The Cyber Defense eMagazine November Edition for 2024

Boost Operational Resilience: Proactive 

Security with CORA Best Practices 

12 Ways to Protect Your Business from 

Hackers During Remote Work 

Ransomware Tactics Are Shifting. 

Here’s How to Keep Up 

…and much more… 

Cyber Defense eMagazine – November 2024 Edition 1 

Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

` 

CONTENTS 

Welcome to CDM’s November 2024 Issue----------------------------------------------------------------- 8 

Boost Operational Resilience: Proactive Security with CORA Best Practices -------------------- 39 

By Matt Malarky, VP Strategic Alliances, Titania 

12 Ways to Protect Your Business from Hackers During Remote Work ----------------------------- 43 

By Michelle Moore, Ph.D., Academic Director and Professor, University of San Diego’s Innovative 

Online Master of Science in Cyber Security Operations and Leadership Program 

Ransomware Tactics Are Shifting. Here’s How to Keep Up -------------------------------------------- 46 

By Kerri Shafer-Page, Arctic Wolf Vice President of Incident Response 

The Critical Role of Sboms (Software Bill of Materials) In Defending Medtech From Software 

Supply Chain Threats --------------------------------------------------------------------------------------------- 48 

By Ken Zalevsky, MedTech Expert and CEO of Vigilant Ops, Inc. 

14 million Victims of Malware Breaches In The U.S. Healthcare Sector ---------------------------- 52 

By Rhoda Aronce and Ashwini Bhagwat, Senior Threat Researchers at SonicWall 

Why The Open Web Application Security Project (OWASP) Mobile Application Security (MAS) 

Project Is Critical -------------------------------------------------------------------------------------------------- 56 

By George McGregor, Vice President of Marketing, Approov, Inc. 

A CISO’s Guide to Managing Cyber Risk in Healthcare -------------------------------------------------- 60 

By Gaurav Banga, Founder and CEO of Balbix 

Beyond Buzzwords: The Real Impact of AI on Identity Security --------------------------------------- 63 

By Israel Duanis, Co-Founder and CEO, Linx Security 

Beyond the Firewall: Protecting Your Marketing Department from Cyber Threats and 

Safeguarding Digital Assets ------------------------------------------------------------------------------------- 67 

By Mushegh Hakobjanyan, CEO, Andava Digital 

Preparing for the EU’s DORA amidst Technical Controls Ambiguity --------------------------------- 71 

By Martin Greenfield, CEO of Quod Orbis 

Securing Linux Systems in the Age of AI: Unified Security Strategies for Modern Enterprises 75 

By Inna Ushakova, CEO at AI EdgeLabs 



Digital Transformation Failures: A National Security Crisis in the Making ------------------------- 83 

By Joe Crist, CEO, Transform 42 

Top Recommendations for Data Retention and Deletion ----------------------------------------------- 89 

By Leon Butler, Head of Data Security, Quorum Cyber 

Protecting CISOs and CSOs in an Era of Personal Liability --------------------------------------------- 92 

By Amanda Fitzsimmons, Head of Legal at Salt Security 

Mapping a Future without Cyber Attacks -------------------------------------------------------------------- 95 

By Chetan Conikee, Founder and CTO, Qwiet AI 

Beyond Tick Boxes: An Auditor's Perspective on Information Security Compliance ------------ 98 

By James Rees, Managing Director, Razorthorn Security 

Strengthening Cybersecurity in Healthcare: Protecting Patient Data and Ensuring Regulatory 

Compliance in a Digital Age ----------------------------------------------------------------------------------- 103 

By Roshan Patin, Sr. Researcher, SNS Insider Pvt. Ltd. 

Why the Cybersecurity Talent Shortage is a Global Threat ------------------------------------------- 107 

By Dan Vigdor, Co-Founder, Co-CEO and Executive Chairman, ThriveDX 

Deepfakes: The Cybersecurity Pandora’s Box ----------------------------------------------------------- 113 

By Luke Dash, CEO, ISMS.online 

Geopolitical Cyber Threats in 2024: Navigating Emerging Risks with OSINT (Open-Source 

Intelligence) ------------------------------------------------------------------------------------------------------- 117 

By Andy Grayland, CISO, Silobreaker 

The Threat of Privilege Abuse in Active Directory ------------------------------------------------------- 121 

By Francois Amigorena, CEO & Founder, IS Decisions 

Customer Authentication Challenges That Impact Your Organization's Security Posture -- 125 

By Jim Verducci, CEO, Wristban 

Embracing the AI Revolution: How to Incorporate Generative AI into Your SOC 2 Compliance 

Plan ------------------------------------------------------------------------------------------------------------------ 130 

By Juliana Spofford, General Counsel and Chief Privacy Officer, Aidentified 

Cybersecurity Awareness Month 2024: Insights from Industry Experts --------------------------- 133 

Cybersecurity Awareness Month: Industry Experts on Securing Our Digital Lives Together 140 



AsyncRAT Malware Campaign Found Targeting South American Hotels ------------------------- 146 

By Ryan Estes, Intrusion Analyst, WatchGuard Technologies 

From Cybersecurity Awareness to Action: Industry Experts on Building a Safer Digital Future 

------------------------------------------------------------------------------------------------------------------------ 149 

Data Is a Dish Best Served Fresh: “In the Wild” Versus Active Exploitation --------------------- 156 

By Corey Bodzin, Chief Product Officer, GreyNoise Intelligence 

Learning from the Inevitable ---------------------------------------------------------------------------------- 159 

By Stephanie Aceves, Senior Director of Product Management, Tanium 

Navigating Holiday Threats: Strengthening PC Resilience with Desktops as a Service (DaaS) 

------------------------------------------------------------------------------------------------------------------------ 162 

By Amitabh Sinha, CEO & Co-Founder of Workspot 

Rethinking NHI Security: The Essential Shift to Zero Trust Security and Ephemeral Identities 

------------------------------------------------------------------------------------------------------------------------ 165 

By Ofir Har-Chen, Co-Founder & CEO, Clutch Security 

Revolutionizing Third Party Risk Management: The Future with Autonomous Pen-Testing-- 169 

By Arun Kumar Krishna, Chief Technology Officer, Sennovate INC 

The Hidden Dangers of Free Messaging Apps: Security Risks and Data Mining Threats ------ 176 

By Nicole Heron, Marketing Manager at Salt Communications 

Security Through Collaboration: France and Saudi Arabia ------------------------------------------- 180 

By Jacques de la Riviere, CEO, Gatewatcher 

Industry Experts on Sustaining Vigilance for A Secure Digital Future ----------------------------- 183 

The Best Defense Against BEC Attacks: A Threat Intensified by AI And Digitalization -------- 190 

By Robert Haist, CISO, TeamViewer 

The Critical Importance of Securing Mobile Identities ------------------------------------------------ 194 

By David Natker, Vice President of Global Partners and Alliances, Zimperium 

The Critical Role of Due Diligence in Mergers and Acquisitions ------------------------------------ 197 

By Charlie Wood, Executive Vice President, FoxPointe Solutions Information Risk Management 

division of The Bonadio Group 



The Internet of Things Privacy Review ---------------------------------------------------------------------- 200 

By Milica D. Djekic 

The Looming Quantum Threat: Safeguarding Our Digital Future ------------------------------------ 202 

By Rahul Tyagi, CEO and Founder at SECQAI 

The #1 Reason Employers Ditch Their CISO (A Recruiter's Take) ----------------------------------- 206 

By Owanate Bestman, Founder, Bestman Solutions 

The Rise of Impersonation Scams Targeting Individuals & How to Protect Yourself ---------- 209 

By Fred Kwong, Vice President & Chief Information Security Officer, DeVry University 

The Role of AI in Cybersecurity and Identity Management ------------------------------------------- 212 

By Steve Moore, Chief Security Strategist, Co-Founder TEN18, Exabeam 

Using AI And Machine Learning to Detect and Respond To Contact Center Security Threats In 

Real-Time ---------------------------------------------------------------------------------------------------------- 215 

By Jerry Dotson, Vice President of U.S. Federal, Avaya Government Solutions 



@MILIEFSKY 

From the 

Publisher… 

In this early edition of the November Cyber Defense Magazine, I would like to recognize the dedication 

and professionalism of the CISOs and others who are participating in the CyberDefenseCon 2024. 

https://cyberdefenseconferences.com/ 

While Florida still deals with the aftermath of Hurricane Milton, we are fortunate to be able to continue 

our work together, and at the same time support the hospitality industry in this stricken community. 

In addition to the many supporters of our Conference, I’m pleased to note that we continue to receive 

positive responses to new and valuable initiatives we offer for the benefit of our readers and followers. 

Please see many new “Spotlight” articles on the magazine’s home page, under the “Spotlight” nav bar: 

https://www.cyberdefensemagazine.com/spotlight/ 

Note they are identified as “Publisher’s Spotlight” and “Innovator’s Spotlight,” depending on which of our 

professionals submitted the article. 

In the varied offerings of Cyber Defense Media Group, we continue on our principal mission - to share 

cutting-edge knowledge, real-world stories and awards on the best ideas, products, and services in the 

information security industry to help you on this journey. 

Finally, I would like to congratulate our Black Unicorn Finalists and Winners, Top InfoSec Innovator 

Winners, Women in cyber winners including our scholarship recipients, and Top Global CISOs Winners 

this year. Congratulations to all, found online at https://www.cyberdefenseawards.com/ 

Warmest regards, 

Gary S. Miliefsky, fmDHS, CISSP® 

CEO/Publisher/Radio/TV Host 

P.S. When you share a story or an article or 

information about CDM, please use #CDM and 

@CyberDefenseMag and @Miliefsky – it helps 

spread the word about our free resources even 

more quickly 



@ cyberdefensemag 

CYBER DEFENSE eMAGAZINE 

Published monthly by the team at Cyber Defense Media 

Group and distributed electronically via opt-in Email, HTML, 

PDF and Online Flipbook formats. 

EDITOR-IN-CHIEF 

Yan Ross, JD 

yan.ross@cyberdefensemagazine.com 

ADVERTISING 

Marketing Team 

marketing@cyberdefensemagazine.com 

CONTACT US: 

Cyber Defense Magazine 

Toll Free: 1-833-844-9468 

International: +1-603-280-4451 

https://www.cyberdefensemagazine.com 

Copyright © 2024, Cyber Defense Magazine, a division of 

CYBER DEFENSE MEDIA GROUP 

1717 Pennsylvania Avenue NW, Suite 1025 

Washington, D.C. 20006 USA 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 

PUBLISHER 

Gary S. Miliefsky, CISSP® 

Learn more about our founder & publisher at: 

https://www.cyberdefensemagazine.com/about-our-founder/ 

CYBERDEFENSEMEDIAGROUP.COM 

MAGAZINE TV RADIO AWARDS 

PROFESSIONALS 

12 YEARS OF EXCELLENCE! 

Providing free information, best practices, tips, and 

techniques on cybersecurity since 2012, Cyber Defense 

Magazine is your go-to-source for Information Security. 

We’re a proud division of Cyber Defense Media Group: 

WIRE 

CYBERDEFENSECONFERENCES 

WEBINARS 



Welcome to CDM’s November 2024 Issue 

From the Editor-in-Chief 

With this near year end publication, our November issue of Cyber Defense Magazine, we are pleased to 

coordinate our work following the gathering of CyberDefenseCon 2024 in Orlando Florida last week and 

the release of our annual Black Unicorn Report for 2024, at: https://cyberdefenseawards.com/the-blackunicorn-report-for-2024/ 

Our publication is the central point of a concentrated effort to bring to the cybersecurity community of 

professionals the most relevant and up-to-date articles on topics of vital interest. As always, we are 

grateful to our many authors and their organizations for their contribution to this effort. 

At the same time, we would be remiss not to recognize and promote the broad range of services to 

cybersecurity professionals offered by our parent organization, Cyber Defense Media Group. Together, 

we bring to the world of cybersecurity a unique environment in which to make our readers and participants 

aware of the best and most relevant developments in the industry. 

Not only do our authors serve the needs of CISOs and other cyber security professionals, but also provide 

valuable information to a growing cadre of vendors and suppliers and clientele of the entire range of cyber 

risk management providers. 

As always, we strive to be the best and most actionable set of resources for the CISO community in 

publishing Cyber Defense Magazine and broadening the activities of Cyber Defense Media Group. 

Wishing you all success in your cybersecurity endeavors! 

Yan Ross 

Editor-in-Chief 


About the US Editor-in-Chief 

Yan Ross, J.D., is a Cybersecurity Journalist & U.S. Editor-in-Chief of Cyber 

Defense Magazine. He is an accredited author and educator and has provided 

editorial services for award-winning best-selling books on a variety of topics. He 

also serves as ICFE's Director of Special Projects, and the author of the Certified 

Identity Theft Risk Management Specialist ® XV CITRMS® course. As an 

accredited educator for over 20 years, Yan addresses risk management in the 

areas of identity theft, privacy, and cyber security for consumers and organizations 

holding sensitive personal information. You can reach him by e-mail at 

yan.ross@cyberdefensemagazine.com 









. 





























s 





















out The Black Unicorn Report 







Boost Operational Resilience: Proactive Security with CORA 

Best Practices 

In today’s fast-evolving cyber threat landscape, maintaining operational resilience is critical 

By Matt Malarky, VP Strategic Alliances, Titania 

On almost a monthly basis, the US Cybersecurity & Infrastructure Security Agency (CISA) publishes 

advisories about the latest cybersecurity risks, attacks and vulnerabilities to help organizations defend 

and protect themselves against sophisticated cyber actors. Despite this, on a nearly equal cadence, 

there’s news of another major cyber breach. 

Earlier this year, Change Healthcare, a subsidiary of United Health Group, suffered a ransomware attack 

that shut down operations, causing nearly $874 million in financial losses and significant disruptions in 

patient care. As healthcare is a key part of the nation’s critical national infrastructure (CNI), the US federal 

government, led by HHS, launched an investigation to ensure continuity of operations, protect consumer 

data, and assist the FBI in identifying the culprits behind the attack. 

In the case of Change Healthcare, it transpired that multifactor authentication (MFA) was not required to 

access a server that contained medical information on up to a third of the American population. This 

highlights the importance of ensuring that critical systems that contain sensitive data are correctly 

secured and are prioritized for risk assessments. 



Whilst this incident was another blow to a commercial CNI company, the US Department of Defense 

(DoD) has taken a step towards mitigating such a breach by focusing their cyber security efforts on those 

systems that are mission critical and also most at risk of attack. This reflects a mindset shift from tick-box 

compliance to operational resilience assessments, represented by the launch of the Cyber Operational 

Readiness Assessment (CORA) program. 

CORA provides a critical approach for the DoD towards achieving operational readiness by prioritizing 

reducing the attack surface of their cyber terrain and enhancing security measures where it matters most, 

ensuring continuity of operations. It’s not just about reacting to threats but anticipating and neutralizing 

risk before operations are disrupted. 

Whether in the DoD or commercially run CNI, one of the most effective ways to enhance the resilience 

of network infrastructure is viewing software vulnerabilities and misconfigurations using MITRE 

ATT&CK’s Techniques, Tactics, and Procedures (TTPs) to prioritize remediation workflows. This 

approach systematically targets and addresses the most exploitable vulnerabilities first, which are often 

the first points of entry for attackers. But ad hoc risk-focused assessments in and of themselves are not 

sufficient. 

The Importance of Proactive Security 

A recent report, Emerging Best Practice in the Use of Proactive Security Solutions, highlights a significant 

shift in how organizations approach cybersecurity. Over 70% of businesses have increased their 

investment in proactive cyber defense, outpacing spending on both preventative and reactive strategies. 

In particular, security-mature organizations are deploying these solutions to improve attack surface 

management and optimize security controls. 

The CORA program aligns with these best practices and is crucial for validating current, future, and 

emerging technologies that will help organizations continuously monitor and assess terrain to assess and 

mitigate their risk. By integrating proactive security solutions that leverage frameworks like MITRE 

ATT&CK, into their tech stacks, organizations can gain real-time visibility into their security posture and 

stay ahead of potential threats. 

Best Practices for Implementing Proactive Security 

To effectively implement proactive security, organizations should focus on: 

1. Prioritizing vulnerability and configuration management. Proactive vulnerability and configuration 

management (VM/CM) solutions are essential for minimizing attack surfaces. Every device on the 

network should be assessed regularly, particularly if it’s in a critical segment of the network or protecting 

Important Business Systems (IBS). However, the research shows many organizations fall short, often 

only assessing devices monthly or only evaluating a sample of devices. Best practices call for more 

frequent, automated assessments to identify and mitigate risks in near real-time. Addressing visibility 



gaps for certain device types, like those exposed by the China-backed Volt Typhoon incident, is also 

crucial for strengthening critical infrastructure. 

2. Enhancing continuous monitoring. Continuously monitoring for configuration drift is central to any 

proactive security strategy. In practice, if not automated effectively, continuous monitoring can result in 

an overwhelm of repeat data. Enhancing continuous monitoring with proactive assessment capabilities 

means changes – that could be an indicator of compromise – are assessed in near-real-time, between 

scheduled audits, to determine whether they have resulted in unintended network risk. 

3. Integrating exposure monitoring. Automation is key to scaling proactive security efforts and ensuring 

the organization is working with up-to-the-minute exposure intelligence. High-maturity organizations 

increasingly use proactive security solutions that overlay misconfiguration data onto attack frameworks 

like MITRE ATT&CK. This allows for more comprehensive incident discovery and incident response, 

essential for maintaining an effective security posture. 

4. Prioritizing remediation with risk-based metrics. CORA emphasizes using risk-based metrics to 

guide assessments and remediation. Organizations should automate similar practices, using metrics that 

dynamically analyze exposure to TTPs and prioritize remediation accordingly. This approach ensures the 

vulnerabilities at greatest risk of exploit are addressed first, reducing overall exposure. 

Moving Towards a Proactive Security Culture 

The shift to proactive security isn’t just about technology—it’s a strategic overhaul requiring continuous 

improvement. As organizations adopt these best practices, they must also foster a culture of security 

awareness and accountability. Employees should understand the importance of proactive measures and 

be equipped to anticipate and mitigate threats. Research shows that reducing the opportunity for threats 

(47%) and shortening the time to remediate known vulnerabilities (41%) are top priorities for 

organizations. These priorities must be brought to action. 

Coupling risk-prioritized assessments, as outlined through CORA, with proactive security measures 

represents a significant evolution in cybersecurity. By investing in security solutions and adhering to best 

practices, organizations can enhance the operational resilience and readiness of their critical 

infrastructure. As threats evolve, staying several steps ahead will be crucial to safeguarding operations 

and ensuring long-term success. 

The future of cybersecurity lies in risk-focused, proactive measures that go far beyond prevention and 

reaction. By continuously improving exposure visibility, leveraging proactive assessment automation, and 

prioritizing a risk-based approach to remediation, organizations can build and maintain a security posture 

that addresses current threats and anticipates future risks. A journey towards operational resilience is 

relentless and ever-changing, but those committed to this security path will be best positioned to thrive 

in an increasingly challenging cyber landscape. 



About the Author 

Matt Malarkey is VP, Strategic Alliances at Titania. Matt identifies strategic 

opportunities and manages relationships with key partners, particularly within 

regulated industries and the U.S. government. 

Prior to joining Titania, he spent six years at the British embassy in Washington, 

D.C., where he acted as a liaison between the UK government and key 

stakeholders in the U.S. defense community. Malarkey has also advised U.S. 

policymakers on national security issues in Russia and the former Soviet Union. 

Matt can be reached online at our company website titania.com 



12 Ways to Protect Your Business from Hackers During Remote 

Work 

By Michelle Moore, Ph.D., Academic Director and Professor, University of San Diego’s Innovative 

Online Master of Science in Cyber Security Operations and Leadership Program 

Remote work is here to stay, with nearly a quarter of the U.S. workforce (22%) expected to be working 

remotely by 2025. In fact, 42% of office employees have stated they would accept a 10% salary cut in 

exchange for the flexibility to work remotely. While this type of working environment has become the 

norm for many, it also increases the risk of cybersecurity threats. 

If you’re looking to enhance remote work security for yourself and your employees, or if you’re curious 

about the latest threats, keep reading to learn how to protect your business. 

The Evolving Threat Landscape 

Cybersecurity measures have greatly evolved in just the last few years but unfortunately, so have 

hackers' methods and techniques. Social engineering, for example, is a newer tactic used by criminals 

to manipulate people into revealing sensitive information. 



Malware, phishing and ransomware attacks are not only on the rise but also becoming increasingly 

complex. Spear phishing targets individuals with highly tailored and convincing messages, often 

appearing to be from colleagues or trusted sources. 

Hackers are also executing supply chain attacks and business email compromise scams. In 2024 alone, 

some of the largest data breaches have included well-known entities such as AT&T, Ticketmaster, Dell 

and Bank of America. 

12 Ways to Protect Your Business 

With so many new and evolving cyberattack strategies, taking the right precautions is more important 

than ever. Here are 12 important ways to enhance your cybersecurity and safeguard your business during 

remote operations. 

1. Create strong, unique passwords: It’s a tip that you’ve probably heard for years, but it continues 

to hold true. Microsoft recommends creating a password that’s at least 12 characters and a 

combination of uppercase and lowercase letters, numbers and symbols. Google suggests using 

a song or poem lyric, a series of words that’s meaningful to you or an abbreviation only you know. 

Don’t use your birthday or phone number. 

2. Connect via a Virtual Private Network (VPN): A VPN conceals your network’s IP address and 

creates a private, encrypted connection. 

3. Enable multi-factor authentication: Multi-factor authentication requires you to provide at least 

two pieces of information in order to gain access to a particular account or application. This could 

be a code sent to your email or cell phone, a secret question or a password. 

4. Install antivirus software: If your work computer isn’t equipped with antivirus software, ask your 

IT department if your company has a subscription or recommends a particular brand. Antivirus 

software can detect, block and remove viruses and warn you about dangerous websites and links. 

5. Keep software updated: Software is only as good as its updates. Make sure all devices and 

software are in line with the latest security patches. 

6. Use secure Wi-Fi connections. Remote work doesn’t necessarily mean working from home. 

You may enjoy working at a coffee shop, library or co-working space, but regardless of your 

environment, make sure you use secure, password-protected Wi-Fi networks and avoid using 

public internet connections. 

7. Avoid using personal devices for work: Stick to work-approved devices such as laptops, 

computers and cell phones for business-related tasks. If you do need to use a personal device 

for work, make sure you follow your company’s security policies, such as using secure 

connections, installing approved security software and protecting sensitive data. 



8. Back up data on a regular basis: Encrypt and back up all important business data to a secure, 

off-site location. Additionally, consider implementing an email archiving solution to digitally store 

emails and attachments within a secure, centralized location for long-term retention. 

9. Deploy a “zero trust” policy: More and more businesses are implementing a “zero trust” 

framework, which treats everyone as a potential threat until verified. 

10. Control who can access sensitive information: Only employees with a specific need for 

sensitive information should be granted access. 

11. Report any suspicious incidents immediately: Do not click on links or open emails that seem 

suspicious. Report these incidents to your IT department right away so they can warn others. 

12. Participate in security training: Ensure that your company provides regular cybersecurity 

awareness training. If your IT department lacks the capacity for this, consider utilizing online 

resources or hiring a cybersecurity training company to implement a comprehensive education 

program. 

Whether you’ve been working remotely for years or are just starting a new work-from-home role, these 

tips and strategies will help protect you and your business, ensuring your cybersecurity remains strong 

and resilient against potential threats. 


Michelle Moore is a academic director and professor for the University of San 

Diego’s Innovative Online Master of Science in Cyber Security Operations and 

Leadership Program. She is also a researcher and author with over two decades 

of private-sector and government experience as a cybersecurity expert. 

Michelle can be reached online at mmoore@sandiego.com and at our company 

website https://onlinedegrees.sandiego.edu/ 



Ransomware Tactics Are Shifting. Here’s How to Keep Up 

By Kerri Shafer-Page, Arctic Wolf Vice President of Incident Response 

It’s common knowledge in the cybersecurity industry that ransomware is on the rise, with median 

demands rising 20% year-over-year across virtually all industries. But it's not only the ransom sums 

themselves that are escalating; threat actors are engaging in increasingly aggressive tactics and 

techniques to extort their victims. It’s imperative that IT leaders and businesses without the resources to 

fight back against attackers understand what to do in the face of these new strategies. 

The reason that small- and medium-sized organizations need to re-up their incident response plan is that 

low-profile and locally owned businesses are no longer invisible to cyberattacks. Threat actors have 

historically gone after targets like healthcare centers, banks and other places that hold highly sensitive 

data because that data, when encrypted, is worth more money in a potential ransom. But even momand-pop 

stores are starting to see ransomware cases rise, with 60% of SMB’s reporting that ransomware 

was a concern for them last year. 

The reason is simple; it's easier for attackers to scare local businesses into fulfilling their demands than 

large enterprises that likely have dedicated security resources and incident response plans in place. In 

many cases, it’s impossible to prosecute these cyber criminals because they’re anonymous and 

operating from countries with no extradition agreements with the U.S. So without the risk of any real 

legal consequences, they can employ similar tactics that car dealership salespeople use with new 

customers, which is to throw out a high price and hope the buyer –– or SMB owner –– doesn’t see through 

their bluff. 



In other cases, attackers can threaten violence or use AI to spoof voice clips, video clips or social media 

accounts that imply physical harm could be done if they’re not paid. None of these threats are legitimate, 

as these attackers are halfway across the world, but they can be scary to an unsuspecting business 

owner. 

If mom-and-pop shops deal with these types of attacks on their own, they might think there’s no way out 

of their mess without paying. But thankfully, as attackers evolve, so do incident response techniques 

designed to thwart them. IR practitioners know that the more they can delay any action in communicating 

with cyber criminals, the higher the likelihood that the threat actor will either lower the ransom or drop it 

entirely and move onto their next target. Practitioners also understand that the scare tactics they employ 

on their victims are hollow threats, and pushing back on these threats discourages threat actors from 

upping their demands. Many of these threat actors inflate their demands because they’re indebted to the 

developers of the ransomware they’re using, and taking that into context helps security experts 

understand how to force an attacker to lower their price. 

Crucially, however, businesses should also mitigate the effectiveness of ransomware attacks by acquiring 

a cyber insurance policy that meets their needs. Cyber insurance policies act as liability insurance that 

can assist with paying expenses in the event of an actual cyber incident, including remediation, data 

restoration and potentially a ransom payment. 

Cyber insurance policies also serve as motivation for businesses to review and update their security 

posture in general, because the more secure they are, the lower the cost of their insurance premium. 

That means implementing identity access management measures like multi-factor authentication, using 

VPN’s, requiring strong passwords and regular security awareness trainings all play a role in saving a 

security-savvy business money on their insurance policy. 

Taking on threat actors can be a daunting experience for an average organization, which is why it’s 

always a good idea to reach out to a cybersecurity vendor or law enforcement when a cybersecurity 

incident occurs. With outside help to reduce cyber risk, SMB’s can worry less about ransomware and 

spend more time on growing their business. 


Kerri Shafer-Page is Vice President of Incident Response at Arctic Wolf. 

Previously, Kerri served as the Global Cyber Claims Practice Leader at AIG and 

held several roles at IBM, most recently X-Force Incident Response, Global 

Operations Lead. Consistently, Kerri has been responsible for overseeing 

cybersecurity business direction and managing teams responsible for keeping 

customers safe. At Arctic Wolf, Kerri and her team work alongside teams like 

insurance, threat intelligence, security services and beyond to ensure that 

customers are protected and supported on all fronts. She maintains and enhances the incident response 

processes in place and constantly looks for new ways to bolster security across Arctic Wolf and its 

customers environments. 

Kerri can be reached at our company website https://arcticwolf.com/ 



The Critical Role of Sboms (Software Bill of Materials) In 

Defending Medtech From Software Supply Chain Threats 

By Ken Zalevsky, MedTech Expert and CEO of Vigilant Ops, Inc. 

Software supply chain attacks have emerged as a serious threat in the rapidly evolving field of 

cybersecurity, especially in medical devices. As these devices become more and more interconnected 

and dependent on complex software ecosystems, the potential for exploitation through the supply chain 

has grown exponentially. One powerful tool in the fight against these attacks is the Software Bill of 

Materials (SBOM). SBOMs enable greater transparency, security, and compliance by offering a 

comprehensive inventory of all software components. In this article, we will explore how SBOMs can be 

leveraged to prevent software supply chain attacks, with a focus on the medical device industry. 

Understanding Software Supply Chain Attacks in Medical Devices 

The Nature of Software Supply Chain Attacks 

Software supply chain attacks occur when malicious actors infiltrate the software development or 

distribution process, introducing vulnerabilities or malware into the final product. These attacks can target 

various supply chain stages, from code development and integration to software updates and third-party 

component inclusion. The impact of such attacks can be devastating, leading to data breaches, system 

failures, and even harm to patients in the context of medical devices. 



Medical Devices: A Prime Target 

Medical devices, such as infusion pumps, pacemakers, and patient monitors are particularly vulnerable 

to software supply chain attacks due to their critical nature and the sensitive data they handle. These 

devices often rely on a multitude of software components sourced from various vendors, increasing the 

attack surface. Additionally, the stringent regulatory environment and the need for constant software 

updates make it challenging to maintain robust security throughout the device lifecycle. 

High-Profile Incidents 

Several high-profile incidents have underscored the seriousness of software supply chain attacks in the 

medical device industry. For example, the 2017 WannaCry ransomware attack affected numerous 

healthcare facilities worldwide, compromising medical devices and disrupting critical services. 

More recently, the SolarWinds attack in 2020, which was a sophisticated supply chain attack that 

compromised the software update mechanism of SolarWinds, a broadly used IT management software, 

demonstrated the far-reaching impact of supply chain vulnerabilities. This attack had potential 

implications for healthcare organizations using the compromised software, as it could have allowed the 

bad actors to gain unauthorized access to data and systems. 

Also, in 2020, a ransomware attack on the University Hospital Dusseldorf led to the diversion of 

emergency patients causing delay in treatment and contributing to a patient’s death. The German 

authorities treated this incident as a case of negligent homicide due to the link between the cyberattack 

and the patient’s death. 

The Role of SBOMs in Preventing Supply Chain Attacks 

What is an SBOM? 

A Software Bill of Materials (SBOM) is a detailed inventory that records all components, including 

software libraries, dependencies, licenses, and versions, used in the creation of a software application. 

This comprehensive documentation allows organizations to gain a clear understanding of their software’s 

composition, helping them to identify potential vulnerabilities, manage dependencies, and ensure 

compliance with regulatory standards. 

Enhancing Transparency and Traceability 

One of the primary benefits of an SBOM is enhanced transparency and traceability. By maintaining an 

accurate and up-to-date inventory of all software components, organizations can trace the origin of each 

component and monitor any changes or updates. This transparency is important in identifying and 

mitigating risks associated with third-party components, which are often the weakest link in the supply 

chain. 



Vulnerability Management 

SBOMs play a vital role in vulnerability management. By knowing exactly what components are present 

in their software, organizations can quickly identify and address vulnerabilities as they are discovered. 

Automated tools can scan SBOMs against known vulnerability databases, alerting organizations to 

potential risks and enabling timely remediation. This proactive approach greatly decreases the window 

of opportunity for attackers. 

Compliance and Regulatory Considerations 

For medical device manufacturers, compliance with regulatory requirements is paramount. Regulatory 

bodies, such as the U.S. FDA (Federal Drug Administration) and the EMA (European Medicines Agency), 

have recognized the importance of SBOMs in ensuring the security and safety of medical devices. For 

instance, the FDA's guidance on cybersecurity for medical devices emphasizes the need for 

comprehensive documentation of software components, which can be effectively managed through 

SBOMs. 

Regulatory and Compliance for Medical Device Manufacturers 

FDA Guidance on Cybersecurity 

The FDA has issued several guidelines to address the cybersecurity risks associated with medical 

devices. In its "Cybersecurity in Medical Devices: Quality System Considerations and Content of 

Premarket Submission" guidance, the FDA now has legal authority to require specific cybersecurityrelated 

documentation from the Medical Device Manufacturer community. This move reflects the FDA’s 

recognition of the growing threat landscape, where increasingly complex and interconnected medical 

devices are more vulnerable to cyberattacks. As part of this regulatory framework, the FDA emphasizes 

the importance of incorporating cybersecurity measures throughout the product lifecycle, from design 

and development to post-market surveillance. 

One of the critical components of this guidance is the inclusion of an SBOM in premarket submissions. 

The SBOM serves as a foundational element in identifying and managing cybersecurity risks. The FDA's 

requirement for an SBOM is not just about listing software components; it’s about promoting a culture of 

transparency and accountability within the medical device industry. 

European Union's Medical Device Regulation (MDR) 

Similarly, the European Union's Medical Device Regulation (MDR) mandates that manufacturers ensure 

the safety and performance of their devices throughout their lifecycle. This includes enforcing measures 

to protect against unauthorized access and tampering. An SBOM supports these requirements by offering 

a transparent view of software components, enabling manufacturers to monitor and secure their devices 

effectively. 



Global Harmonization 

There is a growing trend toward global harmonization of cybersecurity regulations for medical devices. 

Initiatives like the International Medical Device Regulators Forum (IMDRF) and the Global Diagnostic 

Imaging, Healthcare IT & Radiation Therapy Trade Association (DITTA) are working to align 

cybersecurity requirements across different jurisdictions. SBOMs are likely to play a central role in these 

efforts, providing a standardized approach to documenting and managing software components, thereby 

facilitating compliance with international regulations. 

Conclusion 

The importance of strong cybersecurity measures in the medical device industry cannot be overstated. 

Software supply chain attacks pose a considerable risk, but by leveraging SBOMs, organizations can 

enhance the transparency and traceability of supplied software, improve vulnerability management, and 

ensure compliance with regulatory requirements. SBOMs provide a clear and comprehensive view of 

software components, enabling organizations to identify and mitigate risks proactively, ultimately 

safeguarding medical devices' integrity and safety. Embracing SBOMs is not just a best practice but a 

crucial step towards a more secure and resilient healthcare ecosystem. 


Ken Zalevsky is a MedTech expert and CEO at Vigilant Ops. He is a 

passionate advocate for the application of advanced technology to improve 

cybersecurity across all industries. 

He has collaborated with the U.S. Food and Drug Administration (FDA), 

the U.S. Department of Homeland Security (DHS), and the National 

Telecommunications and Information Administration (NTIA) on various 

cybersecurity initiatives, including cyber simulation exercises, industry 

guidance documents, and most recently, SBOM initiatives. 

Ken has been a featured speaker at numerous cybersecurity conferences 

over the years and actively participates in various cybersecurity industry working groups. He has 

authored numerous cybersecurity whitepapers, blogs, and magazine articles, and his work has been 

published in various industry journals, where he has advised medical device manufacturers on 

cybersecurity best practices and coached hospitals as they continually struggle with record numbers of 

breaches. 

Ken can be reached on LinkedIn and at our company website https://www.vigilant-ops.com/ 



14 million Victims of Malware Breaches In The U.S. Healthcare 

Sector 

Critical need for multi-layered cybersecurity strategy 

By Rhoda Aronce and Ashwini Bhagwat, Senior Threat Researchers at SonicWall 

Healthcare is a data-driven business, storing vast amounts of sensitive personal and medical information, 

such as social security numbers, medical histories, and financial data, making them attractive targets for 

exploitation and extremely valuable on the black market. This year alone, over 14 million people were 

affected by data breaches caused by malware targeting the U.S. healthcare industry. Given the rapid 

adoption of digital tools, AI, and platforms during and after the COVID-19 pandemic, the attack landscape 

of healthcare organizations has become increasingly broad and highly attractive to those with ill-intent. 



Due to their critical operations and the high probability of financial gain, healthcare organizations have 

thus become prime targets for ransomware. However, disrupting access to patient data or medical 

systems can have life-threatening consequences. Because of this, healthcare organizations are more 

likely to pay ransoms to restore operations quickly and avoid any disruption to care or service to patients 

who could be adversely affected. 

91% of Healthcare Breaches Involve Ransomware 

In 2024, ransomware was leveraged in an alarming 91% of malware-related data breaches in the 

healthcare sector, with Lockbit emerging as one of the most notorious ransomware groups targeting this 

industry. Lockbit claimed responsibility for the high profile breaches of LivaNova and Panorama Eyecare, 

a medical device manufacturer, affecting over 180,000 U.S. patients, and an eyecare company affecting 

close to 400,000 individuals. 

Another significant group, BlackCat (ALPHV), was implicated in the Change Healthcare data breach, 

where a $22 million ransom was paid under false pretenses, leading to a subsequent ransom demand 

by another group, RansomHub. 

Both Lockbit and BlackCat (ALPHV) operate as Ransomware-as-a-Service (RaaS), allowing them to 

scale their operations by recruiting affiliates who carry out attacks in exchange for a cut of the ransom 

payments. This evolving model enables even those with limited technical expertise to launch 

sophisticated ransomware attacks, increasing the frequency, scale, and impact of these incidents. 

Digital Systems Creating Multiple Access Points 

The increasing integration of digital systems, such as electronic health records, telemedicine platforms, 

and the Internet of Medical Things (IoMT) devices, has created multiple access points for attackers. For 

example, the Cl0p Ransomware group exploited a zero-day vulnerability in MOVEit (CVE-2023-34362), 

a secure file transfer application, to inject SQL commands and access customer databases. This breach 

leaked sensitive healthcare information, including treatment plans, from CareSource, a non-profit 

organization that manages Medicaid, Medicare, and Marketplace programs. 

Rise in Phishing and Social Engineering Attacks 

Healthcare workers’ focus on patient care often makes them susceptible to phishing and social 

engineering attacks. Cybercriminals exploit this by crafting targeted campaigns that maliciously trick 

unsuspecting employees into revealing credentials or downloading malware, as seen in the 2024 Los 

Angeles County Department of Mental Health breach. 

Overall, in 2024, ransomware groups targeting the healthcare sector have exploited several critical 

vulnerabilities, leveraging well-known flaws to infiltrate networks, escalate privileges, and deploy 



ansomware. Our data shows about 60% of vulnerabilities leveraged by threat actors against healthcare 

targeted Microsoft Exchange. 

