internal resources to create a new custom rule or detection. Perhaps 

upgrading a security tool to a new version will provide the capabilities you need. Or you may 

genuinely have a gap you need to fill by adding a new tool to your arsenal. 

4. Complete the picture. As you make changes to your program, go back to testing. Validate that 

what you have done to optimize the organization’s defensive posture is working as planned and 

delivering the outcomes you want. Closing the loop will build momentum for your CTEM program 

and confidence in your team. 



Unlocking Resources 

When you advance your threat exposure management strategy with a threat-informed defense, you can 

walk into that boardroom and easily illustrate how well you are protected – at any given time or against 

the threat of the day – and what you can do to improve. 

• You can show what you’re already doing to optimize existing investments and how changes made 

are reducing threat exposure. 

• You get the justification for why you need more support to invest in either people, processes, or 

technology to fill a gap. 

• You may even be able to show that there’s an opportunity to reallocate funds by eliminating 

redundancies and retiring tools. 

Imagine that. 


Jennifer Leggio is the Chief Operating Officer of Tidal Cyber, the leader in 

Threat-Informed Defense, and has near 24 years of experience in cybersecurity 

marketing, operations, strategy, and business development. Her specialties 

include build-to-exit, build-to-grow, and rebuild-for-strength strategies. She 

excels in storytelling and crafting content-driven, integrated programs that drive 

brand awareness and revenue generation. Beyond marketing, she has overseen 

financial growth strategy, investor relations, change management, supply chain 

optimization, sales operations and enablement, and deal desk management. Her 

most notable growth and exit ventures include Fortinet, Sourcefire (Cisco), 

Flashpoint, Claroty, and Infocyte (Datto). 

In 2019, she was recognized by SC Media for advocating aggressively for ethical 

marketing programs and the protection of security researchers. She’s also spoken on these topics at 

various industry events and conferences and continues to share my insights through articles and 

podcasts, and several speaking opportunities at DEF CON, RSA, Gartner Security Summit, and so on. 

As a growth strategist, she advises startups and venture capital firms on achieving rapid and sustainable 

growth, earning a reputation as a game-changer in the industry. Jennifer can be reached online at 

jennifer.leggio@tidalcyber.com or on LinkedIn at https://www.linkedin.com/in/jenniferleggio/. 



Exploring CVSS 4.0’s Impact on Vulnerability and Threat 

Management 

By Alastair Williams, VP of Worldwide Systems Engineering, Skybox Security 

The Common Vulnerability Scoring System (CVSS) offers a standardized framework for characterizing 

and scoring vulnerabilities, helping the effort for vulnerability risk assessment. The release of CVSS 4.0 

in November 2023 marked a significant milestone in the cybersecurity landscape. With the industry 

constantly evolving and threat actors becoming increasingly sophisticated, the long-awaited update to 

the CVSS was essential. 

The new version, CVSS 4.0, was developed by 30 CVSS Special Interest Group (SIG) members. It aims 

to provide a more nuanced approach to risk assessment. This updated scoring system addresses the 

need for greater precision and clarity in determining cybersecurity risks, particularly in light of the dynamic 

nature of emerging technologies. 



Despite the advancements offered by CVSS 4.0, the complexity of cybersecurity challenges persists. 

The rapid pace of technological innovation, coupled with the relentless efforts of threat actors, creates 

the need for more nuanced risk assessment. 

What’s New with CVSS 4.0 

CVSS 4.0 brings significant enhancements to its terminology, granularity, and simplicity, leading to a 

more comprehensive risk assessment framework. 

One notable change is the refinement of terminology within the scoring system, emphasizing distinct risk 

groups to prevent confusion. The scoring groups have been rebranded to enhance clarity, with specific 

names such as CVSS-B, CVSS-BT, CVSS-BE, and CVSS-BTE, emphasizing the significance of each 

metric group in risk assessment. 

In terms of granularity, CVSS 4.0 offers enhanced detail, particularly evident in the refinement of the 

Attack Complexity metric. This metric has been divided into Attack Complexity (AC) and Attack 

Requirements (AT), enabling security teams to gain a better understanding of the conditions necessary 

for an attack and the factors within their control. The Impact metrics have been further segmented into 

Vulnerable System Impact and Subsequent System Impact, providing a more thorough evaluation of 

potential damages. 

To streamline the scoring system and improve clarity, redundancies have been eliminated in CVSS 4.0. 

Metrics such as Scope, Remediation Level (RL), and Report Confidence (RC) have been removed, 

aiming to eradicate inconsistencies and simplify the assessment process. 

In pursuit of improved simplicity, CVSS 4.0 has also consolidated the threat metric group, now comprising 

only one metric: Exploit Maturity. This metric offers three options—Functional, High, and Attacked— 

streamlining the assessment process and ensuring greater consistency across the industry. These 

enhancements in CVSS 4.0 contribute to a more refined and user-friendly risk assessment framework, 

empowering security professionals to make informed decisions and prioritize effectively. 

Leveraging Opportunities and Addressing Challenges 

The advent of CVSS 4.0 presents both opportunities and challenges for cybersecurity professionals. 

While the updated scoring system offers greater precision and granularity in risk assessment, it also 

underscores the need for organizations to reassess their vulnerability management strategies. 

Security teams must leverage the enhanced capabilities of CVSS 4.0 to prioritize remediation efforts 

effectively and bolster their defenses. By embracing a proactive approach to vulnerability management 

and leveraging comprehensive risk assessment tools, organizations can enhance their cybersecurity 

posture and mitigate potential risks effectively. 



To optimize vulnerability management, security teams should take the following actions: 

1. Familiarize themselves with the nuances of CVSS 4.0 and its updated scoring metrics to 

accurately assess cybersecurity risks. 

2. Implement comprehensive vulnerability management processes that leverage the granularity 

offered by CVSS 4.0 to prioritize remediation efforts based on the severity and exploitability of 

vulnerabilities. 

3. Invest in advanced threat intelligence solutions and automation tools to proactively identify and 

mitigate emerging threats, ensuring robust defense mechanisms against cyberattacks. 

Establishing Modern Day Defenses 

The release of CVSS 4.0 signifies a significant advancement in vulnerability and threat management. 

While it introduces complexities, it also provides opportunities for organizations to enhance their 

cybersecurity defenses. The transition will require a concerted effort from cybersecurity professionals to 

fully understand its implications and capitalize on its benefits. As organizations adapt to this updated 

scoring system, collaboration, knowledge sharing, and continuous improvement will be key to staying 

ahead of cyberthreats. 

Cybersecurity professionals must continuously work together to beat cybercriminals. The new version of 

CVSS offers enhanced risk visibility and prioritization, allowing organizations to focus resources on 

addressing the most critical vulnerabilities. CVSS 4.0 also improves resilience against cyber threats, 

safeguarding sensitive data and infrastructure from potential breaches and attacks. 

By embracing the principles of CVSS 4.0 and adopting proactive vulnerability management strategies, 

organizations can achieve greater operational efficiency and effectiveness in vulnerability management, 

resulting in cost savings and reduced exposure over time. 


Alastair Williams is VP of Worldwide Systems Engineering at Skybox Security. 

With over 20 years of experience in cybersecurity and enterprise software, 

Alastair is responsible for helping customers solve their complex cybersecurity 

challenges, ranging from Fortune 1000 companies to healthcare 

organizations to the world’s largest banks. Prior to Skybox, he spent 11 years 

at the cybersecurity company Symantec, where he held technical roles, 

including Senior Technical Product Manager, Senior Principal Systems 

Engineer, and Security Architect. Based in the U.K., Alastair is a frequent 

speaker on cybersecurity topics in Europe and around the world. Alastair can 

be reached at Skybox Security’s company website www.skyboxsecurity.com/. 



Guardians of the Grid 

How Generative AI is Revolutionizing Cybersecurity 

By Rounak Singh, Senior Research Analyst - ICT, Marketsandmarkets Research Private Ltd. 

The surge in cyberattacks and the emerging role of Generative AI 

The importance of cyber security tools in protecting sensitive information, sustaining organization’s 

resilience and enabling business continuity during hostile attempts was testified to by the events of 

cybercrime over the previous year: 

• In May 2024, the UK Ministry of Defense had a payroll system breach that led to personal 

information about almost 270,000 employees being exposed. 

• In March 2024, French state services were targeted by a large denial-of-service (DDoS) attack 

that affected more than 300 web domains and 177,000 IP addresses linked to government. 

• In February 2024, Change Healthcare, one of the major US health payment processors 

experienced a ransomware attack by ALPHV/BlackCat gang with dire consequences. The 

incident stopped payment processing for some weeks causing as much as USD 100 million daily 

losses and yet again emphasizing the need for cyber security. 



Generative AI has shown potential to disrupt the cybersecurity landscape. Although current and future 

applications of Gen AI models mainly focus on text, audio video and image-based modalities learning 

and replication; these models can also identify threats or vulnerabilities themselves, so they predict 

patterns and trends thus helping mitigate cyber threats. According to a report published by 

MarketsandMarkets, the market for Generative AI Cybersecurity is anticipated to experience substantial 

expansion with a compound annual growth rate (CAGR) of 33.4% between 2024 to 2030. This dramatic 

surge is being fueled by a number of causes. The primary growth driver is the enhancement of existing 

cybersecurity tools through generative AI algorithms by improving anomaly detection, automating threat 

hunting and penetration testing, and providing complex simulations for security testing purposes. These 

techniques enable various cyber-attack scenarios that can be simulated using the Generative Adversarial 

Networks (GANs), thus enabling the development of better preparedness and response strategies. 

Implications of Generative AI within Cybersecurity 

Generative AI presents promising applications for improving cybersecurity defense strategies. 

Generative AI based algorithms can simulate multiple attack scenarios, enabling cybersecurity 

professionals to anticipate and mitigate risks before they become real-world issues. Moreover, generative 

AI can automate routine security tasks, enabling security experts to focus on more complex issues. 

Like with any rampant technology on the rise, the implementation of Generative AI also poses some stark 

questions to consider. While the benefits outweigh the negative implications, the technology also has its 

loopholes that can expose the system to new forms of insecurity. The most concerning issue is the ability 

of malicious actors to utilize generative AI to build sophisticated phishing attacks, create deep fake 

messages, and develop malware. 

To realize the advantages of generative AI while managing possible misuse, a multifaceted approach 

must be adopted. This consists of strengthening the organizational cybersecurity framework to empower 

security analysts and experts at the implementation stage and incorporating robust training and 

processes to identify potential cybersecurity threats and how to overcome them. However, the principles 

of ethics cannot be left out of the picture as modern enterprises embark upon the journey to a 

transformative Gen AI cybersecurity revolution. 

Why is Generative AI an imperative for cybersecurity teams? 

While the use cases are paramount and positive annotations continue to drive deployment and 

implementation across the enterprise value chain, potentially, the demands of modern enterprises 

typically hinge on the ‘detection’ and ‘remediation’ of cyber threats. To broadly categorize, factors that 

continue to drive the adoption of Generative AI based cybersecurity solutions include: 

• Generative AI's ability to foresee and flag emerging cyber threats drives the future of pre-emptive 

cybersecurity measures. 

• The self-improving nature of generative AI ensures cybersecurity systems evolve alongside new 

attack vectors and tactics 



• Generative AI excels in correlating vast and diverse data sets to uncover hidden threats that 

traditional methods miss 

• The ease of integrating generative AI with current cybersecurity frameworks accelerates adoption 

and enhances overall defense mechanisms 

• Generative AI optimizes resource allocation by prioritizing critical security alerts, ensuring that 

human and technical resources are used most effectively 

Use Cases of Generative AI in Cybersecurity 

1. Real-Time Threat Detection and Enhanced Threat Intelligence 

Generative AI has the capability to assess and understand a large amount of real time data that is 

essential in detecting early possible threats. The existing traditional systems find it hard to handle the 

velocity and volume of data that results from modern networks. However, generative models can sift 

through such data thereby identifying anomalies or patterns indicating cyber threat. These models learn 

from new data continuously hence they are able to match up with changes in the cyber criminals’ tactics 

thus acting as proactive defense. 

A good example is IBM’s QRadar advisor which uses artificial intelligence for analyzing both structured 

and unstructured information coming from various sources. This system combines data drawn from 

different events to detect threats that may not be visible under ordinary circumstances. According to IBM, 

QRadar Advisor with Watson lowered average response times by 60% which indicated effectiveness of 

AI in threat detection. 

2. Improved Incident Response Management 

The speed and response efficiency in the event of cyber incident is crucial to curtail damage. The 

automation of several aspects of the process by generative AI can make incident response better. For 

instance, AI models can assist in rapidly recognizing the type of attack, identifying its origin and learning 

about the compromised systems. This automated analysis provides security teams with actionable 

insights such that their focus is shifted from diagnosis to implementing solutions. 

Darktrace is a cybersecurity firm whose technology uses AI to respond to threats autonomously. In UK 

city council during ransomware assault, Darktrace’s AI identified and responded the real threat which 

prevented spreading the ransomware and reduced impacts of attacks. There was significant disruption 

and financial loss associated with this immediate response. 

3. Secure Software Development Lifecycle (SSDLC) 

Generative AI can help address SSDLC security issues by providing automatic identification of code 

vulnerability and configuration errors during a development process. As well as identifying problematic 

areas and suggesting possible remedies, AI tools may be used to write secure coding sequences. 

A major example of how AI is used in the Security Development Lifecycle (SDL) at Microsoft. Microsoft 

has developed AI tools that are capable of checking millions of lines of code for vulnerabilities before 



they are deployed. This has greatly reduced the number of weaknesses that their products suffer from 

thereby increasing the general security level therein. 

4. Supplementing Security Analysts 

Security analysts often deal with voluminous amounts of threats and alert notifications, which warrant 

quick redressal. Generative AI proves to be helpful in this regard, taking over such tasks as log analysis, 

threat hunting, or incident prioritization. For example, generative AI can sieve out false positives, flagging 

critical issues and provide detailed context to help analysts concentrate on more intricate and strategic 

assignments. 

An illustration that demonstrates this is JPMorgan Chase’s application of gen AI-native cybersecurity 

across its financial services. The COiN (Contract Intelligence) by JP Morgan Chase uses artificial 

intelligence systems to extract valuable information from legal documents and thereby reducing the 

analyst’s workload for accurate compliance and risk management purposes. JPMorgan Chase has 

optimized their work with artificial intelligence in order to handle security and compliance risks better than 

they did earlier with traditional cybersecurity tools. 

5. Ensuring Resiliency and Business Continuity Management 

Business continuity is of utmost concern to organizations, especially amid cyber threats. In this regard, 

Generative AI can help in boosting systems and processes resilience, as generative AI models can 

simulate various attack scenarios and assess their impact on business operations. A proactive nature 

enables organization’s identification of potential weak points and implementation of measures aimed at 

mitigating the risks before materializing. 

FireEye for instance uses AI technology to model different kinds of cyber-attacks that may happen; thus 

assessing how much it will affect clients. The use of such a technology allows organizations to come up 

with solid plans for business continuity, which means they can handle real-world digital threats more 

effectively when these occur. Thus, FireEye's approach based on AI has allowed many companies 

enhance their cyber defense posture while still running their businesses during an intrusion. 

6. Guard railing of Large Language Models (LLMs) 

LLMs such as OpenAI’s GPT-4 and Google’s Gemini have demonstrated impressive abilities in 

generating human-like text. However, the same powerful tools can also be misused by unscrupulous 

individuals to create very convincing phishing emails, fabricate fake news or even design new strains of 

malware. To prevent this, developers implemented strong guardrails. 

Content filtering is one of the main means through which the risks are mitigated whereby LLMs’ outputs 

are inspected for dangerous or unethical contents like hate speech and misinformation before being 

shared with users through algorithms. OpenAI uses content filters that detect and block any violations of 

ethics when using these technologies. In this regard, OpenAI has an API that offers its models under 

strict usage conditions while being vigilant to activities that may signal some type of dubious activity going 

on at their end. User access restrictions and constant surveillance keep LLMs protected against misuse. 

To avoid possible abuses, developers may limit model availability by determining who can use them and 



how they use them. This implies that they always watch over their technology so as to detect 

discrepancies in time, which helps maintain credibility. 

Amalgamation of generative AI with cybersecurity: the road ahead 

The cyber security scene is a battlefield where the stakes have never been higher and the enemies never 

wilier. In such an environment, generative AI becomes not only a tool but also an agent of transformation 

that redefines how we approach digital defense. Generative AI enables cyber security teams to outsmart 

malicious actors with predictive models that come up with threats before they occur and automate 

monotonous tasks that are however crucial. 

Just think about it; imagine a world where cyber threats get neutralized long before they cause 

destruction, where incident responses are fast and definitive, and where software development is in-built 

secureness. This is the future that generative AI promises—a future where security becomes proactive 

rather than reactive, sophisticated instead of primitive. It’s a future in which human genius combines with 

computer precision to provide a wall against the menace of online attacks. 

However, we must take great care in the ethical implications and potential abuse of this technology. By 

introducing safeguards that are well-designed and encouraging responsible AI culture, generative AI’s 

power can be fully harnessed while mitigating against its perils. 

Generative AI is the grandmaster in the grand chess game of cybersecurity. Organizations should 

leverage this powerful ally to protect their digital strongholds. The age of generative AI in cybersecurity 

has come and with it a pledge for a more secure and resilient digital world. 


Rounak Singh is a Senior Research Analyst with the ICT team at 

Marketsandmarkets Research Private Ltd. He has over 5 years of experience as 

a strategic consultant and market research analyst, delivering diverse projects 

around Artificial Intelligence (AI) and Analytics. His current role sees him 

spearheading several syndicate and bespoke market studies, with special 

emphasis around the booming generative AI and Large Language Models 

ecosystem. He is also responsible for creating synergies with clients operating in 

the AI and Analytics domain, assisting them in identifying revenue maximization 

opportunities and hot bets. 

Rounak can be reached online at LinkedIn and at our company website 

https://www.marketsandmarkets.com/. 

Download PDF Brochure: https://www.marketsandmarkets.com/pdfdownloadNew.asp?id=164202814 



Elevating Security: The Crucial Role of Effective API 

Management in Today's Digital Landscape 

By Jens-Philipp Jung, CEO, Link11 

In today’s digital landscape, the increasing reliance on Application Programming Interfaces (APIs) brings 

significant security challenges that organizations must address. The Salt Labs State of API Security 

Report, 2024, reveals that 95% of surveyed IT and security professionals have encountered issues with 

production APIs, and 23% have suffered breaches due to security inadequacies. The rapid expansion of 

APIs has significantly broadened the attack surface, leading to a high number of attacks bypassing 

authentication and targeting internal APIs. 

Despite these risks, many organizations lack processes to discover APIs, and few consider their API 

security programs advanced. The rapid proliferation of APIs, including a surge in shadow APIs— 

undocumented interfaces created outside of IT governance—has exacerbated the problem. These 

hidden APIs are often undetected and offer attackers easy entry points. 



To address these risks, comprehensive API security strategies are essential. A fundamental step is API 

discovery, a process to identify all active APIs within an organization. Research shows that a staggering 

90% of organizations have shadow APIs, highlighting the critical need for visibility into the API landscape. 

By uncovering hidden APIs, organizations can assess vulnerabilities, enforce security policies, and 

protect sensitive data. Ultimately, a proactive approach to API security, encompassing discovery, 

protection, and governance, is crucial for mitigating risks and ensuring business continuity. This makes 

comprehensive security measures and posture governance strategies critical to protect against evolving 

threats. Robust API security is essential for protecting sensitive data and ensuring the integrity of 

services. 

What is an API? 

An API defines the protocols and rules for communication between software components. It enables 

different software programs to interact, regardless of their location or platform. APIs can be classified into 

three main types based on their accessibility: 

1. Private APIs: Designed for internal use within an organization, these APIs are not exposed to the 

public. 

2. Semi-Public APIs: Accessible in a public context but restricted to trusted entities, protecting 

internal details. 

3. Public APIs: Available to external entities, allowing integration and communication with various 

applications and services. 

While API security is most critical for public APIs, it should not be overlooked for private and semi-public 

APIs. 

API Architecture 

©Link11 



Importance of API Security 

API security is crucial due to the significant role APIs play in connecting services and transferring data. 

Breaches or vulnerabilities can lead to the exposure of sensitive information, including medical, financial, 

or personal data. The consequences of such exposures can be severe, resulting in financial losses, 

reputational damage, and legal ramifications. 

Common Threats Against APIs 

APIs face a variety of threats today. Some of the most prevalent include: 

• DDoS Attacks: Distributed Denial of Service attacks can render API endpoints unavailable or 

significantly impair their performance. 

• Data Theft: APIs serving valuable information may be targeted by competitors or data aggregators 

attempting to collect sensitive data. 

• Account Takeovers (ATOs): APIs that facilitate user login are often targets for credential stuffing 

and other brute force attacks aimed at gaining unauthorized access. 

• Inventory Denial Attacks: APIs used for online purchasing can be vulnerable to attacks that impact 

the availability of products. 

API Security vs. Traditional Web Security 

Securing APIs presents distinct challenges compared to traditional web security. Conventional 

approaches often rely on a "castle and moat" strategy—protecting a well-defined perimeter. In contrast, 

APIs have numerous entry points, creating a complex attack surface. Many APIs are accessed by mobile 

applications or services, complicating bot detection. Additionally, API requests may appear legitimate, 

making it challenging to identify malicious activities. The following table will give a short overview: 

Comparison of API Security vs. Traditional Web Security 

©Link11 



API Security Challenges 

In today's threat landscape, securing APIs can be challenging. APIs are subjected to many of the same 

attacks as traditional web applications (e.g., SQL injection), yet many threat detection methods effective 

for web apps may not apply to APIs. For instance, browser-based verification cannot distinguish between 

bots and humans because API traffic does not originate from web browsers. Additionally, the rise of 

microservices and serverless architectures complicates the management and security of APIs within a 

complex ecosystem. Practices like DevOps often lead to rapid API development, which can neglect 

security considerations. 

Best Practices for Ensuring API Security 

To mitigate API security risks, organizations should implement several key measures: 

1. Authentication and Authorization 

Implement strong mechanisms to verify client identities and control access to API resources. It’s essential 

to encrypt data in transit using secure protocols, such as HTTPS, to protect sensitive information from 

interception. 

2. Rate Limiting 

Enforce limits on the number of requests from a client to prevent abuse and mitigate the impact of DDoS 

attacks. Rate limiting helps ensure that APIs remain available and responsive. 

3. Input Validation 

Validate and sanitize input to prevent common security vulnerabilities such as code injection and crosssite 

scripting (XSS). Rigorous input validation is essential for maintaining API integrity. 

4. Security Audits and Monitoring 

Regularly assess the security posture of APIs through audits and continuous monitoring. Conduct 

vulnerability assessments to identify and address potential weaknesses in the system. 

5. API Traffic Filtering 

Utilize web security solutions tailored to the unique security needs of APIs. Effective filtering can help 

protect against hostile traffic and mitigate potential attacks. 

Best Practices for Enhancing API Security 

To effectively secure APIs, organizations should adopt several best practices. First, it is essential to 

restrict access from compromised devices, as rooted or jailbroken devices present significant security 



isks. Implementing strong authentication measures, such as multi-factor authentication, further helps 

reduce the likelihood of unauthorized access. 

Additionally, employing obfuscation techniques can deter attempts at reverse engineering by making 

client-side code difficult to interpret. It is also crucial to avoid storing sensitive data on client devices; if 

necessary, strong encryption and secure authentication protocols should be utilized to protect this 


Utilizing parameterized queries plays a vital role in preventing injection attacks by treating user input as 

data rather than executable code. Enforcing rate limiting is another important measure to mitigate abuse 

from high traffic volumes that may indicate malicious activity. 

Finally, implementing comprehensive security solutions, including Web Application Firewalls, DDoS 

protection, and continuous monitoring, is essential to defend against various threats. By integrating these 

strategies, organizations can significantly enhance their API security posture. 

Use Case: Banking API Security 

Consider a banking application that relies on a mobile API for transaction processing. Protecting this API 

is critical to safeguarding sensitive user data. Strong authentication mechanisms, like MFA, are essential 

for keeping user accounts secure. Rate limiting makes ATO attempts far more costly and difficult for 

attackers. Detection of jailbroken client devices (and an app's refusal to run on them) helps to prevent 

reverse-engineering attempts. Minimizing (and of course, encrypting) client-side data protects it from 

potential compromise. Robust input validation, perhaps even with parameterization, prevents attackers 

from submitting malicious inputs. Continuous monitoring of usage patterns can help identify anomalies 

and detect attacks in their earliest stages. By implementing these measures, the banking application can 

maintain its integrity and protect sensitive financial information. 

Conclusion 

In summary, protecting against API attacks is essential for maintaining the security, availability, and 

integrity of modern web applications. Organizations must implement robust security measures, including 

strong authentication, encryption of sensitive data, and continuous monitoring for suspicious activities. 

By adopting a comprehensive approach to API security, organizations can effectively safeguard their 

systems, protect sensitive information, and ensure a secure user experience in an increasingly 

interconnected digital ecosystem. 




Jens-Philipp Jung is Co-Founder and CEO of Link11, a specialized global IT 

security provider delivering enterprise-grade cybersecurity solutions. Link11 

protects customers worldwide against evolving cyber threats through meticulous 

attention to detail and early integration of cutting-edge methods. With a strong 

entrepreneurial spirit and deep cybersecurity expertise, he has driven Link11's 

growth since 2005. His achievements include pioneering Link11's DDoS protection 

technology, successful acquisitions, and a focus on product-led growth, positioning 

the company as a global player in IT security. 

Jens-Philipp Jung can be reached online at info@link11.com and at our company website 

https://www.link11.com/. 



Phishing in 2024: Navigating the Persistent Threat and AI’s 

Double-Edged Sword 

By Joe Loomis, Marketing Director for CryptoTrust LLC 

In 2024, phishing remains one of the most prevalent and dangerous cybersecurity threats. Despite 

advancements in technology and increased awareness, cybercriminals continue to exploit human 

vulnerabilities, adapting their tactics to evade detection and maximize impact. This article delves into the 

reasons why phishing remains a top threat and explores how use of technology solutions can prevent 

successful phishing attacks even when human error occurs. 

The Evolution of Phishing Attacks 

Phishing attacks have evolved significantly since their inception. Early phishing attempts were often crude 

and easily identifiable, relying on poorly written emails and generic messages. In this early era of 

phishing, security awareness training was highly successful, as teaching users to identify and avoid 

attacks was fairly easy to accomplish. However, modern phishing campaigns are highly sophisticated, 

employing advanced social engineering techniques and leveraging current events to increase their 

success rates. 



One of the most notable trends in phishing is the use of personalized and targeted attacks, known as 

spear phishing. Unlike traditional phishing, which casts a wide net, spear phishing targets specific 

individuals or organizations. Attackers conduct thorough research on their victims, gathering information 

from social media profiles, public records, and other sources to craft convincing and highly tailored 

messages. This level of personalization makes it difficult for even the most vigilant individuals to 

recognize fraudulent emails. 

The Human Factor 

Despite technological advancements in cybersecurity, the human factor remains a critical vulnerability. 

Cybercriminals exploit human psychology, relying on emotions such as fear, curiosity, and urgency to 

prompt action. Training and awareness programs are essential in mitigating this risk, but when all it takes 

is one successful phishing email to breach the enterprise this is not enough. Even well-trained individuals 

can fall victim to cleverly crafted phishing attempts, highlighting the need for technology that can protect 

even when humans fail. 

Artificial Intelligence and The Future of Phishing 

Cybercriminals are adept at exploiting current events and trends to make their phishing attempts more 

convincing. In 2024, this includes leveraging the ongoing impacts of the COVID-19 pandemic, remote 

work trends, and geopolitical tensions. With the addition of AI, these threats will increasingly become 

more realistic and harder to detect. While AI does have some built-in safeguards, it will never be possible 

to completely prevent AI from being misused for things like phishing. 

Here is a quick example using ChatGPT. If we ask the AI to just generate a phishing email it correctly 

refuses: 

However, if we rephrase the request to generate an example of a highly successful phishing email, it 

happily generates one that could be used in an actual phishing attack with minimal changes: 



Then, once ChatGPT creates the “example” phishing email, we can even have the AI customize it further 

to create a targeted spear-phishing email: 



Mitigating Phishing Threats with Comprehensive Cybersecurity Solutions 

Phishing remains a persistent threat that requires a comprehensive, multi-layered cybersecurity 

approach. Effective defense involves understanding both the various attack vectors and the appropriate 

mitigations to counter them. 

Common Phishing Tactics: 

• Malicious Links: URLs that host harmful content, often using deceptive techniques like 

misspellings or subdomains to appear legitimate (e.g., https://amazon.ssltls.com 

or https://amazonn.com). 

• Malicious Files: These might be email attachments or files downloaded from a link in a phishing 

email, such as from a fake SharePoint site. Files like EXE, HTA, and certain Microsoft Office 

documents can establish a command-and-control channel, granting remote access to the 

attacker. 