Best Defense Against Threats 

To defend against cyber threats, healthcare organizations must implement a multi-layered cybersecurity 

strategy, focusing on regular updates, strong access controls, and 24x7x365 monitoring. 

• Regular updates and patch management: Regularly updating operating systems, applications, 

and security tools ensures that the latest security patches are applied. For example, vulnerabilities 

like ProxyShell and ProxyLogon in Microsoft Exchange Server were exploited because many 

organizations delayed applying patches. 

• Strong access controls and authentication protocols: Implementing multi-factor 

authentication (MFA) reduces the risk of unauthorized access from compromised credentials. 

Additionally, using Zero-Trust Network Access (ZTNA) and secure SD-WAN, makes sure that 

only the right people can get into sensitive healthcare systems, cutting down the chances for 

attacks 

• Continuous monitoring: Continuous 24x7x365 monitoring is vital for healthcare organizations 

to detect and respond to cyber threats in real-time, minimizing the risk of data breaches and 

service disruptions. With healthcare systems under constant attack, around-the-clock monitoring 

ensures that any suspicious activity is quickly identified and mitigated before it escalates into a 

major incident. 

• Enlist a Trusted Security Vendor: Engage with a reputable Managed Security Service Provider 

(MSSP), highly adept at stopping evasive threats and blocking attacks and equipped with the 

most up-to-date security threat information and innovative solutions to thwart the same. 

Bad actors never sleep; thus, your security protocols should constantly be vigilant, monitoring round-theclock 

for any untoward activity. Cyber threats are not a matter of if but when and those healthcare 

companies best prepared to deal with the same—with the right measures, protocols, monitoring, and 

trusted security partners—will be the ones that weather the severe ramifications of bad actors' intent on 

exploiting any and all vulnerabilities. 



About the Authors 

Rhoda Aronce and Ashwini Bhagwat serve as Senior Threat 

Researchers at cybersecurity leader SonicWall. SonicWall’s 

security solutions, including advanced firewalls and threat 

detection tools, have successfully prevented over 26,000 

attacks in 2024 by providing real-time threat intelligence and 

rapid response capabilities. To learn more about SonicWall's 

findings in its 2024 SonicWall Threat Brief, please visit 

www.sonicwall.com/threat-reportXXX. 

Rhoda Aronce and Ashwini Bhagwat can be reached directly at raronce@SonicWall.com and 

abhagwat@SonicWall.com respectively. 



Why The Open Web Application Security Project (OWASP) 

Mobile Application Security (MAS) Project Is Critical 

And Why Apple, Google, And Huawei Need to Participate 

By George McGregor, Vice President of Marketing, Approov, Inc. 

The OWASP MAS project continues to lead the way in mobile application security. This article describes 

the resources and tools which have recently been added to OWASP MAS, which provides mobile app 

security guidance and tools for developers and security professionals alike. Also, we will argue that 

OWASP really deserves to receive the full support of the major mobile platform and device vendors. 

OWASP MAS has announced new tools in August 2024. 

As developers and organizations continue to create mobile applications, and as regulations such as the 

EU DMA and the UK DMCC take effect, it's essential to ensure that best practices for mobile app security 

are widely available to the developer community. OWASP MAS is in a position to play this community 



ole and has a long list of corporate sponsors. But there is a need for everyone to contribute – it would 

be nice if Apple, Google and Huawei were on that list of sponsors, but they are not. 

New Updates from OWASP MAS 

OWASP continues to update and reinforce the Mobile Application Security guidelines and tools. As we 

pointed out in our previous blogs on the topic, OWASP MAS received a major update last year. In 

addition, at the beginning of 2024 the OWASP Mobile Top Ten was also brought up to date. 

The momentum continues with the latest news from the OWASP MAS team announcing a redesign of 

the testing guide and new tools. 

OWASP MAS offers a comprehensive suite of tools and resources, the most important being: 

• The verification standard (MASVS) which describes at a high level of abstraction the controls or 

attack surfaces which should be protected 

• The testing guide (MASTG) which delves deep into IOS and Android, providing detailed 

information on actual tests 

Last year's update saw the publication of the new MASVS v2.0 document which drove a major 

simplification and clarification of the overall security categories and controls. 

However, this left a gap between the high-level MASVS categories and the detailed MASTG which was 

not updated at the same time and was structured around the previous version of MASVS. 

This has now been addressed as the MAS team reframed the MASTG to be easier to navigate and better 

aligned with MASVS v2.0, making clear the link between controls and specific tests. 

The MASTG is now structured in a way that makes it easy to navigate between tests, techniques and 

tools. This promotes reusability. For example, you can open a test and see what tools and techniques 

are being used, and the intent is that eventually this will work in reverse too so everything is crossreferenced: 

you will be able to open a tool or technique and see all the tests that use it. 

Also added to MASTG are new demonstrations: practical demonstrations that include working code 

samples and test scripts. 

In addition, a brand new initiative called the new Mobile App Security Weakness Enumeration (MASWE) 

has been launched, designed to fill the gap between high-level MASVS controls and low-level MASTG 

tests. The MASWE identifies specific weaknesses in mobile applications, similar to Common Weakness 

Enumerations (CWEs). 

This all sounds great but there is much work to be done. These tools are not final and there are a number 

of empty templates in the new MASWE. This is a community project after all, so the OWASP MAS team 

is seeking help from everyone with a stake in the game, saying: “You can also contribute to the project 



y creating new weaknesses, tests, techniques, tools, or demos. We welcome all contributions and 

feedback, and we look forward to working with you to make the MAS project the best it can be.” 

Meanwhile Apple, Google and Huawei Pursue a Proprietary Approach to App Security 

While OWASP MAS champion’s best-practice sharing and collaboration, the major mobile platform 

providers like Apple, Google, and Huawei are pursuing proprietary security solutions. 

These approaches, come with significant drawbacks: 

• Vendor Lock-in: Developers become tethered to platform-specific security implementations, 

limiting flexibility and portability. 

• Reduced Innovation: Closed ecosystems can stifle the cross-pollination of ideas and slow the 

pace of security advancements. 

• Fragmentation: Disparate security standards across platforms increase complexity for 

developers targeting multiple ecosystems. 

The Way Forward – It's Time to Engage with OWASP MAS 

To truly advance mobile app security, the industry must move towards a model of open standards and 

collaboration. This approach would: 

• Leverage the collective expertise of the global security community 

• Reduce fragmentation and complexity in security implementations 

• Foster an environment of continuous improvement and innovation 

OWASP MAS is well positioned to play this role and everyone in the mobile community should find a way 

to contribute. 

Finally, it would be great to see Apple, Google and Huawei throw their weight behind OWASP MAS too. 

They have much they can contribute, and they could play a pivotal role in shaping a more secure mobile 

ecosystem for all – rather than continuing to defend their “walled gardens.” 

Mobile app security is too important to be siloed within proprietary ecosystems. As the digital landscape 

evolves, collaboration and open standards will be key to staying ahead of emerging threats and ensuring 

the safety of mobile users worldwide. 




George McGregor is based in the Bay Area and has an extensive 

background in cyber-security, cloud services and communications 

software. Before joining Approov he held leadership positions in 

Imperva, Citrix, Juniper Networks and HP. 

George can be reached online at george.mcgregor@approov.io, on 

LinkedIn at https://www.linkedin.com/in/gmcgregor/, or through the 

Approov website at https://www.approov.io/ 



A CISO’s Guide to Managing Cyber Risk in Healthcare 

By Gaurav Banga, Founder and CEO of Balbix 

Now more than ever before, our healthcare data is under attack. Of all of the sensitive information 

available on the dark web, medical records are among the most expensive, costing on average $1,000 - 

compared to just $1 for a Social Security Number. It's clear that our healthcare system has become a hot 

spot for phishing scams, unpatched vulnerabilities, ransomware, and patient data exposures, as most 

recently evidenced by the Change Healthcare data breach earlier this year. For Chief Information Security 

Officers (CISOs) on the frontlines of the fight, these staggering increases have sent an unequivocal 

message about the urgent state of data protection in the United States: The time for action is now. 

But where do we start? As cyber threats to our healthcare ecosystem reach a critical juncture, CISOs are 

facing mounting pressure to reimagine data protection and cyber risk practices for the modern era. Even 

for the most seasoned CISO, this can be seen as a daunting task, requiring careful oversight of HIPAA 

compliance, IoT medical devices, and distributed data management. One wrong turn and your entire 

system could be at risk. 

With data breaches involving Protected Health Information (PHI) costing nearly $11 million on average, 

time is of the essence for healthcare CISOs to mitigate cyber risks before they turn into a full-blown crisis. 

Here are three best practices to keep in mind. 

Build a Robust Data Governance Framework 



To help manage regulatory compliance and reduce cyber risk, CISOs should begin by regularly updating 

and reviewing data protection policies from the top down. This also includes regularly running risk 

assessments to identify and prioritize high-impact vulnerabilities across systems and IoT devices to 

ensure quicker remediation times. Worse, this past August nearly 9 million individuals were affected by 

a healthcare data breach due to compromises with network servers, email, and electronic medical 

records. By embedding agility and consistent vulnerability scanning directly into any data governance 

framework, CISOs can remain flexible during times of change, and more easily make their case to the 

Board for updated data security standards as a tool, not a hindrance, with security teams and developers 

ultimately bringing them to life. 

More, CISOs can (and should) consider regularly engaging third-party auditors, who can ensure 

regulatory adherence from an unbiased perspective. When it comes to sensitive healthcare data, you 

can never be too careful, so it’s always better to err on the side of safety and prioritize high-risk 

vulnerabilities rather than pay for the consequences of indifference down the line. At the end of the day, 

developing a truly robust data governance framework can also enhance data security and create a culture 

of risk prioritization. 

Embrace Next-Gen AI Solutions 

Generative artificial intelligence (GenAI) has taken the world by storm in recent years for its ability to 

revolutionize laborious processes with efficiency in mind. And its impact on healthcare data protection is 

no exception. In fact, GenAI can play a significant role in addressing cybersecurity concerns in healthcare 

by providing CISOs with risk articulation, allowing security teams to better understand inbound threats 

based on location, teams, departments, and assets. These next-gen tools can interact directly with 

security operations personnel in natural language, enabling them to quickly find relevant data and IP 

addresses in order to triage red flags and speed up investigations. 

Additionally, GenAI can automate traditionally time-intensive ticketing and operational tasks, streamlining 

remediation and patching processes. In doing so, security teams can spend time doing what they do 

best: thinking strategically, and innovatively, about how best to protect their company’s data. Of course, 

it’s no secret that bad actors – especially in the healthcare space – have gotten more elusive in recent 

years. Equipped with the latest in GenAI technology, however, healthcare CISOs now have an arsenal 

of tools at their disposal to best them at every turn. 

Turn Mistakes into Mastery 

Make no mistake: In the world of cybersecurity, there’s strength in numbers, and the mistakes of one 

CISO can easily be turned into “lessons learned” for another. Accordingly, by breaking down barriers 

impeding knowledge sharing and promoting cross-collaboration between companies, cybersecurity 

teams can learn from the past and ensure that they’re adequately prepared for the future. For better or 

worse, under new SEC guidelines, companies are now required to disclose material cybersecurity 

incidents they experience, as well as regularly share information regarding their cybersecurity risk 

management, strategy, and governance. By tapping into this publicly available information, healthcare 



CISOs can ensure they remain one-step ahead of the curve, applying strategic learnings to reinforce the 

protection of PHI and personally identifiable information (PII). 

Where We Go from Here 

Ready or not, large-scale cyberattacks in the healthcare space aren’t going anywhere anytime soon. No 

longer can cybersecurity teams take a reactionary approach to data protection, simply waiting for risks to 

appear before acting on them. On the contrary, healthcare CISOs must always be ready for the 

unexpected, employing (and enforcing) precautionary measures that anticipate potential threats before 

they happen. By following the steps outlined above, CISOs can create a new cybersecurity playbook for 

the healthcare sector, ensuring that private healthcare information stays private and protected. 


Gaurav Banga is the CEO and Founder of Balbix, an AI-powered 

cybersecurity risk management platform. Before Balbix, Gaurav was the 

Co-founder & CEO of Bromium and led the company from inception for 

over 5 years. Earlier in his career, he served in various executive roles at 

Phoenix Technologies and Intellisync Corporation, and was Co-founder 

and CEO of PDAapps, acquired by Intellisync in 2005. Dr. Banga started 

his industry career at NetApp. Gaurav has a PhD in CS from Rice 

University, and a B.Tech. in CS from IIT Delhi. He is a prolific inventor 

with over 50 patents. You can learn more about Balbix at 

https://www.balbix.com/ 



Beyond Buzzwords: The Real Impact of AI on Identity Security 

By Israel Duanis, Co-Founder and CEO, Linx Security 

Artificial intelligence (AI) has become one of the most discussed technologies in recent years, often touted 

as the answer to many of today’s pressing challenges. In the cybersecurity space, especially in identity 

security, AI is frequently positioned as a game-changer, promising to automate tasks, reduce risks, and 

increase efficiency. But as with any emerging technology, we must carefully separate the hype from the 

real, tangible benefits. 

As someone deeply embedded in the cybersecurity industry, I’ve seen the immense potential of AI 

firsthand. Yet, I’ve also observed how AI is sometimes oversold by vendors eager to capitalize on the 

excitement. While AI is not a magical solution that will solve all security problems overnight, when 

deployed thoughtfully and strategically, it can indeed transform identity security in ways that are both 

practical and powerful. 

AI’s Practical Role in Identity Security 

AI’s strengths are most evident in environments where complexity is increasing. With the shift toward 

cloud-based systems and the growing reliance on SaaS applications, managing access rights and 

permissions has become more challenging than ever. The traditional, rule-based approaches to identity 

governance simply cannot keep up with the scale and complexity of modern digital environments. 



This is where AI shines. Machine learning algorithms can analyze patterns in user behavior, automatically 

adjusting access rights based on real-time data. This dynamic approach enables faster and more 

accurate decisions on who should have access to what. It also reduces human error—errors that can 

result in over-provisioning or under-provisioning access, both of which pose significant security risks. 

However, AI-based identity systems have challenges. For these systems to work effectively, they need 

high-quality, diverse data. If the data is incomplete or biased, the AI’s conclusions can be flawed, leading 

to inaccurate decisions. The key to success lies in overcoming data quality issues, such as ensuring that 

human resources, identity providers, and application data are all synchronized and well-maintained. 

Vendors that crack this code (and it sure is solvable) are best positioned to maximize the benefits of AI 

in identity security. 

AI and Anomaly Detection: Beyond the Basics 

One of the most commonly touted benefits of AI in identity security is its ability to detect anomalous 

behavior. By continuously analyzing large datasets, AI can identify deviations from normal patterns, such 

as an employee logging in from an unusual location or attempting to access systems they typically don’t 

interact with. These anomalies could indicate compromised accounts or insider threats. 

While AI’s anomaly detection capabilities are impressive, they are not perfect. Not every anomaly 

represents a threat, and AI can sometimes misinterpret legitimate behavior as suspicious. This can lead 

to alert fatigue, where security teams are overwhelmed by a flood of false positives. A key factor in 

reducing these false positives is ensuring that AI models are tuned to the organization’s specific risk 

profile and fed with the right datasets. The more accurate the data, and the more it is suited to your 

environment - the fewer unnecessary alerts and the better the results. 

That said, when anomaly detection is done well, AI can detect potential threats faster than any human 

could, providing a crucial layer of defense in modern cybersecurity strategies. 

AI as an Augmenter, Not a Replacement 

One of the biggest misconceptions surrounding AI in identity security is the notion that it will eventually 

replace human judgment. We are not there just yet. AI excels at handling routine, repeatable tasks like 

access management and anomaly detection, but it often lacks the context to make complex decisions. 

For example, AI might flag an executive’s login from overseas as suspicious, but it won’t always know 

that the executive is on a pre-scheduled business trip. This is where human oversight is critical. Security 

professionals must interpret AI’s findings and decide whether further action is warranted. In this way, AI 

augments human expertise, rather than replacing it. As AI technology continues to evolve, the balance 

between AI-driven automation and human decision-making will only become more refined. 



Bridging the Skills Gap with AI as a Force Multiplier 

Another exciting area where AI is making an impact is in addressing the cybersecurity skills gap. The 

shortage of skilled professionals has been a long-standing challenge, and AI offers a solution by 

automating repetitive, time-consuming tasks. 

Consider the case of a global retail company facing a surge in seasonal hiring. During this period, 

thousands of new employees needed immediate access to systems. The manual process of provisioning 

and de-provisioning accounts overwhelmed the IT department. By implementing AI-driven identity 

governance, the company was able to automate the entire process. AI analyzed historical patterns and 

real-time data to automatically assign access rights, detect anomalies, and streamline account 

management. What would have taken days of manual work was completed in minutes—without 

compromising security. 

In this example, AI acted as a force multiplier, allowing the security team to manage a complex, highvolume 

workload with ease. AI doesn’t replace human judgment, but it enhances it by providing real-time 

insights and reducing the burden of routine decisions. This is the future of AI in identity security— 

empowering professionals to focus on more strategic tasks and respond to threats more quickly and 

effectively. 

The Future: Harnessing the Full Potential of AI 

Looking ahead, AI’s role in identity security will only expand. It’s not just about automating tasks or 

detecting anomalies anymore. The future of AI is about building self-healing systems that can 

autonomously predict and respond to threats in real-time. Imagine AI-driven systems that can detect a 

compromised account and instantly revoke access or isolate a threat, all without waiting for human 

intervention. 

While these advancements are exciting, responsible adoption is key. AI needs to be implemented 

thoughtfully, with strong governance and ethical oversight. Organizations must remain involved in guiding 

these systems, especially in complex situations where human judgment is crucial. 

The future of AI is bright and is a key element in the mission of promising smarter, more secure identity 

infrastructures. 

Conclusion: The Dawn of a New Era in Identity Security 

AI is not just transforming identity security—it is redefining it. While it’s crucial to remain realistic about 

the technology's limitations, the advancements we’re seeing today are just the beginning. AI has the 

potential to revolutionize how we secure digital identities, from automating complex processes to 

predicting and mitigating threats before they even materialize. 

The real power of AI lies in its ability to empower security professionals by taking on the heavy lifting of 

repetitive tasks, allowing them to focus on high-level strategy and critical decision-making. As AI 



continues to evolve, it will not only enhance security teams but also elevate the entire cybersecurity 

industry to new heights. 

The future of AI in identity security is one of increased agility, proactivity, and precision. As AI systems 

become more sophisticated, they will move beyond detection and into the realm of real-time response, 

creating a security landscape where threats are neutralized before they can cause harm. AI will enable 

organizations to be more resilient, adaptive, and prepared in an ever-changing threat landscape. 

The optimistic view is clear: AI is a catalyst for positive change, and its full potential is still ahead of us. 

Those who embrace AI responsibly, with the right mix of human oversight and strategic vision, will lead 

the charge toward a more secure, efficient, and forward-thinking digital world. The path ahead is bright, 

and AI will be at the forefront of a smarter, safer future in identity security. 


Israel Duanis is the Co-Founder and CEO of Linx Security, an identity solution 

that bridges the gaps between identity security, identity governance, and identity 

access management. 

Already working with large-scale companies across a large variety of industries 

such as financial services, retail, real estate, technology, and others, Linx is 

helping them dramatically shrink their identity attack surface and close major 

gaps in compliance—by enabling them to finally get control over the whole 

identity lifecycle. 

Israel can be reached via email israel@linxsecurity.io or LinkedIn 



Beyond the Firewall: Protecting Your Marketing Department 

from Cyber Threats and Safeguarding Digital Assets 

By Mushegh Hakobjanyan, CEO, Andava Digital 

Digital media created more opportunities for companies to engage with consumers than ever before, but 

such increased interconnectedness has a price. Attacks are becoming progressively advanced, targeting 

not only a company’s IT systems but also departments with valuable data and web pages. Is yours on 

the list? 

The cultivation of strong cybersecurity habits is key for all employees, as Apu Pavithran rightly noted in 

his Cyber Defense Magazine article Fortifying The Digital Frontier: Everyday Habits That Shape Your 

Company’s Cybersecurity Posture. You must also take a closer look at the specific weaknesses of 

marketing teams because they are directly affected by online usage and therefore in a constant state of 

deliverable pressure. That makes them ideal targets for cyber-criminals. 



The Marketing Department: A Hacker's Happy Hunting Ground 

Why are marketing groups seemingly putting on LEDs announcing, "Hack Me!"? Let’s unpack it: 

• Imagine marketing teams as honeypots teeming with all that sweet, sweet customer data. Names, 

email addresses, phone numbers, maybe even your most embarrassing online shopping list—all 

of it, just waiting for grabs. This stuff makes the scammers salivate. They can steal it for identity 

theft, devise convincing phishing attacks, or even swindle it off to the highest bidder on the dark 

web. 

• Brand marketers are virtual every moment of every day. They are running social media platforms, 

coding emails, and diving right into online advertising. They’re like the ‘Hey hackers, over here!’ 

They’re like sending a giant warning all the time. That kind of internet presence renders them 

vulnerable to an entire menu of online menaces. 

• Marketing isn’t easy to get right. And they want those sales, engagements, and amazing 

conversion metrics. This unrelenting tug can get even the best marketer to feel the pressure. An 

email offer that is going to give you a magical lift in traffic? A near-miss deal for the best tools in 

the market? Then, the "click here" button suddenly becomes incredibly desirable and hey presto 

– they’ve run right into a well-trodden rabbit hole. 

Common Scams Targeting Marketers 

Hackers use many methods to exploit these vulnerabilities. These are some of the many digital marketing 

scams that most commonly plague marketing departments: 

• Guaranteed top rankings in search of a dubious minimal price. These scams tend to be in the 

form of black-hat SEO that can affect your website’s reputation and result in a search engine 

penalty. 

• Methods that guarantee explosive followers or interactions through infected accounts, bots, or 

other tricks. They can damage your brand as well as violate the policies of social networks. 

• These companies promise you premium leads but provide inaccurate, out-of-date, or even fake 

contact details. It is time-, money-, and cost-consuming and also can hurt your sales pipeline. 

• Emails or messages cloaking genuine emails from trusted contacts in order to trick marketers into 

giving away private data such as passwords or banking information. 

The Crippling Consequences of Cyberattacks 

Falling victim to online scams can inflict devastating damage on businesses, leaving lasting 

repercussions that extend far beyond financial loss. These attacks can cripple a company's reputation, 

disrupt operations, and erode customer trust. Let's delve into the specific consequences businesses often 

face: 

• The immediate financial impact can be substantial. Direct losses from the scam itself, coupled 

with the expenses of data recovery, system restoration, and potential legal battles, quickly 



accumulate. Businesses may also face regulatory fines and increased insurance premiums in the 

aftermath of an attack. 

• A cyberattack can severely tarnish a company's reputation. Negative publicity, loss of customer 

confidence, and brand erosion can have long-term consequences for revenue and market share. 

Rebuilding trust after a breach is a challenging and often expensive undertaking. 

• Cyberattacks can bring business operations to a grinding halt. The time and resources required 

to investigate the attack, implement damage control measures, and restore normal operations 

can be significant. This disruption can lead to lost productivity, missed deadlines, and dissatisfied 

customers. 

• Scammers may gain control of a company's online properties, including websites, social media 

accounts, and promotional materials. This can be used to spread misinformation, redirect 

customers to malicious sites, or further damage the company's reputation. 

In today's interconnected world, safeguarding against cyber threats is paramount. Businesses must 

prioritize cybersecurity measures and educate employees about potential risks to mitigate the devastating 

consequences of falling victim to online scams. 

Digital Asset Management: Wrangling Your Marketing Assets and Locking Out the Cyber Bandits 

Consider the following scenario: your marketing department is a bustling saloon in the Wild West. Design 

assets are being sent through the air like tumbleweed, copyrights are being smuggled around like gold 

dust, and access is stolen like during a dusty pub fight. This disorganized environment is inefficient and 

leaves your business susceptible to cyberattacks. 

That’s where Digital Asset Management (DAM) shows up: a local sheriff who takes his town back. DAM 

is the concrete hut for all your precious sales collateral – photos, videos, logos, forms, you name it. It 

offers a unified platform to store, catalog, and manage these assets so that they can’t be accessed, 

accidentally deleted, or abused. 

Why DAM is Your Secret Weapon Against Cyberattacks 

DAM is your two-layered protection from the cyber-gangsters: 

• No need to hunt the internet for that newer version of that logo or that approved marketing picture. 

DAM becomes the master data warehouse, the one point of access to all your assets. This helps 

ensure that all members of your group are pulling information from the same place and with the 

latest and approved materials. 

• DAM stores all edits done to an asset so that if you lose sight of it, you can always jump to the 

most recent version. In addition, you can configure special permissions to enable access to or 

edit sensitive documents only by authorized staff. 

• Want to find that photo from last year’s campaign? DAM’s got you covered. Metadata and tags 

are well-equipped to search, organize, and map your assets. This saves you time, as well as 

letting you know about any suspicious activity or misuse. 



DAM and the Third-Party Posse 

Even with third parties, DAM is your security guard protecting your investments: 

• Create Specific Instructions and Rules: If you have assets you are sharing with freelancers, 

agencies, or other third parties, have very strict rules about who can view, use, and share your 

assets. This eliminates any confusion and keeps everyone on the same page. 

• Secure Your Equipment: Think of watermarks as your brand’s cow brand, telling the world what 

equipment is yours. Create access controls, encryption, and other protections that can keep your 

intellectual property safe from theft or dissemination. 

• Audit Access and Permissions Regularly: Never just leave it to do later! You will get busy and 

forget – we all do. Always review who is on your assets and who has what permissions regularly. 

This allows you to see if there are any security holes and who has access to your precious 

documents. And when someone leaves, remove their permissions immediately. 

Now cybersecurity doesn’t just fall under the IT department. Likewise, marketing departments should be 

on guard, seeing the specific ways they could fall victim and doing what they can to secure themselves 

and their companies. Understanding the common frauds targeting marketers, adopting strong digital 

asset management strategies, and developing a cyber-savvy culture will help companies beef up security 

and protect their valuable digital assets. 


Mushegh Hakobjanyan is the Founder and CEO of Andava Digital, with 10+ 

years of experience in digital marketing and a focus on SEO and organic 

channels that drive traffic. Graduate with a degree in Management of 

Information Systems, Game Theory enthusiast, and Management 3.0 follower. 

Mushegh can be reached online at Hello@andava.com, LinkedIn, and at our 

company website https://www.andava.com/ 



Preparing for the EU’s DORA amidst Technical Controls 

Ambiguity 

By Martin Greenfield, CEO of Quod Orbis 

The financial sector is bracing for a significant shift in its digital landscape as the EU’s Digital Operational 

Resilience Act (DORA) prepares to take effect in January 2025. 

This new regulation is set to transform the approach of financial institutions - including banks, insurers, 

and investment firms - towards their IT infrastructure and data security protocols. At the heart of DORA 

lies Article 3, which aims to bolster "the capacity of financial entities to construct, ensure, and evaluate 

their operational integrity and reliability." 

In the years following the 2008 global financial crisis, there was a notable surge in attention to IT security 

and digital resilience. However, this focus gradually waned over time. Now, with cybercrime emerging as 

the world's third-largest economy, surpassed only by the United States and China, DORA seeks to 



address this escalating cyber threat head-on. EU member states face potentially severe consequences 

if they fail to comply with these new regulations by January 2025. Non-compliant institutions could be 

subject to substantial penalties, including fines of up to 2% of their global annual turnover or 1% of their 

worldwide average daily turnover. 

Despite the urgency of the situation, many institutions are experiencing delays in their preparatory efforts. 

While new technical standard documents were submitted to the commission in July of this year, affected 

entities continue to grapple with significant hurdles in their DORA readiness plans. 

As the deadline looms, businesses cannot afford a wait-and-see approach. In the absence of concrete 

guidance, firms must take proactive steps based on the information currently at their disposal. 

Transparency is the cornerstone of DORA compliance 

The importance of comprehensive visibility cannot be overstated. DORA places a strong emphasis on 

this aspect, particularly in relation to data transparency and actionable evidence. The regulation shines 

a spotlight on critical areas that have traditionally lacked robust frameworks and are consequently more 

susceptible to risks. These include third-party risk management, operational resilience, and thorough 

testing protocols. 

A pivotal aspect of DORA is its requirement for uninterrupted monitoring. This marks a significant 

departure from conventional periodic assessments, ushering in an era of constant vigilance. Under this 

new rule, organisations are tasked with implementing systems that offer real-time insights into their digital 

operational resilience. Such systems must enable swift identification and response to emerging threats 

or vulnerabilities. 

The financial sector, in particular, faces the challenge of ensuring security and compliance across its 

entire supply network. This obligation extends beyond immediate suppliers, potentially encompassing a 

wide array of third-party providers and even their subcontractors. As a result, the process of evaluating 

cybersecurity practices may ripple through multiple layers of the supply chain, creating a complex and 

resource-intensive compliance environment. While the full extent of this cascading effect remains to be 

determined, organisations would be prudent to prepare for extensive reporting requirements that could 

span several tiers of their supply network. 

Enhanced security testing 

While the Payment Card Industry (PCI) standards have long focused on safeguarding credit card 

information, requiring annual penetration testing and assessments after significant changes, the 

regulatory landscape is evolving towards more frequent and comprehensive evaluations. The U.S. 

National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) has already 

expanded the scope, addressing additional crucial aspects such as recovery processes, thus filling some 

gaps left by PCI standards. 



DORA takes this a step further, mandating organisations to implement exhaustive testing protocols that 

leave no stone unturned. This includes systems previously deemed too critical or sensitive for regular 

assessment. This regulatory shift signals a paradigm change, calling for a more rigorous and frequent 

testing regimen across the entire technological infrastructure, irrespective of a system's perceived 

operational importance. 

These emerging regulations are driving organisations towards a proactive stance on security. The 

emphasis is now on continuous monitoring to detect and address weaknesses before they escalate into 

significant risks. This approach aims to minimise the development of vulnerabilities and ensures that 

organisations maintain an up-to-the-minute awareness of their security posture. 

Preparing your business for the DORA era 

DORA's emphasis on continuous threat monitoring and results-oriented risk management signifies a 

significant shift in the regulatory landscape. Soon, authorities will have the power to request data and 

assess compliance, making preparation crucial. 

To begin this journey, organisations should establish a dedicated working committee with clearly defined 

roles and responsibilities. This committee will play a vital role in conducting a comprehensive gap 

analysis, identifying areas for improvement both within their operations and across their supply chain. 

Such an analysis will not only highlight necessary changes but also inform critical budget discussions 

and resource allocation decisions. 

It's important to note that approaching the five pillars of DORA as a chronological, step-by-step checklist 

will prove ineffective. Instead, organisations should focus on key areas such as third-party risk 

management and reporting, which are interwoven across all pillars of the regulation. 

With the deadline looming, it's critical to update and strengthen risk management strategies. DORA 

assumes firms already have a robust risk management framework in place. However, it's crucial to 

understand that existing certifications, such as ISO27001, while valuable, may not ensure full DORA 

compliance due to the regulation's extensive third-party risk management requirements integrated into 

every pillar. 

Despite any potential delays in implementation guidance, DORA is imminent, and businesses must be 

prepared. Rather than viewing this regulation solely as a compliance requirement, forward-thinking 

organisations should see it as an opportunity to enhance their overall security posture. By focusing on 

continuous monitoring and effective threat management, businesses can not only meet regulatory 

standards but also achieve a higher level of protection across their networks, potentially gaining a 

significant competitive advantage in the process. 




Martin Greenfield is the CEO of Continuous Controls Monitoring solutions 

provider, Quod Orbis. He has over two decades in the cyber security space. 

With his team, Martin helps deliver complete cyber controls visibility for our 

clients via a single pane of glass, through Quod Orbis’ Continuous Controls 

Monitoring (CCM) platform. Their clients can see and understand their 

security and risk posture in real time, which in turn drives their risk investment 

decisions at the enterprise level. 



Securing Linux Systems in the Age of AI: Unified Security 

Strategies for Modern Enterprises 

By Inna Ushakova, CEO at AI EdgeLabs 

Introduction 

In the rapidly evolving landscape of cybersecurity, the integration of Artificial Intelligence (AI) has 

emerged as a transformative advancement. This is particularly true in the realm of Linux-based systems, 

where AI is reshaping how we approach security. As the CEO of AI EdgeLabs, the company 

revolutionizing cybersecurity for Linux-based environments and assets, I am honored to share insights 

on best practices for implementing AI-based unified security solutions tailored for Linux environments. 

The Strategic Importance of Linux Security 

Linux systems are the backbone of many enterprise environments due to their robustness, flexibility, and 

open-source nature. They power critical infrastructure, support cloud environments, and are foundational 



to many of the world’s largest and most complex IT ecosystems. The adoption of Linux is not limited to 

servers and data centers; it extends to embedded systems, IoT devices, and edge computing 

environments. This widespread usage makes Linux an attractive target for cybercriminals, necessitating 

a strategic approach to security. 

The inherent strengths of Linux—its modularity, transparency, and the vast ecosystem of open-source 

tools—also present unique challenges. The diversity of Linux distributions, the customization options 

available to administrators, and the decentralized nature of open-source development can lead to 

inconsistent security practices. Moreover, the perception that Linux is inherently secure can sometimes 

lead to complacency, leaving critical vulnerabilities unaddressed. 

In this context, the integration of AI into cybersecurity frameworks offers a revolutionary approach to 

safeguarding Linux systems. AI-driven security solutions can provide the automation, intelligence, and 

scalability needed to address the complex and dynamic threats targeting Linux environments. 

The Role of AI in Modern Cybersecurity 

Artificial Intelligence, including next-generation models like Large Language Models (LLMs), Deep 

Learning, and Reinforcement Learning, has the potential to revolutionize cybersecurity. Leveraging these 

advanced AI models, particularly through Machine Learning (ML), enables the analysis of vast amounts 

of data in real-time, allowing for the detection of patterns and anomalies that may indicate a cyber threat. 

This capability is particularly valuable in the context of Linux security, where the complexity of the 

environment can make it difficult to identify potential vulnerabilities and threats using traditional methods. 

AI’s ability to learn and adapt over time allows it to predict and respond to emerging threats in ways that 

were previously unimaginable. For example, AI can be used to detect zero-day vulnerabilities—previously 

unknown security flaws that can be exploited by attackers—before they are widely recognized. This 

proactive approach to threat detection is crucial for maintaining the security of Linux systems, which are 

often at the core of critical infrastructure. 

However, the integration of AI into cybersecurity is not without its challenges. The same capabilities that 

make AI a powerful tool for defense can also be exploited by attackers. Adversarial AI, where attackers 

use AI to enhance their own capabilities, is an emerging threat that must be addressed. This creates a 

dynamic and rapidly evolving battlefield where defenders and attackers are constantly seeking to 

outmaneuver each other. 

Best Practices for Implementing AI-Based Unified Security in Linux Environments 

Implementing AI-based unified security in Linux environments requires a comprehensive approach that 

takes into account the unique characteristics of both AI and Linux. Below are some best practices that 

can help organizations maximize the effectiveness of their AI-driven security strategies. 



1. Adopt a Unified Security Approach 

Traditional security models often operate in silos, with separate tools and processes for network security, 

endpoint security, and application security. This fragmented approach can create gaps in coverage, 

leaving vulnerabilities exposed. In contrast, a unified security approach integrates multiple layers of 

defense, providing a holistic view of the threat landscape. 

For Linux environments, this means integrating AI-driven tools across all layers of security, from Network 

Detection and Response (NDR) to Endpoint Detection and Response (EDR) and Intrusion Prevention 

Systems (IPS). A unified security approach allows for seamless communication between these tools, 

enabling them to share threat intelligence and coordinate responses in real-time. 

2. Leverage AI for Enhanced Threat Detection 

AI’s ability to analyze vast amounts of data in real-time makes it an invaluable tool for threat detection. 

By continuously monitoring network traffic, system logs, and user behavior, AI can identify patterns and 

anomalies that may indicate a cyber threat. This enables earlier detection of sophisticated attacks, 

including zero-day vulnerabilities and advanced persistent threats (APTs), which are often missed by 

traditional signature-based methods. 

In Linux environments, where the complexity and diversity of the system can make it difficult to detect 

potential threats, AI’s pattern recognition capabilities are particularly valuable. For example, AI can be 

used to detect unusual patterns of file access, privilege escalation, or network traffic that may indicate a 

compromised system. 

3. Implement Predictive Analytics and Preemptive Defense 

One of the most powerful aspects of AI is its ability to predict potential threats based on historical data 

and emerging trends. By analyzing past incidents, AI can identify patterns that may indicate a future 

attack. This predictive capability allows organizations to proactively defend against new attack vectors 

before they become widespread. 

In the context of Linux security, predictive analytics can be used to identify vulnerabilities in software 

packages, configurations, or network architectures that could be exploited by attackers. This allows 

organizations to address these vulnerabilities before they can be exploited, reducing the risk of a 

successful attack. 

4. Automate Incident Response for Faster Remediation 

AI-driven automation can streamline incident response processes, reducing the time between detection 

and remediation. This is particularly important in Linux environments, where the complexity of the system 

can make manual incident response time-consuming and error-prone. 



AI-powered tools can automatically isolate compromised systems, apply patches, or even counteract 

threats without human intervention. For example, if a Linux server is compromised, AI can automatically 

detect the breach, quarantine the affected system, and apply security patches to prevent further 

exploitation. This rapid response capability is crucial in minimizing the impact of a breach and preventing 

the spread of the attack. 

5. Mitigate the Risks of Adversarial AI 

While AI offers significant advantages in enhancing Linux security, it also introduces new risks. 

Adversaries are increasingly using AI to develop more sophisticated malware, automate phishing 

campaigns, and identify vulnerabilities at scale. This creates an AI arms race, where defenders and 

attackers are constantly evolving to outmaneuver each other. 

To mitigate the risks of adversarial AI, organizations must invest in advanced AI-driven security tools that 

can detect and counteract AI-driven attacks. This includes developing AI models that are resilient to 

adversarial manipulation, as well as continuously monitoring and refining AI algorithms to ensure they 

remain effective against evolving threats. 

6. Ensure High-Quality Data for AI Training 

AI systems are only as good as the data they are trained on. Poorly managed AI can introduce biases, 

generate false positives, or overlook genuine threats. For organizations using AI-driven solutions for 

Linux security, ensuring high-quality data is paramount. 