• Credential Theft: Emails that trick users into logging in to a fake website. For instance, an email 

might prompt the user to enter their corporate credentials to access an important document, with 

the entered information then sent to the attacker. 

• Credit Card/Invoice Fraud: Emails that request payments, either by soliciting credit card 

information or by attaching fake invoices that prompt payment. 

Phishing Cybersecurity Solutions Checklist: 

Phishing-resistant MFA: Ensure the use of a phishing-resistant Multi-Factor Authentication (MFA) 

method, such as FIDO2. OnlyKey is a FIDO-certified security key available for purchase here. 

Protective DNS Service (PDNS): Deploy a PDNS to block access to malicious domains. If a user clicks 

on a link from a known malicious site, PDNS will prevent the site from loading. 

Cloud Email Security: Implement a robust cloud email security solution that automatically filters out 

phishing emails, spam, and other malicious content. 

Endpoint and Extended Detection & Response (EDR/XDR): Utilize both EDR and XDR solutions for 

comprehensive threat detection and response. 

Regular 3rd-Party Penetration Testing: Conduct regular penetration tests to identify and mitigate 

vulnerabilities. 

Security Awareness Training: Regularly train employees to recognize and respond to phishing threats. 


Joe Loomis is the Marketing Director for CryptoTrust LLC. He has served in the 

U.S. Navy as an Information Systems Technician running shipboard network 

security overseas. Having started and operated several businesses in other 

fields, he now takes his entrepreneurial passion to the cybersecurity field through 

writing and content creation. Joe can be reached online at joe@onlykey.io and at 

our company website https://www.onlykey.io/. 



The Cyber Defense Emergency Room 

Prioritizing Vulnerabilities in the Chaos of Cyber Security 

By Steve Carter, CEO, Nucleus Security 

In cybersecurity like in the emergency room, every moment is critical. Much like an emergency room, 

where nurses must quickly assess and prioritize patients based on the severity of their conditions, 

cybersecurity teams are faced with the daunting task of addressing a constant influx of vulnerabilities. 

The stakes are high, with approximately one in every three breaches caused by an unpatched 

vulnerability. 

The sheer volume of vulnerabilities is staggering. In 2023 alone, over 28,902 common vulnerabilities and 

exposures (CVEs) were published, increasing from 25,801 in 2019. Recent research from Cyentia 

Institute found the number of CVEs is increasing by 16% annually. This yearly growth of vulnerability 

data, coupled with the complexity of modern IT environments, has created the perfect storm. Faced with 

the onslaught of alerts, cybersecurity teams miss critical vulnerabilities. 



The Vulnerability Management Crisis 

Many organizations need help with outdated and inefficient vulnerability management (VM) processes. 

Research shows that the average mean time to patch (MTTP) ranges from 60 to 150 days, with about 

one-quarter of vulnerabilities remaining unpatched for over a year. 

These statistics paint a jarring picture of the current state of vulnerability management. The 

consequences of the inefficiencies can be severe, as seen by the 2023 MOVEit data breach, which 

resulted in the compromise of personal data for over 40 million individuals due to the exploitation of a 

vulnerability in the MOVEit file transfer software. Consider too, the wide-reaching Log4Shell vulnerability 

that originated in 2021. At its peak, 10 million Log4Shell exploitations were attempted every hour, and is 

still actively exploited today where it remains unpatched. 

The Limitations of Traditional Methods 

While vulnerability scanners focus discovering vulnerabilities, they fall short in helping organizations 

manage and prioritize them. These tools output large volumes of siloed data that often lack a business 

context and threat intelligence needed to prioritize the risk. 

Many organizations have attempted to address this management issue with various tools and 

approaches, each with its limitations: 

1. Spreadsheets: While great for accounting, spreadsheets are inadequate for vulnerability 

management at scale. They require manual data entry and lack version history for compliance 

reporting. 

2. SIEMs and BI Tools: These tools provide high-level dashboards for monitoring but lack depth 

such as incorporating asset metadata for custom risk scoring or allowing changes to vulnerability 

status. 

3. Ticketing Systems: While seemingly logical, ticketing systems integrations are inconsistent 

across vendors, leading to inconsistent ticketing, data duplication and clutter. 

4. Homegrown Solutions: These will often work well initially. However, over time they fail to scale, 

meet the growing demands of the business, and become more expensive to maintain, and less 

reliable. 

The Four Critical Features of Unified VM Tools 

To navigate the chaotic "emergency room" of cybersecurity, organizations need a dedicated, scalable 

vulnerability management solution that offers these four critical features: 

1. Central Repository for Vulnerability Data: An effective unified VM tool should provide a single 

pane view so that security personnel can monitor the organization's security posture and 

vulnerability management. It should integrate with and aggregate results from all scanning tools, 

assessments, and penetration tests. 



2. Automated Vulnerability Management Processes: Automation is key to efficient vulnerability 

management. The ideal VM tool should automate as many steps of the process as possible, 

including normalizing scan result data, prioritizing risk, triaging, creating tickets, assigning them 

to owners, and generating reports. 

3. Customizable Risk Prioritization Algorithms: Not all vulnerabilities are created equal. An 

effective VM tool should help organizations prioritize vulnerabilities and risks using customizable 

risk scores. These should be configurable based on the vulnerability and asset attributes that are 

most important to the organization. 

4. Integrated Response Orchestration Capabilities: Finally, a robust VM tool should automate 

and orchestrate response through integration with ticketing systems, issue trackers, SIEMs, and 

incident response tools. This integration enables organizations to respond to vulnerabilities up to 

10 times faster. 

The Path Forward: A Streamlined Approach to Vulnerability Management 

As the volume and complexity of vulnerabilities continue to grow, organizations must adopt more 

sophisticated and efficient vulnerability management processes. By implementing a unified VM tool with 

the critical features discussed, cybersecurity teams can effectively triage and address vulnerabilities, 

much like skilled nurses in an emergency room, ensuring the most critical issues receive immediate 

attention. This approach not only improves an organization's security posture but also frees up valuable 

resources to focus on driving the business forward in an increasingly digital world. 


Steve Carter is the Co-Founder and CEO of Nucleus, having spent nearly two 

decades in security helping organizations to automate, accelerate, and optimize 

vulnerability management workflows. Prior to founding Nucleus, Steve was a 

founding partner of Rampant Technologies, providing security, systems, and 

software engineering services to the Federal Government. Steve holds a 

Master’s of Computer Science from Florida State University. Steve can be 

reached online at https://www.linkedin.com/in/stevecarter1337 and at our 

company website https://nucleussec.com/. 



Data Decay and Cybersecurity: Understanding the Risks And 

Mitigating The Impact On Your Business 

By JoAnn Fitzpatrick, COO — RealValidation 

Becoming successful in this digital age means your business operations, decision-making, and customer 

relationships are primarily powered by your data. Unfortunately, the quality of your data diminishes as 

time passes. The loss of valuable data is bad enough, but decreasing data accuracy also increases your 

risk of cybersecurity threats. 

Understanding data deterioration 

Data decay involves the slow and natural process of data degrading over time, which can be caused by 

a variety of factors. Customer contact information often changes, and neglecting to update it regularly 

causes it to become obsolete. In fact, experts estimate that the integrity of customer data decreases by 

approximately 30% every year. 



As technology advances, more data is lost to outdated formats that become incompatible with modern 

systems. Small mistakes you make as you enter data can lead to major inaccuracies as your data sets 

become larger and older. Eventually, some of your data naturally becomes obsolete, like outdated market 

trends or expired financial information. 

All of your data follows a predictable lifecycle. The process consists of gathering, handling, maintaining, 

utilizing, and disposing of items. At every step, there is a possibility for data deterioration. 

For example, inaccurately handled data can become corrupt data, and data loss can result from failures 

in storage media. Recognizing this life cycle is essential for pinpointing the locations and methods of data 

deterioration. 

Recognizing the cybersecurity threats caused by data deterioration 

Compromised data integrity is one of the most immediate cybersecurity risks linked to data decay. 

Inaccurate data frequently leads to incorrect decisions, misguided strategies, and compromised security 

measures. 

For example, when credentials are not consistently updated, outdated, or incorrect, user information can 

result in unauthorized access. Corrupted data also results in security monitoring systems producing false 

positives and overlooking potential threats. 

When data deteriorates, it opens up opportunities for cyber attackers, as failing to update passwords 

regularly makes accounts vulnerable to brute-force attacks. Moreover, systems and software that are not 

up to date with the latest patches are at a higher risk of being exploited. 

Successful incident response hinges on precise and current data. Data deterioration often leads to 

delayed reactions to security breaches. For example, obsolete network maps or incomplete logs can 

frequently obstruct threat detection. 

Reducing the effects of data decay on cybersecurity 

Being proactive in managing data is essential when addressing data decay, which is why you must 

consistently review and clean datasets to eliminate old, duplicate, or incorrect data. Create a regular 

schedule for keeping important data such as customer details, security credentials, and software updates 

current. To make this task manageable, utilize automated tools to help pinpoint and fix data anomalies 

in a timely manner. 

To ensure that these actions happen regularly, robust data governance policies must be enforced. This 

involves assigning data stewards to oversee data quality and implement necessary corrections, as well 

as performing regular audits and confirming adherence to governance policies. Effective governance 

practices can dramatically decrease the risks linked to data deterioration. 



Implementing extra security measures can also help lessen the effects of data degradation. Encrypt 

sensitive information while it is being sent and stored to protect it from unauthorized access, especially 

in cases where other security precautions might fail due to data corruption. Enforce stringent access 

controls to restrict data access to authorized individuals exclusively. Frequently check and revise access 

permissions. 

Modern technologies provide powerful resources to combat data decay and enhance cybersecurity. For 

instance, AI and machine learning algorithms can identify patterns of data deterioration and anticipate 

possible weaknesses, while blockchain technology can create permanent data records and guarantee 

data authenticity and traceability. Additionally, continuous monitoring systems enable immediate 

identification of security incidents, with automated response mechanisms swiftly managing these threats. 

Because human mistakes frequently contribute to data deterioration and consequent cybersecurity 

vulnerabilities, you must train your staff on the significance of accurate data and the consequences of 

data deterioration. Organize frequent training workshops on data management best practices, 

cybersecurity awareness, and incident response procedures, or conduct phishing simulation exercises 

to emphasize the significance of staying alert to social engineering threats. 

Efficient backup and recovery options are necessary to reduce the effects of data deterioration. Establish 

a routine for backing up important data to safe destinations, but be sure to employ both on-premises and 

cloud backup solutions for added backup redundancy. Creating and evaluating emergency response 

strategies can help guarantee quick data recovery in the event of a security breach or data loss situation. 

Protecting your data’s integrity is one of the best ways to safeguard your operations in today’s datacentric 

landscape. Data deterioration is inevitable, but being proactive reduces your risk of cybersecurity 

threats. Maintain strong cybersecurity defenses by recognizing the dangers of data decay and 

implementing strategies to mitigate them. 


JoAnn Fitzpatrick, the COO at RealValidation, shines as a team-centric leader. 

With over ten years at the company, she’s been pivotal in streamlining operations and 

creating impactful marketing strategies. Her journey from advertising and design to 

data analytics at RealValidation highlights her adaptability and her knack for blending 

creative and analytical skills in a team environment. For more information, please visit 

https://realphonevalidation.com/. 



Protecting Your Organization Against Advanced, Multi-Stage 

Cyber Attacks 

By Gabrielle Hempel, Customer Solutions Engineer, Exabeam 

Threat actors are continuously enhancing their techniques and increasing sophistication to evade cyber 

defenses. Consequently, multi-stage ransomware and malware attacks, characterized by heavy 

obfuscation are becoming increasingly prevalent. The Europol Threat Assessment released in July 

underscores the growing prevalence of multi-layered extortion models, which are found across the entire 

spectrum of cybercrime threats. 

This report represents a broader trend affecting organizations worldwide: these attacks are becoming 

increasingly complex, employing a combination of techniques to infiltrate organizations and execute 

malicious payloads with devastating efficiency. 

Modern ransomware and malware attacks often begin with seemingly harmless phishing emails or by 

exploiting vulnerabilities within an organization’s systems. Once inside, these threat actors utilize a range 

of methods to circumvent security protocols before deploying their payloads. The complexity and 



obfuscation of these multi-stage attacks makes them particularly challenging to detect and mitigate. This 

evolution in cybercriminal tactics highlights the critical need for organizations to adopt comprehensive 

cybersecurity defenses that prioritize visibility. 

What do these complex attacks look like? 

Multi-stage attacks are sophisticated operations designed to evade detection and inflict maximum 

damage, overwhelming traditional security defenses. Typically initiated with an innocuous-looking 

executable file, these attacks often exploit system vulnerabilities or human error through phishing tactics. 

Once activated, the malicious file connects to a remote command-and-control server to fetch additional 

components or instructions for subsequent attack phases. To further obscure their activities, attackers 

frequently leverage legitimate system files, such as dynamic-link libraries (DLLs), to blend seamlessly 

into normal system processes. This abuse of trust hinders security teams from identifying malicious 

behavior. 

As the attack progresses, adversaries employ advanced techniques like Process Doppelgänging and 

Process Hollowing to maintain persistence and evade detection. Process Doppelgänging disguises 

malicious code as a legitimate process within an organization’s systems, while Process Hollowing creates 

a new process in a suspended state and then injects it with malicious code. These methods enable 

attackers to execute their payloads without being detected, significantly challenging security teams in 

identifying and mitigating these threats. 

Financial and Operational Costs 

Multi-stage attacks present significant challenges for organizations due to their ability to evade detection, 

and their prolonged dwell time within a network. This extended time that an attack goes unnoticed grants 

attackers many opportunities to exfiltrate sensitive data and deploy destructive payloads. The resulting 

damage includes larger financial losses, extended operational disruptions, and reputational damage. 

Traditional security measures often fall short in the face of these sophisticated threats, as adversaries 

employ legitimate tools and advanced evasion techniques to bypass defenses. Addressing and mitigating 

these complex attacks across multiple attack stages requires a considerable time and resource 

commitment. Even if security teams can address one part of the attack, other components may remain 

active and undetected, leading to persistent vulnerabilities. 

Visibility Across the Entire IT Environment 

In today’s landscape of sophisticated cyber threats, organizations must adopt a robust, multi-layered 

security strategy. This approach should provide comprehensive visibility across the entire IT environment, 

including networks, endpoints, and cloud infrastructure. 



To ensure attackers cannot bypass a single defense mechanism, organizations should deploy a variety 

of security tools that work together seamlessly. Starting with Endpoint Detection and Response (EDR) 

solutions, which are essential for closely monitoring endpoint activities and enabling early identification 

of threats. Coupling EDR with up-to-date threat intelligence feeds, which offer insights into the latest 

attack techniques and indicators of compromise, enhances an organization's preparedness and ability to 

detect threats. Maintaining a diligent patch management process is also crucial. Promptly addressing 

vulnerabilities reduces potential entry points for attacks, thereby strengthening the overall security 

posture. 

Comprehensive visibility across the IT environment is vital. Implementing network segmentation, which 

involves dividing the network into smaller, isolated segments, helps contain breaches and limit the impact 

of potential attacks, especially in the case of multi-stage intrusions. Regular security assessments, 

including frequent vulnerability scans and penetration testing, are also indispensable for continually 

identifying and rectifying security gaps. 

Implementing a multi-layered defense facilitates a rapid and effective response, minimizing organizational 

damage and reducing the risk of data exfiltration. By enhancing visibility and detection capabilities, 

security teams can focus on genuine threats rather than being sidetracked by false positives. This efficient 

approach fortifies the organization’s defenses and ensures resilient operations, allowing them to navigate 

the complexities of modern cyber threats more effectively. 


Gabrielle Hempel, Customer Solutions Engineer at Exabeam, is renowned 

for her expertise in Cloud Engineering, Vulnerability Management, and 

Network Detection and Response (NDR). With an MS in Cybersecurity and 

Global Affairs from NYU, she has contributed significantly to the field, 

including a distinguished thesis on Critical Infrastructure Security. Named an 

'Emerging Leader' by the National Security Innovation Network in 2022, 

Gabrielle is also a prominent speaker at industry-leading conferences like 

BlackHat and DefCon. Gabrielle can be reached via LinkedIn at and at our 

company website https://exabeam.com/. 



Air Gap 

First Line Defense in Multilevel Customer Interface Protection 

By Christopher H. Baum, MBA PMP, Chief Compliance Officer, VotRite with Alan Pham, Graduate 

Student, Rowan University 

In August 2024, the FBI issued a notice that an Iranian backed team was attempting to hack American 

political parties’ campaign information. (Miller & Balsamo, 2024). In that same month, the Trump 

campaign revealed that it had been hacked. (Lyngass et al, 2024). Still later, Google stated that the cyberattacks 

were part of an even larger operation to interfere in the American presidential election. (Swenson, 

2024). 

In the 1980s hacking was primarily a prank. By the 1990s, low level criminals began to exploit the growing 

network in various scams and identity thefts. In the late 1990s and the early 2000s organized crime 

became the largest threat as Internet-based commerce became the norm. State backed hacking teams 

launched the early days of cyber interference and cold warfare. 



None of the new threats replaced older challenges. The culprit is not always an aggressor. One of the 

largest cyber outages ever occurred in July 2024 due to a faulty security update by the company 

CrowdStrike. (Johnson, 2024). 

Interconnected systems produce interconnected vulnerabilities. The assumption has been that all 

systems must be interconnected. One of the best defenses against network-based hacking is to 

disconnect the systems from the Internet. This process is called “air gapping”. It is widely used by 

organizations that require secure communications between and among systems. These systems are 

connected by a private network only to each other and to no other outside systems. 

Air gapped systems cannot be remotely hacked. A hacker must have physical access. Key sniffers and 

similar devices can record keystrokes if in close enough proximity. If the system is encased in a Faraday 

cage, even the signals produced by the device are blocked. 

A popular use of air gapping is system backup. The backup server is kept isolated and only connected 

to perform a backup as required. Should the primary server fail or be compromised, the backup server 

will be unaffected. The primary disadvantage is the same as the primary advantage. Physical access is 

required. It may seem obvious but secure systems must be maintained in secure environments. 

There are methods to copy data to the air gapped systems. One is called “rafting”, using a USB drive or 

some other memory storage device to copy the appropriate data from the donor systems and replicate it 

to the quarantined system. Ideally the memory storage device will be formatted (“sterilized”) before 

attaching it to the donor system, ensuring that no unwanted code is preloaded on the raft. The best 

practice is to use a new raft for each periodic transfer and to store the rafts in case a particular version 

of the data needs to be reconstructed for recovery, diagnostic, or forensic reasons. 

Another method is “bridging”. The quarantined system is connected to a device that handles specific 

types of transaction. A credit card payment terminal is a good example. The payment terminal is external 

to the cash register and is connected to the Internet for processing payment information. Only specific 

data types are permitted between the terminal and cash register, so the risk of infecting the terminal 

remains low. 

A more flexible configuration is “hub and spoke”. Several quarantined systems are bridged to a single 

hub. On each system is an agent to verify each transaction. The hub preprocesses and consolidates the 

data from the quarantined systems and provides the systems with any required information. The agent 

process confirms each transfer on both sides. An example is a warehouse inventory system. Scanners 

would be the quarantined systems. The scanner would record items, quantities, location, and operator. 

As each section of the warehouse is scanned, the operator would upload the information to the hub. The 

scanners have no need to access any other information. In fact, there is no need for the scanners to 

share information among themselves. The hub would acknowledge the receipt of the information. The 

software agents on both sides would ensure that the correct information and only the correct information 

is transferred between the scanners and the hub. The hub would consolidate all of the information from 

the scanners and process it as necessary before contributing it to the general workflow of the operation. 

There is a strong argument for the use of air gapping in smaller customer facing systems as well. Many 

systems simply do not need access to the entire Internet continuously in order to provide the necessary 



functions. Alternatively, the security provided by air gapping outweighs the risks involved in connecting 

that particular device to the entire Internet. 

Grocery store cash registers are good example of systems that could be air gapped with a bridge to 

handle payment transactions. Inventory information could pass periodically to the main store system 

either by rafting the information with USB drives for a small operation or by using a hub and spoke system 

for a larger store. Self-serve gas stations could operate similarly. Each pump could have a bridge to the 

storage tanks to ensure fuel is available and another bridge to a payment terminal. Such an 

implementation would ensure that the local convenience store would have its day-to-day operations 

protected from hacking. 

Voting systems in particular benefit from air gapping, both in actual and perceived security. Since such 

systems cannot be remotely hacked, the risk of election interference through network manipulation of the 

voting systems is eliminated. 

In numerous circumstances consumers, companies, and governments benefit from systems that are 

connected to the Internet as long as proper protocols and security measures are implemented. However, 

just because it is possible to connect a system to the network does not mean it is necessary. Less 

connection can yield more security. 

Sources: 

Johnson, A. (2024, July 19). CrowdStrike Global Outage: CEO Debunks Cyberattack Claims. Retrieved 

August 13, 2024, from https://apnews.com/article/fbi-trump-iran-hack-campaign- 

02a44ea734c8ee92c4d3a576af7a79fe# 

Lyngass, S., Perez, E., & Holmes, K. (2024, August 13). Suspected Iranian hackers breached Roger 

Stone’s personal email as part of effort to target Trump campaign, sources say. CNN Politics. Retrieved 

August 15, 2024, from https://www.cnn.com/2024/08/12/politics/trump-campaign-hack-personal-emailaccount-fbi/index.html 

Miller, Z., & Balsamo, M. (2024, August 12). FBI says it is investigating after Trump campaign said 

sensitive documents were hacked by Iran. Retrieved August 15, 2024, from 

https://apnews.com/article/fbi-trump-iran-hack-campaign-02a44ea734c8ee92c4d3a576af7a79fe# 

Swenson, A. (2024, August 15). Google confirms Iranian hackers are trying to access emails of Harris 

and Trump. Retrieved August 15, 2024, from https://fortune.com/2024/08/15/google-iran-hack-emailharris-trump/ 



About the Authors 

Christopher H. Baum MBA PMP is the Chief Compliance Officer of 

VotRite. Christopher is the company’s Chief Compliance Officer. He 

manages certification processes and election integrity. He has spent 

more than 30 years delivering high-quality IT analysis and services 

on the use of technology in government and in the election industry 

in particular. Christopher can be reached at chbaum@VotRite.com 

and via the company website https://www.VotRite.com/. 

Alan Pham is a second-year graduate student at Rowan University in New Jersey. 

He specializes in cyber security and system hardening. Alan can be reached at 

alanpham1221@gmail.com. 



Exposure Management: A Strategic Approach to Cyber Security 

Resource Constraint 

By Katie Inns, Head of Attack Surface Management at WithSecure 

Imagine being bombarded by a relentless barrage of alarms, each one clamouring for immediate 

attention. This is the daily reality for cyber security teams, overwhelmed by alerts from countless sources, 

all demanding action. 

Teams often struggle to connect the dots and determine which vulnerabilities pose the greatest threat 

and need immediate attention. The sheer volume and speed of threats make it impossible to address 

every single one. 

In such a high-pressure environment, the ability to cut through the noise and focus on the most critical 

issues is essential. Security teams need an approach that prioritises efforts on specific areas and 

vulnerabilities to minimise risk effectively. 

This is where exposure management (XM) becomes crucial. XM provides a strategic framework for 

identifying and addressing the most significant threats, enabling security teams to protect their 

organisations more efficiently. 



The pitfalls in traditional security methods 

Traditional security methods, such as penetration testing and periodic vulnerability assessments, have 

long been the go-to strategies for identifying and mitigating risks. However, these methods often fall short 

in providing a comprehensive and real-time view of an organisation’s vulnerabilities. 

The lack of real-time data and context makes it difficult for security teams to address the full spectrum of 

potential threats. For example, a periodic vulnerability assessment might identify a misconfigured web 

server once a month. However, if attackers exploit a new vulnerability the day after the assessment, the 

organisation remains exposed until the next scheduled check. This disjointed approach leaves significant 

gaps in an organisation's defences. 

This issue is particularly severe for edge service applications and infrastructure devices such as VPN 

gateways, email servers, routers, switches, and firewalls. These internet-facing assets are often highly 

attractive targets for threat actors, due to their critical role in enabling remote connectivity for users. 

Our latest research found that edge service and infrastructure vulnerabilities identified in the last two 

years are generally 11% more severe than other vulnerabilities. Additionally, the number of these specific 

vulnerabilities found each month in 2024 has increased by 22% compared to 2023 – despite the discovery 

rate for other types of vulnerabilities dropping by 56%. 

Most concerningly, these devices or applications are difficult to monitor as they typically lack Endpoint 

Detection and Response (EDR) software. Network administrators often have to rely on trust alone, as 

there’s no feasible approach to verify the security of such assets. 

As these vulnerabilities are continuously increasing, a more strategic approach to managing and 

mitigating risks is essential. XM can help significantly in this regard. 

Understanding exposure management 

XM is a proactive and integrated approach that provides a comprehensive view of potential attack 

surfaces and prioritises security actions based on an organisation’s specific context. 

It’s a process that combines cloud security posture, identity management, internal hosts, internet-facing 

hosts and threat intelligence into a unified framework, enabling security teams to anticipate potential 

attack vectors and fortify their defences effectively. 

Unlike traditional security measures, XM takes an "outside-in" approach, assessing how attackers might 

exploit vulnerabilities across interconnected systems. This shift in mindset is crucial for identifying and 

prioritising the most significant threats. 

By focusing on the most critical vulnerabilities and potential attack paths, XM allows security teams to 

allocate resources more efficiently and enhance their overall security posture. Security teams can 

primarily focus on potentially exploitable access points across an attack surface and plug the necessary 

gaps in the systems/applications. 



Exposure management as a strategic business enabler 

The primary benefit of XM is its ability to proactively identify and prioritise risks. By providing a unified 

view of the entire attack path, XM improves an organisation’s ability to manage security risks. 

This unified view allows security teams to understand how vulnerabilities can be exploited and prioritise 

those that pose the greatest risk. Security teams are then able to guarantee efficient resource allocation 

and focus on threats with the most significant impact on business operations. 

This is how XM seamlessly align cyber security efforts with business objectives, whilst helping teams 

present complex security information in a simple manner that’s more accessible to non-technical 

stakeholders. 

They can demonstrate which assets or systems are positioned along the potential attack path, and how 

an attacker can compromise it. Being able to clearly visualise the attack path and critical assets can help 

them translate the vulnerabilities into potential business impacts, such as the risk of losing sensitive 

customer data, regulatory fines, and reputational damage. 

This improved communication supports compliance and regulatory requirements, reducing the risk of 

penalties and enhancing trust with stakeholders. 

Beyond compliance, XM also significantly improves an organisation’s readiness for qualifying for cyber 

insurance coverage. In a world where insurance providers are imposing increasingly strict requirements 

for robust cyber security measures, a comprehensive XM strategy demonstrates a business’ commitment 

to security. This commitment can lead to better insurance terms and lower premiums. 

Effectively implementing exposure management 

A comprehensive approach is needed to successfully implement exposure management, starting with 

evaluating your external security stack, including assets like web servers, VPN gateways, email servers, 

and other internet-facing services. 

CISOs can leverage Attack Surface Management (ASM) engagements to strike the right balance. 

Security teams can catalogue all internet-facing assets such as web servers, VPN gateways, email 

servers, and cloud services. 

Automated tools can be leveraged to continuously scan and update the inventory and ensure no new or 

rogue assets are missed. These engagements will help security teams understand what an attacker can 

see from the outside and identify low-hanging fruit that might be easily exploited. 

This viewpoint crucial for understanding how vulnerabilities can be exploited across different segments 

of the network. For instance, our analysis revealed that 64% of all edge service and infrastructure CVEs 

in the Known Exploited Vulnerability Catalogue (KEV) are highly likely to be exploited, highlighting the 

importance of addressing these areas. 



By consolidating data from different assets within the network ecosystem, security teams can visualise 

the entire attack path, identify critical vulnerabilities, and prioritise remediation efforts based on the 

potential impact and exploitability. Security teams should use the insights gained from XM to continuously 

update and refine their security strategies to stay ahead of emerging threats. 

In essence, XM transforms the influx of security alerts into actionable intelligence, empowering 

businesses to proactively manage risks and maintain robust cyber security postures. In an environment 

overwhelmed by alerts and potential threats, it helps to cut through the noise, providing a clear, prioritised 

roadmap for security efforts. 


Katie Inns is Head of Attack Surface Management at WithSecure. Katie's focus 

is on helping organizations reduce and improve the security across their 

external attack surface. After completing a degree in Criminology, she worked 

as part of an in-house security team focusing on vulnerability management and 

application security, before joining WithSecure to focus on Attack Surface 

Management. As a side project, Katie is involved in medical device security 

research, some of which she has presented at DEFCON. 

Katie can be reached on LinkedIn at www.linkedin.com/in/katie-inns/ and at 

our company website www.withsecure.com/. 



The Advent of Quantum Cryptography and Zero Trust: A New 

Era in The World of Cybersecurity 

By Gayatri Mohite, Senior Associate Content Writer, @Allied Analytics 

Short description 

The advancement of cybersecurity is propelled by adapting to new technologies and rising threats. From 

quantum cryptography to Zero Trust models and pioneering innovations from industry leaders, the future 

holds promising defenses against evolving cyber risks in the interconnected digital world. 

In today's digital age, cybersecurity has become essential due to the advanced nature of cyber threats 

and cybercrimes. The evolution of cybersecurity has continually adapted to rapid technological 

advancements and increasingly advanced cyber threats. Initially, cybersecurity concentrated on 

safeguarding systems from external attacks using firewalls and antivirus software. The emergence of 

mobile devices, IoT, and cloud computing created new challenges, necessitating the adoption of 

proactive strategies such as encryption, multifactor authentication, and intrusion detection systems. 

Moreover, artificial intelligence and machine learning have revolutionized cybersecurity by enabling realtime 

threat detection and response. Today, cybersecurity is a multifaceted discipline that integrates 

technology with human factors, policies, and regulations. This holistic and proactive approach is essential 



for safeguarding digital assets and privacy in the interconnected world. The cyber security industry is 

anticipated to display the fastest growth with 9.5% CAGR by 2030. 

Quantum cryptography's revolutionary impact on cybersecurity 

One of the integral elements of cybersecurity is cryptography, which uses mathematical algorithms to 

encrypt and decrypt data, ensuring its confidentiality and security during transmission and storage. 

However, traditional cryptography is increasingly insufficient in defending against sophisticated cyberattacks. 

As technology evolves, hackers and cybercriminals are advancing their abilities. This has 

resulted in the emergence of quantum cryptography, a revolutionary encryption technique that uses 

quantum mechanics principles to ensure unbreakable security. 

Quantum cryptography has several advantages over conventional cryptography in the field of 

cybersecurity. A key benefit is its provision of unconditional security. Unlike traditional cryptography, 

which depends on computational assumptions, quantum cryptography is grounded in the laws of physics 

and is invulnerable to any computational attack. Another advantage of quantum cryptography lies in its 

ability to detect spying attempts. Moreover, quantum cryptography offers forward confidentiality, ensuring 

that past communications remain secure even if a secret key is compromised in the future. 

Zero trust: a wave of transformation in cybersecurity 

The Zero Trust security model revises the conventional concept of secure perimeters. It operates under 

the principle that no device, user, or network connection should be inherently trusted, whether inside or 

outside the organizational boundary. This proactive approach mandates continuous verification and 

authentication of all devices, users, and network connections. By doing so, organizations ensure that 

only trusted entities gain access to their applications, data, and systems. Embracing a zero-trust 

architecture provides several benefits for organizations seeking to enhance their cybersecurity 

infrastructure. 

By implementing a Zero Trust framework, organizations establish precise access controls and maintain 

continuous authentication of users and devices. This ensures that even if an attacker breaches one layer 

of defense, they encounter multiple obstacles before accessing sensitive data or systems. Another 

benefit of Zero Trust is enhanced visibility and monitoring capabilities. Traditional security models often 

struggle to detect malicious activity in the network. In contrast, Zero Trust performs continuous monitoring 

and analysis of user behavior and device health metrics, enabling proactive threat detection and 

response. 

This ability enables organizations to detect potential threats early and respond promptly. Implementing a 

Zero Trust approach can also aid organizations in achieving regulatory compliance more effectively. 

Many industries have stringent data protection regulations that mandate companies to deploy robust 

security measures. By adopting Zero Trust principles like least privilege access control and continuous 

authentication, businesses showcase their dedication to data privacy and achieve compliance 

requirements more seamlessly. 



Anatomy IT introduced an innovative cybersecurity solution suite 

In April 2024, the leading platform for healthcare IT and cybersecurity solutions, Anatomy IT, announced 

the launch of an end-to-end cybersecurity product suite designed to protect healthcare delivery 

organizations from increasing IT system threats. 

Anatomy IT's Security Suite expansion aligns with the NIST’s (National Institute of Standards and 

Technology) five integral functions: Protect, Identify, Respond, Recover, and Detect. This alignment 

highlights Anatomy IT's dedication to offering customers an extensive cybersecurity approach that 

adheres to international security standards. 

AT&T introduced ‘dynamic defense’ cybersecurity solution in March 2024 

AT&T Inc., from Dallas, unveiled AT&T Dynamic Defense, as the “first and only network with built-in 

security controls.” AT&T utilizes its extensive fiber and wireless networks as a robust infrastructure for 

utilizing its new integrated cybersecurity solution. Dynamic Defense technology is embedded in AT&T's 

network, enabling rapid traffic filtering, execution of security measures, and threat detection without the 

need for additional installation or equipment costs. AT&T also expanded its range of security services, 

including Secure Web Gateway and Firewall-as-a-Service, while also implementing a customer feedback 

loop and launching UI/UX research initiatives. 

In conclusion, the evolution of cybersecurity is driven by adaptation to technological advancements and 

increased threats. Moreover, the advent of quantum cryptography to Zero Trust models and innovative 

solutions by leading entities are anticipated to offer robust defenses against evolving cyber risks in the 

upcoming era. 


Gayatri Mohite, Senior Associate Content Writer at @Allied Analytics, is an 

emerging author who loves to explore new things. An addiction to reading 

motivates her to write. She also loves to sing, travel, and cook. A fresher who is 

constantly upgrading her skills has embarked on a new journey to touch up her 

expertise even more. 

Gayatri can be reach online on www.linkedin.com/in/gayatri-m-9bb883245/ and 

our company website www.alliedmarketresearch.com/contact-us. 



SWARM: Pioneering The Future of Autonomous Drone 

Operations and Electronic Warfare 

Adaptive Communication for Military Drone Swarms 

By Adam Gazdiev 

Modern unmanned technologies are experiencing rapid growth, encompassing both civilian and military 

applications. Autonomous vehicles, delivery drones, and unmanned aerial vehicles for rescue and 

firefighting services have become an integral part of contemporary infrastructure. However, these 

technologies are particularly significant in the military sphere, where they set standards and direction for 

future civilian applications. 

Historically, military developments have often outpaced civilian ones, paving the way for the adaptation 

of the latest technologies. Today, a key direction in the evolution of unmanned systems is their integration 

into groups or "swarms," which require specialized software to coordinate and synchronize the actions of 

numerous devices. These systems must not only be autonomous but also capable of functioning 

effectively under active countermeasures, including electronic warfare (EW). 



Group Drone Operations: Modern Requirements and Challenges 

Modern combat operations demand a high degree of autonomy from unmanned systems, the ability to 

adapt to changing conditions, and real-time coordination of actions. When developing software that 

supports Swarm technology for military purposes, it is important to consider a range of requirements that 

ensure not only functionality but also security, resilience to interference, and high autonomy. Below is an 

example list of requirements that could be presented by a potential customer: 

General Requirements 

• Reliability and Resilience: The protocol must be resistant to software and hardware failures and 

able to recover quickly. This is particularly crucial in conditions of active countermeasures, 

including EW. 

• Security: The protocol must ensure a high level of protection against unauthorized access, 

including data and command encryption. It is important to provide adaptive protection that 

automatically strengthens in response to detected threats. 

• Modularity and Scalability: The software should be modular and easily scalable, allowing for the 

addition of new functions and integration with various types of drones and other weapon systems. 

• Performance: The protocol must provide high performance, ensuring coordination and 

synchronization of actions during high-intensity combat operations. 

Functional Requirements 

• Autonomous Decision-Making: The protocol must enable each drone to make independent 

decisions within the parameters of the mission. 

• Swarm Coordination: The protocol must effectively distribute tasks among drones and coordinate 

their actions without constant operator intervention. 

• Adaptation to Changes: The protocol must be capable of adapting to changing mission conditions 

and the environment. 

• Scenario-Based Management: The protocol must provide operators with the ability to configure 

mission parameters and action scenarios through an intuitive user interface. 

Technical Requirements 

• Communication Interfaces: The protocol must support various communication standards and 

protocols, ensuring reliable and secure communication. 

• Data Processing: The protocol must integrate sensor data from various drones to form a complete 

mission picture and analyze the current state. 

• AI Algorithms: The protocol must include artificial intelligence algorithms for data analysis and 

decision-making based on machine learning. 



Operational Requirements 

• Resistance to EW: The protocol must have built-in protection against electronic warfare and be 

able to operate under active countermeasures. 

• Energy Efficiency: The protocol must be optimized to minimize drone energy consumption. 

• Support and Maintenance: The protocol must provide the ability for easy updates and support 

throughout the system's lifecycle. 

Technical Overview of the SWARM Protocol 

The SWARM protocol was developed as a concept to address all these challenges. It includes innovative 

solutions that provide stable and adaptive communication between drones, ensuring their coordination 

and autonomy even under active EW countermeasures. 

Operating Modes 

The SWARM protocol is designed with various usage scenarios in mind, allowing it to adapt to different 

mission conditions. The primary operating modes include: 

• Standard Mode: This mode is intended for everyday operations where a moderate level of 

encryption and an average data exchange rate are required. The protocol utilizes FIFO algorithms 

to process data in the order it arrives, ensuring a balance between performance and resource 

consumption. 

• Combat Mode: In combat situations, the protocol activates enhanced encryption and increases 

the frequency of data exchange. The use of priority queues ensures that critically important data 

is processed first, which is essential for timely decision-making and rapid response. 

• Silence Mode: For covert operations, the protocol minimizes data exchange while using a high 

level of encryption. WFQ algorithms are actively employed in this mode to fairly distribute limited 

communication channel resources among different data streams, maintaining their confidentiality 

and integrity. 

• Protection Mode: The protocol creates electronic interference to counter enemy UAVs and protect 

ground forces. In this mode, LIFO queues are used, which prioritize the most recent data, allowing 

for quick responses to new threats and the implementation of necessary measures. 

Adaptive Encryption 

The SWARM protocol includes adaptive encryption mechanisms that automatically select the level of 

data protection based on current conditions. In high-threat environments, such as combat operations or 

electronic warfare (EW) countermeasures, AES (Advanced Encryption Standard) is used. This method 

provides a high degree of security through the use of symmetric keys and complex encryption algorithms. 



In less critical situations, such as standard or training missions, Fernet is used—a symmetric key 

encryption method that requires less computational power. This ensures faster data processing while 

maintaining an adequate level of security. 

The protocol dynamically switches between encryption methods, analyzing threats in real time using 

predictive machine learning algorithms. This allows the system to maintain a balance between data 

transmission speed and security, especially in the presence of active electronic countermeasures. 

Dynamic Network Topology 

In rapidly changing combat situations or during complex missions, the SWARM protocol supports the 

dynamic formation and restructuring of network topology. This enables drones to automatically adapt their 

connections, ensuring a reliable and resilient network even when the swarm's composition changes or 

individual nodes fail. 

The NetworkX library is used for creating and managing network topology, allowing for efficient graph 

management and the execution of complex computational operations, such as finding the shortest paths 

and restructuring the network in real time. 

When changes in the network are detected, such as the addition of new drones or the failure of existing 

ones, the topology is automatically updated. This not only ensures network resilience but also optimizes 

data transmission routes, minimizing delays and improving communication reliability. 

Multi-Channel Transmission 

The SWARM protocol supports simultaneous data transmission across multiple communication 

channels, including RF, Wi-Fi, Li-Fi, and optical channels. This provides high flexibility and reliability in 

communication, particularly in the presence of active interference or channel congestion. 

The protocol includes an automatic channel-switching mechanism that adapts to current communication 

conditions. This allows it to bypass interference by changing the frequencies used or switching to 

alternative channels, such as Li-Fi or optical, which is especially important when countering electronic 

warfare attacks. 

Context-Aware Routing 

In modern combat or complex mission scenarios, the SWARM protocol utilizes context-aware routing, 

which takes into account various mission parameters when selecting optimal data transmission routes. 

Machine Learning Models: The protocol includes trained models that analyze parameters such as 

network load, signal strength, response time, and communication channel type. These models predict 

the optimal routes for data transmission, minimizing the risk of data loss and delays. 



The use of context-aware routing enables the protocol to adapt to changing mission conditions, 

increasing the efficiency and reliability of data transmission even in complex and dynamic environments. 

Incident Detection and Response Protocols 

The SWARM protocol includes advanced mechanisms for the automatic detection and response to 

hacking attempts or unauthorized access. These mechanisms ensure a high level of security and system 

resilience under active countermeasures. 

Machine Learning Models: The protocol uses Isolation Forest algorithms to detect anomalies in system 

performance and RandomForestClassifier for incident classification and threat level determination. These 

algorithms are trained on extensive datasets, enabling them to effectively identify and respond to potential 

threats. 

When an anomaly or intrusion attempt is detected, the system automatically activates backup 

communication channels, switches to more secure encryption algorithms, and implements other 

measures to protect the network and data. 

Disaster Recovery System 

In the context of intense combat or critical missions, the disaster recovery system is an integral part of 

the SWARM protocol. It ensures network operability during failures, including switching to backup 

communication channels and restoring data. 

The system includes network monitoring, which is carried out using machine learning methods. This 

allows for the timely detection of potential failures and the implementation of preventive measures, 

including self-healing and automatic switching to backup resources. 

Packet Accounting System 

During various tasks and missions, the SWARM protocol utilizes a packet accounting system that 

supports several queue types for managing data flow. This allows for the optimization of data transmission 

based on task priority and current conditions. 

Queue Operation Modes: 

• FIFO (First-In-First-Out): This packet processing mode implies that packets are processed in the 

order they arrive. This approach is most effective in situations where all data has the same priority, 

and it is important to maintain processing sequence. FIFO is used in standard operations where 

uniform resource allocation is required. 

• LIFO (Last-In-First-Out): In this mode, the most recently received packets are processed first. 

LIFO is used in situations where the most current information must be processed immediately, 



while older data can be deferred. This is useful in critical scenarios where the latest changes in 

system status or mission conditions are important. 

• Priority Queue: In this mode, packets are processed based on their priority. High-priority packets 

are processed first, allowing for a prompt response to critically important events. This mode is 

ideal for combat conditions, where certain data, such as alarms or instructions, must be processed 

immediately. 

• WFQ (Weighted Fair Queuing): This mode uses weighted queues to fairly distribute resources 

among different data streams. Each stream receives a certain share of bandwidth, which 

minimizes delays for critical data and ensures balanced information transmission. WFQ is 

especially effective in resource-constrained environments, such as radio frequencies or powerintensive 

communication channels. 

The choice of queue processing mode is determined by the type of mission and current conditions. The 

SWARM protocol can automatically switch between modes or combine them to ensure optimal 

performance and minimal delays in data transmission. 

Drone Synchronization 

To successfully execute missions, the SWARM protocol ensures the synchronization of drone actions, 

achieved through consensus algorithms such as Raft. This is critically important for maintaining decision 

consistency and executing synchronized actions across the network. 

The protocol provides distributed consensus, allowing drones to make collective decisions and coordinate 

actions even in the event of a loss of connection with the central command point. This is particularly 

important in combat situations, where rapid and reliable decision-making is required. 

Autonomy and Self-Organization 

Drones operating under the SWARM protocol possess a high degree of autonomy, enabling them to 

make independent decisions based on current data and mission context. Self-organization algorithms 

allow drones to adapt to environmental changes, restore connections, and coordinate actions with other 

drones. 

The protocol includes self-organization and consensus algorithms, allowing drones to operate both 

independently and as part of a swarm, ensuring network resilience and mission execution in the face of 

connection losses and other unforeseen circumstances. 

Response to Attacks and Coordination of Drone Actions in Combat Conditions 

In combat situations, the SWARM protocol supports the coordination of drone actions, including the 

automatic distribution of tasks and interaction between drones. This includes functions such as automatic 



channel switching, activation of interference generation modes to counter enemy UAVs, and real-time 

task distribution among drones. 

The protocol ensures flexibility and adaptability in executing combat tasks, enabling drones to effectively 

respond to attacks, coordinate their actions, and ensure the safety of both the drones themselves and 

the ground forces they protect. 

The Significance and Future of the SWARM Protocol 

The SWARM protocol, even in its conceptual development stage, holds significant potential to influence 

future military operations and technology. In a world where unmanned aerial vehicles (UAVs) are 

becoming a critical component of military strategies, the development of such protocols is essential for 

maintaining global competitiveness. 

Global Leaders in Swarm Drone Technology 

The United States and China continue to lead the world in the development and application of swarm 

drone technologies. These countries are actively competing for dominance in this field, reminiscent of a 

modern-day arms race, but with more advanced and flexible technologies. The U.S. focuses on 

developing sophisticated software solutions, integrating artificial intelligence to coordinate and manage 

hundreds of UAVs simultaneously. China, on the other hand, emphasizes mass production of cheaper 

drones that can be deployed in large-scale attacks. 

Ukraine and Russia: Practical Experience and Innovations 

In recent years, Ukraine has emerged as a key player in unmanned technology, using drone swarms in 

real combat situations. This experience allows Ukraine to not only actively implement new developments 

but also adapt these technologies to perform complex combat tasks. Despite the strongest 

countermeasures from electronic warfare systems, Ukraine demonstrates high efficiency in using drone 

swarms, making it one of the leaders in this field. 

Russia is also actively developing unmanned technologies, with a focus on electronic warfare and 

counter-drone measures. The Russian military employs both offensive and defensive UAV systems, 

emphasizing the importance of a comprehensive approach to modern warfare, where drones play a 

crucial role. 

Joint Military Exercises and International Cooperation 

Joint military exercises between the United States, the United Kingdom, and Australia, conducted under 

the AUKUS program, have been a significant step in testing and integrating swarm drone technologies. 

These exercises, held in the United Kingdom, allowed participating countries to exchange advanced AI 



models and jointly test UAV systems in conditions as close to real combat as possible. This cooperation 

clearly demonstrates that the future of these technologies will be determined by the countries that can 

most effectively integrate and develop drone swarms within their armed forces. 

Global Challenges and the Importance of SWARM 

As swarm drone technologies evolve, so do the challenges associated with their effective use and 

countermeasures. Countries including the U.S., China, Russia, and Ukraine are actively developing both 

offensive and defensive systems, creating a need for comprehensive solutions. Even in its conceptual 

phase, the SWARM protocol is already playing a significant role in this context. Its further development 

can greatly enhance military capabilities, contribute to security and technological leadership on the 

international stage, and open new perspectives for civilian applications. 

Thus, SWARM not only addresses current challenges but also sets the direction for the future 

development of swarm drone technologies. In the global race for dominance in this field, every new 

development—whether in hardware or software—has enormous significance for the future of military and 

civilian applications. 


Adam Gazdiev is a Full Stack Developer who recently completed a 

comprehensive Full Stack Development course at SyntraPXL in Belgium. He 

has developed strong foundational skills in software development, including 

frontend and backend development, databases, RESTful APIs, and more. 

In addition to his technical training, Adam holds a Master’s degree in 

International Relations from RUDN University in Moscow, graduating with high 

honors. 

His diverse background in public service, business, journalism, and project management equips him with 

the ability to approach technical challenges from a multidisciplinary perspective. This unique combination 

of experiences enables Adam to analyze problems not only from a technical standpoint but also with a 

broader understanding of strategic, operational, and human factors. 

Adam can be reached via email at a.gazdiev@gmail.com, or through his website gazdiev.dev. You can 

also connect with him on LinkedIn or explore his projects on GitHub. 



Cybersecurity: How to Involve People in Risk Mitigation 

By Enrico Frumento, Cybersecurity Research Lead, Cefriel 

Cybersecurity: how to involve people in risk mitigation 

Cefriel presented the white paper "Cyber Security and the Human Element", an in-depth look at how to 

analyze and understand the connections between the human element and cybersecurity for a new 

approach to risk mitigation. 

Milan, 4 July 2024 – As part of the European projects CYRUS and SEC-AIRSPACE, Cefriel, a digital 

innovation center founded by Politecnico di Milano, published the new white paper "Cyber Security and 

the Human Element - Risks and mitigation interventions, starting from people". The text - by Enrico 

Frumento, Cybersecurity Research Lead at Cefriel - explains why people are required to become 

aware of their role in corporate defense and protection mechanisms and how to intervene so that they 

can actively participate in the prevention and mitigation of cyber-attacks. 



The emerging threat related to artificial intelligence is accompanied by some gaps in cyber management 

that have not been fully filled yet, especially in the supply chain and OT and IoT environments. The 

comparison between the level of maturity in the various sectors and the percentage of cyber-attacks 

recorded in Europe and Italy in the first half of 2023 indicates that the Public Administration sector is still 

the most affected by cyber-attacks, recording 19% of attacks in Italy and 23% in Europe. Also significant 

is the number of attacks suffered by the industry sector (17%), which is more than double the 

European average (7%), demonstrating that there is still much to be done for industries on cybersecurity 

aspects. Critical factors that require intervention, according to the Netconsulting report, are particularly 

training and resources to be allocated for IT security investments. Resources are not always 

sufficient, although they are growing by more than 12% per year. 

Why should you start from the human element in cybersecurity strategies? 

At present, a large part of the cybersecurity market focuses on the technical aspects of an attack, while 

little work is done on the so-called "human element". This last one plays a central role according to the 

World Economic Forum's Global Risk Report, given that risks related to people's behavior account for 

almost 95% of the total amount. 

Enrico Frumento, Cybersecurity Research Lead at Cefriel, explains: "In cybersecurity people are too 

often blamed when a cyber incident occurs, as if they were just another source of cyber risk to be dealt 

with. But people are not computer systems, hence, they need specific solutions. We should start by 

asking ourselves how a threat analysis can be carried out on people, how a company can calculate the 

cyber risk related to a person, and how many effective ways there are to reduce it. In general, how can 

you rethink security starting from the so-called human element. That's what we thought about when we 

wrote this white paper." 

What approach should you take to defend and protect your business? 

As explored in the white paper, people must be an integral and active part of the corporate defense and 

protection process, with the ultimate goal of inducing a stable behavioral change in people. To do this, 

the "human element" issue of cybersecurity needs to be addressed with a multicultural and holistic 

approach, including the human factor, human sciences, governance and technologies, to ensure 

sustainable cybersecurity over time both in terms of economics and of technologies, processes, people, 

and skills. 

"Given that the aim of an attacker is always the same," Frumento explains, "attacking a person instead 

of an IT system implies a different process that requires the modification of the attack tactics, with the 

involvement of social engineering and human sciences, such as psychology or behavioural sciences and 

the theories related to the management and modelling of human errors”. 

Social Driven Vulnerability Assessments, like any Vulnerability Assessment or Penetration Test, are an 

extemporaneous sampling of cyber risk that loses its validity when many variables change. Therefore, 

we can start from a Human Risk Management model to enter the paradigm of continuous security, 



starting from people. Taking advantage of this means transforming training from a professional training 

or retraining tool into a cyber risk reduction tool that can increase the resilience of organizations. 

The white paper can be downloaded for free at this link: https://www.cefriel.com/whitepaperen/cybersecurity-how-to-involve-people-in-risk-mitigation/?lang=en 

About CYRUS 

The CYRUS (A personalized, customized, work-based training framework for enhanced CYbeR-security 

skills across indUstrial Sectors) project, GA no. 101100733, will develop an innovative cybersecurity 

training system for employees in the transportation and manufacturing sectors. Traditional training 

courses can be challenging for SMBs, but CYRUS leverages virtualization, simulations, and work-based 

learning to provide effective and personalized training courses based on each employee’s role, skills, 

and aptitude. The goal is to create an “innovation DNA” for cybersecurity, promoting awareness and best 

practices. With CYRUS, employees at all levels can gain the skills and knowledge needed to identify and 

respond to cyber threats, helping protect their businesses from attacks. Website: https://www.cyrusproject.eu/. 

About SEC-AIRSPACE 

The SEC-AIRSPACE project (Cyber SECurity Risk Assessment in virtualized AIRSPACE scenarios and 

stakeholders’ awareness of building resilient ATM), GA no. 101114635, helps create more resilient Air 

Traffic Managers (ATMs) by focusing on reducing the risks of virtualization and increasing data sharing 

between all ATM infrastructure components and stakeholders. The project will improve the state of the 

art of the security risk assessment methodology currently adopted in ATM with leading cybersecurity 

components. Furthermore, the project will investigate the potential of applying the People Analytics (PA) 

concept to increase cybersecurity awareness in ATM organizations. The project results will be validated 

and demonstrated through two realistic use cases, involving stakeholders. Website: 

https://www.sesarju.eu/projects/sec-airspace/. 

Cefriel, digital innovation as a driver for the country’s development 

Cefriel is a not-for-profit digital innovation center, founded in 1988 by the Polytechnic University of Milan 

to help the country’s businesses, society, and economy grow and develop by using and expanding skills 

and knowledge in the field of technologies and digital services. The center’s mission is to make digital 

innovation to benefit the country, organically combining research, innovation, and training, as well as 

leveraging the skills and knowledge from the world of research, companies, and the public 

administration. Cefriel has been a Benefit Corporation since 2023, to help generate a positive impact on 

society, the Country system, and the environment through digital innovation. Cefriel’s activities fall into 

three key action areas: development of the company’s strategic vision and its implementation through 

innovative service and technology adoption plans; design and development of innovative products, 



services, and processes; development of the company’s know-how, organizational models, and 

processes so it can operate successfully on the market and grow responsibly and sustainably. By using 

methods, approaches, tools, and models based on state-of-the-art international research and innovation, 

Cefriel helps companies and the public administration define their vision and establish their strategies for 

seizing on digital technologies, helping them scout and assess innovative technologies, then build and 

manage a portfolio of digital innovation projects. 


Enrico Frumento is the Cybersecurity Research Lead of the Cefriel innovation 

center. Enrico specializes in cybersecurity and has worked in this field for 

several years, in both Italy and other European countries. His work on the 

subject has been published in international journals and books. He is also a 

member of leading European organizations that deal with cybersecurity. He 

has conducted over 20 years of research focused on unconventional security, 

cybercrime intelligence tactics, techniques and technology, countering social 

engineering, and cyber risk calculation systems for the assessment of 

vulnerabilities within organizations 

Frumento can be reached online at enrico.frumento@cefriel.com and at our company website 

https://www.cefriel.com/. 



Exploring the Vishing Threat Landscape 

By Ozan Ucar, CEO, Keepnet 

Voice phishing, also known as vishing, represents a growing threat to organizations worldwide. Keepnet’s 

2024 Vishing Response Report illuminates the alarming statistic that 70% of companies are prone to 

voice phishing incidents, particularly in the Manufacturing & Engineering sectors. 

These sectors often encounter substantial financial repercussions, with organizations facing potential 

losses averaging $14 million annually due to vishing attacks. Keepnet’s report underscores the urgent 

need for companies to bolster their defenses with targeted training and simulation exercises designed to 

enhance employee awareness and readiness against these voice-driven scams. 

Deepening Understanding of Vishing’s Impact 

Voice phishing exploits the human element of business operations, where trust and communication are 

fundamental. Attackers often use sophisticated AI technologies to mimic legitimate entities, making 

fraudulent communications seem more authentic. 

This manipulation taps into the natural human tendency to respond to urgent requests from what are 

perceived as trusted authorities. The consequences of such breaches extend beyond immediate financial 

losses, potentially causing long-lasting reputational damage. 



To counteract these risks, organizations must implement comprehensive and continuous training 

programs. These programs should educate employees on the nature of vishing threats and provide them 

with the tools and knowledge to respond effectively to suspicious calls. 

Why Voice Phishing is Critical 

Voice phishing tactics are varied, aiming to: 

• Capture login credentials for enterprise systems. 

• Initiate unauthorized password resets. 

• Facilitate fraudulent financial transfers. 

Advanced techniques, including spoofed Caller ID and deepfake audio, enhance the authenticity of these 

attacks, making them more difficult to detect. 

Insights from Keepnet’s Vishing Research 

Keepnet’s extensive study, which included over 3,000 calls made through Keepnet’s Vishing platform, 

revealed significant vulnerabilities across various sectors and roles within organizations. 

The Manufacturing & Engineering and Entertainment & Media sectors emerged as particularly 

susceptible, often due to less rigorous cybersecurity training protocols and resource allocation. 

Figure 1: Industry Vulnerability Against Vishing Attacks 



Additionally, roles such as Customer Support were identified as high risk, given their frequent external 

communications. 

Figure 2: Department Vulnerability Against Vishing Attacks 

Departments such as Customer Support are particularly vulnerable to vishing attacks due to frequent 

interaction with external parties. 

Moreover, departments that show no incidents of vishing could either have robust security measures in 

place or simply lower exposure to these risks. Nonetheless, the notable rates of non-responses within 

these departments suggest a potential gap in security awareness. 

Moving Forward with Vishing Defense 

Given its escalating role in cyber threats, addressing vishing is imperative. Here are several strategies 

organizations can adopt: 

• Tailor training to the roles most at risk, such as customer support and sales. 

• Customize training modules to address industry-specific risks. 

• Foster continuous learning and vigilance among employees. 

• Encourage reporting of suspicious calls through a simplified process. 



While vishing remains a potent threat, adopting strategic measures and utilizing effective tools can 

significantly mitigate risks. For comprehensive insights and strategies, refer to Keepnet's 2024 Voice 

Phishing Response Report. 