This involves collecting and curating large datasets that accurately represent the threat landscape, as 

well as continuously updating these datasets to reflect new and emerging threats. Additionally, 

organizations should implement rigorous testing and validation processes to ensure that AI models are 

performing as expected and are not introducing unintended biases. 

7. Enhance Collaboration and Threat Intelligence Sharing 

The effectiveness of AI-driven security solutions is greatly enhanced by collaboration and the sharing of 

threat intelligence. By pooling resources and knowledge, organizations can leverage collective insights 

to develop more effective AI models and respond to threats more quickly. 

In the Linux security community, where open-source collaboration is a core value, there are numerous 

opportunities to share threat intelligence and collaborate on AI-driven security initiatives. For example, 

organizations can contribute to open-source AI models, share threat intelligence through community 

forums, and participate in joint security initiatives. 



8. Prioritize Ethical AI Usage 

As AI becomes more integrated into security protocols, ethical considerations must be a priority. This 

includes ensuring that AI is used responsibly, avoiding unintended consequences that could harm users 

or introduce biases. Organizations must be vigilant in monitoring the ethical implications of their AI-driven 

security practices, ensuring that they do not inadvertently exacerbate existing vulnerabilities or create 

new risks. 

In the context of Linux security, this means being mindful of the open-source nature of the platform and 

ensuring that AI-driven tools are developed and deployed in a way that aligns with the values of 

transparency, collaboration, and community-driven innovation. 

The Security Industry vs. the Hacking Industry: A Dynamic Battle 

The integration of AI in cybersecurity has transformed the landscape, creating a dynamic interplay 

between the security industry and the hacking industry. Both defenders and attackers are leveraging AI 

to enhance their capabilities, leading to a constant battle for dominance. 

1. Security Industry Adoption of AI 

The cybersecurity industry is rapidly adopting AI and machine learning technologies to improve threat 

detection, automate responses, and enhance overall security posture. AI-driven tools are becoming more 

prevalent in areas such as threat intelligence, endpoint security, and network monitoring. 

For Linux environments, this means the development of AI-driven tools specifically designed to address 

the unique challenges of Linux security. These tools leverage AI to provide real-time threat detection, 

automated incident response, and predictive analytics, helping organizations stay ahead of emerging 

threats. 

2. Hacking Industry Utilization of AI 

Hackers are also increasingly using AI to enhance their capabilities. This includes automating attack 

vectors, creating sophisticated phishing schemes, and developing malware that can evade traditional 

detection methods. AI is making it easier for attackers to scale their operations and launch more targeted 

and effective attacks. 

For example, attackers may use AI to develop malware that can adapt to different Linux distributions, 

making it more difficult for defenders to detect and mitigate. Additionally, AI can be used to automate the 

process of identifying vulnerabilities in Linux systems, allowing attackers to exploit these vulnerabilities 

more quickly and efficiently. 



3. The AI Arms Race 

The use of AI by both defenders and attackers has led to an AI arms race, where each side is constantly 

developing more advanced AI systems to outmaneuver the other. This escalation has made cybersecurity 

more complex and challenging, requiring constant vigilance and innovation from defenders. 

In this environment, the ability to quickly adapt and innovate is critical. Organizations must continuously 

refine their AI-driven security solutions, ensuring they remain ahead of increasingly sophisticated threats. 

This involves not only technological advancements but also adopting a proactive security mindset that 

emphasizes agility, collaboration, and continuous learning. 

Future of AI-Based Unified Security for Linux Systems 

The future of AI-based unified security for Linux systems will be characterized by several key 

developments that will further enhance the effectiveness of AI in protecting Linux environments. 

1. Enhanced AI-Driven Threat Intelligence 

AI will continue to revolutionize threat intelligence, moving beyond traditional reactive approaches to more 

predictive and preemptive capabilities. Future AI systems will be capable of correlating data across global 

threat landscapes, identifying emerging attack patterns, and predicting potential vulnerabilities before 

they are exploited. This will allow organizations to take preventive measures, reducing the attack surface 

and mitigating risks proactively. 

2. Advanced Collaboration and Knowledge Sharing 

The open-source nature of Linux creates a unique opportunity for collaboration among security 

professionals, developers, and the broader cybersecurity community. By fostering a culture of knowledge 

sharing, organizations can leverage collective intelligence to improve AI models, share threat intelligence, 

and develop innovative defense strategies. The future will likely see increased use of open AI models 

trained on shared datasets, allowing organizations to benefit from community-driven advancements in 

AI-based security. 

3. AI-Augmented Human Intelligence 

While AI is a powerful tool, human expertise remains invaluable in cybersecurity. The future will see 

greater integration of AI and human intelligence, where AI handles routine tasks and large-scale data 

analysis, allowing human analysts to focus on more complex and strategic decision-making. This AIaugmented 

approach will enhance the overall effectiveness of security operations centers (SOCs), 

improving both detection and response capabilities. 



4. Integration with Edge Computing and IoT Security 

As edge computing and the Internet of Things (IoT) continue to expand, the attack surface for Linux 

systems grows. Future AI-based security solutions will need to integrate seamlessly with edge devices 

and IoT environments, providing unified security that extends from centralized data centers to the farthest 

edge of the network. AI will play a crucial role in real-time threat detection and response, ensuring that 

all connected devices are continuously monitored and protected. 

5. Development of Adversarial AI Defense Mechanisms 

As attackers become more sophisticated in using AI for malicious purposes, developing AI models that 

are resilient against adversarial attacks will be crucial. Future AI systems will need to incorporate 

techniques such as adversarial training, anomaly detection, and robust model validation to ensure they 

can withstand attacks designed to manipulate or bypass AI defenses. Continuous research and 

innovation will be essential to stay ahead in the AI arms race. 

6. Ethical AI and Regulatory Compliance 

As AI becomes more pervasive in cybersecurity, ethical considerations and regulatory compliance will 

become increasingly important. Organizations will need to ensure that their AI-driven security solutions 

are transparent, accountable, and free from biases. The future will likely see the development of ethical 

frameworks and standards for AI in cybersecurity, guiding organizations in responsible AI usage and 

fostering trust among stakeholders. 

7. Integration of eBPF for Kernel-Level Observability and Security 

The extended Berkeley Packet Filter (eBPF) is poised to become a game-changer in Linux security. 

eBPF enables safe and efficient execution of code directly in the Linux kernel, providing deep 

observability and fine-grained monitoring of system behavior without significant performance overhead. 

By integrating eBPF with AI-based security solutions, organizations can achieve unprecedented visibility 

into kernel-level activities, such as system calls, network traffic, and process behavior. This enables more 

precise threat detection, real-time anomaly identification, and faster response to sophisticated attacks, 

enhancing the overall security posture of Linux environments. 

Conclusion 

The integration of AI into unified security solutions for Linux systems is transforming the cybersecurity 

landscape. As both defenders and attackers harness the power of AI, the stakes are higher than ever. 

Organizations must embrace a proactive, innovative, and collaborative approach to AI-based security, 

ensuring they stay ahead of evolving threats and protect their critical Linux environments. 



By adopting best practices such as unified security, enhanced threat detection, predictive analytics, 

automated incident response, and ethical AI usage, organizations can build a resilient defense posture 

that leverages the full potential of AI. As the AI arms race continues, the future will belong to those who 

can adapt, innovate, and leverage AI to its fullest potential, creating a safer and more secure digital world. 


Inna Ushakova is a pioneering tech entrepreneur who has built two 

successful and recognized companies, Scalarr and AI EdgeLabs, in 

the fields of AI-driven fraud prevention and cybersecurity. 

In 2016, Inna co-founded Scalarr, an AI-driven company specializing 

in mobile ad fraud prevention through machine learning, helping 

clients save millions. Building on this success, she launched AI 

EdgeLabs, which provides autonomous, AI-powered Linux-based 

cybersecurity solutions to protect critical infrastructure from any 

threats, with advanced detection and automated response capabilities 

for edge computing, hybrid cloud, and distributed environments. 

Under Inna Ushakova's leadership, AI EdgeLabs has been recognized as a finalist for the Edge Startup 

of the Year award, and she herself has been shortlisted for the Edge Woman of the Year award. Her 

vision for the future of edge computing emphasizes the importance of robust security measures to protect 

against increasing cyber threats as the adoption of edge technologies continues to grow 

Inna Ushakova can be reached online at iu@edgelabs.ai and https://www.linkedin.com/in/innaushakova/ 

and at our company website https://edgelabs.ai/ 



Digital Transformation Failures: A National Security Crisis in the 

Making 

The Role of Cybersecurity Challenges in the Digital Transformation Failures 

By Joe Crist, CEO, Transform 42 

In the hyperconnected world, digital transformation has become synonymous with progress, efficiency 

and innovation. For governments, business and defense organizations alike, the ability to leverage the 

power of digital technologies isn’t just a competitive edge – it’s an existential imperative. But as 

organizations are scrambling to modernize, there is a disturbing trend emerging more than 70 per cent 

of digital transformation programs are failing to deliver the results for which they were designed. Although 

this might sound like a business statistic, the implications go far beyond lost revenue opportunities or 

technological obsolescence, particularly in critical sectors such as defense, energy and national 

infrastructure. 

The failure of digital transformation has a particularly perverse effect on cybersecurity and helps to turn 

a technical problem into a national security crisis. As defense organizations, government agencies and 

critical infrastructure operators strive to weave modern technologies into legacy, often highly complex 

architectures, cyber vulnerabilities multiply. Failed digital transformation – where systems will not work 

as planned or are incomplete – not only erodes operational effectiveness: it also leaves intact legacy 

systems open to attack. In a cyber-threat landscape that shows no signs of abating, the stakes are high. 

A failed digital transformation in a critical system means more than a wasted investment. It means 

opening the door to cyberattack, spying, and even sabotage. 



The Multifaceted Causes of Digital Transformation Failures 

The first step to fixing the problem of digital transformation failure is to understand why so many attempts 

fail. Although every industry has its own unique problems, the defense and national infrastructure sectors 

face distinctive challenges that can make failure more likely. The main causes of digital transformation 

failure include: 

1. Vision and leadership buy-in the lack of clear, well-communicated vision and executive buy-in 

may prove to be the most damning characteristic of digital transformation efforts. In many cases, 

organizations put themselves on a path to digital transformation without having clearly defined a 

vision for what success looks like, a strategic roadmap for how they intend to get there, or the 

buy-in from leadership that would be necessary to guide the transformation. Layered bureaucracy, 

which characterizes many defense sectors, can also slow decision-making and hinder leaders’ 

ability to focus on the right priorities. 

2. Overestimating Simplicity: Old legacy systems, especially in the defense and government sphere, 

are decades old. These systems are not only old but complex. They were designed for a predigital 

world. Connecting new technologies – be it cloud computing, AI or data analytics – to legacy 

systems is a complex process in itself. Organizations often underestimate the time, money and 

resources required to modernize and end up with projects that fail to deliver on either cost or time. 

3. Cultural Resistance: Digital transformation is as much about cultural change as it is about 

technology. The top-down structures and efficient chain-of-command protocols of the defense 

sector can be resistant to the inclusive, free-thinking environments required for digital 

transformation success. Employees and managers might resist new tools and processes, 

especially if they feel that these threaten their roles or workflows. 

4. Siloed Operations and Poor Communication: Effective digital transformation projects require 

seamless collaboration between IT, operations and leadership. In large, hierarchical 

organizations such as defense agencies or infrastructure operators, siloed operations and poor 

communication, often hinder such cross-functional collaboration. If departments do not align, or 

do not communicate effectively, digital transformation projects can be fractured, with partial or 

incomplete implementations. 

5. Omission of cybersecurity: The most troubling omission might be the lack of emphasis on 

cybersecurity. It is common for organizations to see cybersecurity as an afterthought, to be 

attended to only after the new systems and technologies have been put in place. This means 

there is a ‘window of vulnerability’ as the transition to new systems takes place. This is especially 

important for organizations in the defense and national infrastructure sectors that might not 

survive a cyberattack. They hold industry and government information, command-and-control 

capabilities and critical operational systems. 



The Cybersecurity Risks of Failed Transformations 

Underlying every digital transformation is the introduction of new technologies that improve efficiencies, 

generate data and automate processes. However, the new technologies that underpin digital 

transformation also exponentially increase exposure to cyberattacks, particularly if not handled properly. 

Each stage of digital transformation entails digitizing processes, moving to cloud environments, and 

linking previously isolated systems – presenting an entirely new attack surface for cybercriminals and 

nation-state adversaries to exploit. 

And in the defense and national infrastructure sectors this risk is heightened. Ineffective or failed digital 

transformation programs can result in: 

1. Exposure of Critical Data: Defense organizations depend on secure systems to handle highly 

sensitive data about military strategies, personnel data and classified communications. Failed 

digital transformation can expose this data to hacks. Hackers or nation-state actors can exploit 

openings in new systems that are integrated or partially modernized to breach firewalls and gain 

access to strategic defense data. Stolen or altered data can erode national security by letting an 

adversary know sensitive information about military operations or defense capabilities. 

2. Crippled Command-and-Control: Digital networks are the critical infrastructure that enables realtime 

communications and coordination in modern defense systems. If digital transformation fails, 

command-and-control systems are broken or exposed to cyberattack. Adversaries could intercept 

military communications or create confusion during a war, rendering friendly commands 

inoperable or untrustworthy. Or worse, hostile forces could commandeer defense systems. A 

particularly ominous example is an attack on command-and-control systems that could disable 

drones, missiles or other automated technologies, or even seize control. 

3. Cyber Sabotage of Critical Infrastructure: National security is not just the concern of defense 

ministries. Critical infrastructure such as energy grids, transport networks and water supplies are 

also strategic assets that, if compromised, could have serious consequences. Digital 

transformation failures in these sectors can lead to vulnerabilities in operational technology (OT) 

systems that, if attacked, could lead to large-scale power outages, supply chain disruptions or 

even environmental disasters. Real-world cases such as the 2015 cyberattack on the power grid 

of Ukraine illustrate the stakes involved in securing critical infrastructure for countries that fail to 

do so. 

4. Insider Threats and System Misconfigurations: Not all cyber vulnerabilities stem from outside of 

an organization. Digital transformations can result in insider threats and system misconfigurations 

as well. Employees may not be trained well enough on a new system to understand the 

information they are working with, or the security of the system. Poorly configured systems – a 

result of a rushed or incomplete transformation – can become exploitable vulnerabilities, easily 

acted upon by malicious actors. In defense, where data and operational integrity are vital, these 

‘soft’ vulnerabilities can cause harm. 



Case Studies: The Real-World Impact of Digital Transformation Failures 

Consequences of digital transformation failure are more than just hypothetical. A number of examples 

from the real world reveal the actual dangers that arise when digital transformations get it wrong – 

especially in areas of national security. 

Case Study 1: The 2015 Ukrainian Power Grid Cyberattack 

In late December 2015, the country of Ukraine suffered a massive cyberattack against its power grid, 

resulting in blackouts across much of the nation and cutting power to a quarter of a million people. 

Security experts concluded that the intruders, a highly coordinated army of cybercriminals, hacked their 

way into the country’s energy infrastructure using malware. The 2015 blackouts in Ukraine graphically 

illustrate how outdated (or improperly secured) critical infrastructure systems can be vulnerable to attack. 

Ukraine had been undertaking the task of digitizing parts of its energy infrastructure, but security gaps 

were exploited by the attackers, demonstrating that even incomplete digital transformation can bring real 

risks. 

For other states with similarly old infrastructure, it is a warning: unless digital transition is managed 

securely throughout, from the core to the periphery, then critical infrastructure is vulnerable to sabotage, 

both civilian and military. 

Case Study 2: The 2020 SolarWinds Cyberattack 

Since the 2020 SolarWinds breach – which saw a nation-state-backed hacker inserting malicious code 

into a software update for the Orion software used by government agencies and Fortune 500 businesses, 

making it the most significant cyberattack on a private company in recent years – we have become 

painfully aware of the digital vulnerabilities that can be used as attack vectors. 

The scope of the attack, which compromised systems at the U S Department of Homeland Security, the 

Pentagon and countless other targets, wasn’t completely clear, but it certainly showed the consequences 

of rushing a digital transformation without investing in cybersecurity. Today, as organizations push to 

modernize, every layer of the digital infrastructure needs to be secure – or the breach could have similar 

national security implications. 

Why Cybersecurity Must Be Central to Digital Transformation 

The case for transformation is straightforward: to compete, to be efficient and effective, to thrive in a 

digital world, organizations must digitalize. But digitalization is not a goal in itself; it is a means to an end. 

When it comes to national security, the digital transformation must be in support of, and never at the cost 

of, cybersecurity. 

1. A proactive, not reactive approach to security: In the past, cybersecurity was often relegated to 

the backseat; thought of after every other part of the process was completed and, even then, only 

if there was a threat. In the future, organizations will need to adopt a proactive approach to 

security, and this must be built into every phase of the digital transformation process, from 



designing a system to implementing it and maintaining it, with encryption, multi-factor 

authentication, real-time threat detection, and incident response protocols. 

2. Investment in cybersecurity talent: the pace of digital transformation is picking up and 

organizations need to recruit and train skilled cybersecurity professionals to help ensure new 

systems are hardened. This is particularly true in the defense industry, where many of the systems 

are more complex and the data, they process is highly sensitive. Investment in the recruitment 

and retention of cybersecurity talent is critical to defense organizations. 

3. Continuous monitoring and adaptation: Digital transformation is not a one-time event; it is a 

continuous process. When organizations adopt new technologies, they must also continuously 

monitor for new security vulnerabilities and adjust security measures to stay ahead of security 

risks. The threat landscape continues to evolve, and organizations must remain vigilant to thwart 

newly emerging cyber threats. 

4. Cross-Sector Collaboration: In addition to the existing relationship between government and 

defense organizations, industry and commercial sector companies need to increase cross-sector 

collaboration to share best practices, intelligence and cybersecurity solutions. Public-private 

partnerships can help ensure that digital transformations are both successful and secure. When 

organizations pool resources and knowledge, they also pool the tools to defend against the everevolving 

cyberthreats that aim to breach national security. 

The dismal record of digital transformation efforts offers a concrete and urgent national security issue. In 

sectors such as defense, energy and critical infrastructure, failures translate not just into embarrassing 

outages and lost revenues, but also to their own cyberattacks, data breaches and sabotage – all of which 

can have potentially deadly consequences. As national systems modernize, they should realize that 

security does not just follow from digital transformation – it is a prerequisite. 

By building cybersecurity into digital transformation at the very beginning, governments and 

organizations can better support national security through proactive, integrated security, targeted 

investment in cybersecurity talent, and collaboration across sectors. 

It is no longer enough for a nation to innovate to stay secure; it must also innovate securely to remain 

viable in an increasingly hostile cyber landscape, where failure is no longer an option. Digital 

transformation must succeed, or we collectively risk losing. 




Joe Crist is a seasoned Digital Transformation Expert and the Founder of 

Transform 42 Inc. With a 14-year military background in the U.S. Navy and 

U.S. Army National Guard, Joe brings a wealth of experience in resilience and 

strategic leadership. He transitioned from military service to working with top 

firms, tackling high-stakes projects for defense, government, finance, and 

healthcare sectors. 

Driven by the challenges he observed in businesses struggling to adapt to 

digital changes, Joe developed the hyper-scaling blueprint, a comprehensive 

strategy that focuses on aligning people, processes, and technology for 

sustained business growth. His method emphasizes agility, innovation, and 

outcome-based strategies, helping organizations become more customer-centric and adaptive to market 

demands. 

In addition to leading Transform 42 Inc., Joe is expanding his thought leadership through a podcast 

featuring industry leaders and a forthcoming book that dives deeper into strategies for navigating digital 

transformation. 

Joe can be reached online at Joe.crist@transform42inc.com or his many platforms at 

https://linktr.ee/transform42 and at our company website https://www.transform42inc.com/ 



Top Recommendations for Data Retention and Deletion 

By Leon Butler, Head of Data Security, Quorum Cyber 

The tremendous value that data holds for organizations also comes with the responsibility to properly 

address its storage, governance, and security. How can businesses tackle this significant task? This 

article will review the top strategies. 

Should you be concerned with having too much data? It is best not to focus on a single figure of data, to 

say that something is bad. The concern should be understanding the make-up of this data; how much 

data is sensitive, business-critical, and what proportion is redundant, obsolete, or trivial. 

Over-retention of redundant data adds to the operational cost of data, and introduces risk—if you do not 

need it, why keep it? As a Data Processor or Controller, one should always understand where sensitive 

data is stored so that it can be processed within the confines of regulation and law. 

“Knowing your data” is the key part in assessing when, where, and why content is processed. 

Understanding this will, in turn, help an organization to understand how much is too much — for example, 



over-retention of personally identifiable information (PII) or a high volume of intellectual property (IP) that 

is not adequately protected by security controls. 

Understanding what data should be deleted is unique to every organization, and is determined by a 

combination of regulatory, judicial, and organizational requirements. An organization needs to ensure it 

understands the type of data it processes as part of its day-to-day operations and how to govern it through 

an effective Retention Schedule and Policy. An agreed Retention Schedule will identify the different types 

of content (physical, electronic) and classifications (PII, IP, financial, records) that apply to processed 

content and how it should be handled (for example, deleted after seven years). Organizations must 

appreciate that a one-size-fits-all method is not always appropriate, and that different types of content 

require discrete handling (for example, PII under General Data Protection Regulation (GDPR)). 

Effective data retention not only improves regulatory compliance posture, but also enhances productivity 

by reducing data duplication and improving knowledge management. By systematically eliminating 

redundant, obsolete, trivial, and duplicated data, organizations can streamline their data storage, making 

it easier to locate and access relevant information. 

However, not managing data effectively can lead to several significant risks for organizations: 

• Data Leakage: Poor data management increases the risk of unauthorized access to 

inappropriately retained content. Breaches can result in significant financial losses, damage to 

reputation, and regulatory consequences. 

• Compliance Violations: Failure to comply with data privacy and protection regulations such as 

GDPR can lead to substantial fines and legal penalties. 

• Lost Productivity: Inefficient data management processes can waste valuable time and 

resources. An organization's employees may spend excessive time searching for data, correcting 

errors, and dealing with data-related issues. 

• Financial Loss: Data breaches and compliance violations can result in significant financial losses 

due to remediation costs, legal fees, and regulatory fines. 

• Reputation Damage: Poor data management can damage an organization’s reputation, leading 

to a loss of customer trust and business opportunities. 

It is highly recommended that organizations of any size in any sector develop a strategy for data lifecycle 

management. Partnering with business stakeholders is an intrinsic part of developing a retention 

schedule that represents the data map for the organization and provides governance over how it should 

be processed. IT alone cannot create such a policy. Once a robust documented policy is in place covering 

physical, digital, structured, and unstructured data, the next steps are to adopt a people, process, and 

technology-centric solution that enforces it. 

In conclusion, a data management strategy is not just a regulatory necessity, but it is a strategic 

advantage. By partnering with key stakeholders to devise and adopt robust retention schedules and 

classification models, an organization can mitigate risks, enhance productivity, and ensure compliance. 

Effective data governance helps streamline operations, reduce costs, and protect sensitive information, 

ultimately fostering a more secure and efficient business environment. Embracing these strategies will 



enable organizations to harness the full potential of their data while safeguarding their reputation and 

resources. 


As the Head of Data Security at Quorum Cyber and an ex-Microsoft 

Technical Specialist, Leon Butler has spent over a decade as a technical 

SME, championing digital transformation through cloud services in sectors 

like manufacturing and finance. Leon specializes in guiding organizations 

towards robust regulatory compliance and information security. With an 

in-depth understanding of Microsoft 365's security features and industry 

best practices, he oversees customer integrations and deployments. Leon 

can be reached online at leon.butler@quorumcyber.com and at 

https://www.quorumcyber.com/ 



Protecting CISOs and CSOs in an Era of Personal Liability 

By Amanda Fitzsimmons, Head of Legal at Salt Security 

Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) face unprecedented 

pressures, not only from the evolving threat landscape but also from a legal environment that increasingly 

seeks to hold them personally liable for data breaches. This shift toward personal accountability places 

immense pressure on these leaders to ensure their organizations’ security postures are robust and 

compliant with ever-tightening data protection laws, all while balancing the needs to protect both 

themselves and their organizations in environments that often have limited resources. 

The Personal Liability Landscape 

CISOs and CSOs are being held personally accountable for breaches for a multitude of reasons. Stricter 

data protection laws, such as the General Data Protection Regulation (GDPR) in Europe and various 

state laws in the U.S., often contain provisions that penalize individuals for non-compliance. We’ve also 

seen in the past couple of years, increasing interest by the U.S. Department of Justice and the Securities 



and Exchange Commission to hold CISOs and CSOs criminally liable for security breaches. This shift 

toward individual accountability stems in part from the common perception that without personal liability, 

companies will never take their responsibilities for security seriously. 

At the same time, shareholders are also demanding accountability. A data breach can lead to a plummet 

in stock value, reputational harm, brand damage, and other negative consequences, prompting 

shareholders to seek someone to blame. CISOs and CSOs, as the guardians of their organization’s 

security posture, are logical targets. Public awareness of data breaches has also increased, which has 

led to an environment where consumers increasingly resort to the civil courts to hold CISOs and CSOs 

responsible. 

Given these developments, some organizations have started incorporating clauses in employment 

contracts that explicitly make CISOs and CSOs liable for data breaches, regardless of their personal 

culpability. 

Navigating Legal Implications 

With the pressures increasing, the CISO and CSO’s job is rapidly expanding from securing their 

organization to protecting themselves from these increasing personal risks. CISOs and CSOs now must 

stay abreast of industry best practices for data security not only to mitigate the risks of a data breach but 

also to establish their due diligence in fulfilling this role. 

CISOs and CSOs must now maintain comprehensive records of decisions and actions taken in the 

interest of cybersecurity since such documentation can serve as powerful evidence in the defense of a 

negligence claim. Furthermore, CISOs and CSOs must now understand their contractual commitments, 

consult with legal counsel before signing employment agreements, and consider acquiring insurance in 

order to shield themselves from the potential legal and financial ramifications of personal liability. 

Staying Ahead of the Curve 

All of this means that it is imperative for CISOs and CSOs to stay ahead of the curve by implementing 

the latest available cybersecurity measures in their organizations and being prepared to justify their 

decisions when they don’t. 

One such area that CISOs and CSOs can no longer afford to ignore is API security. In the last year, 34% 

of data breaches stemmed from API vulnerabilities, and 92% of organizations experienced an API-related 

security incident, according to research from Salt Security. And with the proliferation of APIs set to 

explode with advancements in artificial intelligence, the threat posed by APIs is only expected to increase. 

To protect their organizations and themselves, CISOs should prioritize API security as a fundamental 

component of their cybersecurity strategy. By proactively implementing measures to protect APIs and 

other emerging threat vectors, CISOs can demonstrate a commitment to security that not only reduces 

the likelihood of a breach but also strengthens their legal defense should a breach occur. 



Best Practices 

To minimize the risk of personal legal repercussions following a breach, CISOs and CSOs should: 

• Stay informed about the latest cybersecurity threats and regulations. 

• Conduct regular risk assessments and have a process to address identified risks. 

• Document decision-making processes to demonstrate diligence. 

• Advocate for necessary resources and document any refusals. 

• Collaborate with the leadership team and board of directors to ensure alignment on cybersecurity 

risks. 

• Thoroughly understand their employment agreements and consult legal counsel before signing. 

• Consider obtaining personal liability insurance. 

Conclusion 

As the cybersecurity landscape continues to evolve, CISOs and CSOs must adapt to meet the demands 

of their roles. By prioritizing best practices, documenting decisions, and understanding the legal 

implications, CISOs and CSOs can better protect not only their organizations but also themselves in this 

challenging environment. 


Amanda Fitzsimmons is the Head of Legal at Salt Security, whose API 

Protection Platform empowers organizations to secure their APIs through 

discovery, posture management, and run-time threat protection. Amanda has 

more than 15 years of experience, specializing in data privacy, cybersecurity, 

and legal compliance matters. Prior to her time at Salt Security, Amanda 

advised numerous clients through some of the most significant data breaches 

in recent history. 



Mapping a Future without Cyber Attacks 

By Chetan Conikee, Founder and CTO, Qwiet AI 

After countless attacks across a multitude of organizations, the cyber security industry has a fairly good 

grasp of how adversaries work, the vulnerabilities they take advantage of, and of course, how to prevent 

these attacks from causing serious damage. Despite all this information, the cybersecurity industry 

continues to rely on detect and respond – an endless game of cat and mouse where developers see the 

vulnerabilities in their code and spend countless development cycles attempting to address the issue 

before another one pops up. 

Fortunately, with the advent of AI-based solutions, application security teams have a path forward and 

this begins at the code level. Today, security teams have access to some of the most powerful AI solutions 

but to be effective, it is critical teams leverage solutions that can contextualize cybersecurity 

vulnerabilities, look at code through a holistic lens and understand how vulnerabilities interact with the 

entirety of your application. 

The power of context 

For developers to get ahead of cyber threats, they must look beyond simply deploying a fix and 

understand how attackers take advantage of their application’s vulnerabilities. To retrace an attacker’s 



steps, developers need context – valuable information that reveals potential attack vectors and how 

deeply rooted an issue could be. Critical information such as data flows, control dependencies and other 

critical details can all be revealed with a Code Property Graph (CPG). 

CPGs can be described as a unified representation of software systems that combines various aspects 

of code. Think of a CPG as a roadmap of your application’s code. Picture a map application on your 

phone and a destination you want to reach. When you plot your current location and the destination, you 

are presented with a map with rich contextual information. Information about accidents, roadwork, traffic 

and more. All of this enables you to take alternate routes and change your travel plans but none of this 

would have been possible without the contextual information that the map provides. 

From an attacker’s point of view, they look at an application’s map to determine the best route to success. 

With a CPG, application security scanning tools can digest your application’s code, map it out and provide 

information on API points, points in your code that interact with caches and other points of access that 

can be abused. All this information enables application security teams to find weaknesses and classify 

parts of the map as vulnerabilities that need to be addressed. 

Keeping developers in a flow state 

What is exciting about the graph-based nature of CPGs is that you can easily apply machine learning 

and deep learning techniques. This turns scanning solutions into a powerful tool that can help uncover 

hidden patterns within code, predict vulnerabilities and provide context that legacy application security 

tools might overlook. But what does this all mean to a developer? 

In a recent study of over 1000 developers, developers are spending up to a third of their time chasing 

vulnerabilities and fixing bugs instead of writing code. A staggering 38.5% also indicated that they spend 

up to 60 minutes a day searching for solutions. Cyber attacks continue to be a plague and developers 

are being asked to do more with fewer resources and greater time restraints. 

For IT teams to remain competitive in this constantly evolving cyber threat landscape, they will need 

every tool at their disposal to help keep them focused on what matters most – writing secure code. So 

how do we immunize applications against emerging cyber threats while ensuring the productivity of IT 

Teams? 

The perfect remedy could lie with the advent of AI solutions. By integrating AI capabilities into application 

security tools, organizations can dramatically increase productivity across development teams. With the 

appropriate AI tool, developers can take an issue that could have required two to three hours to fix into a 

simple 5-minute scan where the vulnerability is identified, contextualized against the entirety of your 

application and addressed with an automatic code suggestion leveraging generative AI. 

AI and the develope 

AI solutions are powerful but what is important to remember is that these solutions are not meant to 

replace the skills of developers and should be approached as complementary assets that assist your 



development teams to be more efficient and productive. A human element will still be required to not only 

guide the overall direction of code development but also ensure the final application coherently comes 

together while also supporting business goals. 


Chetan Conikee is the Founder and CTO of Qwiet AI. He is a serial 

entrepreneur with over 20+ years of experience in software 

engineering. His expertise includes building web-scale distributed 

infrastructure, virtualization and machine learning. He was most 

recently Chief Data Officer and GM Operations at CloudPhysics. Prior 

to CloudPhysics he was part of early founding teams at CashEdge 

(acquired FiServ), Business Signatures (acquired Entrust) and 

EndForce (acquired Sophos). Chetan earned his M.S. in Computer 

Engineering from Iowa State University and B.S in Computer Science 

and Engineering from Bangalore University. 

Chetan can be reached online at X - @conikeec and at our company website https://qwiet.ai/ 



Beyond Tick Boxes: An Auditor's Perspective on Information 

Security Compliance 

By James Rees, Managing Director, Razorthorn Security 

Introduction 

As cyber threats evolve and regulatory requirements tighten, businesses face increasing pressure to 

protect their sensitive data and strengthen security practices. This blog will give you some helpful insights 

from an auditor's perspective (mine!) auditing organisational information security, exploring the 

challenges, best practices and the common pitfalls I encounter. Whether your organisation is just 

beginning its security journey or striving to optimise an established programme, understanding these 

dynamics is crucial for ensuring a successful compliance audit. 



Your Security Strategy Maturity 

As an auditor, I get to see a good amount of organisational information security practices. Some 

organisations have a well-formed information security function: this may be a single person or a group. 

These entities have established policies and procedures and conduct their governance effectively. While 

there is always room for improvement - as is the case for most departments in any business - one of the 

key elements auditors look for is continuous improvement and the intent to optimise the information 

security department's capabilities. 

Well-functioning departments are typically supported by the business and, on the whole, perform 

admirably, often with limited or restricted budgets. Contrary to popular belief, auditors do not seek 

perfection; as any experienced professional will attest, perfection is an unattainable goal. But they do 

their best. 

In contrast, there are organisations at the beginning of their information security strategy journey. While 

the intent is present, they may lack resources or are still working on reaching a more advanced level of 

security. The path from minimal security to a more advanced state is lengthy and complex. It's important 

to recognise that this is a journey: progress is not instant. It takes time to establish robust cybersecurity 

measures, gain business acceptance for policies, and build out an efficient and effective defence in depth 

strategy. 

Regardless of which situation you find yourself in, this is what auditors want to see. Even those 

organisations in early security stages have essential components present. A significant bedding-in period 

is necessary to refine and achieve the desired state, assuming you have completed the required tasks. 

In these cases, you are likely to pass an audit or possibly pass with recommendations for improvement. 

This is a fact of life in the auditing process. 

Key Considerations for Auditors 

Most auditors do not audit to the letter of the requirement; instead, we look to ensure the requirement is 

being met based on its underlying intent. While we still need to make sure that controls are in place, as 

long as the intent is sound and the necessary items are present, you should have no problems or, at 

least, very few that cannot be remediated. As auditors, we also understand the challenges that 

organisations face in ensuring information security. It is not an easy task, especially for those just 

beginning their journey towards a more secure environment. However, this does not mean that these 

organisations are failing or not doing enough to meet security standards. 

In fact, auditors appreciate the effort and dedication put into establishing and improving information 

security measures. We know that it takes time, resources and continuous learning to achieve a certain 

level of security. We also understand that security teams are often thrown curve balls, as there will always 

be new threats emerging and vulnerabilities discovered. 

Therefore, what we really look for during audits is not flawless security systems or policies, but rather the 

organisation's commitment to improving their current security posture. We want to see evidence of a 



proactive approach towards identifying and effectively mitigating risks. We want to see how effective the 

organisation's incident management processes are and their ability to learn from these incidents to 

prevent future occurrences. 

But most importantly, we want to see how organisations integrate information security into their business 

operations. It should not be seen as a separate function or an afterthought, but rather an integral part of 

the organisation's culture and strategy. 

The Importance of Continuous Improvement 

So, if you are part of an organisation working hard on your information security, do not feel discouraged 

if you are not where you want to be yet. Remember, that it is a journey filled with challenges and learning 

opportunities. As long as you are committed to improving your security posture and have the right 

mindset, you are on the right path. As auditors, we are here not just to evaluate your current state but 

also to provide guidance for improvement based on best practices and industry standards. From our 

perspective, it's better to have an organisation actively working on enhancing its security measures than 

one that is merely box-ticking. 

Keep moving forward in your journey towards better information security - every step counts, no matter 

how small it might seem at the moment. What I have described above is what good information security 

programmes and business functions look like. 

The Misconception of Information Security as an IT Issue 

Conversely, there exists another category of organisations: those that merely pay lip service to security 

requirements or lack a genuine intent to meet them. These entities often perceive security as an 

impediment to organisational operations. Regrettably, I have seen situations (more times than I care to), 

where individuals are given the role of a CISO without the necessary security skills or experience, simply 

due to their background in IT, compliance or risk management. Information security is a specific discipline: 

protecting people, processes and technology through layered and blended protection and training 

requires years of specific skill development. 

A common misconception in some organisations is that information security is solely an IT issue. Often, 

the compliance or security frameworks they are obligated to follow have not been thoroughly reviewed, 

and the team may be unaware that these are often contractual or legislative requirements. This lack of 

understanding regarding their obligations leads to errors, omissions or refusal to implement necessary 

measures. While they may possess some relevant knowledge, they lack the intricate understanding of 

the profession, potentially overlooking critical factors due to their different professional background. 



Challenges in Auditing 

As you might imagine, auditing organisations like this presents significant challenges. If the intent to meet 

requirements is not there, and it's evident that the organisation does not fully comprehend the security 

framework and relevant legislation, a trained auditor cannot pass them. 

As an auditor, we have to be objective and impartial when conducting audits. We have to ensure that 

organisations are compliant with all applicable regulations and standards, and to highlight any issues so 

that they can be addressed. In most information security frameworks and legislation, an organisation is 

usually required to: 

1. Understand the standard 

2. Understand your obligations and 

3. Maintain your knowledge as it evolves. 

Typically, organisations are given ample time - usually a year or more - to understand and implement the 

necessary changes to meet new versions of the standard. 

An experienced auditor will invariably pick up on these points very early on in the auditing process. 

Key Advice for Passing an Audit 

To pass an audit, it's therefore extremely important for organisations to take information security 

seriously. It's not just about ticking boxes or meeting regulatory requirements - it's about protecting 

sensitive data and ensuring that business operations are secure. Information security is a crucial aspect 

of any organisation and it should be treated with forethought, and as a priority. Organisations need to 

invest in appropriate information security measures and ensure that they have skilled professionals 

overseeing their security efforts. 

If you're not sure where to start or how to improve your current information security posture, it is advisable 

to engage a consultant or seek professional advice. There are plenty of resources available out there - 

take advantage of them. 