About Keepnet 

Keepnet is a unified human risk management platform that includes a suite of phishing simulation and 

security awareness products designed to train and prepare employees against various forms of social 

engineering attacks: 

• Email Phishing Simulation: Trains employees to recognize and respond appropriately to phishing 

emails, a common vector for cyber attacks. 

• Smishing Simulation: As SMS scams increase, Keepnet’s smishing simulator helps employees 

identify and avoid SMS phishing attempts. 

• Vishing Simulation: The cutting-edge vishing (voice phishing) simulator teaches staff to be 

cautious of deceptive phone calls. 

• Quishing (QR Code Phishing) Simulation: With the rising use of QR codes, the risk of QR codebased 

phishing grows. Keepnet's Quishing Simulator educates about this emerging threat. 

• MFA Phishing Simulation: Multi-factor authentication is vital for security, but phishing attacks 

targeting MFA protocols are sophisticated. This simulator prepares employees for such attacks. 

• Callback Phishing Simulator: This innovative tool trains employees to recognize and appropriately 

respond to callback phishing, where attackers manipulate victims into calling back on a malicious 

number or link. 

Behavior-Based Security Awareness Training 

Besides these phishing simulations, Keepnet emphasizes the importance of behavior-based security 

awareness training. This approach ensures that employees know the various types of cyber threats and 

are equipped with the knowledge and habits necessary to respond effectively. 

Recognition by Gartner's Voice of the Customer 

Keepnet's commitment to cybersecurity excellence is further validated by its recognition in Gartner's 

“Voice of the Customer Report.” This acknowledgment highlights Keepnet’s role as a leader in the 

security awareness industry, committed to developing innovative, user-centric solutions to combat social 

engineering and enhance organizational security. 




Ozan Ucar is the Founder and CEO of Keepnet. He is passionate about creating 

and delivering cutting-edge cybersecurity products that continuously protect 

businesses of any size from cyber threats. 

Over 16 years in cybersecurity, Ozan has built and exited two successful startups. 

In 2008, he developed a new-generation firewall for my first venture. In 2010, he 

co-founded a cybersecurity consulting and training firm, serving clients globally, 

primarily in the EU and US. 

Ozan’s core competencies include information security, network security, penetration testing, forensics, 

incident response, and cyber security awareness and education. He holds international ethical hacker 

certifications and accreditations. He is also a frequent speaker and contributor to national and 

international conferences, publications, and media outlets on various cybersecurity topics. 

With Keepnet, he aims to provide an extended human risk management platform that continuously 

protects businesses of any size from threats targeting the human element! Contact Ozan on LinkedIn 

and visit our company website https://www.keepnetlabs.com/. 



Fortifying The Links 

The Critical Role of Cybersecurity in Supply Chain Integrity and Third-Party Dependencies 


In today's hyper-connected world, supply chains are the lifeblood of industries, spanning across 

continents and involving numerous third-party vendors. While this interconnectedness brings 

unparalleled efficiency and opportunities for growth, it also introduces a labyrinth of cybersecurity risks. 

Ensuring robust cybersecurity measures within supply chains and among third-party dependencies is not 

just a technical necessity; it's a strategic imperative. 

Supply chains are complex networks involving multiple stakeholders, including manufacturers, suppliers, 

logistics providers, and retailers. Each link in this chain represents a potential vulnerability. 

Cybercriminals are increasingly targeting supply chains to exploit these weaknesses, leading to a rise in 

incidents such as ransomware attacks, data breaches, and intellectual property theft. The consequences 

of such breaches can be devastating, resulting in operational disruptions, financial losses, and damage 

to brand reputation. 



Companies often rely on third-party vendors for critical services, from software development to cloud 

storage. While these partnerships enable businesses to leverage specialized expertise and reduce costs, 

they also create additional cybersecurity risks. A single compromised vendor can serve as an entry point 

for attackers, leading to a cascading effect throughout the entire supply chain. This interconnected risk 

necessitates a comprehensive approach to third-party cybersecurity management. 

The Challenges in Supply Chains 

Lack of Visibility: Companies often lack visibility into the cybersecurity practices of their suppliers and 

partners. This opacity makes it challenging to assess risks and implement effective controls. 

Inconsistent Security Standards: Suppliers and third-party vendors may have varying levels of 

cybersecurity maturity. Disparities in security standards can create weak links in the supply chain. 

Data Sharing and Integration: The seamless exchange of data is vital for supply chain efficiency. 

However, this integration also increases the risk of data breaches if not managed securely. 

Regulatory Compliance: Adhering to cybersecurity regulations such as GDPR, CCPA, LGPD and others 

can be complex, especially when dealing with multiple jurisdictions and partners. 

Strategies for Strengthening Supply Chain Cybersecurity 

Vendor Risk Assessment: Conduct thorough cybersecurity assessments of all third-party vendors before 

onboarding them. Regularly review their security practices and require them to comply with industry 

standards. 

Enhanced Visibility: Implement tools and processes that provide greater visibility into the cybersecurity 

posture of your supply chain. Continuous monitoring and real-time threat detection can help identify and 

mitigate risks promptly. 

Standardized Security Protocols: Develop and enforce standardized cybersecurity protocols across the 

entire supply chain. Ensure that all partners adhere to these standards through contractual agreements 

and regular audits. 

Secure Data Sharing: Use encryption and other security measures to protect data shared between supply 

chain partners. Implement access controls to ensure that only authorized personnel can access sensitive 


Incident Response Planning: Develop a robust incident response plan that includes all supply chain 

partners. Conduct regular drills to ensure that everyone is prepared to act swiftly in the event of a 

cybersecurity breach. 

Regulatory Compliance: Stay informed about relevant cybersecurity regulations and ensure that your 

supply chain practices are compliant. Work closely with legal and compliance teams to navigate the 

complexities of international regulations. 



As cyber threats continue to evolve, so must the cybersecurity strategies of supply chain companies and 

their third-party vendors. By adopting a proactive and comprehensive approach to cybersecurity, 

businesses can protect their operations, safeguard their data, and maintain the trust of their customers. 

Fortifying the links in the supply chain is not just about preventing attacks; it's about building a resilient, 

secure, and sustainable network that can withstand the challenges of the digital age. 

In conclusion, the importance of cybersecurity in supply chain integrity and third-party dependencies 

cannot be overstated. By addressing the cybersecurity challenges head-on and implementing robust 

strategies, companies can ensure that their supply chains remain strong, secure, and capable of 

supporting their long-term success. 


Julio Padilha, CISO, Volkswagen | Audi South America, is a dedicated Cyber 

Security professional with a deep passion for both technology and the dynamics 

of human interaction. He is particularly fascinated by how technology intersects 

with and influences human behavior, striving to create secure digital environments 

that enhance and protect these interactions. 

Julio can be reached at his direct email at julio.padilha@hotmail.com. 



Growing Enterprise Data is Creating Big Cybersecurity Risk 

Take these steps using modern data infrastructure to make your business stronger 

By Octavian Tanase, Chief Product Officer at Hitachi Vantara 

Buzz about big data permeated tech conversations in the mid-1990s, but people today don’t talk as much 

about big data anymore. It’s not that data isn’t big. Data is bigger than ever, and it continues to grow. 

Estimates suggest global data creation will exceed 180 zettabytes by 2025. 

It’s just that data has now permeated essentially every aspect of how we live and do business. Data on 

factory floors, streets and highways, point-of-sale terminals and elsewhere are helping drive business 

transformation and growth, fuel innovation and create competitive advantage. 

Wherever connected devices are present, data is at work or at the ready. It’s just a fact of life. 

So perhaps it goes without saying that data is big. But it is critical to acknowledge and address the big 

cybersecurity risk that data creates for businesses. Part of the challenge is that data now lives here, there 

and everywhere. That makes it more complex than ever to manage and secure data, and easier than 

ever for bad actors to access, manipulate and hold data for ransom. 



A look at the numbers highlights the massive challenge enterprises face in securing their data: 

- Ransomware cost victims tens of billions of dollars in 2021, according to Cyber Defense Magazine, 

which expects enterprise damages from ransomware to surge to the hundreds of billions by 2030. 

- As artificial intelligence (AI) and GenAI tools empower bad actors to launch phishing attacks and expand 

their reach, ransomware attacks between 2022 and 2023 doubled. 

- There was a 64% jump in ransomware claims in 2023, Insurance Journal reports. 

· Meanwhile, the average cost of downtime across industry verticals has gone from $5,600 to $9,000 per 

minute, according to a 2023 report – and that doesn’t even include the additional customer impact, 

company productivity and employee turnover costs. 

The bottom line is that more enterprise data creates both more opportunity and bigger risk. 

Traditionally, enterprises protected themselves in the same style that medieval warriors used – by fighting 

off marauders before they could penetrate the castle’s perimeter. But with data and devices now 

everywhere, hybrid IT environments both on premises and in the cloud, and today’s distributed workforce, 

the perimeter has disappeared. 

All of that makes data management and security more complex and enterprise data more vulnerable. 

And it calls for enterprises to use the technology and deep experience in cybersecurity, data and 

enterprise IT that’s now available to better understand their data and the threats to that data, and to shift 

from a reactive to a proactive cybersecurity posture. 

The first step in making this shift is to identify your data assets, who has access to them and the risk that 

presents. This will help your organization to determine what data is mission-critical and the level of 

investment you should make to store and protect your various data assets. 

Because data lives everywhere, work with an expert to create a data protection modernization strategy 

that strengthens your operational resilience from edge to core. That should include implementing a 

reliable, secure data infrastructure spanning clouds and data centers, branch offices, and user devices 

like laptops and smartphones – wherever your associates use them. 

Employ technology with the ability to create immutable, point-in-time copies of your data. This will help 

your business to recover rapidly if you are hit with an attack in which your data is deleted or changed. 

With an immutable snapshot of your data, restoration is fast and simple. 

Be aware that bad actors are now targeting enterprise backup data in addition to production data. So, be 

sure that your cybersecurity and resilience efforts also cover your backup data. 

Cyberattacks are increasingly using AI to target your data. But you can use AI to fight back! Continually 

monitor for malware with the help of AI. This will allow you to identify threats much faster so you can 

investigate and contain those threats, decreasing the possibility of widespread damage. With AI, you can 

also leverage what you learned from past security incidents to predict and prevent future threats. 

Additionally, AI can work to anonymize your sensitive data so that you can use that data for analytics 

while staying in compliance with data privacy regulations. 



Data security, resilience and compliance aren’t a one-and-done endeavor, and they can’t wait. It’s 

essential to continually evaluate and adapt your cybersecurity strategies to effectively mitigate evolving 

threats and safeguard your enterprise data in today's dynamic landscape. 

Get started now, remain vigilant and focus on continuous improvement. Modern technology is critical to 

do that, but it’s just part of the solution. Work with a trusted ally to bring together the right technology, 

people and processes to decrease your risk and strengthen your business. 


Octavian Tanase is Chief Product Officer at Hitachi Vantara, which is transforming 

the way data fuels innovation. A wholly owned subsidiary of Hitachi Ltd., Hitachi 

Vantara provides the data foundation the world’s leading innovators rely on. Through 

data storage, infrastructure systems, cloud management and digital expertise, the 

company helps customers build the foundation for sustainable business growth. 



How Government Agencies Can Level the Cybersecurity 

Playing Field With AI/ML 

By Dr. Sarbari Gupta, Founder and CEO, Electrosoft Services, Inc. 

The threat cybercriminals pose to federal information systems and networks is real and pervasive. 

Defending against unauthorized intrusions is a full-time effort for federal agencies and the contractors 

that support them. Complicating the effort, today’s cyber resilience is both challenged and bolstered by 

artificial intelligence and machine learning, with cyber defenders and cybercriminals vying to gain the 

edge. 

Harnessing AI/ML for Early Threat Detection and Defense 

In cybersecurity, early detection is paramount. AI, with its rote task automation and round-the-clock 

availability, offers speed and algorithmic precision in evaluating large amounts of data. It can also identify 

suspicious activities, behaviors, and even zero-day attacks. Its pattern recognition capabilities surpass 

those of human analysts, adding to AI’s early detection credentials. Moreover, AI’s capability to distill and 

analyze data can better separate “real” threats from miscues or lower-priority issues, sparing analysts 

from this time-intensive task and allowing them to focus on critical events. 



AI can counter a relatively new and impressive threat: the bot. Beyond expected actions (bot recognition 

and blocking), AI offers enhanced security features (e.g., stronger captchas) and the capability to create 

honeypots that attract bots and allow analysis of their functioning in controlled environments. AI and ML 

also shine in their capacity to recognize and detect new malware variants based on experience with 

earlier versions. 

Speedier detection allows IT staff to quickly institute defensive measures. Additionally, AI can undertake 

defensive action on its own. As an example, AI can redirect system traffic to unaffected servers. Also, AI 

can block suspect IP addresses and incoming emails believed to contain phishing schemes as well as 

close compromised accounts. 

AI for Proactive Cyber Resilience 

AI can function in proactive ways, too. It can scan systems and identify vulnerabilities in need of 

strengthening. Additionally, it can automate system functions, such as patch management, to ensure 

software vulnerabilities are remedied quickly. 

AI heightens secure authentication measures which, if undermined, offer a common gateway into 

systems or networks. AI allows multifactor authentication, whereby systems can request and process in 

real time something you know (password or PIN), something you have (PIV card or token), or something 

you are (biometrics such as a fingerprint). AI elevates this triad by detecting patterns regarding when a 

user typically logs on, the device most often associated with the user, the locale from which logon occurs, 

and so forth. When changes in these patterns occur, it can signal an effort to gain unauthorized access. 

Last, but not least, AI/ML offers predictive forecasting capabilities. The same features that discover 

suspicious activity and unusual behavior patterns can warn analysts of events that could be indicative of 

a future attack. Knowing that something nefarious may be afoot enables an organization to boost 

defenses and institute other preventive measures. Of course, it is not an exact science but, as the adage 

goes, “An ounce of prevention is worth a pound of cure.” Attacks can be devastating and expensive in 

terms of organizational disruption and the costs of system software and hardware as well as data 

recovery and forensics. 

Prediction capabilities increase when AI and natural language processing work in tandem. By drawing 

on sources such as the Cybersecurity & Infrastructure Security Agency Cybersecurity Alerts & Advisories, 

as well as other information sources such as studies, news articles, and the like, AI tools increase their 

capacity to discern the latest attack precursors and prevent them. 

Cybercriminals Are a Step Ahead 

Cybercriminals seem to have untold resources, some derived from the sponsors of their crimes and some 

from their victims. Safe to say, most organizations don’t possess the same deep pockets or the learning 

opportunities that a life of crime offers, giving cybercriminals an advantage. 



Attackers are continually creating new bots, new malware, and honing their phishing attacks. In addition, 

use of AI to create deepfakes is a potent weapon on many levels, motivating individuals and organizations 

to take action due to non-reality-based audio and video. Here, AI is at once the creator of criminal tools 

and the executor of the crime. 

AI currently appears to afford cybercriminals greater advantage. So, how can we turn the tables on these 

malicious actors? 

Leveling the Playing Field with AI/ML 

Many organizations desire strong cybersecurity, but such an objective is resource-intensive in terms of 

the budget needed to support personnel, equipment, and other tools. One key to cyber resilience is 

moving toward digital transformation and modernization, incorporating the cloud and zero trust 

architectures. Another is the adoption of AI and ML to help level the playing field through automation. 

Federal agencies are on the right track in the AI realm. The opportunity is to do what they’re doing now, 

even better: 

o 

o 

o 

o 

o 

Advanced Identity, Credential, and Access Management approaches 

Enhanced forecasting and prediction models 

Better pattern recognition algorithms 

Augmented risk identification and management capabilities 

And more … 

Combined, these advances – and those we can’t even imagine today – will offer the resilience necessary 

to switch the advantage to our cyber defenders. 


Dr. Sarbari Gupta is the Founder and CEO of Electrosoft Services, Inc. She is 

a recognized thought leader and speaker on cybersecurity, zero trust, 

ransomware, ICAM, FIDO passkeys, OSCAL and more. She is an active NIST 

collaborator and co-author, helping to shape cybersecurity standards and 

guidelines to improve federal cyber resilience. 2022 was a banner year for 

Electrosoft, with record revenue and 25% Y/Y growth – and the company is on 

track for 60% growth in 2023. Dr. Gupta is passionate about STEM education 

and encouraging women to embrace and stay in STEM fields. She serves as a 

mentor for Women in Technology (WIT) and is a member of the board of advisors for University of 

Maryland Women in Engineering (WIE), providing support and mentoring to women entering an 

engineering field. 

Dr. Gupta can be reached online via LinkedIn and at our company website https://electrosoft-inc.com/. 



How To Fight Scattered Spider Impersonating Calls to The IT 

Help Desk 

By Ori Eisen, Founder & CEO, Trusona, Inc. 

Imagine you worked for years on building your cyber defense. You built all the systems you need, all the 

policies are in place, and you are humming along. 

When the proverbial “cyber walls” became too high, the cyber gangs decided to try something new. 

Instead of breaking your cyber walls, cracking them, jumping over them, or tunneling underneath them… 

what if they decided to go around them? 

If you operate an IT Help Desk, use a vendor or MSSP, you will now experience this issue. 

Let’s say hackers attempt to reset a password or get privileged access, and your current process requires 

MFA. The hackers will attempt to socially engineer the IT help desk and /or the targeted user to gain 

access. Obviously, the IT Help Desk agent is a great target for social engineering since they are the 

single point of failure that can open the door and allow hackers to come through the gate. 



“That isn’t new; social engineering attacks have been around since…” – you might be saying that to 

yourself. You are right, almost. 

What changed in the last eighteen months that could make social engineering more potent and 

accessible for the attackers? 

 

ChatGPT was launched on November 30, 2022. 

Use this date to delineate between the good old days of cyber security and our present state into the 

future. 

Why? 

We now see that to mimic a user or an identity, you can simply ask GenAI tools to help you. You can 

create excellent deepfakes with free tools available to anyone online. 

See this image from an article cited below: 

Source: 

fake-ids- 

https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out- 



Can you tell if this is a real image of a California driver license, or a deepfake made by GenAI? 

Yeah, I know – it’s hard to tell. 

In the world before GenAI, you could use standard tools to verify the caller to the IT Help Desk. Now you 

simply cannot. 

The caller can use AI tools to mask their voice or video and create any image of a credential to 

masquerade as an employee of your company. 

See this video as an example: https://www.youtube.com/watch?v=nb3R30b-uhc 

I started this article by describing the cyber defense walls you built over the years and how, now, cyber 

gangs can simply walk around them. They are effectively turning them into a “turnstile in the middle of 

the desert,” as one wise risk manager once told me. 

How? 

The hackers would call your IT Help Desk and when the agent asks for any of the tools you provided the 

employee: MFA, hardware FIDO key, [fill in the blank], the caller will simply say, “I don’t have it.” 

Deal with it. 

You see, if you build a zero trust environment and expect to verify the identity every time - the hackers 

can also say that their work bag with their PC and gizmos have been stolen. So now you are “forced” to 

downgrade your bar and rely on other authentication methods. 

However, my point is, that once you stop using the authentication methods you set up, it is no longer an 

authentication issue. It has now become an identity verification issue. 

Who is on the other end of the call? 

I wish what I am writing was fictional, yet with cases like MGM, this is now the crisis of the day. 

“A phone call to the helpdesk was likely all it took to hack MGM.” 

https://arstechnica.com/security/2023/09/a-phone-call-to-helpdesk-was-likely-all-it-took-to- 

Source: 

hack-mgm/ 

onlyfake/?utm_source=frankonfraud.beehiiv.com&utm_medium=newsletter&utm_campaign=neuralnetworks-can-churn-out-20-000-fake-id-s-a-day 

What can you do about it? 

Upgrade your IT Help Desk process and tooling when the caller CANNOT use the tools you gave them. 

Do not rely on identity verification methods that predate the GenAI revolution, as they are being foiled 

like a hot knife through butter. 

Do not let your agents say, “I know the voice of our CEO, so I know it was them talking to me…” 



Those days are over, and a simple public Facebook video can be used to train an AI model on the voice 

of anyone. 

Defenders should use identity verification tools that actually check with authoritative sources to ensure 

that government issued IDs are real. Otherwise, you are left to guess with fraud detection algos, which 

does not thwart what the attackers are doing. 


Ori Eisen is the Founder & CEO of Trusona, Inc. He has spent the last two 

decades fighting online crime, and is respected for his business knowledge 

and leadership. 

Prior to founding Trusona, Mr. Eisen founded 41st Parameter – the leading 

online fraud prevention and detection solution for financial institutions and 

e-commerce. 41st Parameter was acquired by Experian in 2013. 

Prior to 41st Parameter, Mr. Eisen served as the Worldwide Fraud Director 

for American Express focusing on Internet and counterfeit fraud. During his 

tenure, he championed the project to enhance the authorization request to 

include Internet specific parameters. 

Prior to American Express, Mr. Eisen was the Director of Fraud Prevention for VeriSign/Network 

Solutions. By developing new and innovative technologies, he skillfully reduced fraud losses by over 85 

percent in just three months. 

Mr. Eisen is often quoted by industry insiders, and receives numerous invitations to keynote industry 

events and conferences. Mr. Eisen holds a Bachelor of Science degree in business administration from 

Montclair State University and he holds over two dozen cybersecurity patents. 

In his free time, Mr. Eisen volunteers with Thorn, the digital defenders of children. He founded Ball to All, 

a charity that donates free soccer balls around the world to children who have never had one. He is a 

founding member of Security Canyon – Arizona’s Cyber Security Coalition. He resides in Scottsdale and 

is married with two children. 

Mr. Eisen has dedicated his life to fighting online crime. 

Ori can be reached online at linkedin.com/in/orieisen and at our company website https://trusona.com. 



How To Privacy-Proof the Coming AI Wave 

By Benoit Chevallier-Mames, VP Privacy-Preserving Cloud and ML, Zama 

Everyone has noticed that we have entered the AI era. AI is everywhere: to improve customer experience, 

reduce costs, generate stunning and surreal images. The size of the Artificial Intelligence market is 

expected to reach a value of US$184.00bn, with a projection of year-to-year growth of 28.46%. 

Meanwhile, startup creation continues to boom and many of them heavily feature AI in their objective and 

means; partially because it's really the new frontier and partially, understandably, because it's one of the 

best selling points to raise money. 

Big companies are working on improving their models, training on larger and larger datasets, adding 

capabilities to win the fight for the "best model". Lot of startups, on the other hand, are using those models 

to build applications, with expected-to-be killer services that the user doesn't know how he was able to 

live without. But still, in this AI revolution, there are security and privacy aspects which are left a bit aside. 

In particular, privacy concerns are most of the time overlooked, while the danger here is enormous: it's 

your personal data which is used in this fight, and you are leaking some of your most unique and private 

assets here. Alarmingly, a recent survey indicates that, for developers, AI is the second biggest threat to 

privacy just after cybercrime: the reality is that with increasingly sophisticated malicious tools potentially 



in the hands of a new generation of cybercriminals, AI is likely bound to become the number one menace 

within a few years. 

Are we doomed? Well, there could certainly be solutions, or at least, mitigations. First, as a user, you 

could (or should?) refuse to send your private data to companies. Yes, there is data which are sent 

without you really knowing or accepting, another subject which authorities should regulate. Here, we are 

speaking about data you deliberately send to third parties. Sure, having an analysis of your DNA to predict 

future disease or find your ancestors looks cool. But sending your data leaks your DNA forever. It's a pity 

since it has recently been shown that it is possible to replace those computation by computation over 

encrypted DNA, with no way for the provider to see your data in the clear. Here obviously, we are 

speaking about the different Privacy-Enhancing Technologies (PETs) which are growing, and in particular 

about Fully Homomorphic Encryption (FHE). With FHE, you could have the same services, the ML 

inferences, but done on encrypted data. There is a cost to pay: more integration work for the service 

provider (even if a lot of efforts was done by FHE companies to make the FHE toolkits more and more 

user-friendly to non-cryptographers), and also a longer inference. All of this is certainly acceptable in lot 

of cases, to keep your data private: instead of doing a DNA ancestry computation in one minute, it would 

maybe take 10 minutes or 1 hour, but for us as users, it's much better and we would agree to pay for this 

extra-security on our data. 

Then, what about training? Here as well, we could encourage companies to train on encrypted datasets, 

with PETs. Certainly here, an effort by authorities and regulations could be needed, to force companies 

to avoid the easy-but-non-private path. It's a shame that clear data is used for training, leaking your data 

in the future inferences some other people will make. Training on encrypted data has also been shown 

to be doable, at least to some extent, and regulation or concerns should double the efforts to make it 

even more practical. However, let’s not forget that here PETs are not the solution to the whole problem, 

and other security measures like Differential Privacy would also be needed. 

The key is to be able to reconcile the need for big data sets with a collaborative approach that can, at the 

same time, improve results without compromising privacy. The development and use of open-source 

resources - research papers, software, tools - should be encouraged by authorities and regulators and 

valued by companies. For example, our company makes open-source tools for developers, for them to 

add privacy in their applications for their users. We've worked on our tools to make them easy to use, 

without any particular knowledge of cryptography. People shouldn’t have to care about privacy: not 

because it's not important but because it should be there de-facto, everywhere and transparently. In our 

case, simplicity came by using the development tools the developers are already used to: Python for AI, 

Solidity for blockchain. We took inspiration from Scikit-Learn and PyTorch for our AI framework, such that 

it is already familiar to experienced ML practitioners. Now we believe that using FHE is easier than ever. 

This highlights the urgent need for robust security measures and transparent practices to safeguard 

personal information against unintended disclosures, ensuring that public trust in emerging technologies 

is not eroded. 




Benoit Chevallier-Mames, VP Privacy-Preserving Cloud and ML, Zama , is a 

security engineer and researcher and currently leads the Cloud and ML division 

at Zama, developing an FHE compiler and privacy-preserving ML libraries. He 

has spent more than 20 years between cryptographic research and secure 

implementations in a wide range of domains such as side-channel security, 

provable security, whitebox cryptography, fully homomorphic encryption and, 

more recently, machine learning. 

Prior to Zama, he securely implemented public-key algorithms on smartcards in 

Gemplus for seven years, worked for the French governmental ANSSI agency, 

and then designed and developed whitebox implementations at Apple for 12 

years. 

Benoit can be reached online on LinkedIn and at our company website https://www.zama.ai/. 



How to Use AI in Cyber Deception 

By Zac Amos, Features Editor, ReHack 

For years, cyber deception has been an excellent tool against would-be cybercriminals. However, the 

cybersecurity landscape is constantly evolving — and many conventional techniques are no longer as 

effective. Is artificial intelligence the solution? If business leaders know how to deploy it effectively, they 

can benefit from the value it generates. 

1. Build Adversary Profiles 

Despite what some may think, AI isn’t a passing trend. Its value in the cybersecurity market will reach 

$133.8 billion by 2030 — a 330% increase in a six-year period. Utilizing AI to build an accurate adversary 

profile lets security professionals reverse engineer cybercrime, helping them identify malicious 

techniques and habits. 



Moreover, it gives them insight into bad actors’ motivations and thought patterns. They can use this 

information to strengthen their defenses and potentially uncover attackers’ identities. 

2. Keep Attackers Engaged 

Deception isn’t just for bad actors; now, cybersecurity teams are using their own deception techniques to 

stop scammers in their tracks. The good news is attackers aren’t likely to recognize their own strategies. 

For example, phishers rely heavily on urgency and generic greetings and phrases — and so can 

cybersecurity teams. They can employ large language models trained to use these same techniques to 

keep bad actors engaged for longer, making the scammers believe they’re duping an actual employee. 

In reality, cybersecurity teams are cataloging their tools, message frequency and language usage to 

defend against their strategies. 

3. Analyze Tactics and Targets 

AI’s rapid processing capabilities enable it to analyze adversaries’ tactics and tools to identify their 

presence and understand their target. It can detect subtle deviations and trends far more accurately than 

humans can, so using it in cyber deception to attract, trick and trap threats is a sound strategy. 

4. Generate Deceptive Assets 

A generative model can automatically design or engineer fake files, logs, applications, directories, 

employee profiles and network topologies to imitate legitimate data storage systems or network activities. 

Its ability to craft synthetic credentials, datasets, system logs and communications can be invaluable 

during deception campaigns. 

How AI Improves Cyber Deception Strategies 

Adaptation is one of the most significant ways AI improves honey-potting strategies. Machine learning 

subsets can evolve alongside bad actors, enabling them to anticipate novel techniques. Conventional 

signature-based detection methods are less effective because they can only flag known attack patterns. 

Algorithms, on the other hand, use a behavior-based approach. 

Synthetic data generation is another one of AI’s strengths. This technology can produce honeytokens — 

digital artifacts purpose-built for deceiving would-be attackers. For example, it could create bogus 

credentials and a fake database. Any attempt to use those during login can be categorized as malicious 

because it means they used illegitimate means to gain access and exfiltrate the imitation data. 