As I said - auditors do not expect perfection. We understand that every organisation has its own unique 

challenges and constraints when it comes to information security. 

What we really want to see is a genuine commitment towards improving information security, continuous 

learning and improvement, and a proactive approach towards managing risks. 

A Holistic Approach to Information Security 

Good information security extends beyond robust systems and policies. It's also about having the right 

people with the right skills managing these systems and policies effectively. And most importantly, it's 

about integrating information security into the core business operations and culture of the organisation. 



It is the unfortunate truth that so many organisations, regardless of size, do not understand the 

implications of operating without a fully functioning information security department. This persists despite 

the extensive media coverage of high profile breaches in recent years. Some companies have gone out 

of business as a result of one single security incident, while others have had to spend millions in fines, 

PR and recovery costs. 

The evidence of this is there for all to see. 

Conclusion 

Finally, remember this: security doesn't need to be expensive - it needs to be effective. It is less expensive 

to create a robust security strategy than deal with the financial and reputational costs of a security breach. 


James Rees CISM, PCI DSS QSA, PCIP, ISO 27001 LA 

Managing Director, Razorthorn Security 

James, MD and Principal Security Consultant at Razorthorn 

Security, brings 25+ years of expertise in information security and 

consultancy. Having delivered CISO services to global giants, he 

possesses vast PCI DSS advisory and audit experience. James 

excels in crafting robust information security infrastructures and 

implementing intelligence-driven strategies to combat cyber threats. 

His experience solidifies him as an authority at the nexus of 

intelligence, cybersecurity and business protection. 

Beyond his role at Razorthorn Security, James is a recognised leader in the field. He hosts the popular 

cybersecurity podcast, Razorwire, providing insights and interviews with industry experts. As a published 

author and journalist, James's contributions extend to being a regular contributor in the dynamic realm of 

information security. His commitment to advancing the industry and sharing knowledge underscores his 

influential presence and impact in the cybersecurity landscape. 

James Rees can be reached online at https://www.linkedin.com/in/jamesrees and at our company 

website at https://www.razorthorn.com/ 



Strengthening Cybersecurity in Healthcare: Protecting Patient 

Data and Ensuring Regulatory Compliance in a Digital Age 

Enhancing Healthcare Cybersecurity: Key Challenges, Technological Solutions, and Regulatory 

Developments to Protect Patient Data 

By Roshan Patin, Sr. Researcher, SNS Insider Pvt. Ltd. 

Cybersecurity in Healthcare 

As healthcare increasingly relies on digital technologies, the urgency for robust cybersecurity measures 

has never been more pronounced. This industry tackles challenges including the security of patient data, 

regulatory compliance and ensuring the critical infrastructure that supports the delivery of care is safe. 

Disturbing pattern, due to efforts by government and advances in technology. 

Key Uses of Cybersecurity in Healthcare 

Security technologies can prevent costly breaches and save patient data from being shared internally or 

exposed externally, as well as other external threats to medical devices. Because of the widespread 

digitization in processes like electronic health records, telemedicine and connected medical devices, 

there has been a growing focus on cybersecurity threats to the healthcare industry. Channel sacroiliitis 

cybersecurity has a great channel security for healthcare as it assists in keeping patient data safe which 

is related to HIPAA (Health Insurance Portability and Accountability Act) compliance, lest you forget 

hospital networks. IoT Medical devices such as Gateway Security-enabled IoT Device and make sure 

that the connections done from outside are also secure if coming inside. 



This comes amid growing scrutiny on healthcare cybersecurity more generally. Some examples include 

Cisco and Palo Alto Networks launching healthcare-focused AI cybersecurity software for real-time threat 

detection and response. A health industry cybersecurity framework initiative, for example, between IBM's 

X-Force and healthcare organizations themselves aims to help healthcare providers better arm defenses 

against ransomware, alongside other infosec threats. 

Meanwhile, measures are underway which will further secure healthcare on the cybersecurity front. The 

U.S. Department of Health and Human Services (HHS) has implemented enforcement measures under 

new compliance guidelines for the HIPAA Security Rule, while the U.S. Cybersecurity and Infrastructure 

Security Agency (CISA) issued recommendations to healthcare providers regarding patient data 

limitations. HHS data show more than 700 reported data breaches in 2022 exposing information of some 

52 million individuals. An increase in breaches highlights the pressing requirement of strong cybersecurity 

measures in healthcare. 

Greater cooperation among governments and the private sector in this area, matched with developments 

in technology are helping healthcare bodies to safeguard patient data confidentiality more effectively and 

mitigate the threats of cyber-attacks. 

Trends in Cybersecurity Breaches in Healthcare 

The analysis of reported cybersecurity breaches in healthcare underscores the critical need for robust 

cybersecurity measures in a sector that handles highly sensitive patient information. The upward trend 

in breaches until 2021, followed by a slight decline, highlights both the vulnerabilities inherent in rapidly 

digitizing healthcare and the potential for improvement through targeted security initiatives. 



As the healthcare sector continues to embrace technology, organizations must prioritize cybersecurity to 

protect patient data from increasingly sophisticated cyber threats. Investments in advanced technologies, 

staff training, and incident response plans are essential. Moreover, collaboration with government 

agencies and adherence to regulatory frameworks can further strengthen defenses against cyberattacks. 

The healthcare industry must remain vigilant and proactive, understanding that the threat landscape will 

continue to evolve. By fostering a culture of security awareness and investing in comprehensive 

cybersecurity strategies, healthcare organizations can enhance their resilience and safeguard patient 

trust in an increasingly digital world. 

Key Trends Shaping Healthcare Cybersecurity 

Increased Regulatory Scrutiny: Governments worldwide are tightening regulations surrounding data 

privacy and cybersecurity. In the U.S., the Health Insurance Portability and Accountability Act (HIPAA) 

continues to evolve, requiring healthcare entities to implement stricter measures to protect patient data. 

The European Union’s General Data Protection Regulation (GDPR) also emphasizes stringent data 

protection, prompting organizations to reassess their compliance strategies. 

Adoption of Advanced Technologies: The integration of Artificial Intelligence (AI) and Machine 

Learning (ML) in cybersecurity is on the rise. These technologies can analyze patterns and detect 

anomalies in real-time, enhancing threat detection capabilities. For instance, AI-driven security platforms 

are now being utilized to monitor network traffic and identify potential breaches before they occur. 

Government Initiatives and Support 

Governments are playing a crucial role in enhancing healthcare cybersecurity. The U.S. Cybersecurity 

and Infrastructure Security Agency (CISA) launched initiatives such as the Healthcare Cybersecurity 

Initiative, aimed at providing resources and guidance to healthcare organizations. This includes threat 

intelligence sharing, incident response support, and cybersecurity training programs. 

In Canada, the government’s Cyber Security Strategy emphasizes collaboration between public and 

private sectors to bolster cybersecurity measures across critical infrastructure, including healthcare. 

Recent investments in cybersecurity technology reflect a commitment to safeguarding patient information 

and maintaining public trust. 

Latest News 

In 2023, several high-profile cyberattacks targeted healthcare organizations, underscoring the urgent 

need for enhanced security protocols. Notably, a major ransomware attack disrupted operations at a 

prominent hospital network, resulting in significant operational downtime and compromised patient data. 

This incident prompted a nationwide call for healthcare organizations to bolster their cybersecurity 

frameworks. 



Additionally, partnerships between healthcare providers and cybersecurity firms are becoming more 

common. A notable collaboration between a leading hospital system and a cybersecurity provider has 

led to the implementation of comprehensive security assessments and incident response plans, 

significantly reducing vulnerability to attacks. 

Conclusion: The Path Forward 

The healthcare industry is at a pivotal juncture where the integration of technology must be met with 

equally robust cybersecurity measures. As cyber threats continue to evolve, healthcare organizations 

must prioritize cybersecurity investments and embrace innovative technologies to protect sensitive 

patient data. 

With increasing regulatory scrutiny and government support, the future of cybersecurity in healthcare 

looks promising. By fostering a culture of security awareness and collaboration, the industry can build 

resilience against cyber threats, ensuring the safety and privacy of patient information in an increasingly 

digital world. 

Key Takeaways 

• Cyberattacks in healthcare have surged, with the sector facing unique challenges. 

• Advanced technologies like AI and ML are essential for threat detection. 

• Regulatory frameworks are tightening, necessitating compliance from healthcare organizations. 

• Government initiatives are crucial in supporting cybersecurity efforts across the industry. 


Roshan Patil is the Sr. Researcher of SNS Insider Pvt. Ltd., specializing in 

market research and analysis. With a post-graduate degree in MBA and 

over 4 years of experience in the Healthcare Industry, he contributes to 

insightful reports that aid strategic decision-making, helping clients stay 

competitive. 

Roshan can be reached online at roshan.patil@snsinsider.com, 

https://www.linkedin.com/in/roshan-patil-193ab2235/, and at our company 

website https://snsinsider.com/ 



Why the Cybersecurity Talent Shortage is a Global Threat 

By Dan Vigdor, Co-Founder, Co-CEO and Executive Chairman, ThriveDX 

In the era of digital transformation, where data flows across borders and devices, data security is 

paramount. Cyberattacks are no longer isolated incidents but global challenges that affect economies, 

industries, and national security. The most pressing vulnerability in the fight against these threats is the 

global shortage of cybersecurity talent. This shortage is not just a workforce problem but a systemic issue 

that poses a severe risk to economic stability, societal safety, and international security. 

The Global Rise of Cybersecurity Threats 

Over the past few years, cyberattacks have become more frequent, sophisticated, and damaging. 

According to the 2023 IBM Cost of a Data Breach report, the average cost of a data breach has reached 

$4.45 million, a 15% increase over the past three years. Additionally, 83% of organizations in the report 

experienced more than one data breach in the last year, illustrating just how common these attacks have 



ecome. Moreover, 2023 saw a significant rise in ransomware attacks targeting critical industries like 

healthcare, financial services, and energy infrastructure. 

A notable example is the 2024 MGM Resorts ransomware attack, which affected the company's hotel 

systems for days. Reservation systems, digital room keys, ATMs, and slot machines were brought down, 

disrupting operations and causing millions in losses. The incident highlighted the vulnerabilities in the 

hospitality sector’s digital infrastructure and emphasized the need for a skilled cybersecurity workforce to 

combat such sophisticated threats. 

In 2022, Costa Rica experienced one of the most severe government cyberattacks in history. The attack, 

launched by the Conti ransomware group, shut down the country’s entire public sector, causing economic 

losses estimated at $30 million per day during the peak of the crisis. Attacks like these, whether statesponsored 

or financially motivated, highlight the significant gaps in global cybersecurity defenses, many 

of which can be attributed to the growing skills shortage. 

However, the most pressing issue we face is not just the increase in the frequency or sophistication of 

these attacks, but the fact that we lack the manpower to defend against them. 

The Cybersecurity Skills Gap: A Growing Crisis 

As cyber threats increase, the need for skilled professionals to mitigate these risks has become critical. 

Yet, there is a stark imbalance between the demand for cybersecurity talent and the available supply. 

According to (ISC)²’s 2023 Cybersecurity Workforce Study, the global cybersecurity workforce is short 

by approximately 3.5 million professionals. This number represents a sharp increase from previous years, 

reflecting the widening gap between the supply of skilled workers and the demand for robust 

cybersecurity measures. 

The same report found that 70% of organizations struggle to hire and retain cybersecurity professionals, 

especially in cloud security, threat intelligence, and incident response roles. The lack of qualified 

personnel leaves organizations more vulnerable to breaches and less capable of responding effectively 

when incidents occur. 

In recent years, the cybersecurity skills gap has continued to widen due to several factors: 

1. The Rapid Pace of Technological Change: As businesses adopt cloud computing, Internet of 

Things (IoT) devices, and AI-driven applications, cybercriminals' attack surface has expanded. 

Each new technology requires security expertise, but the cybersecurity workforce has not grown 

at the same rate. 

2. Increased Cyberattacks: The COVID-19 pandemic accelerated the adoption of remote work and 

digital services, providing cybercriminals with new vulnerabilities to exploit. This surge in attacks 

has further strained already overworked cybersecurity teams. 

3. Complexity of Cybersecurity: Cybersecurity is a multifaceted field requiring deep knowledge in 

areas like network security, encryption, ethical hacking, and threat intelligence. As attacks 

become more sophisticated, the need for specialized knowledge grows, making 

finding individuals with the right expertise harder. 



4. Lack of Awareness and Training: Despite the growing need for cybersecurity professionals, 

there is still a lack of awareness among students and career-changers about the opportunities in 

this field. Educational institutions often lack the resources or up-to-date curricula to prepare 

individuals for the realities of modern cybersecurity work. 

A Global Threat to Economic Stability 

The cybersecurity talent shortage is not just a technical or organizational problem; it is a global economic 

threat. Cyberattacks have far-reaching financial implications, costing businesses trillions of dollars each 

year. Cybercrime is expected to cost the world $10.5 trillion annually by 2025, according to a report by 

Cybersecurity Ventures. This figure represents a dramatic increase from the $3 trillion lost in 2015 and 

underscores the accelerating scale of financial losses driven by cyberattacks. 

Industries such as healthcare and financial services are especially vulnerable. In 2023, 58% of healthcare 

organizations reported experiencing at least one ransomware attack. The average cost of a ransomware 

breach in the healthcare sector was nearly $10 million, according to Sophos. As healthcare systems 

globally becoming more interconnected and dependent on digital technology, the sector faces immense 

risk. 

In the financial sector, cybercrime remains a top concern. The rise of digital banking has created new 

vulnerabilities for cybercriminals to exploit. For example, a 2023 World Economic Forum report 

emphasized the growing importance of cybersecurity in financial institutions, warning that significant 

disruptions in this sector could lead to systemic risk and economic instability. 

Beyond individual industries, the global economy as a whole is at risk. As nations become more 

interconnected through trade, supply chains, and digital commerce, a cyberattack on one country or 

organization can have cascading effects worldwide. 

National Security Implications 

The cybersecurity talent shortage also poses significant risks to national security. Governments 

worldwide rely on secure networks and systems to protect their military operations, intelligence agencies, 

and critical infrastructure. As cyber warfare becomes an increasingly common tool for state actors, the 

need for skilled cybersecurity professionals within defense departments and national agencies has never 

been more urgent. 

Countries like the United States, the United Kingdom, and China have all recognized the importance of 

bolstering their cybersecurity capabilities. However, they face the same talent shortages as the private 

sector. Without the necessary personnel, governments may struggle to defend against cyber espionage, 

sabotage, and other forms of cyber warfare. 

Moreover, the lines between private and public sector security are increasingly blurred. State-sponsored 

cyberattacks often target private companies to steal intellectual property or disrupt critical industries. For 

example, the SolarWinds attack, believed to be perpetrated by a foreign nation-state, compromised 



private businesses and government agencies, illustrating the interconnected nature of cybersecurity 

threats. 

The Need for a Global Response 

Addressing the cybersecurity talent shortage requires a coordinated, global response. No single 

organization, country, or industry can solve this issue alone. Instead, collaboration between governments, 

educational institutions, private companies, and cybersecurity organizations is essential to building a 

skilled and diverse cybersecurity workforce. 

1. Educational Initiatives and Training Programs 

One of the most effective ways to address the cybersecurity skills gap is to invest in education and 

training. Governments and private organizations need to work together to develop comprehensive 

training programs that equip individuals with the necessary skills to enter the cybersecurity field. This 

includes both university-level programs and shorter, more flexible certification programs that can quickly 

upskill individuals. 

Moreover, we need to raise awareness about the career opportunities in cybersecurity. Many students 

and career changers are unaware of the diverse roles available, from ethical hackers to threat analysts 

to security architects. By promoting cybersecurity as a viable and rewarding career path, we can 

encourage more people to pursue this field. 

2. Diversity and Inclusion 

Building a strong cybersecurity workforce also means embracing diversity. Historically, the cybersecurity 

industry has struggled with a lack of diversity, which has hindered its ability to attract top talent. Women, 

minorities, and other underrepresented groups remain underrepresented in the field, even though their 

inclusion is critical to creating innovative solutions to complex problems. 

By promoting diversity and inclusion, organizations can not only fill talent gaps but also benefit from 

diverse perspectives that enhance their ability to defend against threats. Initiatives focusing on outreach, 

mentorship, and support for underrepresented groups should be prioritized. 

3. Public-Private Partnerships 

Collaboration between the public and private sectors is essential for addressing the cybersecurity talent 

shortage. Governments should work closely with businesses to develop initiatives that incentivize 

individuals to enter the field, such as scholarships, grants, and tax incentives for companies that invest 

in cybersecurity training. 



Furthermore, private companies should take a proactive role in cybersecurity education. Internships, 

apprenticeships, and mentorship programs can provide students and young professionals with hands-on 

experience and exposure to real-world cybersecurity challenges. By offering practical learning 

opportunities, businesses can help cultivate the next generation of cybersecurity professionals. 

4. Global Collaboration 

Cybersecurity is a global challenge that requires a global response. Nations should collaborate on 

initiatives that promote cybersecurity education, research, and development. International partnerships 

can also help standardize cybersecurity training and certification programs, ensuring that professionals 

worldwide have the skills needed to combat global cyber threats. 

Organizations such as the United Nations, the European Union, and the World Economic Forum can play 

a crucial role in facilitating this collaboration. By working together, countries can share knowledge, 

resources, and best practices, strengthening global cybersecurity defenses. 

The Role of Automation and AI 

While addressing the talent shortage is critical, technology can also help alleviate the burden on 

cybersecurity teams. Automation and artificial intelligence (AI) have the potential to revolutionize the way 

we approach cybersecurity by reducing the need for manual intervention in certain tasks. 

AI-powered tools can help identify vulnerabilities, detect threats, and respond to incidents in real-time. 

By automating routine tasks, cybersecurity professionals can focus on more strategic initiatives and 

complex challenges. However, automation is not a substitute for human expertise but rather a tool to 

augment the capabilities of cybersecurity teams. 

An Industry-Wide Call to Action 

The cybersecurity talent shortage is more than just a workforce issue—it is a global threat that affects 

economic stability, national security, and the safety of individuals worldwide. As cyberattacks continue to 

grow in frequency and sophistication, the need for skilled cybersecurity professionals has never been 

more urgent. 

Addressing this crisis requires a multifaceted approach that includes education, diversity, public-private 

partnerships, and global collaboration. By working together, we can build a cybersecurity workforce 

capable of defending against the threats of tomorrow and safeguarding our digital future. 

As we look ahead, it is imperative that businesses, governments, and educational institutions prioritize 

cybersecurity talent development. The security of our economies, our infrastructure, and societies 

depends on it. 




Dan Vigdor, Co-Founder, Co-CEO, and Executive Chairman, 

ThriveDX 

Dan Vigdor is a serial entrepreneur with over 30 years of experience 

cultivating innovative ideas and developing mission-driven 

businesses that disrupt industries. His proven track record 

showcases his ability to adapt and succeed in an array of global 

business environments. With an unwavering belief in impact 

investing and making a difference, Dan has become well-known for 

his ability to turn ambitious ideas into thriving organizations. His 

entrepreneurial expertise, coupled with his commitment to making a 

difference, lays the foundation for continued success. 

In his previous ventures, Dan has demonstrated a remarkable ability 

to innovate across industries. As the founder of BornFree Holdings, 

he revolutionized the baby bottle market by introducing the first fully BPA-free (toxin-free) baby bottle line 

in America. BornFree quickly became the preferred choice for mothers across the country, leading the 

FDA to change the law and ban BPA in all baby bottles in the USA. Vigdor also serves as a board member 

for Eyesafe.com, a company that has established itself as the best-in-class blue light protection and 

management solution for the world's leading device manufacturers. 

Beyond his professional accomplishments, Dan is a proud father and a long-time Miami resident. He is 

deeply committed to making Miami a thriving community and a better place for all its residents. This 

dedication extends to his involvement in YPO and the Jewish community, where he actively gives back 

and emphasizes the importance of philanthropy to his children. 

Through ThriveDX, Dan aims to solve the rapidly growing cyber skills gap by reskilling and upskilling 

people to meet the demands of the rapidly evolving tech landscape. By providing pathways to stable, 

lifelong careers in cybersecurity, ThriveDX is actively combating some of the most pressing issues facing 

the nation today – a cybersafe society. Dan's steadfast belief in empowering individuals from underresourced 

communities has been a driving force behind the success of ThriveDX. Recognizing the vast 

untapped potential in these communities, Dan has made it his mission to create opportunities for people 

who may not have otherwise had access to careers in the burgeoning field of cybersecurity. For more 

information on ThriveDX, visit https://thrivedx.com/ 



Deepfakes: The Cybersecurity Pandora’s Box 

Unveiling the Rising Threat of AI-Manipulated Media in Cybersecurity 

By Luke Dash, CEO, ISMS.online 

The meteoric rise of artificial intelligence (AI) has not only revolutionized industries but also unleashed a 

Pandora's box of potential threats. Among the most insidious is the emergence of deepfakes, AIgenerated 

synthetic media that can convincingly mimic real people, their voices, and their actions. 

From white papers issued by The Department of Homeland Security detailing the increasing threat of 

deepfakes to false images of Taylor Swift prompting the EU to get real about AI, deepfakes have garnered 

significant attention for their potential to spread disinformation and manipulate public opinion. 

The implications of deepfakes to the cybersecurity community cannot be underestimated. Phishing 

continues to be the number one attack vector for cyber-attacks, showing that despite years of knowledge 

and training, most cyber-attacks still take place presenting false information to trick a user. 



In an era where distinguishing between reality and fabrication is getting harder, deepfakes present a 

formidable challenge for cyber pros who are already wresting with complex roles that are often 

underfunded and hyper scrutinized. 

The Escalating Deepfake Threat 

Much like a phishing email a decade ago was easy to spot because of a mis-spelled sender’s name or a 

badly photoshopped banking logo, deepfakes used to be crude and easily detectable. Now they have 

evolved into sophisticated attacks capable of deceiving even the most discerning eye. This rapid 

progression poses a significant challenge, as traditional methods of authentication and verification – even 

live video – may no longer suffice. 

We don’t need to imagine a scenario where a deepfake video of a company executive authorizes a 

fraudulent wire transfer. That happened earlier this year, when a finance worker for at UK engineering 

firm, Arup, was tricked into transferring $25 million by a video conference request from the organization’s 

CFO that turned out to be an AI-manipulated version of existing video. 

And, research continues to show that AI-driven deepfake attacks are more common than we know. Third 

party research from my own company shows that deepfakes had been experienced by 35% of cyber 

pros, making them the second most common cybersecurity indecent encountered by businesses in the 

past 12 months. Other reports show that the cost of deepfakes will grow from $12.3 billion in 2023 to 

$40 billion in 2027. 

Deepfakes and the Cybersecurity Landscape 

Cybersecurity is a constantly changing landscape that wears down even the most committed and 

passionate practitioners. The introduction of deepfakes risks enhances the burnout these professionals 

feel as these threats truly blur the lines between reality and deception. While we long ago learned that 

trust is not a generally accepted term in the cybersecurity business, even employing a zero-trust policy 

is a challenge in a deepfake world. Consider the challenges these attacks pose for our cyber teams: 

• Circumventing Security Protocols: Deepfakes can be leveraged to bypass security measures 

that rely on biometric authentication, such as facial or voice recognition. This could enable 

unauthorized access to sensitive systems and data, potentially leading to devastating breaches. 

• Sophisticated Social Engineering: As the Arup example above shows us, deepfakes can be 

used to create highly convincing phishing scams or impersonate trusted individuals, manipulating 

victims into taking actions that compromise security. The realism of deepfakes makes these 

attacks particularly insidious and difficult to detect. 

• Weaponizing Disinformation: Deepfakes can be used to spread false information, sow discord, 

and manipulate public opinion, potentially leading to social unrest, political instability, or even 

impacting the outcomes of elections. In a global environment that is already highly heated, adding 

unwanted fuel to the fire is entirely unwanted. 



• Reputational Warfare: Deepfakes can be used to tarnish reputations, undermine trust, and 

cause significant harm to individuals and organizations. The potential for deepfakes to be used in 

smear campaigns, to ward buyers off a competitive brand, or to discredit individuals is a serious 

concern. 

Building a Robust Defense 

Deepfakes are a serious problem, but hope is not lost, and we are able to take steps to effectively combat 

them. 

As is always the case when working to thwart cyber risks of any kind, security practitioners must adopt a 

proactive and multi-layered defense strategy. Employees can only recognize what they are aware of, so 

raising awareness about deepfakes, and putting plans in place to report suspicious activity is paramount. 

Since deepfakes are so similar in nature to phishing campaigns and social engineering programs, take 

steps to ensure your security awareness training programs include content about deepfakes. 

Additionally, organizations should implement multi-factor authentication and other robust verification 

processes that go beyond simple biometric checks. This could include behavioral biometrics such as a 

signature or handwriting sample, knowledge-based authentication that asks questions like “who was your 

third-grade teacher,” or even the use of hardware tokens. Investing in advanced detection technologies 

that can help identify deepfakes based on subtle inconsistencies or artifacts is an important consideration. 

Machine learning algorithms, as well, can be trained to recognize patterns and anomalies that distinguish 

deepfakes from genuine media. 

Collaboration between industry partners, researchers, and government agencies is critical to developing 

effective countermeasures and staying ahead of the evolving threat. Both state and federal government 

agencies are working to put governance in place around AI to help prevent usage like deepfakes, but the 

U.S. is not yet at a place to give clear instruction on how AI should be built or used. Because of this, 

enterprises can help themselves by working with existing standards like ISO 27001 for information 

security and ISO 42000 for responsible AI usage. 

The Unending Battle 

The deepfake threat is not a passing fad; much like ransomware, it is an ongoing challenge that will 

continue to morph and will require constant vigilance and adaptation. Cybersecurity professionals must 

remain proactive in their defense strategies, continually updating their knowledge and tools to keep pace 

with the rapid advancements in deepfake technology. 

By raising awareness, strengthening authentication, investing in advanced detection, fostering 

collaboration, and considering legislative measures, we can mitigate the risks posed by deepfakes. 




Luke Dash is the CEO of ISMS.online. Prior to this, they were the Chief 

Operating Officer and Chief Revenue Officer at ISMS.online, overseeing 

operational leadership, support, and driving revenue channels. 

Before joining ISMS.online, Luke was the Sales Director at Lead 

Forensics, where they integrated with major CRM platforms and 

maximized ROI on sales and marketing efforts. Luke also worked as the 

Chief Commercial Officer at The Indigo Group, providing end-to-end 

solutions for contractors, freelancers, and agencies. Luke's experience 

also includes their role as a Sales Director at Ascential, where they were 

responsible for providing construction project sales leads and industry data. 

Luke began their career at IQPC, where they served as a Divisional Sales Director and Sponsorship 

Manager, driving sales growth and managing events and conferences for global corporations. 

Throughout their career, Luke has demonstrated strong leadership skills and a focus on achieving 

strategic and performance goals in various industries. Luke can be reached on LinkedIn and at our 

company website https://www.isms.online/ 



Geopolitical Cyber Threats in 2024: Navigating Emerging Risks 

with OSINT (Open-Source Intelligence) 

By Andy Grayland, CISO, Silobreaker 

Geopolitical tensions worldwide can have a foreseeable impact on an organisation’s physical operations, 

but they can also heighten the risk of cyberattacks. These cyber threats are often linked to or triggered 

by events such as armed conflicts, elections and the agendas of nation-states. Malicious actors excel at 

exploiting these geopolitical events to advance their objectives. 

For example, the ongoing conflict in Ukraine has precipitated a spike in cyberattacks, targeting Ukrainian 

and Russian entities alongside their supporters. Similarly, the current US presidential race is likely to see 

an uptick in cyberattacks aimed at political campaigns and government agencies. Even remote conflicts 

can disrupt supply chains, critical infrastructure and digital services. In this context, open-source 

intelligence (OSINT) is proving to be a vital tool, providing essential insights for comprehending and 

mitigating both cyber threats and geopolitical risks. 

Organisations can significantly improve their situational awareness by monitoring real-time OSINT, which 

enables them to better comprehend the intricacies of modern cyber conflict and devise proactive defence 

strategies. This enhanced understanding bolsters operational resilience and response planning. 



However, to maximise the potential of OSINT, it is crucial to first establish baseline scenarios for major 

geopolitical risks. Baseline scenarios outline the expected risks within a particular region, based on 

existing intelligence and historical trends. This article will explore these scenarios in key geopolitical 

hotspots, including China-related conflicts and the Ukraine war. 

Chinese Cyber Operations 

Baseline risks 

China continues to be a dominant force in the realm of cyber espionage, with its operations primarily 

targeting Western businesses and government institutions to gather intelligence and steal intellectual 

property. These activities necessitate a re-evaluation of business partnerships and security postures to 

mitigate risks. 

Potential risks 

Several key scenarios involving China are particularly noteworthy: 

• Adoption of hybrid warfare approach: Financially motivated cyber-attacks targeting US allies 

in the Asia-Pacific region could increase if China adopts a hybrid warfare strategy like Russia’s. 

This strategy would blend traditional military tactics with probing cyber attacks aimed at critical 

infrastructure and information systems as well as economic warfare through financially motivated 

cyberattacks to achieve strategic objectives without direct confrontation. 

• US-Taiwan defence agreement: Any formalised defence agreement between the US and 

Taiwan could lead to China launching disruptive cyber campaigns against Taiwanese targets in 

retaliation. These campaigns could involve the use of data wiper malware and data encryption 

malware, significantly impacting Taiwanese businesses and critical services. 

• Taiwanese elections: The election of a pro-sovereignty government in Taiwan could provoke 

China to intensify its disinformation campaigns and hacktivist activities. Such efforts would aim to 

undermine the new government and destabilise the region, impacting US and Taiwanese 

businesses. Potential attacks could range from website defacements and Distributed Denial of 

Service (DDoS) attacks. 

Russia and Ukraine Risks: Complex Cyber Warfare 

Baseline risks 

Cyberattacks are a cornerstone of Russia’s military strategy against Ukraine. Russia is employing a 

variety of tactics including disinformation, cyber espionage and disruptive attacks. One example is the 

use of the UAC-0184 remote access trojan to target Ukrainian companies in Finland. These cyber 

operations are largely aimed at gathering intelligence on Western support for Ukraine and understanding 

sanctions policies. 



Despite the low probability of a catastrophic attack on critical infrastructure in the west, Russian cyber 

actors are still probing Western critical infrastructure for vulnerabilities. 

Potential risks 

However, several alternative scenarios could alter the threat landscape: 

• Substantial Russian losses in Ukraine: If Russia faces significant losses in the conflict, it might 

intensify cyberattacks, potentially disguising them as actions by cybercriminals or hacktivist 

groups. These attacks could target critical infrastructure and financial systems to destabilise the 

West. Russian threat actors may also adopt a more aggressive cyber strategy, including the 

development and deployment of destructive data wiper malware. 

• Conflict with NATO: The looming threat of a NATO-Russia war could lead to intensified Russian 

cyber operations against Western nations. Increasingly disruptive cyberattacks could prompt 

cyber insurers, following Lloyds' example from 2023, to introduce state-sponsored cyber 

exclusion policies, negating coverage for attacks attributed to governments. If faced with 

increasing challenges in its military operations, Russia could turn to more aggressive cyber 

tactics. This might include the use of self-replicating data malware strains that can spread rapidly 

through networks to disrupt and damage systems, causing widespread chaos and economic loss. 

Russia could further extend the impact of their cyberattacks by targeting supply chains. 

• Reduction in hostilities: A decrease in hostilities between Ukraine and Russia might shift 

Russia’s cyber focus towards financially motivated attacks and efforts to cause reputational 

damage through information operations. 

Leveraging OSINT for Enhanced Cyber Defence 

When it comes to anticipating potential threats arising from geopolitical events, real-time OSINT is 

indispensable. And while the sheer volume of open-source data can be overwhelming, advanced tools 

and AI are transforming how organisations can harness OSINT to dynamically evaluate both standard 

and alternative risk scenarios. 

By automating data collection, analysis, and dissemination, threat intelligence platforms can empower 

businesses to swiftly identify risks, understand threat actors, and make informed decisions. These tools 

make it possible to extract valuable insights from OSINT, identifying emerging threats and the actors 

involved. 

Armed with real-time intelligence, organisations can spot risks early and make informed decisions to 

manage threats. This proactive approach is essential for navigating the cyber risks posed by an everevolving 

geopolitical landscape. 




Andy Grayland, CISO, Silobreaker. Andy has over 12 years of information 

security experience. A dedicated digital transformation strategist and security 

consultant, Andy specialises in developing and implementing effective 

information security programmes with a focus on aligning them to business 

objectives. Prior to Silobreaker, Andy was CISO at the Scottish Local 

Government’s Digital Office. He holds a PhD in Computer Science from the 

University of St. Andrews, and a PGC in Cyber Defence and Information 

Assurance from Cranfield University. 

Andy can be reached at our company website https://www.silobreaker.com/ 



The Threat of Privilege Abuse in Active Directory 

Lessons From the Change Healthcare Breach 

By Francois Amigorena, CEO & Founder, IS Decisions 

In early 2024, the BlackCat ransomware attack against Change Healthcare caused massive disruption 

across the U.S. healthcare sector. It later emerged that the cause of this major national incident was 

traced back to compromised credentials used to remotely access a Change Healthcare Citrix portal. 

Access to the portal wasn’t secured with multi-factor authentication (MFA). 

Using this access, the attackers moved laterally within Change Healthcare’s systems to exfiltrate data 

and, eventually, deploy ransomware — with consequences that continue to impact millions of Americans. 

The incident is one of many recent attacks highlighting Active Directory vulnerabilities, underlining why 

managing the threat of privilege abuse in Windows Active Directory (AD) is essential to securing today’s 

networks. 

Without the right protections, attackers can compromise any standard user account in AD and elevate 

privileges to gain far more powerful and dangerous access. 



On-Premise Active Directory Security Vulnerabilities 

For adversaries, no target has more value than Windows Active Directory, the foundation of most 

organization’s identity and access management systems. Although the Change Healthcare breach is a 

well-known incident, it’s hardly the only example. Numerous other cyberattacks have exploited similar 

weaknesses in AD. 

Unfortunately, one reason for AD security vulnerabilities is that the size and complexity of the platform 

mean that many aspects of securing AD are not straightforward. This is especially true for on-premise 

AD accounts, where organizations must assemble security on their own. 

Attackers try to compromise non-privileged AD accounts to get inside the network. Once they’re in, they 

can open Pandora’s box of tools and techniques to further manipulate AD from within. As the Change 

Healthcare example underlines, the most exposed part of this is through user accounts and credentials. 

This issue of credential and user compromise is central to AD security. This makes the way accounts are 

managed, monitored, and secured a fundamental part of defending AD. 

Good AD defense isn’t only about stopping attackers at the initial access point. It’s also about making it 

difficult to move laterally inside the network if they do get in. 

Exploiting and Elevating Privileges in Active Directory 

The idea of privileges in AD is easy to misunderstand. Normally, we think of privileged access as relating 

exclusively to special accounts such as those operated by admins that confer system-level powers. 

Actually, AD has an array of privileged user accounts. Each has slightly different access rights, including 

enterprise admins, domain admins, schema admins, group policy admins, backup admins, account 

admins, and application service accounts. In some cases, an administrative account might perform more 

than one of these roles. 

Why have so many admin types? The answer is that, as with network management in general, good AD 

administration is based on the principle of least privilege security. Every account should only have the 

privileges needed to do the job assigned to it. This is especially important where those privileges confer 

admin-level powers. 

This raises the important fact that all accounts in AD — including the humblest user accounts — have 

some privileges. In AD, even the most basic privilege is a privilege that poses a risk and therefore needs 

to be controlled. 

The soft underbelly of AD is the ability of an attacker to elevate privileges. Attackers routinely compromise 

an ordinary Active Directory user account and elevate its privileges to reach more sensitive areas of the 

network. This reminds us not to underestimate the importance of securing all AD accounts. 

How do attackers elevate privileges? Numerous techniques exist, including exploiting software 

vulnerabilities or internal misconfigurations and hijacking internal AD processes. But today’s attackers 



just as often use network tools to identify and target privileged account credentials. The attackers then 

assume the privileges of these accounts to expand their access. 

How to Stop Privilege Abuse and Secure Active Directory Access 

Securing AD requires multiple layers of security, including defending against phishing attempts, enforcing 

strong passwords, and securing all accounts using MFA. 

It’s key to monitor and audit privileged account access and admin actions and to set up alerts if an admin 

account modifies policies. This protects against external attacks and insider threats alike. 

However, because AD management is never one-size-fits-all — even for privileged users —admins must 

be able to apply policies granularly so that this type of account can be permitted either to “read” or view 

group properties or members without changing them, or to “write” and modify them. 

Apply MFA on User Account Control (UAC) Prompts 

By default, UAC (user account control) prompts at the admin level require only a password. Adding MFA 

to this hugely reduces the vulnerability of the attack surface and packs a strong punch in the fight against 

privilege abuse and AD compromise. If you can set up alerts on UAC prompts, you’ll also more quickly 

detect threat actors trying to move through the network. 

Defending Active Directory Does Not Stop at the Logon 

Defending AD isn’t easy. It’s a large and complex platform that assumes organizations will assemble 

additional layers of security. To succeed, defenders must address wide-ranging threats including 

credential compromise, lateral movement, privilege abuse, insider threats, and more. 

Critically, defenders must stop onboarding solutions solely to check off compliance and cyber insurance 

requirements. They also must ensure their solutions offer the security necessary to prevent the above 

threats. Some solutions check boxes, others offer effective security that also happens to check boxes — 

the latter are harder to find. 

What’s the takeaway here? Even if you’ve implemented MFA to secure the logon, ensure you can control 

and monitor what happens once a user gains access. 

Organizations don’t dedicate as much effort to defending internal actions inside AD as they do initial 

access. Real-world cyberattacks tell us this is a mistake. What happens after an attacker gains access 

is just as important as the initial compromise. 




François Amigorena is the founder and CEO of IS Decisions, a global 

software company specializing in access management and MFA for 

Microsoft Windows and Active Directory environments. After a career at IBM 

and a subsidiary of la Société Générale, Francois became an entrepreneur 

in 1989 and has never looked back. François can be reached online at X - 

@FrenchCEO and at https://www.isdecisions.com. 



Customer Authentication Challenges That Impact Your 

Organization's Security Posture 

By Jim Verducci, CEO, Wristband 

Introduction 

In today's cybersecurity landscape, CISOs face the challenge of securing data while managing costs 

effectively. As cyber threats become more sophisticated, traditional user authentication methods often 

prove inadequate or prohibitively expensive, particularly for smaller businesses. Understanding the 

difference between internal employee authentication and CIAM (Customer Identity and Access 

Management) is crucial in this context. While internal IAM secures an organization's workforce, CIAM 

focuses on securing customer interactions. CISOs must ensure that their organization’s products 

maintain a strong security posture, protecting both internal systems and customer data. At the same time, 

they must balance the budget to implement cost-effective security solutions. 



The Critical Role of Customer-Facing Authentication 

CIAM is crucial for managing authentication of external users — such as customers and partners — who 

interact with a company's digital platforms. Unlike internal IAM, which deals with employees, CIAM must 

cater to a broad spectrum of customer needs, scale efficiently, and meet stringent security standards. 

For CISOs, it’s vital to integrate internal security practices with CIAM strategies, as strong user 

authentication is the first line of defense against breaches. With the increasing costs of breaches and 

regulatory pressures, adopting secure and scalable CIAM solutions that ensure strict data isolation 

between customers is crucial to safeguarding both external interactions and internal systems. 

The Regulatory Landscape 

As regulatory requirements tighten, CISOs must prioritize robust authentication to meet compliance 

standards. Regulations such as GDPR and CCPA emphasize the need to secure customer identities and 

protect personal data, making strong authentication not just a security measure but a legal obligation. 

This shift poses significant challenges for smaller businesses, which are now held to the same rigorous 

compliance standards as larger organizations. The expanding regulatory landscape requires businesses 

to implement robust CIAM solutions in order to safeguard customer data and mitigate risks of penalties 

and reputational damage. Therefore, investing in scalable CIAM solutions that ensure both security and 

compliance is crucial for adhering to evolving regulatory standards. 

The Role of CISOs in CIAM Tool Selection 

CISOs play a pivotal role in shaping their organization's CIAM strategy. Although they might not make 

the final purchase decisions, their influence is crucial throughout the selection and implementation 

process. CISOs must collaborate closely with developers during the proof-of-concept phase to ensure 

the CIAM tool aligns with the company's security posture and integrates smoothly with existing systems. 

This partnership is key to addressing two major challenges: the cost of CIAM solutions and the technical 

complexities of achieving robust data isolation in multi-tenant environments. 

Addressing the Cost Barrier: The SSO Tax 

One of the critical considerations in CIAM tool selection is the cost, particularly the high price associated 

with essential features like Single Sign-On (SSO), often referred to as the "SSO tax." This premium 

pricing can be a significant barrier for many organizations, especially smaller businesses (SMBs) and 

startups, which might lack the budget for expensive authentication solutions for their customers. 

Furthermore, when high costs limit access to robust authentication solutions, organizations could be 

forced to opt for less secure or inadequate options. This compromises their security, increasing 

vulnerability to breaches and elevating the risk of incurring regulatory fines. 

The Cybersecurity and Infrastructure Security Agency (CISA) has underscored the gravity of this issue 

in recent reports, stating that "Consumers should not need to pay premium pricing, hidden surcharges, 



or additional fees for basic security hygiene." This sentiment highlights the pressing need for CIAM 

solutions that provide necessary security features without excessive costs. 

To address these challenges, organizations should seek CIAM solutions that balance affordability with 

robust security features. By selecting platforms that provide essential capabilities, such as MFA and SSO, 

at a reasonable cost, businesses can ensure that secure and scalable CIAM tools are accessible to 

organizations of all sizes. 

Addressing the Technical Barrier: The Data Isolation and Developer Support Gap 

Data isolation is key to reducing breach risks, as it prevents unauthorized access to sensitive information 

across different customer environments. Achieving this level of security is particularly challenging when 

dealing with multiple customers or partners on shared systems. 

Multi-tenancy, a core feature of modern SaaS architectures, supports this need by allowing multiple 

organizations to share a single software instance while keeping their data strictly separated. However, 

implementing secure multi-tenancy can be complex, especially when many traditional authentication 

systems are not designed for this architecture. Even with a premium CIAM tool, complex integration can 

lead to high opportunity costs, as developers may spend excessive time troubleshooting issues instead 

of focusing on essential projects. 

Additionally, if a CIAM tool lacks intuitive design, comprehensive documentation, or adequate support, 

developers could inadvertently introduce vulnerabilities or misconfigurations, compromising security. 

Poor integration can also result in suboptimal user experiences, damaging the brand’s reputation. 

Selecting a CIAM tool that integrates seamlessly with existing security infrastructure and ensures strict 

data isolation is essential. Additionally, the platform should be intuitive and come with comprehensive 

documentation and support to prevent misconfigurations that could introduce vulnerabilities. 

Key Features of an Effective CIAM Solution 

Given the financial and technical challenges of CIAM solutions, it's crucial to focus on key features that 

address security and scalability needs. Prioritizing critical aspects like support for industry standards — 

such as OAuth 2.0, OpenID Connect, and JWT— can ensure your platform meets complex requirements 

while providing a robust foundation for secure data isolation in CIAM implementations. 

1. Comprehensive Support for User and Machine Authentication: Modern security strategies 

demand a solution that supports both user and machine authentication, essential for upholding a 

Zero Trust model. Machine authentication is particularly vital in environments utilizing 

microservices, where automated processes require secure identity verification. Enforcing strict 

authentication protocols across both users and machines ensures that all access is validated, 

significantly reducing the risk of unauthorized entry and reinforcing Zero Trust principles. 

2. Enterprise Security Features: To safeguard against unauthorized access, a robust 

authentication platform should include enterprise-level security capabilities such as Multi-Factor 



Authentication (MFA) and Single Sign-On (SSO). These features not only ensure that sensitive 

customer data is accessible only to legitimate users, reducing the likelihood of breaches, but also 

address password sprawl by enabling users to access multiple services with a single set of 

credentials. 

3. Multi-Tenant Architecture: A well-structured multi-tenant system fortifies overall security, 

minimizes breach risks, and provides a scalable foundation for future expansion. It is essential to 

employ a CIAM solution with a native multi-tenant architecture that prevents cross-tenant access 

and ensures compliance with data protection regulations. Each tenant should have the capability 

to easily configure their customers' identity providers, allowing for tailored authentication flows 

that meet specific security and compliance needs. 

4. Cross-Tenant Management: A modern solution should offer cross-tenant management features 

such as provisioning dedicated admin and account representative tenants. These specialized 

tenants allow for efficient management of customer accounts without switching contexts, 

preventing tracking and accountability issues that can arise from classic user impersonation. This 

approach provides a secure, dedicated space for administrative tasks, ensuring clear visibility, 

traceability, and strong compliance. 

5. Signing Key Granularity: A critical aspect of securing access tokens in authentication and 

authorization is the management of signing keys. Having a system where each application within 

a customer’s environment has its own unique signing keys enhances security by ensuring that a 

breach in one application doesn’t compromise others or affect other customers. This level of 

granularity limits the potential impact of a security incident, thereby reducing the blast radius and 

improving overall containment. 

6. Fine-Grained Access Control: To align with the Principle of Least Privilege, a robust access 

control system is essential. A key component of effective access control is Role-Based Access 

Control (RBAC), which is a staple for providing granular control over user permissions. By defining 

specific roles and access levels for each tenant, organizations can tailor permissions to match 

their needs. This targeted approach ensures users access only the resources necessary for their 

roles, thereby minimizing the risk of unauthorized access and potential security breaches. 

7. Role Mapping for Consistent Access Control: Building on access control, role mapping 

elevates secure user management by aligning roles from a customer’s identity provider with 

custom roles in your application. This synchronization ensures consistent and appropriate access 

across all customer-facing applications, simplifying user lifecycle management. When 

organizational roles change, access levels can be swiftly updated within the application, 

enhancing responsiveness. Role mapping also strengthens audit capabilities and centralizes 

control, reinforcing security and compliance throughout the organization. 

8. Cost-Effective Scalability: As an organization grows, its authentication solution should scale 

efficiently to accommodate increasing demands without escalating costs. Look for solutions with 

transparent pricing structures that align with your growth trajectory and support a growing user 

base while maintaining optimal performance. Effective scalability ensures that you can expand 

your user base and adapt to changing needs without compromising on security or performance, 

making it a key element for sustainable, long-term success. 

9. API-First Flexibility and Developer Control: An API-first solution empowers development 

teams to customize authentication processes, meeting diverse customer needs with flexibility and 

control. This approach enables seamless integration into existing workflows, ensuring a secure 



and consistent user experience across platforms. By prioritizing an API-first architecture, 

organizations can maintain robust security while adapting to unique business requirements, 

enhancing both efficiency and security. 

Conclusion 

In today’s rapidly evolving cybersecurity landscape, CISOs are tasked with the critical challenge of 

balancing robust security measures with cost-effectiveness. Collaborating closely with development 

teams is vital in selecting a CIAM solution that not only secures customer interactions but also scales 

linearly with organizational growth. As new CIAM solutions emerge, avoiding the "SSO tax" — where 

essential features like Single Sign-On come with inflated costs — can significantly impact an 

organization’s security posture. By choosing cost-effective, scalable solutions that provide robust features 

such as multi-tenancy, signing key granularity, and fine-grained access control, CISOs can ensure 

stronger data protection, enhanced regulatory compliance, and better preparedness for future growth. 

This strategic approach not only fortifies security but also maintains resilience in a competitive market, 

proving that affordability and advanced capabilities can go hand in hand. 


Jim Verducci is the Co-Founder and CEO of Wristband. He has 17 years of 

experience in tech consulting, cloud-based systems, microservices, and 

APIs. He has experience collaborating with engineering teams and business 

stakeholders at mid to late stage B2B startups, focusing on designing and 

scaling distributed software architectures. His background in authentication 

and identity management has shaped his focus on addressing the 

complexities and costs of auth solutions. When not immersed in tech, Jim 

enjoys spending time with his wife and their two active young boys. 

Jim can be reached online at https://www.linkedin.com/in/jim-verducci/ and at our company website 

https://www.wristband.dev/ 



Embracing the AI Revolution: How to Incorporate Generative AI 

into Your SOC 2 Compliance Plan 

By Juliana Spofford, General Counsel and Chief Privacy Officer, Aidentified 

Generative AI (Gen AI) has emerged as a transformative force. From streamlining operations to 

enhancing customer experiences, AI-powered solutions offer unprecedented opportunities for 

businesses of all sizes. However, these advancements also introduce new challenges—especially when 

it comes to cybersecurity. As companies embrace Gen AI, staying compliant with industry standards like 

SOC 2 is more critical than ever. In fact, Gen AI products are making it increasingly difficult to maintain 

a secure environment, which could significantly impact your business. This article explores how to 

integrate Gen AI into your SOC 2 compliance strategy, ensuring you stay ahead of the curve while 

mitigating risks. 

The New Frontier of Cybersecurity Challenges 

As Gen AI-driven products flood the market, they offer countless benefits but also expose companies to 

heightened security vulnerabilities. Gen AI solutions, while innovative, are often not fully mature when it 

comes to cybersecurity. These tools can unintentionally introduce security and privacy risks—such as 



unauthorized data use with respect to input and output data, security vulnerabilities and other compliance 

failures—that can compromise the security of your organization. 

If Gen AI hasn't yet played a role in your SOC 2 compliance review, it's time to start integrating Gen AI 

products and services into your plan. Failing to address Gen AI's impact could put your company's data 

security and reputation at risk. 

Incorporating Generative AI into Your SOC 2 Compliance Plan 

Here are actionable steps to incorporate Gen AI into your SOC 2 plan: 

Develop a Gen AI-Specific Use Policy: As with any new technology, your first step should be to establish 

a Gen AI usage policy. This policy should clearly outline how Gen AI products and services will be used 

within your company (with prohibited and accepted use cases), the risks associated with it, and the 

controls in place to mitigate those risks. Implementing periodic Gen AI use training programs are also a 

must to raise employee awareness. 

Conduct Written AI Risk Assessments: Gen AI brings both known and unforeseen risks. A thorough, 

documented risk impact assessment should be conducted, focusing on areas like what data is being 

ingested by the Gen AI engine, whether the output is being monitored, whether use of Gen AI is creating 

data privacy or IP issues, and an in-depth review of the Gen AI system’s security integrity. This 

assessment will serve as the foundation for your Gen AI security controls and must be updated regularly 

as Gen AI technologies evolve. 

Prepare for Gen AI Scrutiny in Audits: SOC 2 auditors are becoming increasingly focused on how 

companies manage new technologies, especially Gen AI. What might have been acceptable last year 

may no longer suffice as your company matures. For example, certain departments within your company 

may be using software with Gen AI capabilities that could be processing customer data or other 

confidential or sensitive data, so make sure you have reviewed all aspects of possible Gen AI use in your 

company. Auditors are expecting a more robust, in-depth review of all Gen AI-powered functionality within 

your company’s systems. These expectations will only intensify with Gen AI's growing role in business 

processes. 

Planning for the Future 

When your company undergoes its next SOC 2 audit, auditors will likely hold you accountable for how 

you incorporate Gen AI into your compliance framework. They'll make recommendations for 

improvements, which will serve as a roadmap for what needs to be accomplished in the coming year. 

For instance, your auditors may flag issues such as gaps in your Gen AI risk assessments or insufficient 

controls over Gen AI-powered processes. Rather than viewing these findings as setbacks, consider them 

opportunities to strengthen your security posture and stay compliant. 



For small and emerging businesses, staying compliant with SOC 2 while adopting Gen AI-driven solutions 

may seem daunting. Having navigated the process to earn SOC 2 attestation at Aidentified, we have 

learned that it is important to involve your SOC 2 auditor early in your Gen AI onboarding process to get 

their input prospectively on Gen AI technology implementations. With a proactive approach and a 

commitment to continually improving your security practices, you can successfully navigate the 

complexities of Gen AI while keeping your company secure and your SOC 2 process updated. 


Juliana Spofford has over 30 years of experience providing legal advice to 

data services and information technology companies, such as NetProspex, 

Inc. (sold to Dun & Bradstreet) and Generate, Inc. (sold to Dow Jones). Prior 

to joining Aidentified, Juliana was the global Chief Privacy Officer at Dun & 

Bradstreet where she was responsible for their global privacy compliance 

program. Juliana can be reached at https://www.aidentified.com/ 



Cybersecurity Awareness Month 2024: Insights from Industry 

Experts 

Cybersecurity Awareness Month is observed every October to bring attention to the emerging threats we 

face online. To highlight the importance of maintaining awareness and proactivity to reduce cyber risks, 

we’ve compiled insights from leading industry experts on the latest trends, best practices, and 

recommendations for successfully navigating the evolving cybersecurity landscape. 

Jose Seara, CEO and Founder, DeNexus: 

Many companies know they are targets (nobody is immune to cyber attacks), but they rarely know 

whether they spend enough on cybersecurity and whether their protection efforts are targeted to the right 

places. 

This year’s theme for Cyber Awareness Month, “Secure Our World," highlights the need for increased 

cyber protection in all aspects of our personal and professional digital lives, including industrial systems— 

the connected equipment and systems that control factory floors in manufacturing, the buildings hosting 

data centers, power generation sites, electricity distribution networks, or even the tarmacs and boarding 

areas in airports. 

Given the gap in cybersecurity resources and the flattening of cybersecurity budgets, cybersecurity 

leaders need to take a step back and assess where to allocate scarce resources and limited budgets to 

achieve the greatest return on investment, which, for cybersecurity, is to reduce the probability of material 



cyber incidents. This starts by identifying and measuring cyber risks in financial terms, the probability and 

severity of potential cyber incidents due to weaknesses in cyber defenses. 

Boaz Gorodissky, Chief Technology Officer, XM Cyber: 

Cybersecurity Awareness Month serves as a reminder to organizations that protecting critical assets 

requires a much more comprehensive approach to exposure management. Organizations typically have 

around 15,000 exposures scattered across their environments that skilled attackers could potentially 

exploit, and yet, CVE-based vulnerabilities account for just a small percentage of this massive exposure 

landscape. Even when looking only at exposures affecting their most critical assets, CVEs represent only 

a small part of the risk profile. While organizations are focused on patch management and vulnerability 

management to address CVEs, the maturity to mobilize teams and remediate issues such as 

misconfigurations and weak credentials is low, leaving organizations exposed. 

This disconnect between the traditional cybersecurity focus and the real-world threatscape demands a 

paradigm shift in security strategies. 

This Cybersecurity Awareness Month, organizations should use the opportunity to ensure a 

comprehensive and proactive approach to cybersecurity. They should ensure they get a continuous and 

complete view to secure all critical assets (on-prem and cloud), to holistically safeguard their digital assets 

in today’s increasingly-complex threat landscape. 

Doug Murray, CEO, Auvik: 

Last year, CISA announced that the enduring theme for all future Cybersecurity Awareness Months 

(which occurs each year in October), would be “Secure Our World.” This theme evokes the sentiment 

that security is a shared responsibility between individuals, businesses and governments alike. Even 

within a specific organization, security is a shared responsibility. 

Consider the issue of infrastructure sprawl – both CISOs and CIOs are purchasing and managing tools 

that support either cybersecurity objectives or serve a particular IT function. A big concern here is the 

cybersecurity risks involved in infrastructure sprawl, as the proliferation of tools and vendors has gotten 

out of control for many IT teams. 

Another increasing area of risk is shadow IT and shadow AI, which involves the use of IT systems, 

devices, software, and services without explicit approval from the IT department. SaaS shadow IT is 

probably one of the biggest hidden risk factors that IT leaders face today, particularly at a time when 

employees are experimenting with emerging AI tools. Most people who utilize shadow IT tend to think 

that they’re just using a productivity tool. However, organizations have found shadow IT adoption can 

open vulnerabilities. 

In purchasing a combination of different tools – some that provide multiple functions and others that are 

point solutions – companies easily end up with huge overlaps. For example, it’s common for a company 

to have multiple firewall providers operating within their network all at the same time. This is not only 

redundant but could actually be introducing even more cybersecurity risk to the business unnecessarily. 



How can we manage some semblance of consolidation to drive up efficiency and lower costs? Every 

vendor that gets added for more firewall or endpoint security protections introduces new security 

concerns in terms of business process integration and daily IT management. What’s needed is a network 

management platform that gives us a federated view of everything that IT uses for its daily processes, 

systems, and management. Business leaders must then work together to determine which tools to keep 

and which they can do without, in order to reduce sprawl and overall risk exposure. 

Jason Scott, CISO, Sectigo: 

A study conducted by the A. James Clark School of Engineering at the University of Maryland, there are 

more than 2,200 cyberattacks per day, which equates to one attack every 39 seconds. This means that 

we have around 800,000 cyberattacks per year. To put this in relative terms, there were only 11 major 

battles during the Vietnam War and 20 major battles during World War II, both lasting multiple years. 

Obviously, there were many more minor skirmishes unaccounted for. Still, the point is that we are being 

(cyber) attacked daily with no pauses or time to recover. It has become cliché, but the statement still 

holds; “we have to get it right 100% of the time, but the adversaries only have to get it right once.” 

Getting it right matters. Cybercrime is predicted to cost the world $9.5 trillion in 2024 and the global 

average cost of a data breach in 2023 was $4.45 million per incident, a 15% increase from the previous 

three years. If we don’t get it right, not only does the business lose, but as we all know, costs are passed 

onto the consumer or taxpayer when governments are involved. 

We must be vigilant in our cybersecurity journey and can’t afford to get the basics wrong. The basics are 

those core IT and security functions that must be done in every organization regardless of size and 

budget. Some include using strong passwords stored in fully encrypted password managers, using multifactor 

authentication on all applications, rigorous anti-phishing training, and ensuring software and 

systems are patched. 

These “basics” sound simple and are not difficult to implement, but we (IT, Security teams, and the 

Business) routinely fail at it. We tend to focus on the fancy new tool, the shiny new dashboard, quarterly 

profits, or even the latest analytical application. Yes, these are important and have their place, but we 

should ensure we have the “basics” down to protect the business so it can focus on profit and growth. 

Using patching as an example, if we can patch our prioritized vulnerabilities promptly, we reduce our 

threat landscape, which, in turn, offers attackers fewer doors and windows into our environment. The 

term may seem a little dated, but defense in depth is a solid method used to defend our often-porous 

environments. Using multiple levels of security, such as strong passwords, multi-factor authentication, 

resilience training, and patching strategies, makes it harder for threat actors, so they tend to move to 

another target with weaker defenses. 

Dena Bauckman, Senior Vice President of Product, Sectigo: 

In the 21 st year of the Annual Cybersecurity Month, I can’t help but think that the themes for this year 

seem the same ones we have been talking about for years: use strong passwords and a password 



manager, turn on multifactor authentication, recognize and report phishing, and update software. So why 

after all these years are we still having to remind everyone to do these? I am convinced that in both our 

personal and professional lives, we are all trying to move so fast that we don’t do the simple things we 

know we should. These four themes are basic security measures, but they do take time to implement. I 

was once told that “sometimes you need to slow down to speed up”, and I think that is the case here. 

Taking the time to setup a password manager and creating strong and unique passwords across all 

accounts and combining that with multifactor authentication (MFA) on all systems, would greatly reduce 

the compromised accounts that are part of so many attacks. With AI improving the effectiveness of 

phishing emails, we all need to slow and think about who is sending us an email and why. And with the 

constant release of new software updates, we need to take the time to implement the updates and, 

wherever possible, automate the updates. If we can slow down long enough to implement these basic 

themes, we can go faster by spending less time recovering from cybersecurity attacks that should never 

have happened. 

John Anthony Smith, CSO and Founder, Conversant Group: 

At the start of 2024, the Identity Theft Resource Center (ITRC) reported a 490% increase in data breaches 

in the first half of the year compared to the same period in the previous year. As the frequency of attacks 

continues to rise year over year, the focus must shift from “what if it happens” to “how do we respond 

when it happens”. While awareness and breach resistance are important when it comes to cyber-attacks, 

recovery is even more critical. 

In an increasingly digital world, robust recovery capabilities are not just a safety net but a strategic 

advantage and a tactical MUST. The actions taken before [survivable, usable, and timely recoverable 

backups] and after [verified, tested, and readied brownfield recovery] a breach are what truly matter to 

reduce the costliest impacts—business interruption. By taking thoughtful and decisive steps, you can 

regain control and minimize damage and business disruption. Here are some proactive steps to consider: 

• Assess your recovery capabilities for survivability, usability, and timely recovery against the 

technical realities of threat actor behavior [what they are willing and able to do] 

• Ready your environment for secure brownfield recovery, and test it often! 

• Create a detailed incident response plan that outlines the steps to take immediately after a breach 

and test it! 

• Invest and constantly realign recovery and resistance capabilities to what threat actors can, will, 

and are doing [in breach]. 

• Ready your incident response partners: Know your contacts, Know their Processes, Have the 

contract pre-negotiated, Incorporate them into your IR plan, and Test your interactions with and 

through them. 



Organizations deserve the peace of mind that comes with assured recovery when the breach occurs. By 

investing in an assured recovery program that prioritizes resiliency and recovery, organizations not only 

take a proactive approach to cyber protection, but also gain a competitive edge. This approach ensures 

business continuity, minimizes downtime, and protects valuable data and assets. 

Kris Bondi, CEO and Co-Founder, Mimoto: 

Deepfakes and ransom-as-a-service have put sophisticated tools in the hands of unsophisticated bad 

actors. In the innovation race, bad actors have an advantage because they’re faster to adapt than many 

organizations. The only way to course correct is to focus on the core problems, not only how to improve 

approaches that are no longer effective. Making a password process more cumbersome doesn’t help if 

a bad actor comes in through a reverse shell. 

To start next month more secure than today, organizations must look at what current vulnerabilities 

they’re ignoring. Impersonations within their system that aren’t caught and acted upon quickly are a core 

component to account takeovers, ransomware attacks, data extraction, and insider threats. Coupled with 

this should be timing and context. This enables companies to respond in real-time to a breach, before it 

is weaponized, and to know what to prioritize with their likely limited resources. This will enable teams to 

find and stop what has already gotten into the protected perimeter, before the damage is done. 

Ensuring Continuous Cybersecurity Vigilance and Education 

Although Cybersecurity Awareness Month only lasts 31 days, the importance of proper cybersecurity 

protocol and education is unceasing. As the threat landscape continues to evolve and cybercriminals 

become more innovative, it is more essential than ever for organizations to have the resources and plans 

in place to protect their people and data from the threats that lurk in all corners of our digital world. 


Jose Seara, CEO, DeNexus 

Jose M. Seara is the founder and CEO of DeNexus, a leader in cyber risk 

quantification and management for operational technology (OT) and 

industrial control systems (ICS). Jose was previously the President & 

CEO of NaturEner USA (now BHE Montana) & NaturEner Canada. 

Prior to his time at NaturEner, Seara was a founding partner and member 

of the board of directors at DeWind Co. Jose was also a founding partner 

and principal at PROYDECO Ingenieria y Servicios SL, and a partner and 

director at Proyectos de Cogeneración SL. 

He holds an Executive Program degree from Singularity University in the 

field of Exponential Technologies, as well as a Master of Science in Naval 

& Marine Engineering from Universidad Politécnica de Madrid. 



Boaz Gorodissky, Chief Technology Officer at XM Cyber 

Boaz Gorodissky is a 30-year veteran of the Israeli Intelligence 

Community, most recently serving as Head of the Technology. In this role, 

he re-organized and headed technology divisions, overseeing thousands 

of engineers and a large-scale budget. Gorodissky currently serves as 

Chief Technology Officer at XM Cyber where he oversees all technology 

and product development. As CTO, his responsibilities start with 

identifying customer needs and working with product management to 

define detailed requirements and a technology roadmap aligned to the XM 

Cyber vision. This includes anticipating what capabilities will be critical for 

organizations to have in place to strengthen their security posture, while also delivering features that 

solve immediate pain points based on customer feedback and industry trends. 

Doug Murray, CEO, Auvik 

Doug Murray is the Chief Executive Officer of Auvik where he drives 

company strategy, culture, and growth. Murray has over 25 years of 

network and security industry experience, including two years as the CEO 

of cloud cyber security company Valtix (acquired by Cisco), as well as 

seven years as CEO of SDN pioneer Big Switch Networks (acquired by 

Arista Networks). He previously held leadership positions at Juniper 

Networks, Sun Microsystems and AT&T, and was a finalist for the EY 

Entrepreneur of the Year Northern California in 2017. Doug holds a BA 

in History from Colgate University and an MBA from Johns Hopkins 

University. 

Jason Scott, CISO, Sectigo 

Jason Scott brings to Sectigo his experience from his time in the United 

States military. He held the rank of Colonel and was most recently 

entrusted with the role of Executive Director for a crucial unit responsible 

for the U.S. Army’s cybersecurity. His military career is complemented by 

his substantial commercial experience in high-level information security 

roles at well-known companies such as Capgemini and Chevron. Jason 

is also a Certified Information Security Manager (CISM). He is in charge 

of managing all facets of cybersecurity at Sectigo, which includes data, 

infrastructure, network, and applications/products. 



Dena Bauckman, Senior Vice President of Product, Sectigo 

Dena Bauckman heads up Sectigo's Product Management & Product 

Marketing functions. As an accomplished product development 

strategist, Dena possesses a deep understanding of both business and 

technical software components. She specializes in driving revenue 

growth through effective product development and management, 

building innovative solutions based on market insights, and leveraging 

her cybersecurity expertise. Her leadership focus centers on 

empowering teams to solve practical engineering challenges, and her 

unique perspective, spanning sales, marketing, and engineering, has 

led to impactful business-enhancing products. 

John Anthony Smith, CSO and Co-founder, Conversant Group 

John Anthony Smith is CSO and Co-founder of Conversant Group and its family 

of IT infrastructure and cybersecurity services businesses. He is the founder of 

three technology companies and, over a 30-year career, has overseen the 

secure infrastructure design, build, and/or management for over 400 

organizations. He is currently serving as vCIO and trusted advisor to multiple 

firms. 

A passionate expert and advocate for cybersecurity nationally and globally who 

began his IT career at age 14, John Anthony is a sought-after thought leader, 

with dozens of publications and speaking engagements. In 2022, he led the 

design and implementation of the International Legal Technology Association’s (ILTA’s) first annual 

cybersecurity benchmarking survey. 

John Anthony studied Computer Science at the University of Tennessee at Chattanooga and holds a 

degree in Organizational Management from Covenant College, Lookout Mountain, Georgia. 



Cybersecurity Awareness Month: Industry Experts on Securing 

Our Digital Lives Together 

October marked the arrival of Cybersecurity Awareness Month, a pivotal time for individuals and 

organizations to reflect on the importance of safeguarding our digital interactions. As technology 

continues to advance and integrate into every aspect of our daily routines, the need for robust 

cybersecurity measures has never been more critical. October served as a reminder that cybersecurity 

is not just the responsibility of IT departments but a collective effort that involves everyone. 

Throughout Cybersecurity Awareness Month, experts from across the industry came together to share 

insights, strategies, and best practices to help organizations and citizens stay one step ahead of cyber 

threats. From protecting digital identities and securing APIs to managing the complexities of cloud and 

SaaS environments, the focus is on building a resilient digital ecosystem. By raising awareness and 

promoting proactive security measures, we can empower individuals and organizations to navigate the 

digital landscape with confidence and peace of mind. 

Kern Smith, VP Americas, Zimperium 

Digital identity is one of the most valuable assets in corporate IT. Organizations continue to invest in ways 

to protect their user identity, from multi factor authentication, rotating and random passwords facilitated 



y password managers, and anti-phishing filters and user training to name a few, and attackers continue 

to innovate with new and novel techniques to ultimately gain access to a user's identity. 

Increasingly attackers have shifted their focus to targeting iOS and Android devices given those devices 

are typically the nexus of personal and corporate identity. This is because mobile devices are where the 

multi factor resides, where users keep their passwords, and where users are much more susceptible to 

mobile phishing campaigns due to the number of un protected phishing avenues available to attackers, 

such as SMS, QR Codes, third party messaging apps, and more that most organizations have no 

protections for. This does not even account for the explosion of mobile malware attacks and risks with 

third party apps that could expose user credentials on iOS and Android devices. 

All of this creates a landscape where the barrier to entry for attackers has lowered, and attacks have 

skyrocketed. No longer does it take an advanced exploit to gain valuable data, when an attacker can 

simply send a targeted message or link to gain access to the data they want, either through a simple 

Mishing campaign, off the shelf malware, or even abusing vulnerabilities in third party apps or SDK’s. 

It is essential that organizations have a strategy to address these challenges. This includes the ability to 

identify and prevent mobile phishing attacks, detect for mobile malware, and identify risks in third party 

applications or device configurations that could potentially expose credentials and compromise user 

identity. 

Eric Schwake, Director of Cybersecurity Strategy, Salt Security 

October is Cybersecurity Awareness Month, which reminds us of the critical need to secure our 

increasingly interconnected world. As we enjoy the convenience of digital services, we must also 

recognize the growing attack surface and evolving threat landscape. APIs, the invisible threads 

connecting our applications and data, are a prime target for malicious actors. 

Organizations must adopt a comprehensive approach to API security to effectively secure our digital 

ecosystem. This begins with thorough API discovery, gaining complete visibility into all APIs across the 

development lifecycle. Understanding the full scope of your API landscape is the crucial first step in 

identifying potential vulnerabilities and misconfigurations. 

Next, robust API posture governance is essential to ensure that APIs adhere to security best practices 

and comply with industry regulations. This includes implementing strong authentication and authorization 

mechanisms, enforcing data validation rules, and proactively managing API access controls. 

Finally, organizations need advanced API behavioral threat protection to detect and prevent malicious 

activity in real-time. This involves analyzing API traffic patterns to identify anomalies and uncover hidden 

threats that may bypass traditional security measures. Organizations can proactively defend against 

attacks and safeguard their critical assets by pinpointing actual malicious traffic within these anomalies. 

In conclusion, "Secure Our World," the theme of this year's Cybersecurity Awareness Month, resonates 

deeply with the need for robust API security. Organizations can strengthen their defenses by prioritizing 

API discovery, posture governance, and behavioral threat protection and contribute to a safer digital world 



for everyone. Every click, connection, and digital interaction relies on the security of these underlying 

APIs. Recognizing their critical role and taking proactive steps to secure them is essential to safeguarding 

our interconnected world. 

Justin Kestelyn, Head of Product Marketing and Hacker Community Marketing, Bugcrowd 

This year, Cybersecurity Awareness Month is incredibly relevant for consumers and workers who need 

to be vigilant about the constant barrage of phishing and data breach risk. 

The global hacker community can in fact be a massive net positive for those consumers and workers, 

and for the security teams tasked with protecting them. For example, the existence of a chronic talent 

shortage in the cybersecurity industry has been well documented for years. But that shortage calls the 

definition of the “talent pool” into question, because the reality is that the hacker community is an 

endlessly elastic source of capacity and skills for augmenting and extending security teams on demand 

— if you know how to engage in a mutually trusted, productive, and scalable way. 

Security leaders who can do that will have access to a “crowd cloud” for meeting almost any security 

testing requirement, with the results going beyond what automated tools can achieve and with all the 

utilization benefits of an as-a-service model. That’s a fact deserving more awareness in the security 

industry! 

Omri Weinberg, Co-Founder and CRO, DoControl 

As we kick off Cybersecurity Awareness Month, the theme "Secure Our World" feels especially timely. In 

today's hyper-connected digital landscape, securing our world means securing our data - and that's 

becoming increasingly complex as organizations rapidly adopt cloud and SaaS technologies. But it's not 

just about corporate responsibility; individuals play a crucial role too. 

The shift to remote and hybrid work has dramatically expanded the use of SaaS applications, creating 

new security blind spots and risks. Employees are sharing, accessing, and storing sensitive data across 

dozens of cloud apps, often without proper oversight. This "SaaS sprawl" has made it incredibly 

challenging for security teams to maintain visibility and control. 

What's more, the lines between personal and professional digital lives are blurring. Even something as 

simple as a social media post can open up an individual - and by extension, their organization - to 

potential attacks. Cybercriminals are increasingly sophisticated in how they use publicly available 

information for social engineering and targeted phishing attempts. 

It is vital to have a comprehensive approach to SaaS security, coupled with ongoing employee education. 

It's not enough to just focus on network perimeters or endpoints anymore. Organizations need granular 

visibility into user activities, data flows, and third-party app connections across their entire SaaS 

ecosystem. And employees need to understand how their online actions can impact overall security. 



Securing our world in 2024 and beyond requires a mindset shift. We need to move beyond the old "castle 

and moat" security model to one that embraces Zero Trust principles, continuous monitoring, and 

individual accountability. Every access request, every data transfer, every third-party integration - and 

yes, even every social media post - needs to be approached with security in mind. 

This Cybersecurity Awareness Month, I encourage organizations to take a hard look at their SaaS 

security posture and their employee education programs. Do you have full visibility into how your 

sensitive data is being accessed and shared across cloud apps? Are you able to detect and respond to 

insider threats or compromised accounts in real-time? Can you automatically enforce consistent security 

policies across your entire SaaS ecosystem? And crucially, do your employees understand their role in 

maintaining security? 

By focusing on these areas, implementing robust SaaS Security Posture Management, and fostering a 

culture of security awareness at all levels, we can take meaningful steps towards truly securing our digital 

world. The threats may be evolving, but with the right approach, tools, and collective responsibility, we 

can stay one step ahead. 

Nicole Carignan, VP of Strategic Cyber AI, Darktrace: 

Both consumers and organizations rely on email as a primary communication tool so raising awareness 

of email-based attacks is critical during Cybersecurity Awareness Month. However, despite increasing 

focus on cybersecurity awareness training, email phishing remains of the greatest threats to 

organizations globally. In fact, between December 2023 and July 2024, we detected 17.8 million phishing 

emails across our customer fleet. As sophistication of phishing attacks continue to grow, organizations 

cannot rely on employees to be the last line of defense against these attacks. Instead, organizations must 

use machine learning-powered tools that can understand how their employees interact with their inboxes 

and build a profile of what activity is normal for users, including their relationships, tone and sentiment, 

content, when and how they follow or share links, etc. Only then can they accurately recognize suspicious 

activity that may indicate an attack or business email compromise. 

While email has long been the vector of choice for carrying out phishing attacks, threat actors continue 

to adapt and evolve their tactics to increase success of these attacks. For example, we’ve seen a rise in 

the abuse of commonly used services and platforms, including Microsoft Teams and Dropbox for phishing 

campaigns in recent months. A proactive security stance which monitors anomalous activity patterns and 

privileged access paths is essential to stay ahead of these kinds of attacks. Consistent governance 

spanning all technology portfolios is now table stakes for robust cyber resilience.” 

The ability for attackers to use generative AI to produce deepfake audio, imagery, and video to deceive 

employees is another growing concern for organizations this Cybersecurity Awareness Month, as 

attackers are increasingly using deepfakes to start sophisticated social engineering attacks. Deepfakes 

are on the rise to facilitate initial access or assist in financial cybercrimes. In response, organizations will 

need to evolve their security awareness training from a focus on how to “spot” a phishing email to focusing 

on implementing layered and out-of-band verification practices for IT, help desks, security, and financial 

activities. In addition, we believe we will see increasing adoption of multi-layered security solutions 



including multi-factor authentication, cross-domain visibility, and AI-augmented detection and response 

to better defend against these attacks. 

Damon Tompkins, President, Pathlock 

As we observe Cybersecurity Awareness Month, it’s essential to highlight the importance of identity 

security in protecting our digital environments. Identity security involves safeguarding individual and 

system identities within an organization from unauthorized access or malicious exploitation. This includes 

implementing robust identity and access management systems, which control who has access to what 

within the organization, and continuously monitoring these identities to detect and respond to any unusual 

activity. By ensuring that every access request is verified and validated, identity security acts as a critical 

defense against potential security breaches. 

Prioritizing identity security helps organizations enhance their security posture, protect sensitive 

information, and comply with regulatory requirements. Effective identity security practices, such as 

adopting a Zero Trust model, ensure that every access request is scrutinized, regardless of its origin. 