While algorithms can produce an entirely synthetic dataset, they can also add certain characters or 

symbols to existing, legitimate information to make its copy more convincing. Depending on the sham 

credentials’ uniqueness, there’s little to no chance of false positives. 



Minimizing false positives is essential since most of the tens of thousands of security alerts professionals 

receive daily are inaccurate. This figure may be even higher for medium- to large-sized enterprises using 

conventional behavior-based scanners or intrusion detection systems because they’re often inaccurate. 

Considering 51% of security decision-makers already agree their teams are overwhelmed by alert 

volumes, leveraging AI to mitigate false positives and handle incident response is ideal. Decision-makers 

can even train it to send high-priority or particularly complex cases directly to cybersecurity teams, 

ensuring it remains accurate. 

Is AI-Driven Cyber Deception Cost-Effective? 

Generally, deception strategies are relatively inexpensive to deploy. In one case study, factoring in standup, 

experiment and tear-down costs, professionals spent just $0.25 per operation on average. Even 

accounting for the 24.76 hours of labor and computing resources they utilized, the overall expense is 

negligible, even for small- and medium-sized businesses. 

That said, even though the cost is low, there’s no such thing as too affordable. Since AI accelerates time 

to completion and doesn’t require a salary in exchange for labor, it can significantly reduce companies’ 

campaign expenditures. These cost savings can help offset spending on building and deploying a model. 

On the topic of labor, availability is another AI-driven improvement. Traditionally, hand-crafting fake 

assets, login pages and datasets is time-consuming. These hours worked — along with those required 

during the inevitable incident response that follows an alert — are often one of the most expensive budget 

line items during these kinds of operations. 

Since machine learning models don’t need breaks, sick days or time off, they can work around the clock. 

In addition to being much more affordable than paying hourly wages for multiple team members, this 

approach is also a sound cybersecurity strategy. After all, cyberattacks don’t happen exclusively during 

working hours. 

Strategic Implementation Tips for Businesses 

Businesses seeking to incorporate algorithms into their existing honey-potting strategies should ensure 

their infrastructure supports integration. This kind of use case is complex, requiring an extensive 

collection of resources, data repositories and notification systems. Hiring a specialist for their expertise 

or leveraging a human-in-the-loop model would be ideal. 

Organizations should carefully consider algorithm type before progressing with implementation. One in 

the machine learning subset is optimal because it can evolve as it absorbs new information. 

Whatever decision-makers choose, they must remember to focus on their environment as much as their 

model type and imitation assets. Attackers constantly work to identify and avoid honeytraps, so firms 

must work just as hard to stay ahead. They should ensure their fake resources, websites and traffic logs 

are as convincing as possible. 



Since no real-world network or data repository would remain unsecured despite containing valuable or 

sensitive information, cybersecurity teams should strongly consider leveraging weak security tools to 

make their environments seem more believable. As a bonus, this approach may also tell them more 

about attackers’ tactics and intentions. 

The Bottom Line of Using AI in Cyber Deception 

AI won’t instantly improve an existing honey-potting strategy — cybersecurity professionals must actively 

seek out gaps and tactically use this technology to fill them. At the end of the day, software is only as 

good as the strategy supporting it. 


Zac Amos is the Features Editor at ReHack, where he covers cybersecurity and 

the tech industry. For more of his content, follow him on Twitter or LinkedIn. 



HTTP 1.1 Vs. HTTP 2: What Are the Differences? 

By Russell Walter, Freelance Writer 

According to this recent report by McKinsey, 87% of consumers say they won't do business with your 

company if they have concerns about your security practices. So if you're serious about protecting your 

company's reputation and bottom line, data privacy can never take a back role. 

To be able to transfer data efficiently over networks, one of the key technologies you will want to 

implement is the HyperText Transfer Protocol (HTTP). But still with HTTP, there are variations. 

So, it can get a little confusing especially if you're a first timer hence the seemingly, never-ending debate 

on HTTP 1.1 vs. HTTP 2. We created this guide to clarify the differences between HTTP 1.1 and HTTP 

2. At the end of this guide, you should be able to tell; 

• What is HTTP 1.1 plus its features and benefits 

• What is HTTP 2.0 plus its features, benefits 

• What are the key differences between HTTP 1.1 and HTTP 2? And most importantly, 

• How to implement HTTP 2.0 on your website 



Read on! 

What is HTTP 1.1? 

When talking about HTTP, one of the versions that get mentioned quite a lot is HTTP 1.1. Developed in 

1997, it is the current version of HyperText Transfer Protocol and is used for data exchange between 

web servers and clients. The most standout features which differentiate this version of HTTP from its 

predecessor are; 

• The incorporation of methods like PUT, DELETE and OPTIONS to enhance functionality, 

• The introduction of features like chunked transfer encoding and HTTP pipelining to improve 

performance and flexibility over HTTP 1. 

Also, when talking about HTTP 1.1 vs. 2.0 a key question that comes up quite often is; what are the 

benefits of HTTP 1.1? Well, the benefits of HTTP 1.1 are numerous but the most significant ones include; 

• Improved Caching: HTTP 1.1 offers better caching mechanisms. For example, it offers 

conditional GET requests and caching negotiation which means that clients can store responses 

and reduce unnecessary network traffic. This ensures that load times are faster and the server 

load gets reduced. GET request is essentially an option of accessing data from a server, and 

caching negotiation just as it sounds is a quick negotiation between a client and the origin server. 

• Persistent Connections: Unlike HTTP 1.0, which requires a new connection for each request, 

HTTP 1.1 provides support for persistent connections. This allows multiple requests to be sent 

over the same connection hence reduced latency and improved overall performance. 

• Efficient Request and Response Handling: As earlier mentioned, HTTP 1.1 introduces new 

methods like PUT, DELETE, and OPTIONS. These new methods allow for finer control over 

server resources. What's more, they also support HTTP pipelining and chunked transfer encoding 

which further reduces latency and enhances efficiency when handling large payloads. 

What is HTTP 2.0? 

Still, in the debate of HTTP 1.1 vs. 2.0, many people ask; what is HTTP 2.0 and what are its features? 

Here's a quick back story and what HTTP 2.0 really is; 

With HTTP 1.1 already in place, technology continued to evolve and HTTP 1.1 became outdated. To 

keep up with the technology advancements, HTTP 2.0 was developed. 

Now, HTTP 2.0 is the second major HTTP network protocol version used in the transmission of data over 

the Internet. It comes with several key features that enhance performance and efficiency in web 

communications. Key among these features include; 

• Server Push to allow the server to send additional information needed for a request before it is 

requested. 



• Multiplexing to allow for multiple requests and responses to be sent at the same time over a single 

connection. 

• Header Compression to compress headers that have been requested previously to reduce 

overhead and improve data transfer speeds. 

• Binary Protocol. Here, HTTP 2.0 introduces the use of a binary format instead of plain text, which 

is more efficient for parsing and processing by computers. 

• Stream Prioritization which allows for the exchange of multiple streams of data at the same time, 

with the ability to prioritize streams based on importance. 

HTTP 2.0 Advantages 

Thanks to the new features that HTTP 2.0 introduces, it also comes with several advantages, mostly 

leaning on security and efficiency. Here’s a quick roundup of HTTP 2.0 benefits; 

• Binary Protocol: Unlike its predecessor, HTTP 2.0 uses a binary protocol which means that only 

binary commands in the form of 0s and 1s are transmitted over the wire. This binary framing layer 

divides messages into frames segregated by type to enhance not just security, but also 

compression, and multiplexing efficiency. 

• Server Push: HTTP 2.0 introduces server push; a feature that allows the server to anticipate the 

resources needed by the client and push them before the client requests them. Now, while the 

client can reject server pushes, this feature improves efficiency by reducing the need for additional 

requests. 

• HPACK Header Compression: HTTP 2.0 also utilizes the HPACK header compression algorithm. 

This feature is resistant to attacks like CRIME and uses static Huffman encoding to reduce 

overhead and improve performance.\ 

• Multiplexing: HTTP 2.0 introduces multiplexing. This feature allows for the interleaving of requests 

and responses over a single TCP connection without head-of-line blocking. It enhances 

performance by reducing latency and improving efficiency. 

What are the Differences between HTTP 1.1 and HTTP 2.0? 

HTTP has evolved significantly. But it is available in more than one version. So, when wanting to 

implement the technology, it is natural to wonder; what are the differences between HTTP 1.1 and HTTP 

2.0? 

Well, the key difference is that HTTP 2.0 offers substantial improvements over HTTP 1.1. Here's a quick 

rundown of the key differences: 



• Buffer Overflow Handling: While HTTP 1.1 is Vulnerable to buffer overflow due to fixed buffer size 

HTTP 2.0 comes with a flow control mechanism. This feature allows HTTP 2.0 to mitigate overflow 

risk and send data in manageable chunks. 

• Protocol Efficiency: HTTP 1.1 relies on plain text. Even though the shared data is readable, it is 

less efficient. HTTP 2.0 on the other hand uses binary protocol, a feature that enhances data 

transmission efficiency. 

• Resource Request Prediction: HTTP 1.1 is reactive. It requires the client to request resources 

sequentially. On the contrary, HTTP 2.0 is proactive with features like server push which 

preemptively sends resources to the client to reduce page load times. 

• Multiplexing Capability: HTTP 1.1 establishes separate connections for each request/response 

which increases latency. However, HTTP 2.0 supports multiplexing which enables simultaneous 

transmission to improve performance and reduce latency. 

The table below summarizes the key differences between HTTP 1.1 and HTTP 2.0 

HTTP 1.1 HTTP 2.0 

Development 1997 2015 

Binary Protocol No Yes 

Multiplexing No Yes 

Performance Less efficient More efficient 

Compression Self-compresses Uses HPACK 

Security Standard Uses Secure Remote Protocol 2 

(SRP2) 

Buffer Overflow Vulnerable Prevents buffer overflow 

vulnerabilities 

How do you implement HTTP 2.0 on the website? 

HTTP has evolved considerably since its inception. Now with HTTP 2.0 offering faster, more efficient 

browsing experiences, it is the version you may want to implement on your website. 

Implementing HTTP 2.0 isn't as difficult as it may sound though. Follow the steps below to implement 

HTTP 2.0 on your website; 

• Updating Web Server Software: Ensure your web server (e.g., Apache, Nginx) supports HTTP 

2.0. Upgrade if necessary. 



• Get an SSL Certificate: HTTP 2.0 requires SSL encryption. So, you will have to buy and install a 

valid SSL certificate for your website. 

• Update Website Code: Modify your website's code to use HTTP 2.0 features. This includes using 

multiplexing for concurrent requests and server push for faster loading. 

• Test Compatibility: Thoroughly test your website for HTTP 2.0 compatibility. Check for browser 

support and overall performance. 

• Configure Server: Configure your server to use HTTP 2.0. Redirect all HTTP 1.1 requests to the 

new protocol. 

The Bottom Line 

HTTP is still the primary protocol for sharing information over the internet. It has gone through plenty of 

changes over time thanks to the changing needs of web security and performance. I hope that with this 

in-depth HTTP 1.1 vs. 2.0 comparison, you will have a better idea of what works for you. 


Russell Walter is working as a freelance content marketer. Currently, 

mainly he works for SSL2BUY.com. He has expertise in tech and 

cybersecurity niches. His insights into web security and threat mitigation 

are helpful for readers. You can contact Russell at 

https://www.linkedin.com/in/walter-russell-89a1b1254/. 



7 Steps International Organizations Must Take to Defend 

Critical National Infrastructure 

Collaborative Strategies for Protecting Global Critical Infrastructure in the Digital Age 

By Chris Gibson, CEO, FIRST 

Critical national infrastructure (CNI) is at risk in countries across the globe. When attackers target CNI 

systems—which include power plants, emergency services, hospitals, and transportation—it can cause 

life-threatening disruptions. We’ve seen this often with AT&T’s outages earlier this year preventing 

emergency calls, and more recently with the FBI's LockBit Hack, where the notorious ransomware gang 

claimed to resume operations by posting stolen data from five companies, despite a recent global law 

enforcement crackdown. With AI technology advancing rapidly, the threat has only become more serious. 

That’s why it’s more important than ever for security leaders and practitioners alike to facilitate better 

communication and information sharing among cyber security teams. It’s the responsibility of the global 

technology community to keep these and other security threats at bay. Annual security events like the 



FIRST Cyber Threat Intelligence Conference and FIRSTCon are perfect incubators for the community to 

share goals, ideas, and information on how to protect CNI and improve cyber security worldwide. 

For example, this year at FIRSTCon we gained deeper insight into how countries can work more closely 

with one another to establish trust, share information, and collaborate. Below I’ll dive into some of the 

most urgent actions that both private companies and governments can take right now to secure CNI and 

defend against global cyber threats. 

1. Share Knowledge Between Countries 

Awareness of cyber security threats should not be siloed between countries. Many online threats are 

borderless — an attack that impacts citizens of one country could just as easily harm citizens of another. 

That’s why global security leaders must establish regular meetings to share knowledge of potential 

threats and their current defense strategies. 

The regularity of these meetings is key, as the digital threat landscape is constantly changing, and should 

happen at least quarterly. One method for collaboration between countries should be joint training 

exercises and simulations. Security leaders from different governments can share the practices they use 

to train their security teams to ward off attacks. This will help multiple countries develop coordinated 

defense strategies for the best possible chance at completely eliminating a known threat. 

Holding regular meetings has other benefits - it builds connections between countries such that when a 

crisis occurs there’s an existing pathway to communicate between people who have already met and 

developed a level of trust. In the world of cyber incidents, speed of communications is of the essence. 

Without this type of globally shared knowledge, cyber threats from other countries are less detectable, 

which means more risk for everyone online. The international security community must establish trust 

and share information willingly and often to protect CNI globally. 

2. Create Pathways Between Public and Private Sectors 

Exchanging information and building trust between the private and public sectors is essential for 

protecting CNI. As we all know, the public sector neither owns, nor operates, nor has the knowledge to 

be wholly responsible for protecting CNI. Private companies often possess cutting-edge technology, 

specialized expertise, and new approaches to security that can offer greater protection to CNI than 

government resources alone. The private sector also tends to have greater financial resources, which 

means security measures can be implemented more quickly than they can in governmental agencies. 

Organizations should establish frameworks for sharing threat intelligence between government agencies 

and the private sector to ensure this type of information is shared regularly and that the process is as 

seamless as possible. 



3. Multi-stakeholder Collaboration in AI Governance is Vital 

According to Satoshi Okada and Takuho Mitsunaga of Toyo University in Japan, AI technology has both 

positive and negative impacts when it comes to cybersecurity. AI can be used to predict attacker behavior, 

assist in threat modeling, and in methods like the SOAR approach (security orchestration, automation, 

and response) to alleviate the strain on IT teams by incorporating automated responses to a number of 

different security events. 

However, AI decisions and predictions can exhibit bias due to the datasets and algorithms they are 

trained on. AI is not always able to make fair and responsible decisions — one example of this is the 

false arrests caused by AI-based facial recognition technology. This is why we need inclusive and diverse 

perspectives in AI governance. Multiple stakeholders should be involved in the development and 

implementation of AI governance to ensure the safety, ethics and societal benefits of the technology. 

4. Communicate More Effectively with Senior Leadership 

In a session led by Merisa Lee of Cisco Meraki, she emphasized the importance of improving 

communication between IT teams and senior leadership. To have the best chance at protecting your 

organization from cyber threats, it is vital to get everyone within the company on the same page. This 

principle applies to protecting CNI as well, where alignment among all members of the governing body is 

crucial. 

Incident Response team managers spend a lot of time working on the technical side, but translating this 

into something that senior leadership understands can be difficult. Most teams use industry standard 

metrics such as Time to Detect (TTD), Time to Acknowledge (TTA), Time to Mitigate (TTM), and Time to 

Resolve (TTR), yet none of these actually tells leaders how your program is doing or how mature your 

security stance is. Successfully telling a clear and concise story to your leadership with a measurable 

standard will effectively highlight where your Incident Response program is succeeding and where you 

need more budget or resourcing to improve your program. 

5. Embrace Information Sharing in Defense Strategies 

Luca Morgese Zangrandi of the non-profit research organization TNO in the Netherlands, and Vasileios 

Mavroeidis of the University of Oslo, led another session that highlighted the importance of information 

sharing when it comes to defense plans. 

Security and Incident Response teams are increasingly automating their workflows for security 

management, incident, and threat response. Many are now embracing the concept of playbook-driven 

workflow orchestration — when fully or partially automated sequences of tasks are carried out in response 

to a triggering event. Currently, most of these playbooks limit the ability to collaborate and exchange 

defense plans and techniques across organizational boundaries. 



Using the CACAO method (Collaborative Automated Course of Action Operations) could help overcome 

this. The CACAO method provides a common, repeatable framework that can be shared and executed 

across technological and organizational boundaries to better facilitate information sharing. This would 

ensure that every team within an organization has the same threat information and the same defense 

plan when an attack occurs. 

6. Create Formalized Information-Sharing Agreements 

Importantly, the type of information sharing covered so far may require local legislation to first be updated 

to allow for this type of transparency between countries, governments, and private companies. 

Short of changing information-sharing laws in your country, a more achievable route may be to create 

formalized information-sharing agreements or memoranda of understanding (MOUs) between the 

organizations working together. This will establish legal frameworks for information exchange, and 

address confidentiality and data protection concerns. 

By establishing legal pathways for information sharing locally, cyber security innovation can be 

accomplished globally. 

7. Establish Clear Rules and Accountability 

When governments are collaborating in this way, it’s important to hold organizations accountable for 

failures in protecting critical infrastructure. There should be established rules for both public and private 

entities to follow so that when a breach occurs, a formalized review process can happen to determine 

whether protocol was followed. If negligence has occurred, an agreed upon remediation process can 

then take place. 

Getting and Staying Ahead 

With the evolving nature of cyber threats, it can sometimes feel impossible to keep up. But by making 

threat intelligence more readily available across borders and between sectors, we can get and stay ahead 

of bad actors. These collaboration strategies are the first and most important actions to take towards 

protecting critical national infrastructure across the globe. 




Chris Gibson is the CEO of FIRST. He spent over 12 years working in the 

Computer Emergency Response Team (CERT) at Citigroup before joining 

the UK's Cabinet Office in 2013. There, he built, launched, and led the UK's 

first formally chartered national CERT - CERT-UK, as part of the 2011 Cyber 

Security Strategy created by the UK Government. In 2019, Gibson joined 

FIRST as its Executive Director, an organization he had been involved with 

since 2001. FIRST (Forum of Incident Response and Security Teams) is a 

premier organization and recognized global leader in incident response, 

fostering cooperation and coordination in incident prevention, stimulating 

rapid reaction to incidents, and promoting information sharing among 

members and the community at large. FIRST can be reached online via GitHub, LinkedIn, Mastodon, 

Meta, X, and YouTube, and at our company website https://www.first.org. You can also listen to the 

FIRST Impressions podcast for more insights. 



Is Unified Access Control Zero Trust’s Silver Bullet? 

By Denny LeCompte, CEO of Portnox 

With the advent of Zero Trust architecture, where the principle of "never trust, always verify" prevails, the 

importance of comprehensive access control has never been more pronounced. As cyber threats grow 

increasingly sophisticated, organizations are turning to advanced access control mechanisms to 

safeguard their sensitive data and assets. 

Unified Access Control (UAC) is at the forefront of this movement, enhancing enterprise security through 

three foundational pillars: Simplicity, Automation, and Insight. By embracing UAC, organizations can 

fortify their defenses, streamline security processes, and gain unparalleled visibility into their security 

landscape. 



What is Unified Access Control? 

Unified Access Control (UAC) is a comprehensive security framework designed to manage and enforce 

access policies across an organization's entire digital environment. UAC provides robust access control 

capabilities for enterprise networks, applications, and infrastructure, ensuring that only authorized users 

and devices can access critical resources. 

Key technologies that make up UAC include: 

• Network Access Control (NAC), which governs access to network resources based on predefined 

security policies; 

• Conditional Access, which applies contextual rules to determine user access to specific SaaS and 

on-premises applications based on factors such as user role, device health, and location; and 

• TACACS+, a protocol that provides centralized authentication, authorization, and accounting for 

managing network devices and ensuring secure access to network infrastructure. 

Together, these capabilities deliver a unified and cohesive approach to access control, significantly 

enhancing the security posture of enterprise environments. 

Pillar #1 of UAC is Simplicity: Reducing User Friction & Enhancing Experience 

One of the primary challenges in enterprise security is balancing robust protection with a seamless user 

experience. Traditional security measures often involve complex passwords, multifactor authentication, 

and cumbersome access protocols, which can frustrate users and hinder productivity. UAC addresses 

this challenge by embracing simplicity, making security both effective and user-friendly. 

Passwordless Authentication 

Passwordless authentication is at the forefront of UAC's simplicity pillar. By eliminating the need for 

traditional passwords, UAC reduces the risk of password-related breaches, which are a common entry 

point for cyber attackers. Instead, users can leverage biometrics, such as fingerprint or facial recognition, 

or hardware tokens for secure access. This not only enhances security but also streamlines the user 

experience, allowing employees to access the resources they need with minimal friction. 

Cloud-Native Architecture 

Adopting a cloud-native architecture is another critical aspect of UAC's simplicity. Cloud-native solutions 

offer scalability, flexibility, and ease of integration, enabling organizations to deploy and manage their 

access control systems with greater efficiency. By leveraging cloud-based infrastructure, UAC can be 

seamlessly integrated with existing enterprise systems, providing a unified platform for managing access 

across various applications and environments. 



Seamless Integration 

Seamless integration is essential for reducing complexity in access control. UAC solutions are designed 

to work harmoniously with existing security frameworks and applications, minimizing disruption and 

ensuring a smooth transition. This integration capability allows organizations to consolidate their security 

measures into a single, cohesive system, enhancing both security and operational efficiency. 

Pillar #2 of UAC is Automation: Streamlining Security Processes & Response 

In the realm of enterprise security, automation is a game-changer. By automating routine security tasks 

and responses, UAC enables organizations to enhance their security posture while reducing the burden 

on IT and security teams. Automation ensures that security measures are consistently applied, reducing 

the risk of human error and enabling faster, more effective responses to threats. 

User Segmentation 

User segmentation is a key component of UAC's automation capabilities. By categorizing users based 

on roles, departments, or risk profiles, UAC can apply tailored security policies that align with each user's 

specific needs and risk level. This segmentation allows for granular control over access permissions, 

ensuring that users only have access to the resources necessary for their roles while minimizing the 

attack surface. 

Device Remediation 

Automation in UAC also extends to device remediation. With the proliferation of mobile and remote work, 

managing and securing a diverse array of devices is a significant challenge. UAC solutions can 

automatically detect and remediate devices that do not comply with security policies, such as those 

lacking the latest updates or running unauthorized applications. This proactive approach ensures that 

only secure, compliant devices can access the network, reducing the risk of vulnerabilities. 

Automated Device Onboarding 

Self-onboarding capabilities further streamline the security process. By allowing users to self-register 

their devices and configure them according to security policies, UAC reduces the administrative overhead 

on IT teams. Automated onboarding processes ensure that devices are properly configured and secure 

from the outset, enhancing overall security and user satisfaction. 



Pillar #3 of UAC is Insight: Providing Comprehensive Visibility and Control 

In the modern threat landscape, visibility and control are paramount. UAC provides organizations with 

deep insights into their security posture, enabling proactive threat management and informed decisionmaking. 

By continuously monitoring and assessing risks, UAC ensures that security measures are both 

dynamic and adaptive. 

Continuous Risk Assessment 

Continuous risk assessment is a critical component of UAC's insight pillar. By constantly evaluating user 

behavior, device health, and network activity, UAC can identify potential threats in real-time. This ongoing 

assessment allows for dynamic adjustments to security policies, ensuring that the organization remains 

protected against emerging threats. Continuous monitoring also provides a comprehensive view of the 

security landscape, enabling faster detection and response to incidents. 

Device Profiling 

Device profiling enhances visibility by creating detailed profiles of all devices accessing the network. 

These profiles include information on device type, operating system, compliance status, and usage 

patterns. By maintaining up-to-date profiles, UAC can identify anomalies and potential security risks 

associated with specific devices. This granular level of detail enables organizations to implement targeted 

security measures and mitigate risks more effectively. 

Role- and Location-Based Access 

Role- and location-based access control further enhances security by aligning access permissions with 

specific user roles and geographical locations. UAC can enforce access policies based on the user's role 

within the organization and their physical location, ensuring that sensitive data is only accessible to 

authorized personnel in appropriate contexts. This contextual approach to access control minimizes the 

risk of unauthorized access and data breaches. 

UAC Represents a Paradigm Shift in Security 

Unified Access Control is more than just a security solution; it is a strategic approach to safeguarding 

enterprise assets in an increasingly complex digital environment. By leveraging the three pillars of 

Simplicity, Automation, and Insight, UAC transforms traditional access control into a dynamic, adaptive, 

and comprehensive security framework. 

Unified Access Control represents a paradigm shift in enterprise security. By embracing simplicity, 

automation, and insight, organizations can enhance their security posture, reduce vulnerabilities, and 

achieve a higher level of protection for their valuable assets. UAC is not just about managing access; it 



is about creating a secure, resilient, and adaptive security environment that can keep pace with the 

evolving threat landscape. 


Denny LeCompte, the CEO of Portnox, is responsible for overseeing the day-to-day 

operations and strategic direction of the company. Denny brings over 25 years of 

experience in IT infrastructure and cyber security. Prior to joining Portnox, Denny 

held executive leadership roles at leading IT management and security firms, 

including SolarWinds and AlienVault. Denny holds a Ph.D. in cognitive science from 

Rice University. 

Denny can be reached online on LinkedIn at www.linkedin.com/in/dennylecompte/ and at our company 

website www.portnox.com/. 



Managing Sensitive Security Investigations in Remote Settings 

By Jakub Ficner, Director of Partnership Development at Case IQ 

Managing sensitive security investigations has become more complex and challenging in today’s 

increasingly prevalent remote work environment. As a result, ensuring that these investigations are 

conducted effectively and securely requires a multifaceted approach. This can be accomplished via 

secure communication channels, proper data access and management, and building a trustworthy 

remote team, amongst other aspects. 

Here, we explore these various critical components, offering insights and strategies to help organizations 

navigate the intricacies of remote security investigations. By adopting robust security measures and 

fostering a supportive environment, businesses can protect sensitive information, maintain compliance, 

and support their employees through the challenges of remote investigations. 

Establishing a Secure Communication Channel 

Maintaining communication can be difficult in a remote setting, so ensuring that employees have clear 

and secure communication channels will help to identify risks and manage investigations. 



In an office setting, an employee can easily pull someone aside to discuss something privately. In an 

online setting, people may be concerned that someone has access to their messaging logs or that it may 

fall into the wrong hands. Using encrypted messaging apps, VPNs, and other secure communication 

channels can help employees feel safe in addressing concerns with management without being digitally 

overheard. This can also open up avenues for anonymous reporting and communication if someone fears 

retaliation. 

Controlling Data Access and Management 

When managing a security investigation remotely, relevant entities must be able to securely access 

sensitive data without risking intrusion by a third party. Secure file-sharing services are often the best 

approach. These services encrypt information and can ensure that even if someone accesses the files, 

they won’t be able to open them without the decryption key. Multi-factor authentication is also a common 

way to ensure that only those who are authorized to access data can do so. 

Building a Trustworthy Remote Team 

Having a remote team means that, in some cases, you won’t have the opportunity to meet them in person. 

Thus, creating a trustworthy environment can take time, but it is critical. Once you are able to trust your 

team fully, sensitive security investigations become more straightforward. If you know you can trust your 

team, that can help you rule them out in the event of a security breach. 

Providing security protocol training for employees can help ensure that everyone is working toward and 

maintaining the same security standards. Further, you can accurately control data access to high-security 

items. This means that only the professionals you deem most trustworthy have access to the most 

sensitive information. 

Maintaining Compliance and Legal Standards 

Security investigations need to abide by certain data compliance and legal standards, just as all business 

operations do. Some remote settings can make keeping up with compliance difficult, so setting up robust 

protocols is vital. Maintain proper documentation and reporting of who has access to what data and when 

that data was accessed at all times. This will be especially important in the event of an investigation, as 

it can help the team know where to start looking for key details. 

Despite an ongoing investigation, all data should not become equally available to employees. In addition, 

there may be situations in which an employee or customer needs to give consent for that data to be 

shared with investigators. Ensuring that you understand the regulations that affect your industry and 

region means you can prepare in advance for these eventualities by having systems in place to get the 

appropriate data permissions. 



Addressing Psychological Considerations 

Investigations can put a lot of stress on employees, even those not directly involved. Whether they’re 

dealing with extra work from a coworker under investigation or emotionally coming to terms with a 

coworker's misconduct, there is a heightened need for support during investigations of any kind. Offering 

counselling and support can help employees feel that the company they work for recognizes that their 

needs are important and that they have a professional to talk to about what they’re feeling. 

Ensuring Security in the New Normal 

Establishing secure communication channels, ensuring proper data access and management, building a 

trustworthy remote team, maintaining compliance and legal standards, and addressing psychological 

considerations are all critical components of managing sensitive security investigations in a remote 

setting. By leveraging encrypted messaging apps, VPNs, multi-factor authentication, and secure filesharing 

services, businesses can protect sensitive information from unauthorized access. 

Trust-building, thorough security training, and strict adherence to security protocols can help ensure that 

high-security data won’t end up in the wrong hands. Compliance with legal standards and proper 

documentation is essential to prepare for any investigative scenario. Lastly, providing psychological 

support to employees underscores the company's commitment to their well-being during stressful times. 

By integrating these practices, organizations can navigate the complexities of remote security 

investigations effectively, fostering a secure and supportive environment for their employees in the new 

normal. 


Jakub Ficner is the Director of Partnership Development at Case IQ, the 

leading investigative case management software for ethics and compliance, 

human resources, fraud, and corporate security incidents within mid-sized and 

large organizations. 

Jakub is a passionate and determined team player with experience in 

prospecting and implementing complex global solutions in a variety of 

industries. He has experience working in Canada, United States, Germany 

and India in cross-functional and multi-cultural teams. 

Jakub can be reached online at media@caseiq.com, www.linkedin.com/in/jakubficner/ and at our 

company website www.caseiq.com/. 



Securing Election Integrity In 2024: Navigating the Complex 

Landscape of Modern Threats 

By Karl Sigler, Senior Security Research Manager, SpiderLabs Threat Intelligence and IDS/IPS 

Research 

As we navigate the 2024 election year, safeguarding the integrity of our democratic process is more 

critical than ever. While much attention has been focused on securing ballot machines, the real threats 

extend far beyond the physical infrastructure. Misinformation, cyberattacks, and the rise of generative AI 

technologies like deepfakes present significant challenges. 

Between June 18 and July 12, the Trustwave SpiderLabs team received and analyzed more than 5,000 

emails containing political subject matter coming from secure email gateway cloud submissions and 

spam trap collections. This included samples from both political parties of Democrats and Republicans, 

ranging from supportive to scathing. Topics included the introduction and promotion of candidates, 

campaign updates, derogatory remarks towards the opposition, and conspiracy theories. 



Despite the differing points of view of these email senders, two things are constant in these messages: 

the call for monetary donation and the usage of propaganda techniques. Clearly, threat actors will 

leverage any and all vectors to incite public opinion toward or away from their desired target. 

Understanding these tactics, mitigating their associated risks, and implementing proactive measures are 

all essential for voters, campaign workers, and media professionals alike. 

Misinformation: The Invisible Enemy 

Misinformation has become a pervasive threat in our digital age. With the organic nature of social media, 

biased algorithms, and the rapid spread of fake news, misinformation can easily influence public opinion. 

Social media platforms, despite their efforts to combat false information, remain a primary vehicle for the 

spread of misleading content. As we head into the heart of the election season, the potential for 

misinformation to shape voter perceptions and decisions is at an all-time high. 

Key issues like healthcare, the economy, and education are particularly vulnerable to manipulation. 

Misleading narratives can be crafted to exploit voter fears and biases, swaying public opinion and 

potentially altering the outcome of the election. Imagine, for example, scrolling past a headline or video 

of a presidential candidate proclaiming their intent to put an end to a widely endorsed healthcare policy. 

If this does not align with their platform and is not realistic, it may still be believable enough not to spark 

a second thought in unsuspecting viewers. Without proper verification, this could spread rapidly across 

myriad platforms—its presence on Facebook, Instagram and X instantaneously and simultaneously 

would only serve to further validate it, no matter whether it is legitimate or not. 

It is more crucial than ever for voters to critically evaluate the information they encounter and rely on 

reputable sources for their news. Training them to cross-check information with multiple credible sources 

can greatly reduce the spread of false information. It should always be noted that it is important to vet 

anything seen on social media against reporting from legitimized media outlets. 

The Digital Battlefield 

In addition to misinformation, cyberattacks pose a significant threat to election security. The introduction 

of generative AI has only inflamed this threat. 

State-sponsored actors and independent hackers alike have demonstrated their ability to disrupt electoral 

processes through various means. From hacking into voter databases to launching denial-of-service 

attacks (DoS) on critical infrastructure, the tactics used in cyber warfare are diverse and constantly 

evolving. 

Recent years have seen a rise in ransomware attacks targeting local government systems, including 

those responsible for managing elections. These attacks can lead to the theft of sensitive voter 

information, disruptions in the voting process, and a general erosion of public trust in the electoral system. 

Not only do these attacks have the potential to spread fake news, but they also enable blackmail and be 

leveraged as a tactic in advanced phishing campaigns. For example, a campaign email could carry a 



malicious link to urge voters to click on a link to view the candidate’s recent speech. Especially if the 

threat actor is leveraging AI, that link or any accompanying image could very well be realistic enough for 

the common citizen to click on it, exposing them to malware. 

Mitigating phishing or malware threats may sometimes be left up to the individual on the receiving end, 

but strengthening cybersecurity measures at all levels of government is also essential to these risks— 

particularly those borne out of the proliferation of AI. To combat the misuse of AI and the threat of 

automated cyberattacks, several nations are developing or rolling out protective legislation. In the US, 

the Federal Artificial Intelligence Risk Management Act of 2023 directs federal agencies to follow 

guidelines for managing AI-related risks. States like California and New York are also enacting laws to 

regulate AI systems and ensure ethical conduct. 

Deepfakes and the New Frontier of Deception 

Among the many threats to election security, deepfakes represent a particularly concerning development. 

These AI-generated videos can depict individuals saying or doing things they never did, creating highly 

realistic but entirely false narratives. As technology advances, deepfakes become increasingly difficult to 

detect, posing a significant challenge for both the public and media professionals. 

The ease of creating deepfakes has lowered the barriers for malicious actors. Freely available apps and 

user-friendly software mean that virtually anyone can generate a convincing deepfake. This 

democratization of technology makes widespread misinformation more plausible than ever before. 

Malicious actors can produce and disseminate deepfakes quickly and in large volumes, flooding social 

media with fake content designed to influence voter decisions on key issues. 

Deepfakes can even be tailored to exploit the fears and biases of specific demographic groups, potentially 

swaying public opinion against a candidate. Because deepfakes are so difficult to spot and often play on 

voters’ deepest fears, it's essential for everyone to stay vigilant. The news media plays a crucial role in 

verifying information, and campaign organizations can also create awareness by urging the public and 

tech companies to review and filter unverified videos. 

The average person must also bear a certain amount of responsibility for vetting campaign ads, videos, 

and other media they encounter. Similar to how, in traditional cybersecurity, everyone is responsible for 

identifying phishing scams, it is just as necessary that every voter question the authenticity of the photo 

and video media they see. 

Detection and Prevention 

Despite the sophisticated nature of these threats, there are measures that can be taken to combat them. 

For misinformation and fake news, media literacy campaigns and public awareness initiatives are crucial. 

Voters need to be educated on how to identify false information and encouraged to verify the credibility 

of their news sources. Social media platforms must also continue to improve their algorithms to detect 

and remove misleading content more effectively. 



In the realm of cybersecurity, government agencies and private organizations must collaborate to 

enhance the security of election infrastructure. Regular security audits, robust encryption methods, and 

comprehensive incident response plans are vital components of a resilient electoral system. Additionally, 

investing in advanced threat detection technologies can help identify and mitigate cyber threats before 

they cause significant damage. 

When it comes to deepfakes, the development of sophisticated detection tools is paramount. AI-driven 

solutions can analyze videos for signs of manipulation, such as inconsistencies in lighting, shadows, and 

facial movements. Public awareness campaigns should also be launched to inform voters about the 

existence of deepfakes and provide guidance on how to recognize them. Practical tools are being 

developed, leveraging machine learning to analyze videos for signs of manipulation. Some popular tools 

include Intel's FakeCatcher, Microsoft Video AI Authenticator and Deepware. 

This Election Year 

As we move through the 2024 election year, the integrity of our democratic process is under 

unprecedented threat. Security leaders should continue to advocate for and support legislation that 

regulates the use of AI and imposes penalties for the creation and distribution of malicious deepfakes 

and misinformation. Encouraging international cooperation on AI regulation and targeted, politicized 

cyber threats can also help create a unified approach, and general rules of thumb, to shoring up election 

security. 

It is imperative that voters, campaign workers, and media professionals remain vigilant and informed 

about these threats. By doing so, we can collectively work towards a more secure and transparent 

electoral process, ensuring that the voice of the people is accurately represented in the outcome of the 

2024 election. 


Karl Sigler is a Security Research Manager at Trustwave SpiderLabs where 

he is responsible for research and analysis of current vulnerabilities, malware 

and threat trends. Karl and his team run the Trustwave SpiderLabs Threat 

Intelligence database, maintaining security feeds from internal research 

departments and third-party threat exchange programs. His team also serves 

as liaison for the Microsoft MAPP program, coordinates Trustwave 

SpiderLabs responsible vulnerability disclosure process and maintains the 

IDS/IPS signature set for their MSS customers. With more than 20 years' 

experience working in information security, Karl has presented on topics like 

Intrusion Analysis, Pen Testing and Computer Forensics to audiences in over 30 countries. Karl can be 

reached online at https://www.linkedin.com/in/ksigler/ and at our company website www.trustwave.com. 



Passwords Are Out, Biometrics Are In 

Five Reasons Americans Are Embracing Biometric Verification in 2024 

By Ajay Amlani, President and Head of Americas, iProov 

As more aspects of daily life move online—including financial transactions, government services like 

mobile driver’s licenses, and digital travel authentication—the weaknesses of traditional remote identity 

verification methods, such as passwords, have become obvious. This shift highlights the need for more 

secure and reliable ways to prove who we are in digital interactions since passwords are susceptible to 

both hacks and corporate data breaches, not to mention inconvenient for users who must frequently reset 

them. 

There’s now a pressing need for modern remote identity verification measures that seamlessly integrate 

into our everyday activities while offering superior protection against emerging threats like generative AIcreated 

deepfakes. Confirming a person’s identity without seeing them physically, in person, is a 

requirement that continues to grow in both importance and difficulty. Facial biometrics shine in 

addressing this challenge. 

iProov, a leading provider of science-based biometric identity solutions, released data from an 

independent survey of 2,000 US consumers seeking to understand their impressions of and comfort level 

with biometric facial verification. These five key findings from the survey underscore Americans’ changing 



perceptions toward securely verifying a person’s identity online and their perspectives on passwordless 

verification methods like facial biometric technology: 

1. Convenience Is King in Security: Consumers strongly prefer online security measures that 

blend conveniently into their everyday digital lives without disrupting user experience. For 

instance, a whopping 70% of Americans express interest in solutions like a mobile driver’s license 

(mDL) for online identity verification. 

2. Biometrics Are Gaining Ground: Consumer trust in biometric security methods, like facial 

verification, is rapidly growing thanks to its ability to provide strong security combined with 

outstanding user experience. Facial biometrics are becoming the preferred choice for 67% of 

respondents at transportation hubs like airports and train stations to verify their identity. But that 

preference extends beyond travel, with 61% of consumers likely to use facial biometrics at stores 

and e-commerce websites for account or payment verification. 

3. Doubts Regarding Old-School Security Verification Methods: Americans agree passwords 

have outlived their usefulness. 79% of Americans are skeptical about the effectiveness of 

traditional security methods like passwords, especially for accessing important sites like banking 

and government services. This frustration highlights a growing industry problem and calls for 

action from government and financial institutions to adopt advanced, user-friendly remote 

identification technologies like biometrics. 

4. Deepfake Dilemmas: Sophisticated generative AI technology—the backbone of today’s 

deepfakes—has made it virtually impossible for the human eye to distinguish between genuine 

and fabricated content without sophisticated tools and monitoring systems. This is worrisome, as 

47% of respondents incorrectly believe they’d have no problem identifying a deepfake over a real 

user image. 

5. Frustrations With Current Security Practices: The fundamental inconveniences of passwords 

are taking a toll. In fact, 70% of Americans say they’ve had to reset a password to access an 

online service at least once in the past six months, often encountering a difficult and timeconsuming 

process. 

While Americans are eager to embrace the conveniences of digital transformation in their daily lives, 

current security practices are falling short and leading to rising levels of fraud, creating distrust among 

consumers and resulting in large financial losses for banks, retailers, private companies, and government 

agencies. For instance, earlier this year a UK organization lost more than $25 million to fraudsters who 

used a digitally cloned version of a senior manager to order financial transfers during a video conference. 

If organizations can’t provide secure online services, financial and reputational losses will reduce the 

competitiveness of commercial enterprises and limit the equal accessibility of government services. 

Science-based biometric identity solutions offer a seamless integration into daily digital activities, 

enhancing user experience while ensuring robust remote verification security. These advanced solutions 

feature superior liveness detection capabilities and comprehensive threat management systems that 



actively monitor and respond to emerging threats. This ensures the remote verification process remains 

secure against sophisticated attacks, safeguarding both individuals and organizations. 

Now is the time for governments, financial institutions, and private companies to swiftly leverage these 

cutting-edge remote identity verification technologies to protect sensitive information and ensure user 

safety in our evolving digital age. By embracing innovative biometric verification solutions and addressing 

the shortcomings of traditional security practices, we can establish a secure digital environment that 

meets the evolving needs of today’s consumers and helps ensure continued levels of trust. 


Ajay Amlani is the President and Head of the Americas of iProov. He is a 

respected and accomplished identity technology expert with deep 

cybersecurity knowledge across the private and government sectors. He 

drives the adoption of iProov’s face biometric technology as the premier way 

to authenticate consumers against the backdrop of growing cyberattacks and 

identity theft. 

Ajay has been successfully growing identity technology companies since 

2004. He was the co-founder of CLEAR and built the first identity platform for airport traveler 

implementations. Later he founded YOU Technology, which was acquired by Kroger in 2014, where he 

went on to launch their first mobile consumer experiences as Executive Vice President. 

In 2003, The White House asked him to serve in the Department of Homeland Security where he led 

many of its first identity technology initiatives and international negotiations with the Group of Eight and 

the European Union. He helped start https://www.iproov.com/ the Department of Defense’s Defense 

Innovation Unit. 

Company website: https://www.iproov.com/ 

Contact email: kwilson@wearetierone.com or sallen@wearetierone.com 



Operational Security: The Backbone of Effective Police 

Communication 

By Nicole Heron, Marketing Manager at Salt Communications 

In the fast-paced and dynamic world of law enforcement, effective communication is essential for 

ensuring public safety and successful operations. However, amidst the ever-evolving landscape of 

technology and threats, maintaining operational security (OPSEC) stands as the cornerstone of police 

communication strategies. Let's delve into why operational security is crucial and explore key practices 

that uphold its importance in law enforcement operations. 

Understanding Operational Security in Policing 

Operational security (OPSEC) in policing is a comprehensive strategy vital for safeguarding critical 

information and activities from unauthorised access or exploitation by adversaries. At its core, OPSEC 

serves as a shield against potential threats to law enforcement operations, ensuring that sensitive data 

and strategic plans remain confidential and protected. This multifaceted approach encompasses various 

layers of defence, from securing communication channels to fortifying intelligence gathering processes 

and tactical operations. By implementing robust encryption protocols, authentication mechanisms, and 

access controls, law enforcement agencies can mitigate the risk of eavesdropping, interception, or 

tampering with sensitive communications. Moreover, stringent compartmentalisation and authentication 

measures are employed to safeguard the integrity of intelligence gathering processes, ensuring that 

valuable insights into criminal activities remain confidential and uncompromised. 

Furthermore, tactical operations are conducted with utmost discretion and precision, supported by 

OPSEC measures designed to prevent compromise and maintain operational effectiveness. This 



involves meticulous planning, strict adherence to operational security protocols, and continuous threat 

assessments to counter potential risks posed by adversaries. By integrating these measures seamlessly 

into everyday operations, policing organisations can navigate complex challenges with confidence, 

preserving the integrity of their missions while upholding public trust. 

In essence, OPSEC in policing is a cornerstone of proactive defence, empowering law enforcement to 

stay one step ahead of adversaries and uphold the safety and security of the communities they serve. 

Securing Communication Channels 

One primary focus of operational security lies in securing communication channels within law 

enforcement agencies. This involves the utilisation of closed and controlled encrypted communication 

platforms and protocols to safeguard sensitive information exchanged among officers, ensuring 

confidentiality and protection from interception by unauthorised parties. By adopting advanced encryption 

technologies, police departments can effectively thwart eavesdropping attempts and uphold the integrity 

of their communications, crucial for maintaining operational secrecy and effectiveness. 

Globally, many law enforcement agencies rely on platforms like WhatsApp and Signal to disseminate 

critical information due to their convenience and the contextual depth they offer, which traditional radio 

networks lack. However, this reliance on consumer-grade platforms, while convenient, raises ethical and 

disclosure concerns due to their inherent insecurities. Despite the efficiency they afford, the ethical 

considerations surrounding the use of such platforms highlight the importance of developing secure, 



purpose-built communication systems tailored to the unique needs and security requirements of law 

enforcement operations. 

Protecting Sensitive Data 

In addition to securing communication channels, safeguarding sensitive data stands as a crucial aspect 

of operational security in policing. This necessitates the implementation of robust data security measures 

to protect classified information, investigative reports, and the personal data of both officers and civilians. 

By adhering to stringent data handling protocols and enforcing access controls, policing organisations 

can effectively prevent data breaches and mitigate the risks associated with unauthorised disclosure or 

misuse of sensitive information, thereby upholding the integrity of their operations and preserving public 

trust. 

These measures not only protect against external threats but also mitigate internal risks, ensuring that 

personnel have access only to the information necessary for their duties. Through a combination of 

technological solutions, such as encryption and secure databases, and procedural safeguards, such as 

regular audits and training programs, law enforcement agencies can create a robust framework for data 

protection. This proactive approach not only strengthens operational security but also fosters 

accountability and transparency, essential elements in maintaining the legitimacy and effectiveness of 

policing efforts. 



How a secure communication system works for Policing 

Operational security serves as the backbone of effective police communication, enabling law 

enforcement agencies to safeguard sensitive information, protect operational integrity, and maintain 

public trust. Salt Communications collaborates with esteemed policing clientele worldwide, recognising 

the critical importance of maintaining complete control over their most sensitive communications, 

achieved through: 

• Ensuring key personnel are kept informed through real-time alert systems. 

• Utilising Secure Message Broadcasting for message, image, and document transmission. 

Ensuring officers have access to rich media in a secure manner to aid decision making processes. 

• Implementing retention policies to safeguard sensitive data. 

• Maximising communication network security with closed private networks. 

• Enhancing productivity and data privacy through integration with trusted systems. 

• Streamlining deployment and user management with device management tool integration. 

• Integrating with pre-existing technical systems to share sensitive information from third party 

systems securely via Salt. 

• Providing complete control to our clients to own their own secure communications system and 

embed it into their critical national infrastructure. 

By prioritising operational security measures such as securing communication channels via a secure 

communications system, protecting sensitive data, maintaining situational awareness, and investing in 

education, police departments can enhance their resilience against security threats and uphold their 

mission of serving and protecting the community. 

To see how Salt Communications provides policing with full operational control of their communications, 

get your free trial today. 

References: 

https://onlinedegrees.sandiego.edu/police-communication-importanttoday/#:~:text=For%20police%20and%20law%20enforcement,of%20%E2%80%9Cprotect%20and%20 

serve.%E2%80%9D 

https://www.college.police.uk/app/operations/operational-planning/core-planning- 

principles#:~:text=underpin%20all%20planning.- 

,Role%20of%20the%20police,preventing%20the%20commission%20of%20offences 

https://saltcommunications.com/secure-police-communications/ 

https://www.digitalguardian.com/blog/what-operational-security-five-step-process-best-practices-andmore 




Nicole Heron, Marketing Manager at Salt Communications, has been working 

within the Salt Communications Marketing team for several years and has 

played a crucial role in building Salt Communications reputation. Nicole 

implements many of Salt Communications digital efforts as well as managing 

Salt Communications presence at events, both virtual and in person events for 

the company. 

Nicole can be reached online at LinkedIn, TWITTER or by emailing 

nicole.heron@saltcommunications.coma and at our company website 

https://saltcommunications.com/. 



The Power of Many: Crowdsourcing as A Game-Changer for 

Modern Cyber Defense 

How Collective Expertise Becomes an Ultimate Tool Shaping the Future of Cybersecurity 

By Alla Yurchenko, Lead Coordinator of Threat Bounty Program at SOC Prime 

With the rapid technological advancement and the world entering the AI era, the cyber threat landscape 

has significantly evolved in its complexity and sophistication. The frequency of data breaches has surged 

alarmingly compared to previous years, amplifying already significant concerns. This uptick is fueled by 

the escalating severity of cyber attacks—ranging from social engineering and ransomware to DDoS — 

largely driven by the use of AI tools by hackers. Additionally, according to SecurityVulnerability stats, 

25,000+ vulnerabilities have already been identified in 2024, marking an increase of nearly 50% 

compared to this time last year. With the sheer number of malicious actors and entry points for attacks 

constantly growing, effective containment and mitigation remain daunting challenges, making it hardly 

possible for standalone teams to cope with the avalanche of existing cyber threats. 



Why Is Knowledge Sharing a Must to Outrun Adversaries? 

To support the advancement of the threat landscape, adversaries continuously share their malicious 

approaches and techniques within underground networks and among affiliates, enabling them to refine 

and coordinate their attacks more effectively. They utilize forums, encrypted communications, and dark 

web marketplaces to disseminate new exploit methods, malware, and attack strategies, which enhances 

their operational efficiency and reach. 

Adopting a collaborative approach is highly beneficial for bolstering the effectiveness of cyber defense 

and helping the cybersecurity industry scale down the challenges. Seeing that knowledge sharing is 

currently a must to outrun and outsmart adversaries, the proliferation of digital platforms and collaborative 

tools allows security professionals and enthusiasts worldwide to get instant access to collective expertise. 

This immediate dissemination of information allows organizations to deploy countermeasures and 

updates in real time, creating a unified defense that quickly adapts to new threats. 

Evolution of Crowdsourcing in Cybersecurity 

Initially, crowdsourcing in cyberspace began with basic community-driven efforts, such as forums and 

informal collaboration among professionals and enthusiasts, which advanced into the concept of 

collective cyber defense. 

Early Collaboration: When the world went online, crowdsourcing activities related to what we now call a 

cyber threat primarily involved networking through community-driven forums and mailing lists where 

individuals shared information about cyber attacks. This informal sharing helped to raise awareness and 

facilitated initial responses to emerging security issues. 

Bug Bounty Programs: The introduction of formal bug bounty programs marked a significant evolution. 

Vendors incentivized independent researchers and ethical hackers to identify and report vulnerabilities 

in their products. This approach harnessed the expertise of a global pool of security experts and led to 

more comprehensive threat discovery and mitigation. 

Threat Intelligence Sharing: As the cybersecurity landscape became more complex, the focus shifted to 

organized threat intelligence sharing. Platforms and consortiums like Information Sharing and Analysis 

Centers (ISACs) were established to enable real-time sharing of threat data and analysis among 

organizations, enhancing collective defense mechanisms. Also, the introduction of the MITRE ATT&CK 

framework was a huge milestone, standardizing the way adversary tactics and techniques are described, 

further improving the effectiveness of modern cyber defense strategies. 

Collaborative Security Platforms: Advancements in technology have facilitated the creation of 

collaborative security platforms and programs. Such initiatives aggregate industry expertise, enabling 

security professionals to gain instant access to the latest insights, patterns, and detection rules for faster 

and more efficient threat detection. 



Challenges on the Way to Collective Cyber Defense 

Although shared expertise significantly boosts threat detection & hunting efficiency while simultaneously 

empowering cybersecurity education, there are several stumbling blocks to address on the way to 

building global crowdsourcing initiatives. 

While working towards a safer future, contributors to crowdsourced efforts often face issues related to 

intellectual property rights and the recognition of the significance of individual contributions within the 

professional network. Ensuring proper recognition for discoveries and contributions to global cyber 

defense at all levels, from the support of author attribution in the code of a detection rule to sharable 

digital credentials issued by organizations to recognize exceptional individual involvement and 

contributions to the crowdsourcing initiatives, is essential to maintaining motivation and fairness. Another 

challenge is adherence to privacy imperative and compliance with security regulations, including TLP 

protocol, while sharing information with a wide audience, since disclosure of sensitive information about 

vulnerabilities or cyber attacks can pose significant risks both to crowdsourcing program contributors and 

beneficiaries. 

Different organizations utilize a variety of technologies and tools, leading to compatibility issues when 

attempting to integrate the crowdsourced contribution. Mastering a broad tech stack to ensure that 

individual input from security researchers is applicable to a wide audience further complicates this 

challenge. To overcome technological barriers, cyber enthusiasts have introduced generic and open 

language formats like Sigma, Yara, and Roota. These standards foster community collaboration and 

enable more efficient global cyber defense providing the way to make threat detection, incident response, 

and actor attribution simple. In fact, by mastering just a single language format, security professionals 

might easily contribute threat detection algorithms compatible with any SIEM, EDR, or Data Lake 

solutions backed by generic language and dedicated translation engines, like Uncoder.IO. Moreover, 

detections written using Sigma or Roota incorporate ATT&CK tagging and provide CTI information, being 

a source of valuable insights for end users. This provides an opportunity for both experienced cyber 

defenders and beginners to contribute to the collective good, while continuously advancing their practical 

skills and adopting professional expertise. 

How Crowdsourcing Shapes Future Defense Strategies 

Incentivizing creativity and innovation globally, crowdsourcing initiatives optimize resources, ensure realtime 

information sharing, and foster continuous improvement through an iterative feedback loop. 

Crowdsourcing builds a resilient and scalable defense network, driving effective, community-driven 

cybersecurity practices to combat sophisticated and evolving cyber threats. 

With thousands of eyes monitoring for cyber-attacks and malicious activity, the collective cyber defense 

approach enables swift identification of new attack patterns resulting in quick response and mitigation 

efforts. Simultaneously, CTI sharing streamlines threat research and hunting operations. And 

crowdsourced detection engineering programs, like Threat Bounty by SOC Prime, allow the cybersecurity 

community access to verified behavior-based detections in the shortest time possible. This collaborative 



approach empowers the transition from reactive measures to proactive cybersecurity, equipping every 

SOC team globally with the actionable tools and data to stay one step ahead of attackers. 

By creating an environment where knowledge flows freely, crowdsourcing aids in tackling yet another 

prominent challenge in the cyber defense industry. According to ISC2 Cybersecurity Workforce Study, in 

2023, the global workforce gap almost reached 4 million people, with 78% of organizations reporting they 

do not have the in-house skills to fully achieve their cybersecurity objectives, as per World Economic 

Forum research. The numbers are troubling, highlighting the crucial demand for innovative ways to scale 

cybersecurity education and training. Crowdsourcing programs cultivate a friendly yet competitive and 

challenging environment for cybersecurity enthusiasts, where students and specialists who are at the 

start of their careers can learn from collaboration with seasoned experts. The new knowledge and skills 

can be immediately enhanced on practice backed by community feedback for continuous selfimprovement. 

Also, crowdsourcing is an effective way to promote individual expertise in various 

cybersecurity areas, becoming an actual pool of talents to empower cybersecurity hiring. 

The dynamic nature of crowdsourcing ensures a continuous influx of new information and insights. 

Simultaneously, contributors find themselves in a competitive environment, where comprehensive and 

bright ideas set the standard for new input through community feedback, thus fostering creativity and 

innovation. By harnessing the collective power of the global cybersecurity community, crowdsourcing can 

significantly enhance the effectiveness and efficiency of security efforts, leading to a more robust defense 

against cyber threats. 


Alla Yurchenko is the Lead Coordinator of SOC Prime’s Threat Bounty Program for 

cyber defenders initiated in 2019. She heads SOC Prime’s crowdsourcing initiative 

for detection engineering, driving innovation and collaboration among security 

researchers to enhance collective cyber defense since the Program’s inception. Alla 

can be reached online at https://www.linkedin.com/in/alla-y-92519213a/ or 

https://socprime.com/. 



Tagged Files as a Road to Insider Threats 

By Milica D. Djekic 

The insider threat is any individual within community who does something against such surrounding even 

being used for sabotage, diversion, espionage and the other purposes, so far. On the other hand, the 

business environment cannot be yet assured completely as those relying on, say, a corporate security 

deal with relatively questionable effective and still quite expensive defense opportunity that might 

demonstrate both – some pluses and minuses at the same glance. Indeed, the corporate security is 

correlated with the physical, cyber and financial assurance, but even with such risk management it can 

show a lot of weaknesses and drawbacks. In other words, the corporate security is an area which seeks 

a plenty of good ideas and innovations in order to improve its effectiveness and trustworthiness, so far. 

The good remark with that approach is the corporate security bosses could try to adopt, if already not, 

some of the best practices being applied with defense & intelligence communities where everything that 

can be tracked is traced and in such a fashion, it is clear that some kinds of the innovative methodologies 

are needed. 