This approach not only safeguards data but also supports operational efficiency by ensuring that users 

have the appropriate level of access at all times. As we navigate an increasingly digital world, robust 

identity security measures are more crucial than ever in defending against cyber threats and maintaining 

a secure and compliant access environment. 

Embracing Innovation and Proactive Strategies for a Secure Digital Tomorrow 

Cybersecurity Awareness Month serves as a crucial reminder of the ever-evolving threats in our digital 

landscape and the importance of staying vigilant. The insights shared by leading experts underscore the 

need for robust strategies to protect digital identities, secure APIs, and manage the complexities of SaaS 

environments. As we navigate an increasingly interconnected world, both organizations and individuals 

must prioritize cybersecurity measures to safeguard sensitive data and maintain trust. By embracing 

comprehensive security practices and fostering a culture of awareness, we can collectively contribute to 

a safer digital future far beyond the month of October 


Kern Smith, VP Americas, Zimperium 

Kern Smith is a mobile security expert and Technical Sales Leader at 

Zimperium, the global leader in mobile security. He is highly experienced with 

selling and deploying mobile security solutions into large enterprise and 

government accounts, while building, training, and leading high performing 

technical sales teams, to support and drive company growth, and drive value 

for customers. 



Eric Schwake, Director of Cyber Security Strategy at Salt Security 

Eric Schwake is the Director of Cyber Security Strategy at Salt Security, 

where he focuses on developing innovative strategies to protect 

organizations from evolving cyber threats. With extensive experience in 

cybersecurity, Eric leverages his expertise to enhance security measures 

and ensure robust defense mechanisms. His leadership in the field 

emphasizes proactive security approaches and collaboration across teams 

to safeguard critical data. 

Justin Kestelyn, Head of Product Marketing and Hacker Community 

Marketing, Bugcrowd 

Justin Kestelyn is a full-stack product/technical marketing leader with 20 

years of experience in developer, technical, and product marketing. He 

holds a unique track record of driving adoption and consideration by 

technical champions and economic buyers alike, with deep experience in 

data platforms, cybersecurity, cloud computing, and ML/AI. 

Omri Weinberg, Co-Founder & CRO at DoControl 

Omri Weinberg is the Co-Founder and Chief Revenue Officer (CRO) at 

DoControl, where he drives the company's growth and revenue strategies. 

With a strong background in cybersecurity and SaaS, Omri is dedicated to 

helping organizations secure their data in real time. His expertise in sales 

and business development has been pivotal in establishing DoControl as a 

leader in data security solutions. 

Damon Tompkins, President, Pathlock 

Damon Tompkins is the President of Pathlock. With over 25 years of 

experience in the technology industry, Tompkins has a proven track record 

of successfully building and leading high-performance teams and 

implementing strategies for better organizational integration. 



AsyncRAT Malware Campaign Found Targeting South American 

Hotels 

Campaign uses new AsyncRAT derivative; illustrates how cybercriminals adopt new techniques 

to breach systems 

By Ryan Estes, Intrusion Analyst, WatchGuard Technologies 

A new AsyncRAT malware campaign from threat actor TA558 is targeting the South American hospitality 

industry, demanding the attention of travelers and cybersecurity professionals. 

The campaign employs a new derivative of AsyncRAT, which is an open-source remote access trojan 

(RAT) that operates primarily as a credential-stealer and loader for other malware. This latest use case 

of the malware illustrates how cybercriminals are adopting new techniques to breach computer systems 

and steal sensitive data. 

Below, we walk through how this malware campaign was discovered and analyzed, its likely connection 

to a known threat group, and provide tips for organizations to combat this malware threat effectively. 



The discovery and analysis 

Security researchers discovered this new AsyncRAT derivative while analyzing a simple malware sample 

– a JavaScript (JS) file that appeared to be malicious – and its infection chain. Closer investigation of the 

sample showed the malware was a downloader of a malicious PowerShell script – obscured to look like 

a PDF – that was hosted on a compromised web domain. The “PDF” dropped two files: one being a 

helper dynamic-link library (DLL) and the other being AsyncRAT. 

Consistent with how threat actors often distribute AsyncRAT, attackers typically deliver this malware 

derivative via a phishing email, which will likely contain a hyperlink that downloads a ZIP file from an S3 

bucket. Interestingly, research showed the URL hosting the ZIP file ended with a query to Google. This 

is likely to redirect users to Google after downloading the file, making it appear that nothing out of the 

ordinary happened. This can also trick network filters that separate URLs with trusted domains. 

Therefore, if your network explicitly allows a URL containing “Google.com,” it would miss this. 

Further inspection of the malware file showed how the “PDF” operates in the malware's infection chain. 

The malicious PowerShell script, shrouded as a PDF, contains two binaries, minor obfuscation, and 

algorithmic bit manipulation. Additional analysis confirmed the malware is a dropper. Among the 

indicators of compromise were web domains and URLs associated with hotels in South American 

countries, particularly Brazil and Chile. 

Link to known threat group 

Broader research indicated this AsyncRAT malware campaign is associated with the threat group TA558. 

The group, which is believed to operate from Brazil, has a history of hijacking domains and using trusted 

content delivery networks (CDNs) to distribute loaders and droppers. Email phishing appears to be the 

group’s preferred attack vector. The group has historically employed myriad RATs, while favoring 

AsyncRAT recently. 

In this malware use case, the threat actor’s methods to obfuscate its downloaders and droppers isn’t 

novel. They use file manipulation that bypasses basic filters, but once their attacks execute, they tend to 

be “loud.” The threat actor’s use of “Google.com” queries in the stage 1 download, leveraging 

compromised domains, and masking PDFs as droppers are attempts to keep the noise down. 

How to combat this latest AsyncRAT campaign 

A notable characteristic of AsyncRAT malware is its use of encryption and obfuscation methods to avoid 

detection, which this latest campaign employs. Therefore, it’s important for organizations to adopt a 

defense-in-depth approach to repel this malware threat. 

Organizations must conduct user awareness training to counter phishing and spear-phishing attacks. 

Gamification methods can make security training more effective and help lessons stick with end users. 

As always, security training should emphasize the risks of downloading documents or email attachments 

from unknown sources. Additionally, organizations must leverage advanced endpoint detection and 



esponse solutions that can quickly respond to stop the execution of malicious attacks. Using security 

solutions at the network and host-based levels is crucial to effective security. 

Furthermore, it’s critical for IT and security teams to regularly update software and install security patches, 

use strong access controls and passwords, and routinely back up data. Should an AsyncRAT attack get 

past initial defenses, containment is important. If a system or device becomes infected, isolate it from the 

rest of the network and make sure the threat is contained. 

While the methods employed in this latest AsyncRAT malware campaign aren’t novel, they have proven 

to be effective, which is why threat actors continue to use them. The most effective way to prevent 

AsyncRAT malware attacks is to train users to be skeptical of emails sent from unknown senders and to 

never open strange email attachments from external entities unless users are certain of the sender and 

its content. Even the most educated people can fall victim to email phishing tactics, which underscores 

the importance of having a multilayered security posture. 


Ryan Estes is an intrusion analyst at WatchGuard Technologies. His 

research focuses on malware analysis, malware reverse engineering and 

ransomware threats, and he frequently covers these topics as a contributor 

to WatchGuard’s Secplicity blog. During his time in the cybersecurity field, 

he has earned 12 certifications from organizations such as (ISC)², 

CompTIA, Offensive Security, CWNP, and Saint Louis University (SLU). 

Ryan holds a bachelor’s in computer science from Southern Illinois 

University Edwardsville (SIUE), a master’s in cybersecurity from SLU, and 

is pursuing an MBA with a focus in management information systems at 

SIUE. 



From Cybersecurity Awareness to Action: Industry Experts on 

Building a Safer Digital Future 

October was Cybersecurity Awareness Month, a time when organizations and individuals came together 

to highlight the importance of digital security. Since 2004, this initiative has sparked essential discussions 

on cyber threats and the need to “Secure Our World.” In 2024, the primary focus was on addressing the 

cyber skills gap, balancing AI innovation with security, and adopting multi-faceted defense strategies. 

In response to last month’s call to action, experts shared their insights, highlighting the importance of 

transitioning from awareness to ongoing action. By committing to proactive measures and fostering a 

culture of cybersecurity, we can collectively build a safer digital future. 

Rob Rashotte, Vice President, Global Training & Technical Field Enablement, Fortinet 

Since 2004, the U.S. government and the cybersecurity industry have recognized October as 

Cybersecurity Awareness Month. This collaborative effort between the government and the industry 

generates discussion on cyber threats and enhances cybersecurity awareness with the goal to Secure 

Our World. Looking at the cyber landscape in 2024, the cyber skills gap continues to be a top concern. 



The challenge is twofold: too few cybersecurity professionals in the field, and a lack of adequate skills for 

those in IT and security positions. We’ve seen the real-world impact of this skills gap: 58% of respondents 

to Fortinet's 2024 Cybersecurity Skills Gap Global Research Report revealed that insufficient skills and 

a lack of properly trained IT/security staff are the prime causes of breaches, and 70% of respondents 

revealed that the cybersecurity skills shortage creates additional risks for their organization. 

The stakes are high for organizations when it comes to cybersecurity. Breaches take a financial toll, 

disrupt business operations, and erode customer and partner trust. Closing risk management strategy 

gaps, including prioritizing skills development and proper staffing, is vital to protect any organization. 

At Fortinet, we’re dedicated to helping address the cyber skills gap head-on by providing training and 

certification programs and security awareness training to help organizations cultivate a more cyber-aware 

workforce. We’re on a mission to build a diverse and skilled workforce and empower the next generation 

of cybersecurity professionals with the training and tools they need to succeed, including a 5-year span 

pledge to train 1 million people in cybersecurity by the end of 2026 as part of this commitment. 

Collaboration across the public and private sectors to address these challenges is key, including 

initiatives like Cybersecurity Awareness Month. Together, let’s take action this October, tackling the cyber 

skills gap and increasing cyber resilience. 

Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint 

This coming year, organizations will continue to be challenged with balancing AI innovation with secure 

implementation – all while navigating an increasingly complex regulatory landscape. The market for AI 

technology is moving incredibly fast, with new open-source tools being created and spread every day. In 

2025, global governments will look to increase regulation around AI tools, to ensure that the technology 

is being used ethically and safely by organizations and citizens alike. To prepare for tighter regulations 

around AI use and creation, security leaders should urgently prioritize the adoption of a comprehensive 

data strategy, including robust data management, governance, and protection policies. Effective AI 

implementation is only as good as the quality of data used – everyone now needs a data strategy for AI 

use, whether they’re ready to implement the tech company-wide or not. 

AI technology has tremendous potential to be used for innovation, optimization and advancement – but 

on the other side of the coin, bad actors will also be using these tech advancements to carry out cyberattacks. 

CISOs and security leaders should keep in mind that security is everyone’s job in the 

organization. This Cybersecurity Awareness Month, all employees should take the opportunity to educate 

themselves on how AI is using their data, how the changing regulatory environment will affect their use 

of the tech, and what cyberthreats pose danger to their teams. 

Patrick Harr, CEO, SlashNext Email+ Security 

The explosion of AI in recent years has made it easier for cybercriminals to execute effective phishing 

scams and other attacks on users. As a result, we’ve seen a dramatic increase in attacks across various 



communication channels such as email, SMS, social media platforms, collaboration tools like Slack and 

Microsoft Teams, messaging apps like Signal and WhatsApp, as well as voice and video calls. There has 

also been growth in the use of 3D phishing—a sophisticated approach where cybercriminals target 

victims through multiple channels to establish credibility, instill urgency, and enhance their chances of 

successfully deceiving the target. By combining multiple modes of deception across different channels— 

such as starting with an email request and then following up with a phone call or a message—the 

attackers can launch very believable scams that are hard for the average person to detect, allowing them 

to bypass traditional security measures. 

Cybersecurity Awareness Month is a reminder that the methods used by cybercriminals continue to 

evolve, making it imperative for organizations to have the resources and plans in place to prevent these 

attacks before they result in data compromise and other security concerns. To stay one step ahead of 

these sophisticated tactics, organizations must adopt a multi-faceted defense approach, which includes 

utilizing AI to combat AI-based scams. Even with continuous training to help employees recognize the 

hallmarks of email and message-based scams, many are still unable to evade complex schemes like 3D 

phishing. However, while humans may struggle to recognize these threats on their own, AI-based security 

platforms can detect unusual activities associated with 3D phishing attempts. 

Darren Guccione, CEO and Co-Founder, Keeper Security 

October 2024 marks the 21st anniversary of ‘Cybersecurity Awareness Month’. However, over the past 

two decades, as we’ve witnessed a surge in cyber attacks and the continued emergence of new and 

evolving threats, it’s become increasingly clear that awareness alone is not enough. A recent survey 

revealed that a staggering 92% of IT and security leaders have reported an increase in cyber attacks 

year-over-year. 

It’s time for us to move from awareness to action. 

So, how can we transform Cybersecurity Awareness Month into Cybersecurity Action Month? The key 

lies in prioritizing straightforward, yet often overlooked, cybersecurity best practices. 

One effective strategy is deploying a Privileged Access Management (PAM) solution, which enhances 

security by controlling access to sensitive systems and data. This reduces the risk of unauthorized access 

and data breaches, and minimizes the impact of a breach if one occurs. 

Additionally, creating strong, unique passwords for each account remains a critical first line of defense 

against unauthorized access. Utilizing a password manager can significantly improve security by 

generating and storing high-strength, random passwords for every website, application and system. 

Strong and unique passwords help prevent the domino effect in which the compromise of one account 

leads to further unauthorized access. 

When selecting a password manager, look for providers that offer transparent security architecture, zeroknowledge 

and zero-trust infrastructure, and hold certifications like SOC 2, ISO 27001, 27017 and 27018, 

as well as FedRAMP Authorization. This ensures the highest level of protection for your sensitive 

information. 



Don’t get hacked. This Cybersecurity Action Month, let’s commit to proactive measures and adopt 

fundamental cybersecurity practices to significantly reduce our vulnerability to cyber threats. 

Ratan Tipirneni, President and CEO, Tigera 

Cybersecurity Awareness Month highlights the importance of implementing stronger defense 

mechanisms that protect organizations and citizens from increasing cybercrime. Kubernetes and 

containerized environments underpin digital innovation and are at the core of modern application 

development. While these environments boast significant advantages, offering scalability, efficiency, and 

flexibility, they are also subject to various security risks. This includes vulnerabilities, misconfigurations, 

network exposures, and both known and zero-day malware threats. The distributed nature of 

microservices, the dynamic scaling of workloads, and the ephemeral nature of containers introduce 

unique security challenges. 

Traditional approaches to risk assessment whereby vulnerabilities, misconfigurations, and threats are 

identified and prioritized in isolation - and each generates its own set of alerts and priorities - are 

insufficient for the unique nature of Kubernetes. To effectively protect your Kubernetes environment, it is 

essential to adopt an interconnected security approach that accounts for how these risks interact. Many 

security risks are associated with specific services. By understanding the relationships between services, 

security teams can better assess the potential blast radius of risks if left unmitigated. This will enable 

more accurate and timely risk assessment, prioritization, and mitigation. 

This Cybersecurity Awareness Month, organizations should work to deploy tactics that help evaluate risks 

holistically and implement controls such as default-deny network policies, workload isolation, IDS/IPS 

and WAFs. These tactics will reduce their risk of exploitation, limit lateral movement in the event of a 

breach, and block known threats before they can manifest. 

Narayana Pappu, Founder and CEO, Zendata 

As AI becomes central to business operations, it also introduces significant security risks, such as 

concerns about unauthorized data usage, AI model hacking, and training data leaks. Protecting sensitive 

and proprietary information is critical and requires strategies like maintaining a clear data bill of materials 

and ensuring that AI models are trained only for intended purposes. 

To mitigate these risks, deploying AI systems on-premise or in Virtual Private Clouds (VPCs) can offer 

better control, while domain-specific and smaller language models reduce exposure. Role-based access 

controls, data fingerprinting, and ensuring training data remains sealed to its rightful owner are essential 

for preventing data leakage and external threats. 

Strong security measures are crucial to safeguard AI systems and sensitive information as AI evolves. 



Dan Ortega, Security Strategist, Anomali 

In the Age of AI – it’s all about the data – how you manage it, and then action it to protect and drive your 

business. Unfortunately, many companies don’t have a strong data plan in place; information is coming 

in too fast, and with the pervasive use of AI, it has accelerated immensely – and as a result, companies 

tend to manage it in the most expensive, inefficient, complex, and disparate way possible. This creates 

unnecessary risk across all business operations. This includes the way that security teams approach 

threat intelligence data – which is often siloed and not integrated holistically across all security and IT 

functions. 

This year, for Cybersecurity Awareness Month – I encourage security and IT teams to focus on three key 

areas: 1) auditing their Security Operations Center – to ensure that the tools in use are providing a truly 

comprehensive view of the business, and encouraging the flow of data across systems (e.g. ensuring 

that teams or tools don’t silo threat intelligence data and is providing value), 2) Cleaning up internal 

processes to ensure that security technology is being used to solve business challenges, maximize talent 

capacity, integrate security into business and simplify underlying processes, and 3) take a hard look at 

how AI is being used in your organization. Does everyone use whatever version of AI is convenient 

without oversight from IT? What could possibly go wrong? 

Sustaining Cybersecurity Momentum 

As Cybersecurity Awareness Month comes to a close, it’s crucial to carry forward the momentum gained 

in October. By embracing a culture of cybersecurity, we can mitigate risks and protect our valuable digital 

assets. The focus on bridging the cyber skills gap, integrating AI responsibly, and implementing 

comprehensive defense strategies must extend beyond this month. Every individual and organization 

has a role to play in securing our interconnected world. Let’s commit to ongoing education, robust security 

practices, and collaborative efforts to ensure a safer digital future for all. 

Together, we can transform awareness into action and build a resilient digital ecosystem that stands 

strong against evolving cyber threats. The journey to “Secure Our World” is ongoing, and with collective 

effort, we can achieve a secure and trustworthy digital environment. 


Rob Rashotte, Vice President, Global Training & Technical Field 

Enablement, Fortinet 

Rob Rashotte is the Vice President of the Fortinet Training Institute as well 

as all Fortinet Technical Field Enablement Programs. He has 20 years of 

experience developing training and education strategies for startups as 

well as complex global organizations. He also has 15 years of experience 

working with some of the most innovative, fast-paced companies in the 

cybersecurity field. Rob has an Executive MBA from the University of 



Ottawa and is a regular speaker at a number of business schools on the topic of cyber risk and corporate 

impact. 

Patrick Harr, CEO, SlashNext 

SlashNext CEO Patrick Harr directs a workforce of security professionals 

focused on protecting people and organizations from phishing anywhere. 

Before joining SlashNext, Harr was CEO of Panzura, which he transformed 

into a SaaS company and led to a successful acquisition in 2020. Harr has 

also held senior executive and GM positions at Hewlett-Packard Enterprise, 

VMware, and BlueCoat, and he was the CEO of multiple security and 

storage start-ups, While at HPE, Harr scaled the Americas cloud business 

19X and generated over $1.5B in revenue in five years. He has extensive 

startup and Fortune 500 vendor experience across cloud, storage, security, 

and networking. Harr received his MBA from the University of Maryland and 

a BA from Tulane University in Political Economy and Russian. 

Darren Guccione, CEO and Co-Founder, Keeper Security 

Darren Guccione is the CEO and Co-Founder of Keeper Security, Inc., the 

creator of Keeper, the world’s most popular password manager and secure 

digital vault. Keeper software is used globally by millions of people and 

thousands of businesses. 

Prior to Keeper, Darren served as an advisor to NinthDecimal (f/k/a JiWire), 

the leading media and technology service provider for the Wi-Fi industry. 

Prior to that, Darren was the CFO and Co-founder of Apollo Solutions, Inc., 

which was acquired by CNET Networks (now CBS Interactive). 

Darren is an engineer and a CPA. He holds a Master of Science in Accountancy with Distinction from the 

Kellstadt School of Business at DePaul University and a Bachelors of Science in Mechanical and 

Industrial Engineering from the University of Illinois at Urbana-Champaign. Darren is an Evans Scholar 

and received the Distinguished Alumnus Award presented by The Department of Industrial & Enterprise 

Systems Engineering. 

Darren is a community board member of the Chicago Entrepreneurial Center (1871) which fosters the 

development of early-stage companies and an advisor to TechStars – a Chicago-based technology 

incubator for innovative startups. Formerly, Darren served on the Committee of Technology Infrastructure 

under Mayor Richard Daley. 

Darren has been named Cutting Edge CEO of the Year in 2019 and Publisher’s Choice Executive of the 

Year in 2020 by Cyber Defense Magazine’s InfoSec Awards. He is regularly featured on local and national 



news programs to report on cybersecurity events and topics. He serves as a panelist and keynote 

speaker in various technology events around the world. 

Ratan Tipirneni, President and CEO, Tigera 

Ratan Tipirneni is President & CEO at Tigera, where he is responsible 

for defining strategy, leading execution, and scaling revenues. Ratan is 

an entrepreneurial executive with extensive experience incubating, 

building, and scaling software businesses from early stage to hundreds 

of millions of dollars in revenue. He is a proven leader with a track 

record of building world-class teams. 

Narayana Pappu, Founder and CEO at Zendata 

Narayana Pappu started in Data Science at Fannie Mae before the term 

existed. He was tasked to build a better home price index than what was 

available in the market. For 15 years after that at PayPal, Coinbase, and 

Doctor on Demand, he built and scaled low-latency and high-volume internal 

investigation, graph, and entity resolution tools for risk management and 

compliance. He also launched consumer/merchant lending solutions in the 

US, UK, and Germany with over 5 billion dollars in annual transaction 

volumes each. And drove projects around data monetization with 

partnerships between PayPal, advertising, and payment networks; his 

expertise lies in building complex data solutions that are easy to implement, 

use, and generate incremental value. 



Data Is a Dish Best Served Fresh: “In the Wild” Versus Active 

Exploitation 

By Corey Bodzin, Chief Product Officer, GreyNoise Intelligence 

The term “In the Wild” is broadly used to refer to any activity that has been observed outside of a 

controlled environment. It’s an important metric in security because criminals don’t typically duplicate 

their efforts over and over in the exact same way– if they did, it would be much easier to create effective 

security software. But in reality, there’s always going to be something new and unpredictable. 

There are many vulnerability prioritization solutions that label their information “In the Wild,” but 

unfortunately, most of these attributes (in addition to CVSS Base Scores, Vendor bulletins, etc.) are 

based on regurgitated information from other sources, and are already stale before they are even 

received by a security team. 

Just because something was once observed “in The Wild” doesn’t mean that it’s happening right at this 

moment. A hard-to-exploit race condition that requires a lot of time and effort might be “In the Wild,” but 

that doesn’t require the same urgency to fix as something an actor is actively exploiting today. 

However, if attackers are currently up to no good using software with bugs that you know you possess, 

then you have a big problem – one that is urgent enough to risk a temporary lack of business continuity 

to solve. 



A Question of Urgency 

Combating internet-wide opportunistic exploitation is a complex problem, with new vulnerabilities being 

weaponized at an alarming rate. In addition to the staggering increase in volume, attackers are getting 

better at exploiting zero-day vulnerabilities via APTs and criminals or botnets at much higher frequency, 

on a massive scale. The amount of time between disclosure of a new vulnerability and the start of active 

exploitation has been drastically reduced, leaving defenders with little time to react and respond. On the 

internet, the difference between one person observing something and everyone else seeing it is often 

quantified in just minutes. When a new vulnerability is discovered and announced, cyber criminals race 

to see who can find vulnerable servers first. Now, we are seeing situations in which attackers are actually 

starting to exploit before the software manufacturers are even aware that there is an issue. 

For example, the Progress MOVEit Transfer SQL Injection Vulnerability (CVE-2023-34362) was publicly 

disclosed on May 31, 2023 by Progress Software. However, it had already been exploited in the wild for 

several weeks before disclosure. GreyNoise saw early activity on this tag within just a few hours, and it 

continued for the remainder of 2023. 

The level of automation associated with AI makes it easier than before to find vulnerabilities in 

software. The consequences of not keeping pace with the newest trends has never been bigger, and 

they are continuing to grow. If you don’t have a cohesive vulnerability prioritization strategy in place, it’s 

only a matter of time before your network is compromised. 

Software Vendors Crying Wolf 

In a world where cybersecurity teams are constantly barraged with critical alerts from multiple software 

vendors, it can be very difficult to determine what constitutes an actual emergency. Vulnerability 

management vendors need to understand the time limitations their customers are facing and be more 

judicious about what they label as a critical vulnerability. They also need to find a way to incorporate 

knowledge about attacker behavior into their risk calculations, rather than assuming that risk is something 

static and immutable. Knowledge about current activity is often difficult to come by, but risk changes all 

the time, and our understanding needs to change, as well. 

One way to investigate what’s happening “In the Wild” – whether it’s people scanning for software, 

enumerating that software, checking for the presence of software, or actually exploiting software – is to 

use a proxy. This helps to determine if anyone has the capacity to exploit this vulnerability and is 

attempting to do so. 

Generally speaking, a lot of work goes into weaponizing a software vulnerability. It’s deeply challenging 

and requires advanced technical skill. We tend to sometimes forget that attackers are deeply motivated 

by profit, just like businesses are. If attackers think something is a dead end, they won’t want to invest 

their time. So, investigating what attackers are up to via proxy is a good way to understand how much 

you need to care about a specific vulnerability. 

In the second quarter of 2023, GreyNoise researchers observed a substantial change in the behavior of 

some regular internet scanning idioms. Inventory scans—where both benign and malicious actors 



perform regular checks for a given technology or specific vulnerability—significantly reduced in frequency 

and scale. The vast majority of these types of scans now come from benign sources. This, along with the 

speed at which organizations are compromised after the announcement of a new vulnerability, strongly 

suggests more capable attacker groups have their own form of “attack surface monitoring,” and use it to 

avoid tripping existing defenses. 

These targeted attacks threaten to circumvent existing defense capabilities and expose organizations to 

a new wave of disruptive breaches. In order to adequately protect their networks, defenders must evolve 

in response. 

Ultimately, there is no such thing and a set-and-forget single source of truth for cybersecurity data. 

However, there are definitely some great resources out there to help you prioritize and cut through the 

noise: 

• The Cybersecurity & Infrastructure Security Agency’s Known Exploited Vulnerabilities 

(CISA KEV) Catalog is an authoritative source of vulnerabilities that have been exploited in the 

wild as a resource for vulnerability management prioritization. 

• The Exploit Prediction Scoring System (EPSS) is a data-driven predictive vulnerability 

management framework that helps security teams anticipate and mitigate threats. 

• The Common Vulnerability Scoring System (CVSS) measures the inherent severity of 

vulnerabilities based on their characteristics and potential impacts. 

• Infosec search platforms are valuable for security researchers and analysts, as they can help 

find exposed devices, track threats, prepare for spear phishing simulations and more. 

Utilizing these resources and gaining a better understanding of how to dynamically assess risk factors 

will enable you to take a more holistic approach to vulnerability management. 


Corey Bodzin is a security expert and a proven leader with over 25 years of 

experience building outstanding teams and products. As Chief Product 

Officer at GreyNoise Intelligence, he spearheads product strategy and 

development, from vision to execution. Prior to GreyNoise, Bodzin served 

as Chief Product Officer for Eclypsium, a company that provides supply 

chain security for enterprise infrastructure. Previously, he served as Vice 

President of Product Operations and Product Management at Tenable 

Network Security, and held senior product and technology positions at 

innovative security companies such as Automox, deepwatch, ExtraHop, 

RSA (the security division of EMC), nCircle and Qualys. He began his 

career managing IT for large financial services and telecommunications firms such as Charles Schwab, 

Wells Fargo and Lucent Technologies. 

Corey can be reached online at https://www.linkedin.com/in/coreybodzin/ and at 

https://www.greynoise.io/ 



Learning from the Inevitable 

Why Organizations Must Prioritize Incident Response 

By Stephanie Aceves, Senior Director of Product Management, Tanium 

The talent shortage in cybersecurity continues to persist. Just last year, research showed a cybersecurity 

market gap of 85 workers for every 100 job openings - 15% of jobs go unfilled. There aren’t enough 

professionals to cover the baseline of organizational needs, creating greater risk for businesses and more 

opportunity for cybercriminals. 

While this issue is seeping into all areas of cybersecurity, it has been especially problematic in the area 

of Incident Response (IR), where the impact is not as clear and the solution is, in some ways, elusive. IR 

requires extensive training, creativity, and experience on the job, but cybersecurity teams are so 

inundated with threats and vulnerabilities that most don’t prioritize time or resources toward developing 

great incident responders. That’s a problem. 

As a result, companies are getting worse at properly responding to incidents and the issue has gone 

unaddressed for far too long. Organizations need these types of professionals to safeguard their 

operations, data, and customers, but without the proper training and tools, they don’t have the ability to 

build out strong IR teams. 

Incident Response is Critical to Threat Prevention 

Although IR is, by definition, about having a plan for responding to attacks, it’s actually a crucial way for 

organizations to defend against potential threats and one that must be prioritized. In 2023, Mandiant 



eported that 15% of the breaches they investigated came from attacks where the initial access vector 

was a prior compromise. These attacks could have been avoided with the right team and processes in 

place, conducting comprehensive incident response to adequately scope and eradicate the attacker from 

the environment. 

IR is a critical step in learning from and preventing the next incident. If teams don't have this 

understanding internally, how are they addressing this need? If an organization isn’t able to investigate 

a breach, assess and analyze, then create actionable steps based on key learnings, it is unlikely that 

they will be able to prevent them when they inevitably happen again. So, what’s the path forward for IR? 

Short-Term Solutions Aren’t Real Solutions 

Currently, too many organizations follow a “nuke and pave” approach to IR, opting to just reimage 

computers because they don’t have the people to properly extract the wisdom from an incident. In the 

short term, this is faster and cheaper but has a detrimental impact on protecting against future threats. 

When you refuse to learn from past mistakes, you are more prone to repeating them. 

Conversely, organizations may turn to outsourcing. Experts in managed security services and IR have 

realized consulting gives them a broader reach and impact over the problem — but none of these are 

long-term solutions. 

This kind of short-sighted IR creates a false sense of security. Organizations are solving the problem for 

the time being, but what about the future? Data breaches are going to happen, and reliance on reactive 

problem-solving creates a flimsy IR program that leaves an organization vulnerable to threats. 

Organizations need something long-term to bolster their security programs. The best way to do that is 

with modern tooling and refactoring IR as a core function of companies to help them extract wisdom from 

the suffering. Arming organizations and their cybersecurity experts with the proper training and solutions 

is the only surefire way to introduce better IR programs. 

Training and Tools Create Better Incident Response 

Part of the difficulty in creating a strong IR program is that there’s no one-size-fits-all solution, meaning 

there’s no perfect handbook for an organization to consult when bolstering its teams. The NIST 

Cybersecurity Framework recognizes this reality: by necessity, different organizations have different 

risks, objectives and risk tolerances. Instead, IR needs to take a training-forward approach based on an 

organization’s needs and arm its people with the right skills and solutions. 

Knowledge-sharing is the best way to go about this. Sharing key learnings from previous attacks is how 

these teams can grow and prevent future disasters. The problem is that while plenty of engineers agree 

they learn the most when something “breaks” and that incidents are a treasure trove of knowledge for 

security teams, these conversations are often restricted to need-to-know channels. Openness about 

incidents is the only way to really teach teams how to address them. 



These teams also need the right tools to get the job done. Organizations have access to a variety of 

these; for example, Endpoint Detection and Response tools can monitor and collect activity data to 

identify threats and enable quick response. Security Information and Event Management can a 

comprehensive time analysis of security alerts, while Network Traffic Analysis can find abnormalities that 

point toward threats. Similarly, User and Entity Behavior Analytics can find insider threats. 

Solutions like these give IR teams breathing room in the event of an attack by making responses faster 

and easier. They relieve some of the pressure and reduce the need to spend money outsourcing IR or 

reimaging devices. Most importantly, they allow learning and better understanding that helps with future 

prevention. 

Focusing on IR and root cause analysis as an integral step is necessary to put organizations in the best 

position to handle attacks as they come and to avoid bigger disasters down the line. Preparation is crucial 

in cybersecurity; IR is a core piece of that kind of defense. Additionally, teams need “dwell time” to think 

through what happens. This goes back to having appropriate training programs in place. 

Tooling and training will become even more important as the threat landscape changes, and evolving 

technology makes it more difficult to keep up with attackers. Alongside the shortage of talent, 

organizations need to invest in the development of their existing teams to protect against new threats. 

Otherwise, they risk subjecting themselves to even greater breaches and attacks. 

Incident Response is the Path Forward for Better Cybersecurity 

As organizations neglect to prioritize IR to protect against a rising threat landscape, they leave 

opportunities open for cyberattackers to take advantage of their same weaknesses in their defenses. 

Every breach should be a learning opportunity so that teams are able to extract information that bolsters 

security programs against future threats. 


Stephanie Aceves is a Senior Director of Product Management at 

Tanium. She is a cybersecurity subject matter expert and part of her 

Tanium career helping build out Tanium’s presence in Latin America. 

Prior to Tanium, she was an ethical hacker at Ernst & Young, getting 

paid to hack into companies in a wide range of industries. Her 

expertise was in compromising internal corporate networks. She has 

obtained GIAC certifications for both forensic examination and 

penetration testing. Stephanie can be reached online at LinkedIn and 

at our company website https://tanium.com/. 



Navigating Holiday Threats: Strengthening PC Resilience with 

Desktops as a Service (DaaS) 

Taking a look at this year’s holiday cybersecurity threats and modern ways to reduce the attack 

landscape 

By Amitabh Sinha, CEO & Co-Founder of Workspot 

The holiday season, often seen as a time for joy and celebration, has transformed into a crucial period 

for organizational cybersecurity. With online activity surging and remote work becoming the norm, this 

season presents unique challenges that amplify cybersecurity risks. 

The financial and reputational fallout from cyber incidents can be significant. For example, the cost of a 

data breach has risen by 10% in the past year, now averaging $4.8 million. Moreover, larger enterprises 

face an annual loss of approximately $400 billion due to disruptions and downtime in critical operations. 

Beyond immediate financial impacts, a loss of trust among customers and investors can hinder growth. 



Compounding these issues, even cybersecurity tools can inadvertently disrupt our computing 

infrastructure, as seen with the Crowdstrike bug. 

To safeguard against financial and reputational damage, cybersecurity and IT leaders must take 

proactive steps, such as implementing Desktop as a Service (DaaS) strategies, to address the 

heightened risks of this busy season. 

Cyber Risks During the Holiday Season 

Every winter, organizations experience increased disruptions, from targeted cyberattacks to IT outages. 

The rise in online shopping on corporate devices, along with personal devices being used for work, puts 

corporate networks at greater risk. Additionally, the dispersed nature of remote work complicates 

monitoring and detection of potential threats. 

The holiday season has become a prime target for various cyber threats, including ransomware, data 

breaches, and phishing attacks. Ransomware groups often exploit the increased workload and staffing 

shortages during this time, potentially demanding payments of up to $2.7 million from enterprises. Data 

breaches can expose sensitive information, leading to financial losses, reputational harm, and regulatory 

penalties. Phishing attacks, often disguised with holiday themes, can deceive employees into clicking 

malicious links or downloading harmful attachments, compromising credentials and providing attackers 

with access to organizational systems. These threats are particularly perilous, as a single click from any 

user can lead to a successful breach. 

Desktop as a Service (DaaS): A Vital Component for PC Resilience 

DaaS addresses two key challenges for IT: 

1. Implementing a Zero-Trust End User Computing Strategy 

2. Establishing a PC Resilience Strategy in the Event of a Cyberattack 

Zero Trust End User Computing Strategy with DaaS 

Despite spending over $300 billion annually on cybersecurity software and services, the number of cyber 

threats continues to rise. A more effective approach involves shifting focus from managing and securing 

devices to securely delivering applications through a zero-trust endpoint. While traditional Virtual Desktop 

Infrastructure (VDI) allows for virtual application and desktop delivery on any device, it is often complex 

and costly, resulting in a subpar user experience. In contrast, DaaS is a modern SaaS solution that fulfills 

the zero-trust promise of VDI at a significantly reduced cost and complexity. 



PC Resilience Strategy with DaaS 

DaaS plays a crucial role in creating PC resilience, whether in the event of a ransomware attack or a bug 

similar to the Crowdstrike incident. The concept is straightforward: maintain a backup virtual desktop 

environment. As a cloud-based solution, you only incur costs when resources are actively used. If an 

attack or issue arises, you can quickly activate the DaaS solution, providing a computing environment for 

users until the problem is resolved. 


Amitabh Sinha has more than 20 years of experience in enterprise software, 

end-user computing, mobile, and database software. Amitabh cofounded 

Workspot with Puneet Chawla and Ty Wang in August 2012. 

Prior to Workspot, Amitabh was the general manager for enterprise 

desktops and Apps at Citrix Systems. In his five years at Citrix, Amitabh was 

vice president of product management for XenDesktop and vice president 

of engineering for the Advanced Solutions Group. Amitabh has a Ph.D. in 

computer science from the University of Illinois, Urbana-Champaign. 



Rethinking NHI Security: The Essential Shift to Zero Trust 

Security and Ephemeral Identities 

By Ofir Har-Chen, Co-Founder & CEO, Clutch Security 

As identity security becomes increasingly critical in cybersecurity, the focus has shifted from safeguarding 

human identities to protecting Non-Human Identities (NHIs)—such as API keys, service accounts, 

secrets, tokens, and certificates. While traditional approaches focused on managing users and their 

credentials, the rapid expansion of cloud services, automation, and APIs has accelerated the growth of 

machine-to-machine interactions. NHIs have become some of the most critical assets within an 

organization ’s cybersecurity perimeter, facilitating business operations, automating processes, managing 

cloud services, and enabling seamless integration between applications and systems. However, as NHIs 

proliferate across cloud, SaaS, and on-premise environments, they also become significant attack 

vectors. 

Organizations have recognized that NHIs present a unique and expanding attack surface. Managing 

them has become increasingly complex, decentralized, and fragmented. Many security teams focus on 

securing these identities by configuring them correctly, enforcing governance policies, and storing them 

securely in vaults. But that’s only part of the equation. The real question is no longer just “Are my NHIs 

secure?” but also “Who is using them, and are they being used legitimately?” and “How can I 

prevent attackers from exploiting NHIs, even if they are compromised?” 