The insider risk can access some organization even if there is pre- in- and post- employment screening 

procedures and if on the espionage task those bad actors might take out extremely sensitive information 

from such a place. Apparently, those findings could be in a digital shape and once being saved on some 

removable memory device any footage of such a committed crime could be lost only if some sort of the 

preventive measures are not applied. Next, a fully trickery question with such a concern could be how to 

track such critical data being stolen through the insider risk operation and the answer to that wondering 

is all files and folders being used among someone’s virtual space should be tagged and if they are found 

anywhere else that could be a valid clue for proving something much serious which could be a terrorist 

or transnational organized crime spying campaign, so far. 



Also, if there is a certain information leakage from any communities such sort of the procedure including 

stolen information detection could be introduced even into a business ambient as once marked data 

could be later detected on someone’s else hardware suggesting that some data leakage exists and those 

actors doing such sort of the exchange will be correlated and investigated in order to via corporate 

security service warn the authorities about such sort of the activities within some spot. 

In other words, if the corporate security managers are with such a skill they even if pre-employment 

background screening allowed an access to someone harmful to the organization anyone from those 

employees or community members could be uncovered as those sorts of the footage will be left because 

any single file or folder will get an unbeatable stamp to such documents belonging to that organization 

which can support being the owners of such digital asset to protect their interests and offer much more 

secure condition to everyone, so far. 

About The Author 

Milica D. Djekic is an Independent Researcher from Subotica, the Republic of 

Serbia. She received her engineering background from the Faculty of Mechanical 

Engineering, University of Belgrade. She writes for some domestic and overseas 

presses and she is also the author of the books “The Internet of Things: Concept, 

Applications and Security” and “The Insider’s Threats: Operational, Tactical and 

Strategic Perspective” being published in 2017 and 2021 respectively with the 

Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s 

channel. She is the member of an ASIS International since 2017 and contributor to 

the Australian Cyber Security Magazine since 2018. Milica's research efforts are 

recognized with Computer Emergency Response Team for the European Union (CERT-EU), Censys 

Press, BU-CERT UK and EASA European Centre for Cybersecurity in Aviation (ECCSA). Her fields of 

interests are cyber defense, technology and business. Milica is a person with disability. 



The Age of Unseen Truths and Deceptive Lies 

Can We Still Tell the Difference? 


From the moment we're born, we are surrounded by a mix of true and false information. In the past, 

distinguishing between them was relatively easy, but over time, it has become increasingly difficult. The 

advent of generative AI technologies has ushered in a new era of entertainment, solutions, and, 

unfortunately, a new level of “fakeness.” Today, texts, images, and videos can be created entirely from 

scratch or manipulated to the point where it’s nearly impossible to discern what is real and what is not. 

In an age where fake or manipulated information can spread around the world at the speed of light, it’s 

incredibly challenging to undo the damage caused by fake news, especially after it has been judged by 

the "internet's supreme court" of public opinion. Every day, we witness information being twisted to serve 

the interests of its creators, shape the beliefs of groups, or even influence entire nations. Increasingly, 

we see careers and personal lives destroyed by false information, with little chance or time for the victims 

to defend themselves. 



How can we protect ourselves against this growing threat? More and more people are retreating from 

digital life because it can be harmful. Maintaining an online presence is becoming a challenge, as we are 

constantly bombarded with news and “facts” that paint an ever-darker picture of the world. People are 

distancing themselves from news sources because they no longer know which "truth" to believe. 

The evolution of “deep fake” technology adds another layer of complexity. Criminals are developing new 

strategies, and we are approaching a time when a video call with someone we trust could turn out to be 

an interaction with an imposter. Attacks using deepfakes are becoming common practice, and companies 

must be aware of these new scam methods. Recently, a finance worker paid out $25 million after a video 

call with a deepfake posing as the company's Chief Financial Officer. 

As we navigate this new landscape, the importance of digital literacy and critical thinking cannot be 

overstated. It's essential for individuals to develop the skills needed to critically evaluate the information 

they encounter online. This includes questioning sources, seeking out multiple perspectives, and being 

aware of the technologies that can distort reality. The more informed we are, the better equipped we will 

be to defend ourselves against the growing tide of misinformation and manipulation. 


Julio Padilha, CISO, Volkswagen | Audi South America, is a dedicated Cyber 

Security professional with a deep passion for both technology and the 

dynamics of human interaction. He is particularly fascinated by how 

technology intersects with and influences human behavior, striving to create 

secure digital environments that enhance and protect these interactions. 

Julio can be reached at his direct email: julio.padilha@hotmail.com 



The Cybersecurity Checklist: Top Methods and Tools for 

Protection and Mitigation 

By Vishwas Pitre, Chief Information Security Officer & DPO, Zensar 

The rapid development of artificial intelligence (AI) is fueling an increase in cyber-attacks, threatening the 

data infrastructure of businesses and individuals. Approximately 85 percent of cybersecurity 

professionals attribute the increase in cyber-attacks to bad actors using generative AI. 

No sector is safe. From denial-of-service (DoS) to advanced phishing to deep fakes, businesses and 

organizations must prepare for AI-driven cyber-attacks, and an integrated set of tools and security 

measures is necessary to protect their data. Most cyber pros are familiar with at least several, but some 

measures and tools are often overlooked. Below is a checklist to help ensure cybersecurity pros can best 

review and assess the tools in place to see if a new mix is required. 

Security Measures: 

These techniques are vital for cyber pros to understand if they wish to proactively protect their 

organizations from cyber-attacks and mitigate the damage when it inevitably occurs. 



Ethical hacking: 

Ethical hacking is vital to assessing data risk and should be done periodically. Ethical hacking/penetration 

testers are likely to become increasingly important. Cybersecurity threats are becoming more 

sophisticated and widespread with the continued rise of digital technologies and the increasing 

connectivity of devices and systems. 

No sector is untouched by these attackers. IT firms, healthcare organizations, and financial institutes are 

the prime targets for attackers due to the financial, sensitive data they store and process. To safeguard 

financial and sensitive data, performing vulnerability and penetration is a must. An ethical hacker's job is 

to identify and close the gaps. An ethical hacker might simulate a phishing attack to test employees’ 

awareness and the effectiveness of the institution’s security protocols. By identifying potential entry points 

for a bad actor, the ethical hacker enables the organization to strengthen its security posture, thus 

protecting customer data and other assets. 

Security awareness training: 

Educating employees and users about best practices for data protection and cybersecurity can help 

prevent common threats such as phishing attacks, social engineering, and malware infections. 

Many studies have shown that companies saw a 40-50% decrease in the number of harmful links clicked 

by users after implementing security awareness training. Identifying risk users who click phishing links 

as part of a phishing simulation is crucial. Providing training to these risky users translates to fewer 

security incidents and breaches. 

Many organizations have provided users with training at shorter intervals, like every 15 days, with short 

training videos of 5 to 15 minutes. This short training schedule interval and timeline have been proven to 

be effective in stopping breaches. 

Regular security audits and assessments: 

Regular security audits and assessments help identify vulnerabilities and areas for improvement in an 

organization's security posture. These methods include penetration testing, vulnerability scanning, and 

compliance audits. 

Consider an example of an IT/ITES company with sensitive customer data. The company conducts 

regular security assessments (VA/PT) audits to ensure data security. Multiple simulated cyberattacks are 

performed to identify security misconfigurations and gaps in hardware and software components. In 

addition to this, the company also conducts ISO 27001 and SSAE SOC 2 audits to ensure their security 

measures meet industry standards and regulations. These audits have helped the company avoid 

potential security breaches by proactively managing their risk and testing and reinforcing their defense 

mechanisms. 

Incident response and disaster recovery planning: 

A robust incident response plan and disaster recovery strategy are essential for minimizing the impact of 

security incidents and data breaches. They include procedures for detecting, responding to, and 

recovering from security breaches in a timely and effective manner. 



Security Tools: 

There are a number of tools cyber pros can use to help implement these methods. These include: 

Encryption: 

Encryption is a fundamental tool for protecting data. It involves encoding data so that only authorized 

parties can access it. This tool can include encrypting data at rest (stored data) and in transit (data 

transmitted between systems). 

To protect sensitive data, organizations use data encryption at rest to encode PII, SPII, PCI, and other 

sensitive information when it is stored in the database. This data-at-rest encryption ensures that an 

unauthorized party cannot read the data from the database until they have the decryption key. 

Access control: 

Strong access controls ensure that only authorized individuals or systems can access data. Implementing 

this tool involves employing user authentication mechanisms such as passwords, biometrics, and multifactor 

authentication (MFA). 

Data masking: 

Data masking involves hiding sensitive information within a dataset while maintaining its usability for 

specific purposes. This tool can help protect sensitive data during testing, analytics, or other processes 

where full access is not required. 

Consider an IT company developing software for a bank. The development team needs realistic data to 

test the software’s functionality; however, the bank wants to ensure that customer information remains 

confidential. This requirement necessitates implementing data masking techniques to safeguard the 

bank’s customers' PII (personally identifiable information). 

Firewalls and network security: 

Firewalls monitor and control incoming and outgoing network traffic based on predetermined security 

rules. They help protect against unauthorized access, data breaches, and other cyber threats. 

Imagine a group of marketers working in an organization who want to have access to Facebook and other 

social media platforms. However, per the organization’s policy, access to social media is restricted. 

Nonetheless, access is granted to a few employees based on business justification. This requirement is 

met by writing firewall rules that allow traffic to social media sites for a certain range of IP addresses. 

Intrusion detection and prevention systems (IDPS): 

IDPS tools monitor network traffic for signs of suspicious activity or known threats. They can then 

automatically block or mitigate attacks in real time. 

The IDPS solution continuously monitors and analyzes both internal and external traffic. This tool can 

detect malicious activity based on the traffic pattern and sends notifications to the administrator. It can 



also block the IP address associated with suspicious traffic. Additionally, it will write a rule to prevent such 

attacks in the future. 

The IDPS can also block emails with attachments that contain executable files, which are often used to 

spread malware. By taking these actions, the IDPS prevents advanced attacks, protects confidential data, 

and keeps businesses up and running. 

Data loss prevention (DLP): 

DLP tools help organizations prevent the unauthorized transmission of sensitive data outside the 

corporate network. They can monitor and control data transfers, enforce encryption policies, and prevent 

data leaks. 

The DLP tool plays a significant role in safeguarding sensitive information within an organization. A 

successful DLP implementation can detect and stop data breaches. In an organization, this tool is 

configured to detect any personally identifiable, confidential, and sensitive information from being sent 

without proper authorization. When someone inadvertently transfers such PII, confidential, or sensitive 

information over email or a public platform, the DLP tool blocks this transmission and alerts the IT team 

and sender with a notification about the detection of unauthorized data transmission. 

Endpoint security: 

Endpoint security solutions protect individual devices such as computers, laptops, and mobile devices 

from malware, ransomware, and other cyber threats, including antivirus software, endpoint detection and 

response (EDR) solutions, and mobile device management (MDM) platforms. 

An employee opens a legitimate email containing a malicious attachment. Upon clicking the attachment, 

malware infects the device, encrypting all company files. That’s where endpoint security solutions such 

as MDM, EDR, and web proxy come into the picture to protect organizations from unwanted attacks. 

Conclusion 

Cyber-attacks are harmful to the organization and the individual, exposing sensitive information, causing 

reputation loss, loss of revenue, and could even threaten our nation and government. That is why it is 

essential for leaders to understand and consider the right mix of measures and tools to prevent and 

mitigate the damage of an attack. Leaders must stay informed, use AI cautiously, and always ensure 

their employees are up to speed because the next major cyber breach could be their own organization. 




Vishwas Pitre is the Chief Information Security Officer (CISO) & Data Privacy 

Officer (DPO) at Zensar Technologies. With a demonstrated history of 

working in the information technology and services industry, Vishwas has 

over 25 years of experience working with a global clientele to establish 

security frameworks, technology solutions, and process definitions and 

implementations. He is the recipient of the 2024 InfoSec Maestros Award for 

Smart CISO, amongst others. Vishwas can be reached online at LinkedIn 

and at our company website https://www.zensar.com/. 



The Frontier of Security: Safeguarding Non-Human Identities 

By Idan Gour, CTO and Co-Founder, Astrix Security 

Dropbox, Microsoft, Okta - not only are these all major software companies, but each of them has fallen 

victim to a supply chain attack due to a compromised non-human identity. For decades the security 

industry has prioritized protecting human identities, but with the influx of Gen-AI tools and increase in 

automation, new identities have emerged, opening up an entirely new attack surface: non-human 

identities (NHIs). As NHIs continue to be the focus of exploitation, organizations must pivot their security 

strategies from asking, “How are you protecting yourself against potential threats?” to “How are you 

protecting yourself against your own vendors?” 

Non-Human Identity Attack Surface: Large and (not) in charge 

While human user identities are well-established, with multi-factor authentication (MFA), IP restrictions, 

and other robust protocols, non-human identities, often in the form of API keys, OAuth tokens, service 

accounts, and other secrets, represent a different kind of challenge. These credentials are used by 

applications, services, and automated processes to communicate and perform tasks within a network, 

often with significant privileges and minimal oversight. 



Non-human identities are often riddled with vulnerabilities due to their extensive and permissive nature. 

Created on a daily basis, there are roughly 20,000 non-human identities for every 1,000 employees - 

which raises an incredibly high bar for security teams to keep up with monitoring and governing NHIs. As 

a result, hackers exploit these weaknesses, often gaining unauthorized access to critical systems and 

sensitive data. 

Supply Chain Attacks are the Core 

This story has played out a number of times, even within the last few months - from Okta and Microsoft 

to Dropbox and Snowflake, supply chain attacks have become a preferred method for cybercriminals. By 

targeting software providers, hackers gain a "golden ticket" to not just one but multiple networks rich with 

valuable data. Compounding this issue is the proliferation of applications and tools. With automation and 

cloud environments, a business’s ecosystem is made of hundreds if not thousands of different vendors 

that have access to its systems. Organizations don't have the right visibility into all of these vendors 

because everything is automated and cloud-based. The sheer volume of these connections alone - and 

also the fact that anyone can add these services - makes it impossible to track and monitor without 

automated tools. 

Addressing the Identity Challenge 

Incident response efforts often fall short due to the fragmented nature of security platforms because each 

vendor, tool, application, etc., handles token management and application consents differently. So how 

does an organization begin to protect its NHIs? It begins with having a handle on your third-party vendors 

and overall security posture. 

• Implement a comprehensive security strategy: Align privacy, third-party risk management 

(TPRM), and security efforts across various roles, including IT administrators, developers, and 

cloud architects. This is essential to enhance security measures and improve the effectiveness of 

incident response teams in the event of an attack. 

• Ensure you have continuous and real-time inventory of all connected NHIs: If you’re able to 

see into each NHI connection and viewpoint, security teams will have a better grasp of risky 

connections and be able to prioritize the threat. 

• Focus remediation efforts: Provide detailed information about the services and resources an 

NHI can access. Be as specific as possible so that there are no loopholes and potential risks. 

• Be as proactive as possible: Create activity logs, set-up automated workflows and provide 

investigation guides for security teams. This will all help to manage any atypical NHI activity, or 

other potential risks, in real-time. 

Cloud security and automation will continue to skyrocket, but so too will non-human identities and their 

associated risks. It’s time to outsmart the hackers, and take back control of your own environment - both 

internally and externally. The next time you engage with a vendor, make NHIs a central topic of 



discussion. Inquire about their strategies and tactics for securing these identities. Addressing these 

challenges collaboratively is far more effective than attempting to manage them on your own. 


Idan Gour is the CTO and co-founder of Astrix Security, the enterprise's trusted solution 

for securing non-human identities. Gour has over a decade of cybersecurity and 

leadership expertise that spans military and enterprise environments, including 

strategic roles in the Israeli Military Intelligence Unit 8200 and software development 

positions at Deep Instinct. Idan can be reached online at idan@astrix-security.com and 

@AstrixSecurity and at our company website https://astrix.security/. 



Revolutionizing Investigations: The Impact of AI in Digital 

Forensics 

Exploring the advantages, challenges, and the future of AI-powered technologies in digital 

forensics 

By Yuri Gubanov, Digital Forensics Expert, Founder and CEO of Belkasoft 

Artificial intelligence (AI) is making waves in many industries across the board. It found use in healthcare, 

manufacturing, retail, finance, and other sectors that deal with large volumes of data. Although AI does 

not yet possess the full capabilities of human intelligence, it has a distinct advantage in terms of speed. 

Once trained to recognize patterns in data and make the necessary operations with them, it can process 

information quickly and efficiently. 

In digital forensics and cyber incident response (DFIR), where the rapid discovery of relevant information 

in a multitude of files and records is crucial, AI can be a game-changer, helping save both lives and 

businesses. 



The challenges in traditional digital forensics 

One of the most significant challenges in modern digital forensics, both in the corporate sector and law 

enforcement, is the abundance of data. Due to increasing digital storage capacities, even mobile devices 

today can accumulate up to 1TB of information. 

Given that DFIR cases can involve a handful of devices, it is not uncommon to have a few dozen terabytes 

of data within a single investigation. Such volumes make evidence processing and examination timeconsuming, 

to say the least. 

Digital forensics tools alleviate the burden of data abundance by automating many DFIR processes, such 

as the acquisition of data from electronic devices, decryption, and the extraction of digital evidence. 

However, after data is extracted and presented in an easy-to-use interface, there are still thousands of 

files and records to examine. Experts often spend considerable time manually searching for events, 

documents, and conversations relevant to their investigation. A significant bottleneck in this process is 

the review of numerous pictures and videos and reading through chats and emails. 

With limited human resources and digital forensics software licenses in the lab, data-rich cases cause 

significant delays in investigations and growing case backlogs. Digital forensics software offers various 

tools to streamline data analysis, but can the adoption of AI technologies solve the problem once and for 

all? 



AI-Powered technologies in digital forensics 

Digital forensics started benefiting from AI features a few years ago. The first major development in this 

regard was the implementation of neural networks for picture recognition and categorization. This 

powerful tool has been instrumental for forensic examiners in law enforcement, enabling them to analyze 

pictures from CCTV and seized devices more efficiently. It significantly accelerated the identification of 

persons of interest and child abuse victims as well as the detection of case-related content, such as 

firearms or pornography. 

Another promising AI technology with significant potential to enhance digital investigations is the large 

language model (LLM). LLMs are trained on diverse text sources, including scientific literature, fiction, 

blog posts, and forum discussions. Such extensive training enables them to skillfully leverage human 

language and knowledge, performing various natural language processing (NLP) tasks. They can 

analyze, categorize, summarize text, engage in conversations, answer questions, and even reason. 

Digital devices involved in criminal or cybersecurity investigations typically include years of text records 

in messengers, emails, notes, documents, logs, and other files. Large language models have the 

necessary skills to analyze this text data and help digital examiners quickly pinpoint critical details needed 

for investigations. 

Belkasoft has recently made this AI technology more accessible to digital forensics examiners. We 

extended our company’s flagship product, Belkasoft X, with an LLM-based tool called BelkaGPT. This 



offline AI assistant analyzes data extracted from digital devices and helps users discover evidence using 

natural language queries. The first version of BelkaGPT already demonstrates success in several key 

areas: 

• Detection of topics of interest: Users can ask generic questions such as “Can you find anything 

suspicious?” or submit more specific queries, like searching for mentions of financial transactions, 

account update requests, specific names, locations, plans, events, and more. 

• Defining the emotional tone of texts: BelkaGPT can identify whether the text contains signs of 

various sentiment expressions, such as threats, concerns, or conflicts, and determine the nature 

of relationships between conversation participants. 



• Identifying picture properties. BelkaGPT accesses information from case database records and 

considers additional properties assigned during analysis. For instance, if you run AI picture 

analysis and Belkasoft X identifies images with guns or nudity, BelkaGPT will recognize these 

categories in the case and respond to related questions. 



Unlike traditional keyword searches, which only detect exact word matches, BelkaGPT focuses on 

understanding the meaning behind words. That is why, even if a thought is expressed in synonyms or 

idioms, the LLM can still uncover it. This capability adds precision to investigations as it helps find the 

details that may be missed by keyword searches or overlooked by a weary examiner. 

Nevertheless, AI is an evolving field, and BelkaGPT will continue to develop. Our plan is to make it more 

versatile, configurable, precise, and focused on the context of digital forensics and cyber incident 

response. 

The benefits of AI in digital forensics 

Integrating AI into the digital investigation workflow boosts the productivity of forensic experts by 

enhancing both speed and quality. AI helps identify key evidence more quickly, allowing investigators to 

focus on the critical aspects of their cases. 

For law enforcement, AI implementation reduces case backlogs and accelerates the delivery of justice, 

contributing to a safer and more secure society. In corporate security, it shortens the time needed to 

investigate and contain cyber incidents, minimizing the financial and reputational damage caused by 

downtime and data breaches. 

Addressing concerns with AI adoption 

While AI tools enable forensic experts to discover evidence faster and with greater accuracy, working 

with AI is not without its challenges. Several common concerns arise when implementing AI in digital 

forensics and cyber incident response. 

Improper output 

No matter how advanced, AI operates within the boundaries of its training, which can sometimes be 

incomplete or imperfect. Large language models, in particular, may produce inaccurate information if their 

training data lacks sufficient detail on a given topic. As a result, investigations involving AI technologies 

require human oversight. 

In DFIR, validating discovered evidence is standard practice. It is common to use multiple digital forensics 

tools to verify extracted data and manually check critical details in source files. Therefore, validating AI 

results will not be a new requirement for digital examiners. 

For large language models, there are methods to mitigate the risk of inaccurate output. For instance, our 

tool, BelkaGPT, is designed to generate responses based solely on case data. If it cannot find relevant 

information, it states that the required data is unavailable. Additionally, it provides references to the three 

most relevant artifacts in the case database, allowing examiners to quickly verify their contents and 

origins. 



Data privacy 

AI solutions require significant computing power, often provided by vendors through cloud services. For 

most DFIR labs, cloud infrastructure is a no-go since they work with sensitive information and are usually 

prohibited from sharing it with third parties in any form. As a result, only local AI tools are viable options 

for digital forensics. 

Cost of implementation 

AI technologies rely on powerful GPUs for data processing, which are currently in high demand and 

costly. So, how affordable is it to run an offline AI solution in a digital forensics lab? 

Fortunately, DFIR units are often equipped with such hardware, as it is required for other tasks like 

password brute-forcing. AI tools can also be optimized to run on less powerful GPUs. For instance, 

BelkaGPT requires a GPU with a minimum of 8GB of VRAM for optimal performance, with prices for such 

GPUs starting at $250. 

The future of AI in digital forensics 

The future of AI in digital forensics promises significant advancements, particularly as large language 

models continue to evolve. These models will become increasingly adept at understanding the meaning 

of digital artifacts found on electronic devices and their role in investigations. 

Beyond text-based analysis, the future of AI in digital forensics will be shaped by the development of 

multi-modal AI technologies. These technologies, capable of processing and analyzing data across 

multiple formats, will enhance forensic investigations by covering a broader range of tasks. For instance, 

multi-modal AI could simultaneously analyze text, media files, and system records, providing a holistic 

view of the evidence. 

Incorporating AI advancements into digital forensics will require ongoing adaptation and innovation. 

Conclusion 

AI is revolutionizing digital forensics and cyber incident response by enhancing the speed and precision 

with which forensic experts can analyze vast amounts of data. While AI tools like BelkaGPT demonstrate 

significant promise in streamlining investigations, they also require careful implementation and oversight 

to ensure accuracy and address challenges such as data privacy and cost. AI technologies can make 

the digital forensics industry more efficient, helping law enforcement and corporate security teams deliver 

justice and investigate cyber threats more effectively. 

As AI continues to evolve, its role in digital forensics will expand, offering new ways to process and 

interpret complex data. With new advancements like multi-modal AI coming soon, digital forensics is set 



to reach new levels of precision and efficiency. The future will depend on our ability to adapt and refine 

these technologies, unlocking their full potential to meet the growing demands of digital investigations. 


Yuri Gubanov is the Founder and CEO of Belkasoft, a company specializing in 

Digital Forensics and Cyber Incident Response Software. Since its inception in 

2002, Yuri has led Belkasoft to become a global leader in digital forensics 

solutions, trusted by law enforcement agencies, corporate clients, and private 

investigators in over 130 countries. 

Yuri can be reached online at Linkedin. Company website: https://belkasoft.com/. 



The Relationship Between Network and Security: Why They're 

Ditching the "It's Your Fault" Game 

By Jaye Tillson, Field CTO, Distinguished Technologist, HPE Aruba Networking 

Remember the good old days of IT? Back when firewalls were like bouncers at a nightclub, and security was a 

sleepy corner in the IT department? Those days are about as gone as the whining of modems for dial -up internet. 

The cyber landscape has morphed from pesky pop-ups to sophisticated ransomware gangs, forcing IT security to 

graduate into a full-fledged, battle-scarred warrior named "Cybersecurity." 

However, it isn't always sunshine and roses between these two tech titans, Network and Security. Network, the 

outgoing social butterfly, was all about connection and smooth data flow. Security, the ever -suspicious knight, lurked 

in the shadows, scrutinizing every packet and putting the brakes on anything fishy. Their dynamic often devolved 

into finger-pointing contests: "You let that malware in with your flimsy firewall!" "If you weren't so restrictive, users 

wouldn't need risky workarounds!" 

Thankfully, the winds of change are starting to blow, and there may be some light at the end of the technology 

tunnel. Organizations are beginning to realize that a siloed approach, with Network and Security locked in a "whose 

budget is bigger" duel, is like fighting a dragon with a teaspoon. Enter the beautiful reunion, the merging of Network 

and Security into a well-oiled, information-sharing machine. Imagine it like The Power Rangers combining their 

words to form the Dino Megazord. 



But why is this relationship so meaningful? Let's face it: the bad guys are constantly innovating and evolving. 

Ransomware gangs are like pesky telemarketers; we block one number and they pop up with another. A unified 

approach allows Network and Security to leverage each other's strengths. Network, with its deep understanding of 

traffic flow, can spot anomalies that might escape Security's radar. Security, with its arsenal of threat intelligence, 

can guide the Network in fortifying defenses at critical points. It's like having a lookout in the crow's nest constantly 

shouting, "Avast, ye landlubbers! Suspicious ship approaching!" while the captain expertly steers the ship away 

from harm's way. 

Now, let's address the elephant in the server room: the budget. CISO (Chief Information Security Officer) and CIO 

(Chief Information Officer) often have a tug-of-war over resources. The CISO pleads for the latest firewalls and 

intrusion detection systems, while the CIO frets about bandwidth and network performance. But here's the thing: 

they are both on the same team and should be united against the common enemy – the dreaded ransomware 

attack. Imagine the CISO as Batman, needing the best gadgets and intel to fight crime. The CIO is Lucius Fox, the 

brilliant tech guy who ensures those gadgets don't slow Batman down to a snail's pace. They need to work together, 

not against each other. 

Here's a secret most IT professionals won't tell you: a secure network can be a smooth one. Modern security 

solutions are designed to be lightweight and integrate seamlessly with network infrastructure. This means Network 

can get the robust security it craves without sacrificing that sweet data flow. It's a win-win! 

So, how can Network and Security cultivate this relationship? 

• Communication is key: Regular meetings, information sharing, and joint threat assessments are crucial. 

Picture them grabbing coffee to brainstorm, not hurling accusations across the server room. 

• Shared goals, not silos: Both departments should have clear objectives focused on overall security, not 

just individual metrics. Think "Defeating the ransomware dragon" instead of "Deploying X firewalls." 

• Embrace automation: Let the machines handle mundane tasks like log analysis and system updates, 

freeing up Network and Security to focus on strategy and collaboration. 

• Invest in training: Cross-training can work wonders. Network engineers learning about threat vectors and 

security professionals understanding network architecture fosters a deeper appreciation for each other's 

work. 

The bottom line? Network and Security's power couple act strengthens your organization's defenses 

against cyber threats. They can finally stop the "it's your fault" game and focus on what truly matters: 

keeping your data safe and sound. Now, if you'll excuse me, I have a mental image of a high-five between 

a firewall and an intrusion detection system, and it's oddly heartwarming. 




Jaye Tillson is Field CTO & Distinguished Technologist, at HPE Aruba 

Networking, boasting over 25 years of invaluable expertise in successfully 

implementing strategic global technology programs. With a strong focus on digital 

transformation, Jaye has been instrumental in guiding numerous organizations 

through their zero-trust journey, enabling them to thrive in the ever-evolving 

digital landscape. 

Jaye's passion lies in collaborating with enterprises, assisting them in their 

strategic pursuit of zero trust. He takes pride in leveraging his real-world experience to address critical 

issues and challenges faced by these businesses. 

Beyond his professional pursuits, Jaye co-founded the SSE Forum and co-hosts its popular podcast 

called 'The Edge.' This platform allows him to engage with a broader audience, fostering meaningful 

discussions on industry trends and innovations. 

Jaye can be reach at jaye.tillson@hpe.com and through our company website 

https://www.arubanetworks.com/. 