This article explores the complexity of securing NHIs and presents a fresh perspective: it’s not the 

identity itself that needs securing, but how it is being used. 



The NHI Landscape: Complexity and Blind Spots 

NHIs are embedded throughout an organization’s infrastructure, from cloud services and on-prem 

environments to CI/CD pipelines, code repositories, data warehouses, and third-party integrations. With 

estimates suggesting that NHIs now outnumber human identities by at least 45:1, securing them can be 

an overwhelming task. 

What compounds this challenge is the fragmented nature of NHIs. API keys and service accounts, for 

instance, are often distributed across multiple platforms, each with its own security protocols. This 

fragmentation creates blind spots for security teams, making it difficult to maintain consistent oversight 

of how and where NHIs are used. 

Traditional security practices focus on NHI lifecycle management—revoking stale identities, enforcing 

least privilege access controls, and configuring them properly. While these measures are necessary, they 

fail to address the core issue: trust. Who is using these NHIs, and can their usage be trusted? 

Securing the Identity Is Not Enough 

Context and trust are essential for NHI security. Consider an API key or service account as a car key: 

just because someone has the key doesn’t mean they are authorized to drive, nor does it guarantee 

proper usage. The key merely grants access—it doesn’t tell you who’s behind the wheel or what they 

intend to do. Similarly, NHIs grant access, but having the credentials doesn’t guarantee legitimate use. 

For instance, an API key for cloud workloads can be exploited to escalate privileges or execute malicious 

operations if it falls into the wrong hands—even if the key itself is properly configured. Without continuous 

monitoring and validation, NHIs can become entry points for attackers. 

While storing NHIs securely in vaults or secret stores is critical, it’s insufficient. Secure storage alone 

does not offer visibility into how NHIs are used once retrieved. It’s akin to locking a car key in a safe; 

once the key is out, how do you know who’s using it? Organizations need to go beyond storage and focus 

on securing the consumption of NHIs. 

The Ephemeral Approach: Reducing Exposure Time 

A key strategy to reduce NHI-related risk is the adoption of ephemeral credentials. Unlike long-lived 

credentials that remain vulnerable if exposed, ephemeral NHIs are short-lived and automatically expire 

after a set period. By dynamically generating and revoking these credentials, the attack surface is 

drastically reduced, and the window of opportunity for attackers is minimized. 

Integrating ephemeral secrets into automated workflows, such as CI/CD pipelines or cloud-native 

environments, allows security teams to manage credentials seamlessly without business interruptions. 

This approach not only enhances security but also improves operational efficiency by reducing the 

overhead associated with managing long-lived credentials. 



Moving Beyond Secret Rotations 

Adopting a Zero Trust approach, where every NHI consumer is continuously validated, and embracing 

ephemeral credentials renders traditional secret rotations less effective. While rotating secrets or API 

keys regularly can limit the time an attacker has to exploit them, this practice has significant drawbacks: 

• Ongoing Risk: Even frequent rotations leave windows of opportunity for attackers to exploit NHIs 

during their lifespan. Rotations do not address who is using the NHI, how it’s being used, or the 

intent behind its use. 

• Resource-Intensive: Performing frequent rotations, such as hourly, is impractical and burdens 

security teams with significant operational overhead, diverting focus from other critical tasks. 

• Potential Downtime: Frequent rotations may disrupt application availability, and missteps in the 

process can lead to downtime or skipped rotations, creating unintended security gaps. 

• Team Friction: Secret rotations can introduce friction between security teams and other 

departments, like IT and DevOps, who are responsible for ensuring that rotations don’t disrupt 

services, creating operational bottlenecks. 

Secret rotations can be an effective reactive measure, but they don’t address the core issue of context 

and trust. The focus should shift to continuous consumer validation and ephemeral identities, offering 

a more proactive solution. 

Shifting Focus: From Configuration to Trust 

While securely configuring and storing NHIs is important, it’s just the starting point. The true challenge 

lies in maintaining continuous trust and verification throughout the NHI’s lifecycle. Security teams 

must move beyond static controls and adopt a dynamic, context-aware approach where monitoring 

the real-time use of NHIs is as important as their initial setup. This approach ensures that NHIs are 

validated constantly and, where applicable, rendered volatile through ephemeral credentials, leaving no 

security gaps. 

Actionable Steps for Security Teams 

1. Continuous Contextual Visibility Holistic visibility into all NHIs across the enterprise is 

essential. A contextualized inventory helps security teams understand each NHI’s origin, 

associated users, storage locations, consumers, and accessed resources, enabling effective 

monitoring. 

2. Continuous Monitoring and Behavioral Analytics Continuous monitoring builds trust in NHI 

usage. By analyzing normal usage patterns, security teams can detect anomalies—such as NHIs 

being used in unusual locations or accessing unfamiliar systems—that may indicate a 

compromise. 

3. Dynamic Trust Attribution Trust should be dynamic, not static. Regularly assess the entity 

behind each NHI, whether it’s an application, script, or automated process, ensuring its behavior 

aligns with expected patterns. This aligns with Zero Trust principles, where every request is 

continuously validated. 



4. Adopting Ephemeral NHIs Wherever possible, adopt ephemeral NHIs to minimize the risks 

associated with long-lived credentials. These short-lived identities are deleted after use, rendering 

them useless to attackers. 

Conclusion 

Securing NHIs requires more than lifecycle management and secure storage - it demands contextual 

visibility, continuous monitoring, and dynamic trust attribution. By embracing Zero Trust principles 

and adopting ephemeral credentials, organizations can significantly reduce the risk of breaches, 

ensuring that NHIs are only used by authorized and legitimate entities. 


Ofir Har-Chen is the Co-Founder & CEO of Clutch Security, the industry’s 

first Universal Non-Human Identity Security Platform, purpose-built for the 

enterprise. With over 15 years of experience in security and leadership roles, 

Ofir has managed large-scale incident response and preemptive 

engagements for Fortune 500 companies, and has led high-scale strategic 

development and fast-paced, customer-facing teams globally. 

Ofir can be reached online at ofir@clutch.security, and more information is 

available on Clutch’s website https://www.clutch.security/ 



Revolutionizing Third Party Risk Management: The Future with 

Autonomous Pen-Testing 

By Arun Kumar Krishna, Chief Technology Officer, Sennovate INC 

In today's interconnected digital landscape, businesses are more dependent than ever on third-party 

vendors and partners. While these relationships bring numerous benefits, they also introduce significant 

risks. Traditional third-party risk management (TPRM) approaches, largely reliant on questionnaires and 

self-assessments, often fall short in providing an accurate picture of the actual threats posed. As a 

thought leader in cybersecurity, I advocate for a paradigm shift towards leveraging autonomous 

penetration testing (pen-testing) in an assumed breach approach to evaluate third-party threats. This 

innovative strategy promises to transform TPRM from a theoretical exercise into a robust, action-oriented 

defense mechanism. 

The Limitations of Traditional TPRM 

Traditional TPRM relies heavily on questionnaires and self-assessments. Vendors are asked to provide 

information about their security measures, compliance with regulations, and potential vulnerabilities. 

While this approach provides a baseline understanding, it has several critical limitations: 



1. Self-Reported Data: Vendors may unintentionally or intentionally misrepresent their security 

posture. 

2. Static Information: Risk assessments often occur annually or semi-annually, failing to capture 

real-time changes in the threat landscape. 

3. Lack of Depth: Questionnaires focus on policy and procedure rather than actual security 

practices, providing a superficial understanding of risks. 

4. Resource Intensive: The process is time-consuming and requires significant resources to review 

and analyze the responses. 

Given these limitations, it is evident that traditional TPRM does not adequately address the dynamic and 

complex nature of cybersecurity threats. 

The Assumed Breach Approach 

The assumed breach approach is a proactive security strategy that operates under the assumption that 

a breach has already occurred or will occur. This mindset shifts the focus from preventing breaches to 

detecting and mitigating them quickly. Applying this approach to TPRM involves simulating real-world 

attacks on third-party systems to identify vulnerabilities and assess their security posture. 

Autonomous Pen-Testing: The Game Changer 

Autonomous pen-testing is a cutting-edge technology that uses artificial intelligence (AI) and machine 

learning (ML) to simulate sophisticated cyber-attacks. Unlike traditional pen-testing, which requires 

human intervention, autonomous pen-testing continuously scans and tests systems for vulnerabilities 

without manual input. Here's how it revolutionizes TPRM: 

1. Continuous Monitoring 

Autonomous pen-testing provides continuous, real-time monitoring of third-party systems. This capability 

ensures that any new vulnerabilities are detected promptly, allowing organizations to respond swiftly. 

Continuous monitoring is crucial in today's rapidly evolving threat landscape, where new vulnerabilities 

emerge daily. 

2. Comprehensive Coverage 

Autonomous pen-testing tools can simulate a wide range of attack vectors, including external and internal 

threats. This comprehensive coverage ensures that all potential entry points are tested, providing a 

holistic view of the third-party's security posture. 

3. Scalability 

One of the significant advantages of autonomous pen-testing is its scalability. It can simultaneously test 

multiple third-party systems without the need for additional resources. This scalability is particularly 

beneficial for large organizations with numerous third-party relationships. 



4. Objective Assessment 

Unlike questionnaires and self-assessments, autonomous pen-testing provides an objective assessment 

of third-party security. The results are based on actual tests and real-world scenarios, eliminating the 

biases and inaccuracies associated with self-reported data. 

5. Cost-Effectiveness 

While the initial investment in autonomous pen-testing tools may be significant, the long-term benefits 

outweigh the costs. Continuous and automated testing reduces the need for frequent manual 

assessments, saving time and resources. Moreover, early detection of vulnerabilities can prevent costly 

breaches and associated damages. 

Implementing Autonomous Pen-Testing in TPRM 

Transitioning to an autonomous pen-testing approach in TPRM involves several key steps: 

1. Selecting the Right Tools 

Organizations must choose autonomous pen-testing tools that align with their specific needs and risk 

profiles. Factors to consider include the tool's comprehensiveness, ease of integration, and support for 

various attack vectors. 

2. Integrating with Existing Systems 

Autonomous pen-testing tools should seamlessly integrate with the organization's existing security 

infrastructure. This integration ensures that the testing process is streamlined and that results are easily 

accessible for analysis and response. 

3. Defining Testing Parameters 

Organizations need to define the parameters and scope of the pen-tests. This includes specifying the 

types of attacks to simulate, the frequency of tests, and the third-party systems to be tested. 

4. Continuous Improvement 

The results of autonomous pen-testing should be used to continuously improve both the organization's 

and the third-party's security posture. This involves addressing identified vulnerabilities, updating security 

policies, and refining the testing process based on emerging threats. 



The Future of TPRM 

The adoption of autonomous pen-testing in an assumed breach approach represents a significant leap 

forward in TPRM. As more organizations embrace this innovative strategy, we can expect several 

transformative impacts on the field: 

1. Shift from Compliance to Security 

Traditional TPRM often focuses on compliance with regulations and standards. While compliance is 

important, it does not necessarily equate to security. Autonomous pen-testing shifts the focus towards 

actual security, ensuring that third-party systems are genuinely resilient against cyber threats. 

2. Enhanced Collaboration 

The assumed breach approach fosters a collaborative relationship between organizations and their third 

parties. By working together to identify and address vulnerabilities, both parties can strengthen their 

security postures and build a more resilient ecosystem. 

3. Increased Accountability 

Autonomous pen-testing provides clear, objective evidence of a third party's security capabilities. This 

transparency increases accountability, encouraging third parties to prioritize and invest in robust security 

measures. 

4. Proactive Threat Management 

With continuous monitoring and real-time threat detection, organizations can shift from a reactive to a 

proactive approach to threat management. This proactive stance enables quicker response times and 

reduces the potential impact of security incidents. 

Case Studies: Success Stories 

To illustrate the effectiveness of autonomous pen-testing in TPRM, let's explore a few real-world success 

stories: 

Case Study 1: Financial Institution 

A large financial institution with numerous third-party relationships implemented autonomous pen-testing 

to enhance its TPRM program. The continuous monitoring capability allowed the institution to identify and 

remediate vulnerabilities in real-time, significantly reducing the risk of data breaches. As a result, the 

institution experienced a significant decrease in security incidents related to third parties within the first 

year of implementation. 

Case Study 2: Healthcare Provider 

A healthcare provider, concerned about the security of its patient data, adopted an assumed breach 

approach with autonomous pen-testing. The comprehensive testing revealed several critical 



vulnerabilities in third-party systems that traditional assessments had missed. By addressing these 

vulnerabilities, the provider ensured the protection of sensitive patient information and maintained 

compliance with healthcare regulations. 

Case Study 3: Technology Company 

A technology company with a complex supply chain leveraged autonomous pen-testing to assess the 

security of its third-party vendors. The scalability of the pen-testing tool allowed the company to test 

multiple vendors simultaneously, providing a comprehensive view of the supply chain's security posture. 

This proactive approach enabled the company to mitigate risks before they could be exploited by cyber 

adversaries. 

Challenges and Considerations 

While the benefits of autonomous pen-testing are clear, organizations should be mindful of the challenges 

and considerations involved in its implementation: 

1. Initial Investment 

The cost of acquiring and integrating autonomous pen-testing tools can be significant. Organizations 

need to weigh this investment against the potential savings from preventing breaches and improving 

security. 

2. Skill Requirements 

While autonomous pen-testing reduces the need for manual intervention, organizations still require skilled 

personnel to interpret results and take appropriate action. Investing in training and development is crucial 

to maximize the benefits of this technology. 

3. Third-Party Collaboration 

Successful implementation of autonomous pen-testing requires collaboration and cooperation from thirdparty 

vendors. Organizations must establish clear communication channels and foster a culture of 

transparency and trust. 

4. Regulatory Compliance 

Organizations must ensure that their autonomous pen-testing practices comply with relevant regulations 

and standards. This includes obtaining necessary permissions and maintaining records of testing 

activities. 



How Sennovate Can Help 

Sennovate, a leader in cybersecurity solutions, is uniquely positioned to assist organizations in 

overcoming these challenges and successfully implementing autonomous pen-testing for TPRM. Here’s 

how Sennovate can help: 

1. Expert Guidance and Consultation 

Sennovate provides expert guidance to help organizations select the most suitable autonomous pentesting 

tools. Our team of experienced cybersecurity professionals works closely with clients to 

understand their specific needs and risk profiles, ensuring that the chosen solutions align with their 

security objectives. 

2. Seamless Integration 

We assist organizations in integrating autonomous pen-testing tools with their existing security 

infrastructure. Our seamless integration process ensures that the tools work efficiently within the client’s 

environment, providing real-time monitoring and comprehensive coverage without disrupting operations. 

3. Customized Testing Parameters 

Sennovate helps organizations define and customize the parameters for pen-tests, ensuring that the 

testing scope aligns with their risk management strategies. Our tailored approach ensures that all relevant 

attack vectors are tested, providing a thorough assessment of third-party security. 

4. Continuous Improvement and Training 

We offer ongoing support and training to help organizations interpret the results of autonomous pentesting 

and take appropriate action. Our continuous improvement programs ensure that clients stay 

ahead of emerging threats and maintain a robust security posture. 

5. Collaboration with Third Parties 

Sennovate facilitates collaboration between organizations and their third-party vendors, promoting 

transparency and trust. Our collaborative approach ensures that all parties are aligned in their security 

objectives and work together to address identified vulnerabilities. 

6. Regulatory Compliance Support 

We ensure that our clients’ autonomous pen-testing practices comply with relevant regulations and 

standards. Sennovate’s comprehensive compliance support includes obtaining necessary permissions, 

maintaining testing records, and providing documentation for regulatory audits. 



Conclusion 

The integration of autonomous pen-testing in an 

assumed breach approach marks a new era in thirdparty 

risk management. This innovative strategy 

addresses the limitations of traditional TPRM 

methods, providing continuous, objective, and 

comprehensive assessments of third-party security. 

As organizations increasingly adopt this approach, we 

can expect a significant reduction in cyber risks and a 

stronger, more resilient digital ecosystem. 

As a thought leader in cybersecurity, I am excited about the potential of autonomous pen-testing to 

revolutionize TPRM. By shifting the focus from assumed risks to actual risks, we can build a safer and 

more secure future for businesses and their stakeholders. Embracing this technology is not just a 

strategic advantage; it is a necessity in the ever-evolving landscape of cyber threats. 

In conclusion, the time is now for organizations to rethink their TPRM strategies and embrace the power 

of autonomous pen-testing. The future of cybersecurity depends on our ability to innovate and adapt, and 

autonomous pen-testing is a critical step in that direction. Together, we can transform third-party risk 

management and create a more secure digital world. 


Arun Kumar Krishna is Chief Technology Officer of Sennovate Inc. He has 

12+ year of experience and specializes in AI-driven cybersecurity. Leveraging 

deep technical expertise and Web3 background to protect clients' critical 

assets. Building scalable, resilient security solutions and driving industry 

innovation. He recently published a book on AI in Cybersecurity:” Transforming 

Threat Detection and Response.” 

Arun can be reached online at akrishna@sennovate.com and on Linkedin as 

well as at our company website http://www.sennovate.com/ 



The Hidden Dangers of Free Messaging Apps: Security Risks 

and Data Mining Threats 

By Nicole Heron, Marketing Manager at Salt Communications 

In the era of constant communication with friends, family and peers, free messaging apps have become 

a ubiquitous part of our daily lives. However, their convenience often comes with hidden dangers, 

particularly for businesses. The security risks and data mining threats associated with these apps can 

have serious implications. 

Here’s why using a secure communication system is vital and why businesses should consider investing 

in robust, enterprise-grade solutions. 

Security Risks of Free Messaging Apps 

Free messaging apps are attractive targets for cybercriminals due to their widespread use and often 

inadequate security measures. These apps can expose users to various security risks, including: 

1. Lack of Control: The main issue with using WhatsApp for business is the lack of control organisations 

have over the platform, meaning they cannot regulate employee communications. This absence of 

oversight can lead to unmonitored sharing of sensitive information outside of intended recipients, 

increasing the risk of data leaks and non-compliance with industry regulations. 



2. Malware Distribution: Popular messaging platforms are common vectors for distributing malware due 

to their open nature, allowing anyone to communicate with anyone else. This approach means users 

cannot prevent hackers from contacting them via these apps, which can leave them open to receiving 

malware, compromising their devices and stealing their information. Cybercriminals often disguise 

malicious links or attachments within messages, which, when opened, can install malware that captures 

keystrokes, accesses files, or even takes control of the entire device. 

3. Unauthorised Access: Poor authentication mechanisms can allow unauthorised individuals to access 

accounts, leading to data breaches. Weak passwords, lack of multi-factor authentication, and insufficient 

encryption practices make it easier for attackers to gain entry. Once inside, they can steal sensitive 

information, impersonate users, or spread misinformation, potentially causing significant financial and 

reputational damage. 

Data Mining Threats 

One of the most insidious dangers of free messaging apps is data mining. These platforms often collect 

and analyse user data to monetise their services, posing significant privacy concerns: 

1. Data Harvesting: User conversations, metadata, and personal information are often harvested by free 

messaging apps. This data collection includes details such as who you communicate with, the frequency 

of communication, and even the content of your messages. This harvested data is frequently sold to third 

parties, such as advertisers or data brokers, often without the user’s explicit consent. This practice raises 

significant privacy concerns, as users may not be fully aware of the extent to which their personal data is 

being collected and shared. 

2. Targeted Advertising: The data collected from users is used to create detailed user profiles, which 

are then utilised for targeted advertising. These profiles can include information about your interests, 

behaviours, and preferences, enabling advertisers to deliver highly personalised adverts. While this might 

be seen as beneficial to some, it can feel intrusive to many users, as it often reveals just how much the 

app knows about them. This erosion of privacy can lead to a loss of trust in the platform, as users become 

increasingly concerned about how their information is being used. 

3. Uncontrolled Data Sharing: Data shared with third parties by messaging apps can be further sold, 

shared, or even leaked. Once the data is out of the app’s control, it becomes challenging to monitor how 

it is being used, leading to potential misuse. This uncontrolled data sharing can result in sensitive 

information being exposed to malicious actors or used in ways the user never intended, such as identity 

theft, financial fraud, or unwanted solicitation. The lack of transparency and control over this data sharing 

further undermines user trust and can have serious consequences for personal privacy and security. 



The Importance of Secure Communication Systems 

For businesses, relying on consumer apps for communication is not just risky but potentially disastrous. 

Here’s why investing in a robust, enterprise-grade communication solution is essential: 

1. Data Privacy: Enterprise-grade solutions ensure that communications are private and secure, 

safeguarding sensitive business information from unauthorised access. Unlike free messaging apps, 

which may expose data to various risks, these solutions employ robust encryption and security protocols. 

This means that only the intended recipients can access the information, significantly reducing the risk of 

data breaches and ensuring that confidential business discussions remain protected from prying eyes. 

2. Regulatory Compliance: Businesses must adhere to a range of data protection regulations, such as 

DORA, SEC, GDPR, HIPAA, and others. Secure communication systems are designed to help maintain 

compliance with these regulations by offering advanced security features, data control, and compliance 

configurations. These systems allow businesses to enforce data handling policies, ensure that 

communications are encrypted, and provide the necessary tools to demonstrate compliance during 

audits, thus avoiding hefty fines and legal complications. 

3. Overall Security: Enterprise and military grade communication solutions provide comprehensive 

security measures, including end-to-end encryption, strong authentication methods, flexible deployment, 

strict data retention policies and regular security updates. These measures ensure that business 

communications are protected against the ever-evolving landscape of cyber threats. By continuously 

updating security protocols and applying patches, these solutions defend against vulnerabilities that 

cybercriminals might exploit, thereby safeguarding the integrity and confidentiality of business 

communications. 

4. Maintaining Trust: Using secure communication systems reflects a business’s commitment to 

protecting client and employee information, which is crucial for maintaining trust and upholding the 

company’s reputation. Clients and employees alike expect their personal and professional information to 

be handled with the utmost care. By prioritising secure communications, businesses demonstrate their 

dedication to safeguarding this information, thereby strengthening relationships and fostering loyalty. 

5. Regain Control: The hidden dangers of free messaging apps—such as security risks and data mining 

threats—underscore the vital importance of using a secure communication system. For businesses, the 

stakes are even higher. Investing in a robust, secure communication solution not only ensures data 

privacy and regulatory compliance but also bolsters overall security. By regaining control over who 

accesses the system as well as how and where communications are managed and secured, businesses 

can protect sensitive information, maintain trust, and shield themselves from the increasingly common 

threats of data breaches and privacy violations. 

In an age where data breaches and privacy violations are increasingly common, the hidden dangers of 

free messaging apps cannot be ignored—especially by businesses. While these apps offer convenience, 

they also expose users to significant security risks and data mining threats, which can lead to serious 

repercussions for both individuals and organisations. 



Salt is the pioneer in providing a comprehensive solution for encrypted communications between 

smartphone users and secure systems within their organisation. The Salt product offers centralised 

control for administrators, integrating with trusted internal services, and providing secure calls, 

messaging, and file transfers for users making critical decisions on the go. 

In a landscape where choosing between free messaging apps and secure communication systems 

equates to choosing between vulnerability and protection, Salt enables businesses to safeguard their 

operations against the constantly evolving threats of cyberattacks. By opting for Salt, organisations 

demonstrate a commitment to security and privacy, protecting not only their reputation but also their 

future. 

To sign up for a free trial or demo of Salt Communications contact us on info@saltcommunications.com 

or visit our website at https://saltcommunications.com/. 

References: 

https://www.consumernotice.org/data-protection/mining/ 

https://saltcommunications.com/news/the-not-so-hidden-dangers-of-conducting-business-overwhatsapp-why-your-data-isnt-safe/ 


Nicole Heron, Marketing Manager at Salt Communications. Nicole 

has been working within the Salt Communications Marketing team 

for several years and has played a crucial role in building Salt 

Communications reputation. Nicole implements many of Salt 

Communications digital efforts as well as managing Salt 

Communications presence at events, both virtual and in person 

events for the company. 

Nicole can be reached online at LINKEDIN, TWITTER or by 

emailing nicole.heron@saltcommunications.com and at our 

company website https://saltcommunications.com/ 



Security Through Collaboration: France and Saudi Arabia 

By Jacques de la Riviere, CEO, Gatewatcher 

With a population of just over thirty-six million, Saudi Arabia has established itself as a key international 

player in cybersecurity. Through its various development programmes - particularly the Saudi Vision 2030 

project, the Kingdom (KSA) has begun building strong cyber defense capabilities. It is now a balancing 

force in the Middle East, playing a regulatory role on the international stage. 

However, this strategic shift has made it a prime target for cyberattacks. In 2020, Saudi Arabia recorded 

over 22.5mn cyberattacks. By 2022 this had risen to 110mn. Furthermore, Forrester Group research 

commissioned by Tenable found that 40% of cyberattacks against Saudi Arabian organisations in the 

past two years have been successful. 

This level of threat arises because the kingdom faces the same risks as Western countries: rapid digital 

transformation, growing interconnection of critical infrastructures, and increasingly sophisticated 

cybercriminals exploiting vulnerabilities, before robust defenses are implemented. 



A bold national strategy: innovation at the heart of defense 

Addressing these threats, Saudi Arabia is not merely reactive. The KSA is structuring its cyber defense 

along two key axes. On one hand, a coherent national organization, and on the other, a strategy that 

balances investment with the establishment of a clear legal framework. 

In 2017, Saudia Arabia created and then institutionalized, the National Cybersecurity Authority (NCA). 

This body set clear policies and strong regulatory frameworks, to develop a nationwide, holistic cyber 

strategy. 

A key part of this evolution has been international cybersecurity events, including large-scale 

conferences. In February 2020, the first edition of the Global Cybersecurity Forum (GCF) launched under 

Saudi Arabia’s G20 presidency, aiming to contribute to a more resilient and inclusive cyberspace. This 

forum attracts over 9,000 participants from 117 countries, including cybersecurity experts, NGOs, private 

companies, and international organizations. 

The Forum fosters multilateral collaboration and progress on socio-economic challenges related to 

cybersecurity. It has had a direct impact on the development of a regulatory framework that matches the 

digital ambitions of Saudi Arabia. The resultant anti-cybercrime laws help protect the KSA in the face of 

160,000 daily cyber incidents. 

France: A historical player in Saudi tech development 

Saudi Arabia’s desire to expand its influence and attract expertise has led the country to open to foreign 

businesses. 

France is a respected partner in Saudi technological development, particularly thanks to its cybersecurity 

expertise. Exchange programmes between French universities and institutions like the Prince 

Mohammed bin Salman College for Cybersecurity are examples of this cooperation, fostering a robust 

ecosystem for the movement of talent. 

This partnership demonstrates a continuous transfer of technical expertise and collaborations around 

strategic cybersecurity projects. It contributes to the development of a talent pool in this rapidly growing 

sector. 

In 2024, a delegation led by France’s Minister of the Interior, Gérald Darmanin, further strengthened ties 

between the two nations. This mission paved the way for collaborative innovation: Gatewatcher 

presented solutions to Saudi leaders, including multi-vector technology, capable of detecting both known 

and unknown attacks while ensuring that no data leaves the Kingdom. 



Towards a lasting and proactive partnership 

Faced with a greater number of cyberattacks, that are increasingly sophisticated, cybersecurity has 

become an absolute priority for Saudi Arabia. Recent research points towards a third of Saudi businesses 

projecting an increase of 6-10% in their organisation's cyber budget. 

This is not just a response to current threats but an initiative-taking strategy, backed by significant 

investments. Consequently, the Saudi cybersecurity market set to reach SAR 13.3 billion (USD 3.5 

billion), according to the latest report from the NCA. 

In this context, the CyberIC programme, initiated by the National Cybersecurity Authority (NCA), aims to 

strengthen the country's defenses by encouraging public and private organizations to adhere to the 

strictest cybersecurity standards, while training their teams to face new threats. 

Saudi Arabia’s ranking as the number one country in the world for addressing cybersecurity concerns, 

according to the World Competitiveness Yearbook 2024, not only highlights the country’s progress but 

also presents significant opportunities for cybersecurity companies, particularly those from France. 

The Franco-Saudi partnership is strengthened as cyber defense challenges become global and require 

coordinated approaches. Cybersecurity can no longer be addressed in isolation: the growing number of 

threats demands a collaborative vision, where strategic alliances and cooperation are essential to 

anticipate, and counter cyberattacks. In this context, France and Saudi Arabia will continue to collaborate 

to remain competitive in a rapidly evolving international sector. 


Jacques de la Riviere is the Founder and CEO of Gatewatcher, a 

cybersecurity provider based in France. Jacques has held positions 

throughout OpenCyber, Adneom and BK Consulting. He is also currently 

vice-president of Hexatrust - a cluster of 100 European software 

cybersecurity leaders and cloud providers. 



Industry Experts on Sustaining Vigilance for A Secure Digital 

Future 

Cybersecurity Awareness Month may have come to a close, but the need for vigilance in our digital lives 

remains as crucial as ever. As we move forward, it’s essential to remember that cyber threats don’t 

adhere to a calendar—they are a constant presence. From phishing scams to ransomware attacks, the 

landscape of cyber threats is ever-evolving, and staying informed and prepared is our best defense. 

We’ve compiled expert insights to guide our path forward, providing practical advice and strategies to 

stay ahead of cybercriminals. By incorporating these recommendations into our daily routines, we can 

transform last month’s awareness and practices into lasting habits, paving the way for continuous action 

and a more secure digital future. 



Philip George, Executive Technical Strategist, InfoSec Global Federal: 

Cybersecurity Awareness Month this year comes on the heels of NIST releasing post-quantum encryption 

standards, which are designed to withstand attacks from cryptographically relevant quantum computers 

(CRQC). For several years, the cybersecurity community and government leaders have been raising 

awareness around the impending threat of a CRQC and the potential large-scale effort to migrate to 

quantum safe encryption, recognizing there is not one area across the information technology domain 

that does not rely on some aspect of vulnerable classical cryptography. Therefore, the arrival of the new 

quantum safe standards is a pivotal moment. These new ciphers provide public and private sectors with 

the ability to establish an effective bulwark against both present day and emerging cryptographic threats 

to include the prospect of a CRQC. 

But the very first step for any organization is to conduct an automated discovery and inventory of deployed 

cryptographic assets. This single act provides the foundation for the development of a comprehensive 

and effective defense in-depth strategy that aligns with larger efforts like that of zero-trust (ZT) 

modernization. If an organization has not conducted an automated discovery and inventory scan in lieu 

of prior manual efforts, they could be implicitly accepting risk that has neither been accurately assessed 

nor mitigated. This can create scenarios where PQC migration execution is incomplete at best or fails to 

mitigate an exposed attack surface of a high value asset. 

Once a comprehensive inventory has been achieved, however, organizations will have more insight into 

how best to approach remediation and decide between either a stand-alone effort or to incorporate within 

existing zero-trust modernization activities. The outcome of which would be a more informed ZTA plan 

that ensures quantum safe cryptography is incorporated into new architecture and tools and enables 

effective cryptographic posture management. 

Which leads into the final area of consideration while planning your PQC migration strategy: agility. The 

concept of cryptographic agility is the ability to implement, update, change, and remove cryptographic 

functions from systems and applications on demand, without changing the systems or applications 

themselves. By adopting such a model within your PQC migration plan, organizations will ensure future 

quantum safe algorithms are easier to adopt and require a dramatically lower level of effort to 

operationalize. NIST has also initiated a cryptographic agility workstream that seeks to provide guidance 

and best practices around sound cryptographic agility adoption strategies for departments and agencies. 

Migrating to the new post quantum algorithms will take considerable time and effort. Aligning such 

activities with similar large scale modernization efforts like zero-trust will be key. This paired approach 

will ensure that the adoption of ZTA principles won't be undone by continuing to rely on soon to be 

deprecated cryptography. Cryptography is the underpinning of Zero Trust, so aligning PQC migration 

with Zero Trust initiatives is imperative. 

Danny Brickman, CEO and Co-Founder, Oasis Security 

Non-Human Identities (NHIs) such as service accounts, tokens, access keys, and API keys, are 

fundamental components of modern business operations across all sectors and industries. However, NHI 

management is often neglected, which leaves organizations vulnerable to severe cyber threats. Recent 



high-profile breaches that stemmed from the exploitation of NHIs underscore the criticality of properly 

managing and securing NHIs. 

October is Cybersecurity Awareness Month, a time dedicated to prioritizing cybersecurity best practices 

and shoring up cyber defenses. With traditional identity & access management solutions and best 

practices rendered obsolete, and NHIs proliferating every day, the industry needs solutions to properly 

secure this massive attack surface. 

Now is the time for enterprises and midmarket organizations alike to incorporate comprehensive NHI 

management into their security and identity programs. Core best practices for managing NHIs include: 

• Maintain a comprehensive and up-to-date inventory of all NHIs within the organization 

• Understand the business context and owners of each NHI 

• Apply the principle of least privilege 

• Monitor the environment continuously to detect and respond to suspicious activities involving 

NHIs 

• Define governance policies and implement them via automation 

• Prioritize secret rotation 

• Decommission stale and orphaned service accounts 

Non-human identity management (NHIM) is a security, operational and governance challenge. To 

effectively address it, organizations need a purpose-built enterprise platform that solves all three. 

Successful NHIM requires not only discovering NHIs in real time and without prior knowledge of them, 

but also understanding their individual business context (usage, consumers, owners, authentication 

methods, entitlements, resources, risk factors, behavior, etc.). In order to achieve this, modern NHI 

management solutions must be able to ingest vast amounts of data from a wide range of sources (audit 

logs, IDP, Vaults, DSPMs, ASPMs, etc.) and continuously analyze it with advanced AI/ML, LLMs and 

behavioral analytics techniques. 

Cybersecurity Awareness Month is a good reminder to invest in the right tools and best practices to 

protect against evolving threats and uphold security in a dynamic digital landscape. 

Victor Monga, Global Cybersecurity Technologist, Menlo Security 

The internet has become such a big part of our everyday lives, and most of us don’t even realize how 

much we rely on it. Whether we’re shopping online, paying bills, or even closing million-dollar deals for 

work, most of these activities now happen in our web browser. It’s like the front door to everything we do 

online. But with that convenience comes risk. The same browser that lets you order groceries or work 

from home can also be a target for cybercriminals trying to steal your money, your identity, or even your 

work. It’s no longer just about protecting your bank account—it’s about protecting everything that matters 

to you. 



Here are a few things that can happen if your digital security is compromised: 

• Identity theft: Hackers can use your personal information to open credit cards or take out loans 

in your name. 

• Loss of privacy: Cybercriminals can access your emails, personal messages, and sensitive files. 

• Job security risks: If you work from home or on the go, your job might be at risk if your company’s 

data is stolen through your browser. 

• Family safety: Your kids’ information can also be at risk, leading to identity theft or unwanted 

exposure to harmful content. 

To protect yourself online, there are some simple but powerful steps you can take to keep your 

information safe. One of the most important things you can do is always use multi-factor authentication 

(MFA) whenever possible. This adds an extra layer of security by requiring a second form of identification, 

like a text message code or an app confirmation, before accessing your accounts. It’s also smart to 

validate any requests for money or signatures—if you’re about to transfer funds or sign an important 

document, double-check with the person or organization first, especially if it seems urgent or unexpected. 

Keeping an eye on your financial well-being is just as important, so make sure you review your credit 

card statements regularly for any suspicious activity. 

Here are a few other things you can do to protect yourself: 

• Keep your PC and all software up to date: Regular updates help patch security vulnerabilities 

that hackers could exploit. 

• Only install software from trusted sources: Avoid downloading anything unless you’re certain 

it’s safe and from a reputable company. 

• Be mindful of what you post or click on online: Remember, once you post something or click 

a suspicious link, it’s often a one-way street. Visiting websites with fake coupons or offers could 

lead to malicious actors tracking your activity or worse—hacking into your system and ruining 

your day. 

By following these steps, you can significantly reduce your risk of becoming a victim of cybercrime and 

protect not just your finances, but your personal life and privacy as well. Another essential way to protect 

yourself is by freezing your credit, which makes it harder for identity thieves to open new accounts in your 

name. You can call the three major credit bureaus—Equifax (1-800-685-1111), Experian (1-888-397- 

3742), and TransUnion (1-888-909-8872)—to request a credit freeze. It’s free, and it helps stop any new 

credit accounts from being opened without your permission. It’s a simple but effective way to secure your 

personal information. Stay vigilant and cautious—it’s better to prevent an issue than to fix it later! 

Venky Raju, Field CTO, ColorTokens 

When a cybersecurity breach makes headlines, the finger often points straight at humans. High-profile 

incidents like the SolarWinds attack, where human error was cited as a key factor, the recent 23andMe 

breach blamed on users' weak passwords, or Uber's MFA fatigue incident—all reinforce the narrative 

that humans are the weakest link in security. While there's some truth to it, I believe it's not the whole 



story. The real issue isn't human incompetence. It's the complexity of the systems we expect people to 

navigate. Alert fatigue, overly complicated user interfaces, and an endless stream of warnings all 

contribute to burnout. Combine that with limited budgets and staffing, and it's no wonder mistakes 

happen. 

Instead of piling more responsibilities onto users, we need to rethink our approach to cybersecurity. 

• Rethinking Authentication: Passwords are a prime example. We tell people to use complex, 

unique passwords, change them frequently, and never reuse them. Password managers are 

supposed to help, but even they aren't foolproof. The LastPass breach raised concerns about 

relying solely on these tools since they can become single points of failure. 

• Embracing Passwordless Technologies: By adopting passwordless technologies like 

passkeys or biometric authentication, we can enhance security and simplify the user experience. 

Passkeys use public-private key cryptography, allowing users to authenticate using their devices' 

built-in capabilities. 

• Reducing Alert Fatigue: Cybersecurity professionals face an overwhelming number of alerts 

daily, many of which are false positives. This constant barrage leads to alert fatigue, where 

genuine threats might be missed. Our reliance on detection and response technologies like 

Endpoint Detection and Response (EDR) contributes to this overload. While valuable, they 

shouldn't be our only defense. 