The Rise in Phishing Scams 

By Marcelo Barros, Global Markets Leader – Hacker Rangers 

As cybersecurity platforms have become more effective, cyber attackers have shifted their strategy. 

Rather than challenging defense applications to identify weaknesses, they are now increasingly focused 

on exploiting human behavior. Their primary method for enacting this updated strategy is phishing. 

Phishing attacks have increased at an alarming rate in recent years, with reports showing a 58 percent 

increase in global phishing attacks from 2022 to 2023. The most probable reason for the increase is that 

phishing remains remarkably effective. Nine out of ten organizations report that they fell prey to phishing 

attacks in 2023, with nearly seven out of ten employees saying they contributed to the attacks’ success 

by knowingly taking risky actions such as handing over credentials to untrustworthy sources. 

Why does phishing continue to work? 

One of the main reasons phishing continues to be effective is its focus on deep-rooted human emotions. 

Rather than seeking to overcome cyber defenses with computing power or zero-day exploits, it 

overcomes them by exploiting fear, greed, and empathy. 



For example, due to security upgrades such as password generation and multi-factor authentication, 

breaking passwords has become much more difficult for cybercriminals. With phishing, however, 

cybercriminals can leverage fear to gain access to passwords. Falsified messages informing employees 

that their corporate expense account has been compromised and requesting login credentials to fix the 

problem count on those employees being afraid that the alleged breach will result in greater losses. 

Greed is another powerful tool cybercriminals use to empower phishing attacks. A text or email promising 

access to an exclusive deal, for instance, can quickly prompt a greedy person to hand over sensitive 

information. According to Verizon’s 2024 Data Breach Investigations Report, the median time it takes for 

someone to fall victim to a phishing attack — from receiving a phishing email to taking the requested 

action — is 60 seconds. 

Phishing also continues to be effective because we are doing more online than ever before. When remote 

work skyrocketed in the wake of the COVID-19 pandemic, phishing attacks leveled at remote workers 

increased by 600 percent. As workplaces became distributed, it became more time-consuming and 

inconvenient to confirm that a text or email message actually came from a manager, opening the door 

for cybercriminals to exploit the new normal. 

The rise of AI is yet another reason for the increased use of phishing attacks. Generative AI makes it 

much easier for cyber attackers to develop phishing campaigns. The power AI provides to create 

deepfakes also empowers new variations of phishing, such as vishing attacks that use AI to generate 

voice calls mimicking a boss or other person in authority. 

How can organizations better repel phishing attacks? 

Providing effective training is the most important step organizations can take to better repel phishing 

attacks. The training should provide a general understanding of how phishing works, how to identify it, 

and how to report it when it is suspected. It should also be updated regularly to include the most recent 

phishing strategies. 

Every stakeholder in an organization should receive training on phishing. Because phishing is focused 

on exploiting an organization’s employees rather than its security framework, it can be leveled against 

any employee — from the CEO to the newest entry-level hire — so excluding anyone from training 

creates a dangerous vulnerability. 

Organizations that want to better repel phishing attacks should also help employees to prioritize 

cybersecurity. Cyber attackers often rely on victims overlooking telltale signs of a phishing attack because 

they are too busy or weary from an overwhelming workload. If employees don’t feel empowered to take 

appropriate steps to detect and repel phishing, even when it compromises their productivity, the 

organization will suffer. 

An effective cybersecurity strategy must address the ongoing threat posed by phishing attacks. An 

organization’s best defense will be employees who understand the threat and know how to repel it. 

Organizations that fail to empower employees create a vulnerability that cybercriminals will be quick to 

exploit. 




Marcelo Barros, Global Markets Leader of Hacker Rangers. He is an IT 

veteran who has played an instrumental role in delivering cutting-edge 

cybersecurity solutions and services to clients around the world. His passion 

for cybersecurity led him to join the team at Hacker Rangers, a leading 

gamification company that makes cyber awareness fun and engaging for 

organizations worldwide. 

Marcelo can be reached online on LinkedIn at 

www.linkedin.com/in/marcelonunesbarros/ and at his company’s website 

https://hackerrangers.com/. 



Three Big Reasons Ransomware Payments Are Up More Than 

5X Over Last Year 

By John Gunn, CEO, Token 

If the mission of cybersecurity is to protect the organization from losses to cybercriminals, we are in deep 

trouble. Over the past year there has been a dramatic increase in the average ransomware payment 

made by victims or ransomware attacks, an increase that exceeds 500%. RISK & INSURANCE, a leading 

media source for the insurance industry, revealed that in 2023 the median ransom demand increased to 

$20 million from $1.4 million in 2022, and payments multiplied to $6.5 million in 2023 from $335,000 in 

2022. In addition, in its annual "State of Ransomware 2024" report, Sophos, a global leader in 

cybersecurity, revealed that the average ransom payment has increased more than fivefold in the last 

year with organizations that paid a ransom reporting an increase from an average payment of $400,000 

in 2022 to an average payment of $2 million in 2023. The evidence of a crisis is overwhelming. 

This is a stunning increase in losses to cybercriminals. It underscores the alarming the growing 

sophistication and danger of cyberattacks and the substantial vulnerabilities in outdated security 

methods. The leading factor driving this trend is the widespread reliance on twenty-year-old, legacy Multi- 



Factor Authentication (MFA), which is proving completely ineffective against modern cyber threats. The 

reason legacy MFA is being defeated so easily by cybercriminals is the adoption of Generative AI. This 

incredibly powerful new technology has empowered cybercriminals to create highly convincing phishing 

attacks, making them nearly undetectable even to well-trained users. This article outlines the reasons 

behind the sharp rise in average ransomware payments, the shortcomings of legacy MFA, and the urgent 

need for phishing-resistant, next-generation MFA solutions. 

Three Biggest Factors Driving the Rapid Increase in Ransomware Payments 

Cybercriminals have adopted Generative AI 

Cybercriminals have harnessed Generative AI to drastically enhance the effectiveness of phishing 

emails. These advanced tools can craft exceptionally realistic and personalized messages, devoid of any 

grammatical or spelling mistakes, making them virtually indistinguishable from genuine emails. By 

leveraging extensive data analysis, Generative AI replicates writing styles, constructs credible scenarios, 

and accurately targets individuals. These sophisticated attacks imitate emails from trusted sources, 

featuring authentic branding and contextually relevant details. Consequently, organizations that depend 

on employee training as their primary defense are finding it increasingly less effective. 

Cybercriminals have improved their targeting of victims 

Cybercriminals are increasingly targeting organizations where they can cause the most significant 

operational disruptions, thereby maximizing their ransom demands and payments. High-profile cases like 

MGM's $100 million loss, Change HealthCare's billion-dollar setback, and the still-uncalculated damages 

suffered by CDK Global illustrate the success of this strategy. These criminals understand the financial 

pressure their attacks create, leveraging this knowledge to demand exorbitant ransoms. Victims facing 

potentially devastating losses often find it a painful but straightforward business decision to comply with 

these demands. 

Out of date Security Practices 

For decades, Multi-Factor Authentication (MFA) has rightfully been a cornerstone of enterprise security. 

MFA requires additional forms of verification to enhance network protection. However, legacy MFA 

systems, including Knowledge-Based Authentication (KBA), One-Time Passwords (OTP), and 

Authentication apps developed twenty years ago are proving increasingly ineffective against 

contemporary cyber threats. The overwhelming majority of successful ransomware attacks have 

bypassed these outdated MFA methods leading directly to the crippling effects of a ransomware attack. 

Cybercriminals employ several techniques to compromise legacy MFA: 



• SIM Swapping: Attackers persuade mobile carriers to transfer the victim’s phone number to a SIM 

card they control, intercepting SMS-based MFA codes. 

• Phishing Attacks: Users are tricked into providing their MFA credentials via fake login pages or 

social engineering tactics. 

• Man-in-the-Middle (MitM) Attacks: Attackers intercept communications between the user and the 

service, capturing MFA tokens to authenticate themselves. 

• Session Hijacking: Attackers gain access to active session tokens (e.g., through XSS, CSRF 

attacks, or session fixation) and use them to impersonate the user without needing to reauthenticate. 

• Malware: Malicious software on a user’s device captures authentication tokens, passwords, or 

keystrokes, allowing attackers to bypass MFA. 

• Other Social Engineering: Attackers manipulate individuals into revealing their MFA credentials 

or performing actions that circumvent MFA controls. 

• Account Recovery Process Exploitation: Attackers exploit weaknesses in account recovery 

processes to reset the user’s MFA settings, effectively bypassing MFA. 

The vulnerabilities of legacy MFA highlight the urgent need for more robust, next-generation 

authentication solutions to defend against sophisticated cyber threats. 

The Urgent Need for Next-Generation MFA 

To combat the surge of ransomware attacks, organizations must adopt next-generation, phishingresistant 

multi-factor authentication (MFA) technologies. These cutting-edge solutions utilize a variety of 

sophisticated authentication methods, including biometric measures like fingerprint and facial recognition, 

making it significantly more challenging for cybercriminals to replicate or breach corporate networks. This 

need is underscored by the Verizon Data Breach Incident Report, which through the years consistently 

indicates that over two-thirds of breaches stem from compromised credentials. Additionally, the 

Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security 

reports that 90% of successful ransomware attacks originate from phishing incidents. 

Why Biometrics are Best 

Biometric authentication utilizes the distinct physical attributes of authorized users, such as fingerprints 

and facial features, which are exceptionally difficult to forge or steal. Biometrics are pivotal in nextgeneration 

Multi-Factor Authentication (MFA) for several reasons: 

• Biometrics eliminates the issues of poor password practices and mitigate risks associated with 

weak, reused, or compromised passwords, which are common attack vectors. 

• Biometric traits are unique to each person, making them almost impossible to replicate or steal, 

unlike passwords or tokens. 

• Biometric data is intrinsically tied to the individual, preventing sharing or transferring, thus 

reducing the risk of credential theft. 



• Biometric authentication is immune to phishing attacks since these traits cannot be easily 

captured or entered on fraudulent websites. 

• Biometrics enhances fraud prevention by ensuring that the person accessing the system is indeed 

who they claim to be, thereby preventing identity theft and unauthorized access. 

User Convenience Means Zero Friction 

Biometric authentication provides a quick and seamless process, often requiring just a scan or touch, 

which significantly enhances the user experience. This approach eliminates the need for users to 

remember passwords or keep track of dongles, reducing their burden and minimizing errors, lockouts, 

and helpdesk calls. 

• An easy-to-use MFA solution encourages higher user adoption rates. Unfriendly processes deter 

users from supporting organizational security measures. 

• Simplified MFA processes decrease the likelihood of user errors, such as mistyping codes or 

losing tokens, leading to fewer lockouts and support requests, which saves time and resources 

for the organization. 

• Users are more likely to consistently follow security protocols and use MFA if it integrates 

smoothly into their daily routines without causing disruptions. 

• Quick and easy authentication processes ensure that employees can access necessary 

resources without unnecessary delays, thereby enhancing productivity levels. 

User convenience in MFA solutions is crucial for stopping network intrusions, ensuring high adoption 

rates, reducing errors and support costs, maintaining productivity, and improving overall user satisfaction. 

By balancing security with ease of use, organizations can improve security environment and user 

satisfaction. 

Selecting the Best MFA solution 

Choosing the right phishing-resistant, next-generation MFA solution involves a thorough assessment of 

the organization's specific needs. Key factors to consider include the supported authentication methods, 

integration capabilities, user-friendliness, and scalability. It’s essential to select a solution that offers a 

balanced combination of security, usability, and flexibility. 

Implementing next-generation MFA should be done in phases to minimize disruptions and ensure a 

smooth transition. A phased approach allows for comprehensive testing and helps users gradually adapt 

to the new system. 

Given the ever-evolving cybersecurity landscape, organizations must continually update their security 

measures. Continuous monitoring and regular updates are essential to maintain the effectiveness of 

phishing-resistant and next-generation MFA solutions. Establishing a framework for ongoing security 

assessments, system updates, and integrating threat intelligence is crucial for staying ahead of emerging 

threats. 



Conclusion 

The surge in ransomware payments underscores the urgent need for enhanced security measures. 

Outdated legacy MFA systems are a major factor in this trend. As cyberattacks grow more sophisticated, 

especially with Generative AI being used to craft convincing phishing messages, organizations must 

adopt next-generation MFA technologies. Advanced authentication methods, adaptive security 

measures, and seamless integration with existing security infrastructure can significantly bolster defenses 

against ransomware. Upgrading to phishing-resistant MFA is essential for protecting critical data, 

reducing financial risks, and maintaining operational resilience. Legacy MFA systems are no longer 

adequate; embracing advanced solutions is a strategic necessity in today's cybersecurity landscape. 


John Gunn is the CEO of Token, delivering the next generation of multi-factor 

authentication that is invulnerable to social engineering, malware, and tampering for 

organizations where breaches, data loss, and ransomware must be prevented. He 

is a strong leader with a proven record of attracting and motivating talent to deliver 

significant revenue growth for software and services companies. John can be 

reached online at LinkedIn and at our company website https://www.tokenring.com/. 



Why Cybersecurity at The Olympics (And All Major Global 

Events) Shouldn't Take a Backseat 

By Avani Desai, CEO of Schellman 

Although the 2024 Summer Olympics brought more than 15 million visitors to Paris and generated $11 

billion in economic activity, the Games didn’t just convene excited fans and world-class athletes—it also 

attracted cybercriminals, as the digital ticketing operation, the surge in commerce, and high-profile 

athletes, celebrities, and officials attending made for a ripe target. 

Such is the recent history of the Olympics, which have faced significant cyber threats before. The 2021 

Tokyo Games saw over 450 million cyberattacks— 2.5 times more than during the London 2012 

Games—while the 2018 Olympic Destroyer hack caused major problems just before that year’s Opening 

Ceremony. Experts and law enforcement anticipated that Paris 2024 would be no different, especially 

given that an IDC report predicted it would be “the most connected Olympic Games ever” and would 

provide "the highest degree of ease for threat actors to execute attacks” amidst “the most complex” threat 

landscape. 



Yet, the invention of more advanced hacking tactics, rising geopolitical turmoil, and the widespread 

availability of artificial intelligence meant the Olympic organizing committee had even more to contend 

with than in past Games. As the Opening Ceremony approached, cybersecurity experts geared up for a 

wide range of potential cyber threats, including attacks aimed at causing chaos, opportunistic social 

engineering targeting eager fans, and sophisticated espionage efforts. Thanks to such a proactive 

approach in identifying threat actors and attack methods, these efforts were largely successful—a 

ransomware attack on Paris' Grand Palais data systems a week into the Games (that did not disrupt any 

Olympic events) notwithstanding, the French authorities and cybersecurity teams effectively neutralized 

all potential threats. 

But now that the Olympic flame has been extinguished after another successful Games, cybersecurity 

experts should move to redeploy those proven viable strategies and preparedness measures to inform 

their approach for 2028, as well as other significant international gatherings. Because from high-profile 

summits like the G20 and NATO to smaller events such as inaugurations, conferences, and music 

festivals, strong cybersecurity remains crucial to protecting the integrity and safety of every occasion. 

Understanding the Cyber Threats Faced at the Olympic Games 

A big part of that planning for the future should involve the prevention and mitigation of DDoS attacks, 

which remain a significant concern as per their frequent occurrence at past Olympics and global events— 

for instance, the 2012 London Olympics suffered faced a 40-minute DDoS attack aimed at upsetting the 

Olympic Park's power infrastructure. 

While these DDoS attacks are worrying enough—given how they overwhelm systems with excessive 

traffic to cripple websites and online services—they’re not the only threat out there to prepare against 

either, as social engineering attacks are now also a major problem. During the 2024 Olympics, athletes 

and visitors were especially vulnerable to phishing scams, which have previously exploited the 

excitement and stress of the event by offering fake incentives like free airfare or ticket upgrades to lure 

victims into sharing their credentials. 

And then there was the potentially catastrophic issue of cyber espionage—or the targeting of government 

officials and senior decision-makers to gather intelligence on strategies, training, and athlete statuses. 

Remembering the incident during the 2016 Rio Olympics, where the Russian hacking group Fancy Bear 

targeted the World Anti-Doping Agency to undermine athletes, French authorities braced for similar, 

politically motivated cyberattacks from the Kremlin in 2024—especially following Russia's exclusion from 

international sports organizations due to its invasion of Ukraine—as well as those from hacktivist groups 

and state-sponsored actors from countries like China, North Korea, and Iran. While the 2024 Games 

thankfully did not fall victim to such, these worries remain and necessitate the continued implementation 

of powerful measures to thwart these threats. 



The Importance of Testing Cybersecurity Measures and Training Your Teams 

One such measure proven effective during the 2024 Olympics was encryption. By transforming data into 

a secure format accessible only to authorized users, sensitive information—such as ticketing information, 

and device communications—was better protected from unauthorized access. Further, complementary 

implementations included those for network traffic monitoring, multifactor authentication, and the 

enforcement of strong password policies—all of which bolstered security. 

To ensure the effectiveness of such implementations, conducting penetration tests and running tabletop 

simulations are also key for preparing large events for potential cyber threats. Penetration tests—which 

cover application testing, network testing, and social engineering campaigns—uncover vulnerabilities in 

different areas, whereas tabletop simulations help organizing committees gain practical experience in 

responding to cyber incidents, thus improving their overall readiness and resilience. 

Perhaps most important is the performance of regular security audits, which are vital to identifying and 

addressing potential vulnerabilities within the IT infrastructure. From personal smartphones and work 

devices to digital ticketing systems and credential scanners, securing every critical device is essential to 

maintaining the integrity of the event, and periodic, thorough examinations of all systems can help do 

that. Not only will regular security reviews help ensure that the implemented preventative measures are 

effective and up-to-date, but any weaknesses will be detected early, allowing for the necessary 

adjustments to be made in strengthening defenses so that potential threats are mitigated well before they 

can impact critical operations. 

All that being said, it’s not enough to make technical installations and routinely test them—you also must 

prepare your people. As the 2024 Paris Olympics neared, France's cybersecurity teams, known as 

"Cyberwarriors," underwent rigorous training to address potential threats. Using tools like the MITRE 

ATT&CK framework, they were taught to visualize potential attack patterns and identify "choke points" 

where specific security controls would be most effective. Also central to their strategy was Atos, the global 

IT partner for the Olympics since 2001, who ran the cybersecurity operation center for the 2024 Games 

while also managing its accreditation systems, scheduling volunteers, and providing real-time results. 

Stay Ready to Respond 

Together the proactive approach and the effectiveness of the implemented security measures ensured 

the security of the Paris 2024 Olympics and proved the importance of collaborative partnerships and 

tailored cybersecurity solutions for high-profile global events. However, it’s important to remember that 

even with the utmost preparedness, incidents can still occur and you must be ready to respond. 

In the face of a cyberattack, a swift and coordinated response is essential—in quickly detecting and 

containing breaches, organizing committees can prevent further damage and keep critical operations 

running smoothly. Should a bad actor get through, prioritizing the immediate restoration of affected 

systems will help minimize disruption, but a complete response plan must go beyond technical fixes and 

involve effective crisis management, including clear and transparent communication with the public so 

that their trust and confidence can be maintained. Such was the case during the aforementioned 

ransomware attack that targeted Paris’ Grand Palais data systems during the 2024 Games. Though 



systems were breached, thanks to meticulous preparation and close collaboration with partners such as 

Cisco and government agencies like ANSSI, the attack was swiftly neutralized and Olympic events 

proceeded as planned. 

The brevity of that ransomware attack, as well as the overall cybersecurity success of the Olympics, was 

rooted in a well-rounded strategy that had been meticulously planned and executed—regular security 

audits identified vulnerabilities, strong encryption protected sensitive data, multifactor authentication 

secured critical systems, intrusion detection systems monitored for threats, and ongoing training kept all 

parties updated on cyber risks. 

Not only did this comprehensive vigilance and preparedness ensure the integrity of the 2024 Games, but 

it also demonstrated a new standard for the cybersecurity of global events moving forward. 


Avani Desai is the Chief Executive Officer at Schellman, the largest niche 

cybersecurity assessment firm in the world that focuses on technology assessments. 

Avani is an accomplished executive with domestic and international experience in 

information security, operations, P&L, oversight and marketing involving both startup 

and growth organizations. She has been featured in Forbes, CIO.com and The 

Wall Street Journal, and is a sought-after speaker as a voice on a variety of emerging 

topics, including security, privacy, information security, future technology trends and 

the expansion of young women in technology. 

Avani sits on the board of Arnold Palmer Medical Center and Philanos; is Audit 

Committee chairwoman at the Central Florida Foundation; and is the co-chair of 100 Women Strong, a 

female-only venture capitalist-based giving circle that focuses on solving community-based problems 

specific to women and children by using data analytics and big data. 

Avani can be reach online at LinkedIn and through our company website IT Compliance Attestation 

Services | Schellman. 



Why Cybersecurity Compliance in Rail Transportation Has 

Never Been More Important, Or More Challenging to Keep on 

Track 

By Robin Berthier, Co-Founder and CEO, Network Perception 

As the world’s Rail transportation industry becomes more sophisticated, embracing digital technologies 

to enhance efficiency, safety, and operational capabilities, it is also exposed to a myriad of cybersecurity 

threats. The Internet of Things (IoT) has ushered in the use of sensors on trains, tracks, and platforms 

that allow entire rail systems to be interconnected and monitored in real-time. However, all of these 

various system touch-points can also be an opening that a hacker needs to gain access to the network 

and wreak havoc. 

As a result, cyber attacks on the rail industry have become much more common, and in October 2022, 

the TSA issued a cybersecurity security directive for passenger and freight railroad carriers to enhance 

cybersecurity resilience. It requires railroad carriers to conduct a regular cybersecurity vulnerability 

assessment that examines current practices, identifies risks to IT and OT systems, and outlines a full 

plan for remediation. In particular, it calls for network segmentation policies and controls that keep 

operational technology systems separate from other IT systems as a safeguard in case of a breach. 



Meanwhile, attacks targeting railroad cybersecurity persist. In April 2023, the Alaska Railroad 

Corporation, a state owned Class II railroad operating freight and passenger trains, was attacked, 

surrendering sensitive information about its employees and vendors. In August, the Belt Railway 

Company of Chicago, which operates the nation’s largest switching and terminal railroad, had data stolen 

in a ransomware attack. And in September 2023, the Norfolk Southern Corporation saw rail operations 

disrupted due to an attack on its data center, impacting their dispatching system, train movements, and 

functionality of their terminal operating system. 

It’s not just the disruption of rail service and stolen data that is at risk. Passenger and railway worker 

safety is also compromised. According to Control Global, to date, rail cyber-related incidents involving 

municipal railways, mass transit, long-distance passenger rail and freight, have killed hundreds of people 

globally. Ensuring the cybersecurity compliance of rail transportation networks is critically imperative, yet 

it comes with its own set of challenges. 

Rail Network Security is Complicated 

Rail transportation systems have evolved into intricate networks of interconnected systems, including 

train control systems, signaling systems, communication networks, and passenger information systems. 

The complexity and interdependence of these systems create a challenge in maintaining comprehensive 

cybersecurity. A breach in one system can potentially compromise the entire network, making it crucial 

to address vulnerabilities across the entire infrastructure. 

Legacy Infrastructure 

Many rail systems worldwide rely on legacy infrastructure that was not designed with modern 

cybersecurity threats in mind. Aging hardware and software components often lack the necessary 

security features, making them more susceptible to cyber attacks. Upgrading these systems to meet 

current cybersecurity standards poses a significant challenge due to financial constraints, operational 

disruptions, and compatibility issues. 

Regulatory Compliance Standards 

The rail transportation sector is subject to various regulatory frameworks for securing industrial 

automation and control systems - including the widely adopted IEC 62443, IEC 63452 and CLC/TS 50701 

standards. However, complying with these cybersecurity requirements can be complex. Rail operators 

must know how to navigate the landscape of evolving regulations, requiring constant vigilance and 

adaptability to remain compliant. 



Data Protection and Privacy Concerns 

Rail transportation networks generate and handle vast amounts of sensitive data, including passenger 

information, operational data, and maintenance records. Protecting this data from unauthorized access, 

disclosure, or tampering is a critical aspect of cybersecurity compliance. Ensuring compliance with data 

protection and privacy regulations, such as the General Data Protection Regulation (GDPR) in Europe, 

adds another layer of complexity to the cybersecurity for rail networks. 

Supply Chain Risks 

The supply chain for rail transportation systems involves various vendors and third-party suppliers. Each 

link in this chain presents a potential entry point for cyber threats. Ensuring the cybersecurity of the entire 

supply chain is challenging, especially when dealing with global suppliers. Vetting and monitoring the 

security practices of all involved entities is essential to preventing vulnerabilities from being introduced at 

any stage of the supply chain. 

Human Factor 

The human element remains a significant factor in cybersecurity compliance challenges. Employees, 

from train operators to IT and OT professionals, must be educated and trained to recognize and respond 

to cyber threats. Social engineering attacks, such as phishing, can exploit human vulnerabilities, making 

it essential to instill a cybersecurity-aware culture throughout the organization. 

Meeting the Cybersecurity Challenge Starts with Network Segmentation 

As rail transportation networks continue to evolve, the cybersecurity challenges they face will persist and 

even intensify. One specific way to protect these networks is through network segmentation. Network 

segmentation involves dividing the network into smaller subnetworks, or segments, and restricting access 

between them. This can be accomplished by implementing firewalls, access control lists, and other 

security measures to control traffic flow between segments. 

Network segmentation limits the scope of a cyber-attack. If a hacker gains access to one segment, they 

are prevented from moving laterally to other parts of the network. It also allows for more granular control 

of security policies. Different segments can have different security policies depending on their level of 

criticality. Segmentation can also be used to isolate systems that are not subject to regulatory 

requirements, making it easier to demonstrate compliance with standards. 

Conclusion 

Addressing these challenges will require a holistic approach that combines technology upgrades, 

adherence to regulatory frameworks, and a robust cybersecurity culture. The rail industry must invest in 



modernizing its infrastructure, stay abreast of cybersecurity regulations, and foster a cybersecurityconscious 

workforce to ensure the safety and security of both passengers and critical transportation 

assets. Only through a comprehensive and proactive strategy can the rail industry keep its cyber security 

from going off the tracks. 


Robin Berthier is Co-Founder and CEO of Network Perception, a startup 

dedicated to designing and developing highly-usable network modeling 

solutions. Dr. Berthier has over 15 years of experience in the design and 

development of network security technologies. He received his PhD in the field 

of cybersecurity from the University of Maryland College Park and served the 

Information Trust Institute (ITI) at the University of Illinois at Urbana- 

Champaign as a Research Scientist. 

Robin can be reached at rgb@network-perception.com. More information about Network Perception 

can be found at www.network-perception.com/. 















CyberDefense.TV now has 200 hotseat interviews and growing… 

Market leaders, innovators, CEO hot seat interviews and much more. 

A division of Cyber Defense Media Group and sister to Cyber Defense Magazine. 



Free Monthly Cyber Defense eMagazine Via Email 

Enjoy our monthly electronic editions of our Magazines for FREE. 

This magazine is by and for ethical information security professionals with a twist on innovative consumer 

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our 

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best 

ideas, products and services in the information technology industry. Our monthly Cyber Defense e- 

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare 

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of 

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here 

to sign up today and within moments, you’ll receive your first email from us with an archive of our 

newsletters along with this month’s newsletter. 

By signing up, you’ll always be in the loop with CDM. 

Copyright (C) 2024, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. 

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a 

CyberDefenseAwards.com, CyberDefenseConferences.com, CyberDefenseMagazine.com, 

CyberDefenseNewswire.com, CyberDefenseProfessionals.com, CyberDefenseRadio.com,and 

CyberDefenseTV.com, is a Limited Liability Corporation (LLC) originally incorporated in the United States of 

America. Our Tax ID (EIN) is: 45-4188465, Cyber Defense Magazine® is a registered trademark of Cyber 

Defense Media Group. EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide. 


All rights reserved worldwide. Copyright © 2024, Cyber Defense Magazine. All rights reserved. No part of this 

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, 

recording, taping or by any information storage retrieval system without the written permission of the publisher 

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of 

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may 

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect 

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content 

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at 



276 Fifth Avenue, Suite 704, New York, NY 1000 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 


https://www.cyberdefensemagazine.com/ 

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA) 

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 09/03/2024 



Books by our Publisher: Amazon.com: CRYPTOCONOMY®, 2nd Edition: Bitcoins, Blockchains & Bad 

Guys eBook : Miliefsky, Gary: Kindle Store (with others coming soon...) 

12 Years in The Making… 

Thank You to our Loyal Subscribers! 

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know What You Think. 

It's mobile and tablet friendly and superfast. We hope you like it. In addition, we're past the five 

nines of 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content 

Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and 

CyberDefenseMagazine.com up and running as an array of live mirror sites. We successfully 

launched https://cyberdefenseconferences.com/ and our new platform 

https://cyberdefensewire.com/

The Cyber Defense eMagazine September Edition for 2024

Transform your PDFs into Flipbooks and boost your revenue!

Delete template?

Save as template ?