• Proactive Security Measures: By adopting proactive security measures, we can reduce alerts 

and ease the burden on professionals. Techniques like microsegmentation compartmentalize the 

network, limiting threat spread and reducing the attack surface. By fortifying networks from the 

start, we prevent threats from reaching users in the first place. This approach lessens the reliance 

on human vigilance and reduces the chances of error due to fatigue or complexity. 

This Cybersecurity Awareness Month, let's shift the narrative. Too often, we find the easy victim—users— 

when the real issue lies in the systems they're forced to work with. As responsible technologists, it's our 

duty to simplify their lives, not complicate them. 

It's time to stop expecting users to be perfect and start designing systems that support them better. After 

all, security is a collective responsibility, and technology should be an enabler, not an obstacle. 

Building a Resilient Future through Continuous Improvement 

By making cybersecurity a daily priority, we can safeguard our data, protect our privacy, and contribute 

to a more resilient digital community. Together, we can build a future where security is ingrained in our 

routines, and our collective efforts create a formidable barrier against cyber threats. Staying informed 

and integrating these expert strategies into our daily lives helps us stay ahead of cybercriminals and 

fosters a culture of continuous improvement and vigilance. This proactive approach ensures that our 

efforts during Cybersecurity Awareness Month are not just a temporary focus but a permanent part of our 

approach to digital security. 




Philip George, Executive Technical Strategist, InfoSec Global 

Federal 

Philip George has led federal initiatives in mitigating the post-quantum 

cryptographic (PQC) threat for national security systems, as well as 

supporting software code assessments and the establishment of 

verifiable software bill of materials artifacts. He continues this effort 

with InfoSec Global Federal to ensure other government agencies 

understand the need for cryptographic visualization and vulnerability 

management. He actively works with government PQC POCs, the 

NIST NCCOE, and their partners to promote the establishment of 

enforceable cryptographic policies that incorporate agility into zero trust 

modernization efforts. 

Danny Brickman, CEO of Oasis Security 

Danny Brickman is the Co-Founder and CEO of Oasis Security, the 

leading provider of Non-Human Identity Management (NHIM) 

solutions. A visionary entrepreneur, Danny drives strategic direction, 

product innovation, and global business development at Oasis. 

Before co-founding Oasis with Amit Zimerman in August 2022, Danny 

led product strategy at Buildots, developing solutions for the 

construction technology sector. Danny's extensive cybersecurity 

experience includes 11 years in the Israel Defense Forces (IDF) in 

various roles such as Head of Cyber R&D Department, Cyber R&D 

Course Commander, and Cyber R&D Team Lead. During his time with 

the IDF, Danny received the Israel Defense Prize for his significant contributions to Israel’s national 

security. 

Danny's academic background includes a Master of Engineering in Biomedical Engineering from the 

Technion – Israel Institute of Technology. He also holds a Bachelor of Science in Computer Science and 

Physics from the Hebrew University of Jerusalem. 



Victor Monga, Global Cybersecurity Technologist, Menlo Security 

Victor Monga is a Global Cybersecurity Technologist at Menlo Security, 

where he leverages his extensive expertise to advance cybersecurity 

solutions for organizations worldwide. With a strong background in threat 

detection and incident response, Victor is dedicated to enhancing digital 

security through innovative technologies and strategies. His passion for 

cybersecurity drives him to educate and empower teams to navigate the 

complex landscape of cyber threats effectively. 

Venky Raju, Field CTO, ColorTokens 

Venky Raju, Field CTO of ColorTokens, has a strong background in 

computer networking, software development, and cybersecurity. He has 

led R&D teams across the globe developing leading-edge networking 

solutions, smartphone platforms, and connected applications. 



The Best Defense Against BEC Attacks: A Threat Intensified by 

AI And Digitalization 

With the rise of AI and digitalization, the threat of BEC attacks is growing. To combat these 

threats, enterprises must implement a robust and layered security approach 

By Robert Haist, CISO, TeamViewer 

The global workforce is becoming increasingly digital. While this brings a slew of benefits, including 

flexibility, reduced costs, happier employees, etc.; it threatens one area in particular: cybersecurity. The 

shift to hybrid and remote work – excelling the use of personal devices for work – has triggered a trend 

of business email compromise (BEC) attacks, quickly becoming one of the most pressing cybersecurity 

threats for businesses. Cybercriminals, armed with AI tools, are using BEC scams to infiltrate companies, 

access confidential information, and deceive employees into making fraudulent transactions. 

Additionally, geographically dispersed workforces have made it harder for IT teams to monitor network 

activity and secure access to sensitive data. These gaps in security, combined with the power of AI, have 

provided fertile ground for cybercriminals, allowing them to exploit vulnerabilities on personal devices and 

trick employees into granting unauthorized access to systems. 



A Threat Intensified by AI and Digitalization 

The rise of AI has so far been no help when it comes to the issue of these attacks. Much like privacy 

violations, data breaches and bias issues have been exacerbated by AI, the frequency of BEC attacks 

have surged in recent years. In fact, BEC accounted for only 1% of cyberattacks in 2022, which rose to 

more than 18% of all attacks in 2023. 

Making matters worse, AI is further amplifying the effectiveness of BEC scams. Criminals now use AIpowered 

tools to craft personalized emails that mimic the language and tone of executives, customers or 

partners. This approach allows scammers to generate emails with minimal spelling or grammatical errors 

– something that has historically been a dead giveaway in a phishing email – increasing their chances of 

success. AI can even translate phishing emails into multiple languages, broadening the scammers’ reach 

and making it easier for them to target global enterprises. 

The First Line of Defense: Empowering Employees 

One of the most effective ways to protect against BEC attacks is to empower employees to recognize 

and respond to phishing scams. However, the type of security awareness training organizations have 

implemented in the past are no longer enough. Today’s BEC attacks are highly sophisticated and – with 

the help of AI and social engineering tactics – can deceive even the most vigilant employees. That is 

exactly why enterprises must implement dynamic, engaging security awareness programs that simulate 

real-world scenarios. 

Employees can no longer rely on common indicators like poor grammar or spelling and have to be trained 

to look for other giveaways. 

These training programs should teach employees to identify common red flags, such as spoofed email 

addresses, a sense of urgency, unexpected requests for financial transactions, or changes to account 

information. Additionally, employees must be trained to verify internal suspicious email requests by 

contacting the sender through an established communication channel, such as their phone number or a 

company chat tool like Slack or Microsoft Teams. Similarly, external emails should also be questioned 

and authenticity should be confirmed by contacting the company sending the email via a published phone 

number on their website. 

But it doesn’t stop there. With AI upleveling phishing and BEC attacks, it is important for security training 

programs to continuously evolve to account for the latest threats and advancements, and to keep 

employees skeptical and vigilant. 

The Cornerstone: Zero Trust 

While employee education is crucial, it is not enough to fully protect organizations from the growing 

sophistication of BEC attacks. A comprehensive cybersecurity strategy must also include robust security 

processes, with zero trust at the core. 



The zero-trust model operates under the assumption that no user or device – whether inside or outside 

the organization – should be trusted by default. Every user must be continuously authenticated before 

accessing sensitive resources, ensuring that even if an attacker gains access to login credentials, there 

will be a number of roadblocks, so they aren’t able to gain automatic access and move freely within the 

organization’s systems. 

Supporting Tactics: Key Security Measures 

To support a zero-trust framework, enterprises should implement several key security measures, 

including multi-factor authentication (MFA); least privilege access; continuous monitoring and risk-based 

access controls; and network segmentation. 

MFA goes beyond username and password, and requires users to provide multiple forms of identification, 

such as a password and a code from an app or a biometric scan. It significantly raises the barrier for 

attackers attempting to use stolen credentials to access a system. 

The principle of least privilege access ensures that employees are granted only the minimum level of 

access required to perform their jobs. By limiting access, organizations can minimize the damage in the 

event of a security breach. 

Continuous analytics monitoring and risk-based access controls allow security teams to monitor user 

behavior and identify any suspicious activity. For example, if a login attempt is made from an unfamiliar 

location, the system can require additional verification steps to ensure the legitimacy of the request. 

Lastly, by dividing the network into smaller, isolated sections, organizations can contain potential threats 

more easily. Even if an attacker breaches one part of the network, their access will be restricted, 

preventing them from compromising the entire system. 

A Multifaceted Approach 

The level of remote work in the United States has remained steady since 2022 and may reach even 

higher levels in the future. Simultaneously, AI will continue to play an increasingly prominent role in the 

development of phishing emails, making them harder to detect and more effective at bypassing traditional 

security measures. 

With that, the best defense against BEC attacks is a holistic and layered security approach centered on 

zero trust. By continuously educating employees on how to recognize and respond to BEC attacks and 

adopting a zero-trust model with supporting security measures, enterprises can significantly reduce the 

risk of falling victim to BEC scams. 

As AI continues to evolve and BEC attacks grow more sophisticated, businesses must remain vigilant 

and agile in their security efforts. Only by combining technological safeguards with employee education 

will organizations be able to effectively defend themselves against the complex and ever-changing threat 

landscape of BEC attacks. 




Robert Haist is the Chief Information Security Officer (CISO) at 

TeamViewer. He is responsible for the internal and product security 

programs to keep our customers safe. He is passionate about 

information security, threat intelligence, and incident response. He 

has a ten-year cyber security leadership background with a focus on 

threat intelligence, incident response and digital forensics. He holds 

a MSc. with distinction in Advanced Security & Digital Forensics from 

Edinburgh Napier University and an Executive MBA from the Quantic 

School of Business and Technology. Robert is passionate about 

open-source software and digital solutions for a better and fairer 

society. Robert can be reached online via LinkedIn and at our 

company website https://www.teamviewer.com/en-us/ 



The Critical Importance of Securing Mobile Identities 

By David Natker, Vice President of Global Partners and Alliances, Zimperium 

Modern mobile threats are rapidly evolving and growing in sophistication, placing a critical need for 

steadfast vigilance and attention within a zero-trust framework. In particular, digital identities are at risk. 

SpyCloud Annual Identity Exposure Report 2024 shows that the average digital identity exposed on the 

dark web has a 1 in 5 chance of already being the victim of an infostealer malware infection. In essence, 

this means that criminals possess personal identity data such as credentials, personally identifiable 

information (PII), financial details, and valid session cookies. They can leverage this data for subsequent 

attacks, including session hijacking, fraud, and ransomware. Identity security allows organizations to 

enforce compliance requirements and enforce security policies, and enable your organization to hold 

users and partners responsible for their actions. Today’s remote work and digital transformation has 

increased the complexity of identity security and expanded the attack surface, placing high importance 

on finding an identity security solution. High-level security has become essential to meet the demands of 

corporate devices and the constantly changing environments they operate in, ensuring continuous insight 

into the exact risk posture of these devices. 



The Challenge 

Session hijacking, compromised credentials, phishing and advanced post-authentication attacks present 

substantial risks to businesses of any scale. According to Zimperium’s 2023 Global Mobile Threat Report 

it’s not solely that organizations are facing more breaches; the impact of these breaches are also more 

severe. In fact, 73% of organizations that experienced a mobile-related compromise classified it as a 

“major” breach. To highlight further, according to Verizon’s 2024 Data Breach Report, last year tripled 

(180%) in the increase in the exploitation of vulnerabilities. This surge enables attackers to gain 

unauthorized access to systems and data. 

To further describe the massive threat posed, “Broken Access Control” was listed as OWASP Top 10 

identifies leading security risk for web applications, noting 94% of tested applications exhibited 

vulnerability. 

4 Must-Haves of Identity Protection for Mobile Devices 

The combination of a changing work landscape and the increasing prevalence of mobile malware 

highlights the importance for enterprises to have a solution with the capabilities of a powerful identity 

protection platform. The following are key features that can drive a secure solution: 

• Real-Time Threat Intelligence: This enables quicker and more informed risk assessments by 

providing rich, real-time threat context and intelligence. 

• Comprehensive Mobile Threat Protection: Utilizing an on-device, adaptive detection engine 

within a robust, multi-layered framework, this approach employs machine learning, deep learning, 

behavioral analysis, and deterministic methods to deliver comprehensive and dynamic threat 

protection for mobile devices. This allows organizations to mitigate and quickly identify a broad 

range of mobile threats. 

• Automated Countermeasures: Organizations can share threat signals to trigger automated 

responses to identity-based threats, such as initiating multi-factor authentication prompts or 

terminating sessions, as a result significantly minimizing the window of vulnerability. 

• Stronger Zero-Trust Security: Delivers real-time intelligence for both managed and unmanaged 

devices, making it ideal for zero-trust architectures. Maintaining a continuous risk posture 

enhances strong identity and access controls, further bolstering zero-trust security. 

Security Professionals’ Next Move 

Integrating robust mobile threat protection with AI-powered threat detection provides organizations with 

unparalleled mobile security and on-device operational efficiency. The combination of AI and mobile 

threat protection adds an extra layer of security, ensuring comprehensive defense against potential 

threats. Leading providers in the industry have been realizing the importance of this and are integrating 

identity threat solutions into their overall security strategies. For example, mobile security provider 

Zimperium recently partnered with Okta to enhance zero-trust identity threat protection with AI-driven 

mobile security solutions. 



CISOs and security leaders are navigating a complex threat landscape characterized by escalating 

compliance requirements, fragmented security solutions, and operational inefficiencies. This challenges 

security professionals to go beyond traditional identity and access management in order to stay ahead 

of security risks. For this reason, it is a game changer for security professionals to integrate a 

comprehensive mobile threat solution, designed to assess the full breadth of the mobile attack surface— 

including device, network, application, and web threats—into an identity platform to enhance security. 

As a result, companies can leverage real-time threat intelligence and rich threat context to provide 

comprehensive, real-time protection. 


David Natker is Vice President of Global Partners and Alliances at 

Zimperium. Natker has extensive experience in developing strategic 

partnerships. Prior to joining Zimperium, Natker was Senior Director of 

Sales for Global Service Delivery Partners at Rubrik . David can be 

reached online on LinkedIn, X and at our company website 

https://www.zimperium.com/. 



The Critical Role of Due Diligence in Mergers and Acquisitions 

By Charlie Wood, Executive Vice President, FoxPointe Solutions Information Risk Management 

division of The Bonadio Group 

The merger and acquisition (M&A) market has experienced a slump in recent years. This is poised to 

change, however, with KMPG reporting that more than half of firms surveyed expect to pursue at least 

one strategic transformational deal in 2025. In light of this, it is becoming increasingly important for 

acquiring organizations to understand and incorporate the due diligence process into their M&A activities. 

Scope of Due Diligence 

The due diligence process helps to identify and mitigate potential risks. Due diligence encompasses 

many different areas including financial, legal, operational, IT and more. When considering a potential 

M&A, organizations should carefully investigate the following areas: 



• IT and Cybersecurity – Due diligence procedures in the IT and cybersecurity space help 

organizations understand what controls the target has in place to identify and mitigate 

cybersecurity risk. 

• Tax and Finance – Performing tax, finance and accounting due diligence involves analyzing 

historical financial statements, reviewing past tax returns and identifying potential tax liabilities. 

• Operations – This includes a thorough review of an organization’s business processes, overall 

organizational structure and more. 

• Human Resources – Human resource due diligence considerations include employment 

contracts, compensation, benefits and company culture. 

• Market – This involves understanding the target’s market position, competitive landscape and 

customer base. 

Importance of Due Diligence 

The importance of conducting due diligence in the above areas cannot be understated. In a world rampant 

with cybercrime, IT and cybersecurity may be considered among the most important parts of the due 

diligence process. M&A transactions involve an exchange of intellectual property and data. This data is 

protected using various IT and cyber-centric security controls. If this data is important to the acquiring 

organization, then it is presumably of interest to cybercriminals as well. 

Failure to appropriately perform due diligence procedures can lead to a data breach and cause significant 

fines, loss of consumer confidence and trust, delays purchase price reduction and future liabilities. In 

order to limit the short-term and long-term costs associated with a breach, organizations need to ensure 

that they have a strong sense of what controls are currently in place. The IT due diligence process should 

include the following: 

• A review of physical and logical security access controls – Physical security access controls are 

those that protect the physical premises and hardware of an organization such as keys, badges, 

locks, surveillance cameras and more. Similarly, logical security access controls, such as 

passwords, data encryption, and software patches, protect digital assets. 

• Third party/vendor management – Third-party risk management (TPRM) involves analyzing and 

minimizing the risks associated with third-party vendors or suppliers. 

• Review of policies and procedures –Policies and procedures are structured guidelines that help 

organizations operate smoothly and efficiently, ensure compliance and establish consistent 

business practices. 

• Compliance requirement reviews – Compliance reviews include auditing an organization to 

ensure their operations, policies and procedures align with applicable regulatory standards. 

• Penetration testing procedures – Penetration testing involves simulating a cyberattack in order to 

discover and strengthen security vulnerabilities. 



• Incident response planning and training ¬ An incident response plan (IRP) is a documented and 

structured approach that outlines an organization’s protocols for responding to an incident. 

Training helps ensure that relevant stakeholders understand their role in the process. 

• Security awareness procedures – These procedures are designed to inform employees about 

security threats and educate them on policies and best practices to help protect organizational 

assets. 

• Disaster recovery – Disaster recovery (DR) is the process through which organizations respond 

to and recover from an event that negatively effects business operations. This might include data 

backups, business continuity planning, emergency response procedures and more. 

Considering the increasing prevalence of cybercrime, as well as the M&A markets projected growth, the 

importance of due diligence in M&A transactions is more important than ever. Leveraging a savvy 

cybersecurity agency and/or a Chief Information Security Officer (vCISO) helps support this vital process. 

A second set of eyes can ensure compliance and identify new and evolving risks – further strengthening 

the security posture of the organization. 


Charlie Wood is an Executive Vice President in the Information Risk Management 

division of The Bonadio Group and co-founder and Practice Leader of FoxPointe 

Solutions. He has over 27 years of experience in the IT, cybersecurity, and 

compliance space. 

Charlie can be reached online at https://www.linkedin.com/in/charlie-wood-1458147/ 

cwood@foxpointesolutions.com and at https://www.foxpointesolutions.com. 



The Internet of Things Privacy Review 

By Milica D. Djekic 

The Internet of Things (IoT) privacy is yet under special considerations which means many scientists, 

experts and professionals are doing a plenty of brainstorming and ideas exchanging day by day trying to 

develop something truly functional and cost-effective. In a modern business world, the majority of 

companies are ready to invest finances and resources into something that will guarantee a fast return 

and consequently a good profit to those who are interested into novel technological endeavors perhaps 

even if they are a product of the 4 th industrial revolution or anything which will come later, so far. The IoT 

privacy sounds promising especially if there is in mind all the advantages of the privacy systems that are 

well-designed through the US Army Tor project and indeed, if it is considered like that it’s clear some 

nation already has a rulership over such a technology and maybe some of their approaches could be 

applied in creating the next generation of the IoT systems. 



The main rule with the privacy projects is they use a decentralized networking architecture and very 

strong encryption which is challenged with the cryptographic key obstacles directly impacting reliability 

and efficiency of such a grid, so far. As it is well-known, the decentralized solutions use relays that cope 

with a couple of the layers of the cryptography and relay by relay the outer levels of protection are set to 

0 and in such a fashion, avoided in the next step of the data communication. Also, those layers of 

assurance could be neutralized using a static or dynamic absorber as those technical systems also 

provide a set of 0s as their outcome. In other words, no matter what signal is brought at an input of the 

neutralizer the output will always vanish or in such a sense, be set to nothing. 

Further, there are also the challenges of the complex cryptographic algorithm processing and encryption 

key distribution, so in such a case it is recommended to apply less complicated cryptography such as 

binary cryptosystems that operate in a sub-second period of time and do not use an encryption key as 

they are literally some sort of the nowadays perfect secrecy which the cryptologists of the WW2 and 

afterward seriously looked for, so far. The mathematical remark of the decentralized systems is they use 

a link encryption dealing with a heap of levels of the diagonal square matrix which makes a shield of the 

external members being with a very dynamic ciphertext that is quite time-varying and inner member being 

in such a sense, with the plaintext or open message which also travels via the signal line inside. 

The good idea with the IoT technology is to count on some kind of the decentralization within its route 

transferring data between devices in a very secure way as the link encryption is mastered a few decades 

back, while the binary cryptosystems are still under development and deployment at a truly starting point 

of their existence, but it is believed they could bring some hope to those who want to be reliable, prompt, 

inexpensive and trusted at the same glance, so far. 

About The Author 

Milica D. Djekic is an Independent Researcher from Subotica, the Republic of 

Serbia. She received her engineering background from the Faculty of 

Mechanical Engineering, University of Belgrade. She writes for some domestic 

and overseas presses and she is also the author of the books “The Internet of 

Things: Concept, Applications and Security” and “The Insider’s Threats: 

Operational, Tactical and Strategic Perspective” being published in 2017 and 

2021 respectively with the Lambert Academic Publishing. Milica is also a 

speaker with the BrightTALK expert’s channel. She is the member of an ASIS 

International since 2017 and contributor to the Australian Cyber Security 

Magazine since 2018. Milica's research efforts are recognized with Computer 

Emergency Response Team for the European Union (CERT-EU), Censys Press, BU-CERT UK and 

EASA European Centre for Cybersecurity in Aviation (ECCSA). Her fields of interests are cyber defense, 

technology and business. Milica is a person with disability. 



The Looming Quantum Threat: Safeguarding Our Digital Future 

By Rahul Tyagi, CEO and Founder at SECQAI 

Working alongside global governments and defense organizations, I've observed a worrying trend: 

hackers are now playing a long game and harvesting more encrypted data than ever before, and as a 

result, betting on the imminent arrival of quantum computing to break current cryptographic methods, 

potentially within the next few years. 

In 2024, the average cost of a data breach has surged to an unprecedented $4.88 million. As quantum 

computing advances, it threatens to amplify these figures exponentially. Our increasing dependence on 

digital infrastructure compounds this risk, creating a perfect storm of global vulnerabilities. If exploited, 

these weaknesses could leave institutions exposed to massive financial extortion and potentially trigger 

worldwide disruption. The convergence of quantum capabilities with our digitally interconnected society 

isn't just a cybersecurity concern - it's a looming existential threat to global stability. 

This isn't a far-off scenario, it's a clear and present danger that demands our immediate attention. 



The Quantum Countdown 

For years, strong encryption has been our digital fortress, keeping sensitive information safe from prying 

eyes. However, the advent of quantum computing threatens to shatter these defenses. Unlike classical 

computers, quantum computers can solve complex mathematical problems exponentially faster, 

potentially breaking the cryptographic algorithms that underpin our current security measures. 

Although many believe that this threat is a distant and far off problem, the quantum threat is closer than 

many realize. Innovative quantum simulation techniques could lead to breakthroughs in cracking current 

encryption methods much sooner than the ten-year time horizon suggested by many researchers in the 

field. 

This urgency is heightened by the "harvest now, decrypt later" strategy employed by state-sponsored 

hackers and cybercriminals. They're amassing vast troves of encrypted data, betting on future quantum 

capabilities to unlock these digital vaults. Therefore, the need for a solution to this problem is as imminent 

as the threat which will be at our heels in the next few years. 

Critical Infrastructure at Risk 

The implications for national security and critical infrastructure are profound. Power grids, financial 

systems, and telecommunications networks all rely on encryption to function securely. A quantum 

breakthrough could expose these vital systems to unprecedented vulnerabilities. 

We're not just talking about personal data or corporate secrets; we're looking at potential disruptions to 

the very fabric of modern society. The ability to compromise critical infrastructure could have catastrophic 

consequences. 

A Call to Action 

Given the stakes, what can be done to mitigate this looming threat? Drawing on my experience working 

with global entities, I propose a multi-faceted approach: 

1. Understand and Assess: First, we must conduct a thorough inventory of our digital infrastructure 

and the cryptography it uses. Tools like the open-source cryptography bill of materials developed 

by Banco Santander can be invaluable in this process. 

2. Prioritize and Migrate: Once the assessment is complete, organizations must prioritize their 

most critical systems and data for migration to post-quantum cryptography (PQC). This isn't a 

one-size-fits-all solution; it requires careful planning and execution. 



3. Government Mandates: We need stronger government action. Policymakers should mandate 

this migration and provide clear timelines, not just for public entities but for private organizations 

handling sensitive data as well. 

4. Adopt New Standards: With the National Institute of Standards and Technology (NIST) releasing 

new PQC encryption standards, immediate action is crucial. The standards are here; the migration 

should start now. 

5. Holistic Security Approach: While preparing for the quantum future, it's vital to address current 

vulnerabilities. When adopting post-quantum standards, choose technology platforms that also 

protect against today's threats. Memory-safe hardware architectures, for instance, can prevent 

exploits used in current attacks like ransomware. 

6. Secure Hardware Solutions: We should focus on building security from the ground up. By 

developing secure semiconductors, we can automatically protect against a significant portion of 

the world's attacks. It's about creating a foundation of security that's resilient to both current and 

future threats. 

The Road Ahead 

The transition to a post-quantum security landscape won't be easy or quick. It requires a concerted effort 

from governments, industry leaders, and technology innovators. But the alternative is unthinkable. 

As we stand on the brink of the quantum era, the message is clear: the time to act is now. Our digital 

future—and the critical infrastructure that supports modern society—depends on our ability to stay ahead 

of the quantum curve. By taking decisive action today, we can build a more secure tomorrow, 

safeguarding our digital world against the quantum threat that’s on the horizon. 




Rahul Tyagi is the CEO and Founder of SECQAI, a Londonbased 

leader in quantum security solutions. In 2021, Rahul cofounded 

SECQAI alongside Satyam Gandhi, with the mission of 

addressing the emerging cybersecurity threats posed by quantum 

computing. 

Recognised globally for its innovative leadership, SECQAI is the 

only Silicon Chip provider for Post Quantum Cryptography (PQC), 

selected for the NATO DIANA programme and included in the UK 

Chips Strategy under Chipstart. Rahul’s strategic vision drives 

SECQAI’s development in quantum-secure hardware, vital for 

protecting critical national infrastructure and the global IoT market 

in the quantum era. 

Rahul’s expertise spans across cybersecurity, vulnerability analysis, and hardware-based attack vectors. 

He has previously developed and red-teamed access authentication systems for UK Health Providers 

and continues to lead efforts in creating quantum-resistant semiconductors. Under his guidance, SECQAI 

integrates advanced technologies like Quantum Machine Learning (QML) to develop resilient solutions 

for both defense and commercial applications. 

He holds two quantum patents related to random number generation related to quantum effects and has 

filed another patent for a novel deployment of neuromorphic compute. His work not only addresses 

theoretical challenges but actively shapes the future of secure semiconductors and system-on-chip 

solutions. 

With a BScT in Theoretical Physics from Imperial College London and completion of the Stanford 

Innovation and Global Management (SIGM) programme, Rahul blends technical depth with an innovative 

mindset. His efforts to combat potential attack vectors, such as side-channel attacks and hardware 

tampering, have established him as a thought leader in the post-quantum cybersecurity. 

A frequent speaker on data security and AI development, Rahul is a recognised innovator, shaping the 

future of quantum-secure hardware, while advancing SECQAI’s mission to dominate in post-quantum 

cryptography and IoT security. 

Rahul can be reached online on LinkedIn, and at our company website https://www.secqai.com/ 



The #1 Reason Employers Ditch Their CISO (A Recruiter's Take) 

By Owanate Bestman, Founder, Bestman Solutions 

Recruiters will never be as in demand as doctors are. I’ve made my peace with that. Yet my role as a 

CISO headhunter and recruiter does require me to be a bit of a diagnostician. 

Observing organisations in that liminal phase in between CISOs can really be an eye-opener; as can 

working with CISOs who have recently left, been let go, or pushed out of their positions. 

I’m sure that it comes as a surprise to no one that CISOs generally leave roles due to stress. 

But why do CISOs get fired? Gross misconduct is vanishingly rare, yet I frequently get called in to replace 

CISOs who have been given the chop. 

In order to do so, and to help the organisation choose a new CISO that is more in line with their needs, I 

need to diagnose what went wrong. I need to uncover what about the previous CISO wasn’t hitting the 

mark, and what sort of individual they need in their place. 

Paging Dr Bestman… 



Common Reasons Why CISOs Get the Boot 

Let’s take a look at some of the common themes I encounter when employers fire a cyber leader. 

Sometimes, the reasons why employers ditch their current CISO aren’t the CISO’s fault at all: 

• The CISO hasn’t gelled culturally with the organisation, or was a poor cultural fit to begin with. 

• The CISO’s team, reporting lines, or the people around them have changed, affecting their fit 

within the organisation. 

• The employer has changed in terms of its priority, direction, or leadership. 

• The organisation relies on insecure, legacy tech that the organisation can’t (or won’t) part with, 

causing tension between the CISO and the board. 

• The organisation doesn't really respect security risk but wants to look like they do. 

But sometimes, CISOs are dismissed due to things that are more within their control: 

• The employer feels that the CISO won’t be able to successfully lead the security function, 

especially through a forthcoming audit or regulatory challenge. 

• The CISO is far too cautious and becomes seen as more of a blocker than an enabler of 

organisational progress. 

• The CISO doesn’t articulate the breadth and depth of modern, cyber risk. Maybe they assume 

everyone knows what they do! 

• The CISO fails to get technical or financial buy-in due to miscommunication (granted, this can 

also be due to cultural difference). 

• The CISO can’t or doesn’t accurately communicate the value of their role or department, even in 

an environment that would have been open to hearing it. 

You may have noticed a bit of a recurring theme with those last few, so I’m not going to bury the lede any 

further. CISOs often struggle to keep their jobs when they can’t communicate the value of the security 

function, especially when it comes to communicating risk and value to those outside of the security 

bubble. 

Now that’s not to say that all CISOs who have been seen as “blockers” need to completely throw caution 

to the wind. Nor am I saying that achieving corporate buy-in hinges totally on the communication skills of 

the person seeking it. I’m also not saying that “inarticulate” CISOs need finishing school-levels of 

corporate etiquette. 

But a CISO who can communicate well; know their place but also their worth; can read a room; and 

extract the right steering and priorities from board meetings - those are the ones who will succeed in most 

environments. 

But It’s More Than That… 

Proving your worth to the board isn’t just a one-time thing. You can’t just march into a board meeting, say 

“Hi, my name’s [your name] and I am your CISO. Here’s why I’m great…” It’s an ongoing effort to build 

and maintain relationships throughout the board, and communicate your practical value to the 

organisation. 



When done well, the board will see you as an invaluable, trusted asset - one that simply can’t be switched 

out at will. 


Owanate Bestman is the Founder of Bestman Solutions, a firm dedicated to helping 

leaders hire cyber security professionals. He advises CISOs and Executives on 

market factors that impact their growth plans and designs bespoke solutions to 

address this. Firmly embedded in the cyber security space, he possesses a global 

core network of well-respected and proven security specialists. 

Owanate has spent over a decade recruiting in the Cyber Security field. Before 

this, he recruited Technology and Operational Risk specialists and successfully 

staffed a number of high-profile banking regulatory programmes. 

He is also a keen industry speaker and writer for security associations and international publications. 

Outside of Security and staffing, he is interested in all things Martial Arts. 

Owanate can be reached online at ob@bestmansolutions.com, https://www.linkedin.com/in/owanatebestman-cyber-security-recruitment/ 

and at our company website https://www.bestmansolutions.com/ 



The Rise of Impersonation Scams Targeting Individuals & How 

to Protect Yourself 

By Fred Kwong, Vice President & Chief Information Security Officer, DeVry University 

In the ever-evolving cybercrime landscape, impersonation scams are rising as a threat. As technology 

advances at a breakneck pace, bad actors are leveraging these advancements to become more 

convincing and deceptive in their attempts to defraud their victims. 

One concerning trend is the rise in impersonation scams, where fraudsters are now targeting individuals 

more than businesses. This change is largely due to the evolution of technologies that enable scammers 

to appear more credible and trustworthy. From sophisticated voice manipulation software to deep fake 

videos, the tools at their disposal have become increasingly sophisticated, making it harder for the 

average person to detect these deceptive tactics. 

Impersonation scams occur when scammers pretend to be a trusted individual or entity, such as a family 

member or a bank representative to gain the victim’s confidence and ultimately steal their sensitive 

information or financial resources. These scams often take the form of urgent text messages, voice calls, 

or emails. According to the FBI’s 2023 Internet Crime Complaint Center (IC3), tech and customer support 



impersonation scams have resulted in 37,560 complaints and a staggering $924,512,658 in losses, 

representing a 15% increase in the trend. 

Another alarming trend is the rise of identity theft, fueled by the increasing number of data breaches that 

have exposed sensitive personal information. In August this year, a massive data breach involving 2.7 

billion records, including Social Security numbers, was leaked on the dark web, highlighting the 

magnitude of the problem. Armed with this stolen data, bad actors can impersonate individuals, reset 

credentials, access bank accounts and engage in various forms of fraud, such as opening new lines of 

credit or obtaining loans. 

As the threat of impersonation scams continues, individuals must be vigilant and take proactive measures 

to protect themselves. 

Common Tactics Used in Impersonation Scams 

One common tactic that impersonation scammers often employ is creating a sense of urgency or offering 

something you need. They may ask for your personal information. However, their true intention is to 

gather sensitive data that can be exploited for nefarious purposes. 

Another prevalent tactic involves requesting you to send information via text or other messaging 

platforms. Scammers may impersonate representatives from your bank, claiming to need to verify your 

multi-factor authentication (MFA) setup due to a supposed glitch. They’ll ask you to share the one-time 

code sent to your device, effectively circumventing the security measures designed to protect you. 

Alarmingly, the Federal Trade Commission (FTC) revealed that impersonation scams caused losses of 

$1.1 billion last year, more than three times what consumers reported in 2020. 

How to Spot and Stop Fraudulent Contacts 

The first line of defense against impersonation scams is vigilance. If you receive an unsolicited 

communication from an entity claiming to be a service provider, financial institution, or government 

agency, it's crucial to exercise caution. Never respond directly to the initial contact, as this could 

inadvertently validate the scammer's tactics. Instead, take proactive steps to verify the legitimacy of the 

request. One effective strategy is to contact the purported organization directly through their official 

channels, such as their website or customer service hotline. This way, you can confirm whether the initial 

communication was genuine or an attempt at fraud. Reputable organizations will never ask for sensitive 

information, such as account numbers or passwords, over unsecured channels like email or phone calls. 

If the impersonation involves someone you know, such as a family member or friend, exercising caution 

and skepticism is essential. Scammers often exploit emotional vulnerabilities. Before acting on such 

requests, attempt to verify the individual's identity through alternative channels, such as contacting them 

directly or reaching out to a mutual acquaintance. 



Some additional proactive measures you can take: 

1. Freeze Your Credit: One of the most effective ways to prevent fraudulent impersonation is to 

freeze your credit with the three major credit bureaus: Experian, Equifax, and TransUnion. A credit 

freeze restricts access to your credit report, making it nearly impossible for anyone, including you, 

to open new accounts or take out loans in your name. 

2. Use Identity Protection Services: Consider subscribing to an identity protection service like the 

services offered by the major credit bureaus or other marketplace providers. (An internet search 

for “Identity Protection Services” will lead to numerous alternatives.) 

3. Monitor the Dark Web: The dark web is a haven for cybercriminals who trade and sell stolen 

personal information. Websites like HaveIBeenPwned.com allow you to check if your email 

addresses, passwords or other sensitive data have been compromised in data breaches. 

4. Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring a 

second form of authentication, such as a one-time code sent to your phone or a biometric factor 

like a fingerprint or facial recognition. Enable MFA on all your important accounts, including 

banking, email and social media. 

5. Remove Personal Information from the Web: Companies like Aura offer services to help 

remove your personal information from data brokers and online directories. You can reduce the 

risk of your information falling into the wrong hands and being used for fraud by minimizing your 

digital footprint. 

Remember, scammers are skilled at creating a sense of urgency and exploiting our trust. By remaining 

vigilant, questioning unsolicited requests and prioritizing the protection of your personal information, you 

can significantly reduce the risk of falling victim to these insidious tactics. 


Fred Kwong has been in the information security and technology field for the 

past 20+ years, working in the education, financial, telecommunication, 

healthcare, and insurance sectors. He is an award-winning thought leader in 

security and currently works at DeVry University as the Vice President and 

Chief Information Security Officer. Fred is a member of several advisory 

boards and is a frequent speaker at national security forums on cyber security 

and information technology and is often asked to consult on matters of 

security and leadership. 

Fred can be reached online by email at fred.kwong@devry.edu, on LinkedIn, 

and at our company website https://www.devry.edu/ 



The Role of AI in Cybersecurity and Identity Management 

AI boosts cybersecurity but also heightens risks, stressing the need for strong identity 

management 

By Steve Moore, Chief Security Strategist, Co-Founder TEN18, Exabeam 

Artificial intelligence (AI) and its evolution over the past year has given rise to extraordinary technological 

advancements. More tools are being built around AI and its ability to maximize human potential in areas 

like cybersecurity, but this proliferation comes with a tale of caution. The average person can now access 

AI tools, and so too can cybercriminals who are motivated, creative, and historically the first to adopt 

technology to automate, scale, and positively influence their goals. 

While AI is shaping the future of many industries led by cybersecurity, it is also proving to be an advancing 

problem as cybercriminals abuse AI to create better, more believable vectors that ultimately lead to more 

significant forms of compromise. How will my phishing training be relevant if I can write a perfectly 

researched phishing email with amazing organizational context? 

In this threat climate, industrywide awareness campaigns like Identity Management Day are essential for 

keeping identity and privacy protection at the forefront of security investment and planning. 

Organizations, customers, partners, and individuals must be reminded about the ever-evolving risks 

associated with frail identities and weak identity management processes. 



A Compromised Digital Identity 

Compromised identities remain a significant cause of data breaches for enterprises – a trend further 

accelerated by AI. This means securing additional layers of identity has become one of the most urgent 

tasks in our digital ecosystem, considering 90% of organizations experienced identity-related breaches 

in the last year alone. 

In the past, we’ve seen credential stuffing, the act of leveraging account information from previous 

breaches, as an easy and popular method of obtaining access to one’s digital identity. Frequently, poor 

cyber hygiene is enough of an opening for adversaries to gain access. The typical defense is 

implementing multi-factor authentication (MFA), which is still often circumvented, poorly deployed, or 

unavailable for all accounts. 

The preventative control will fail, at which point it’s left to the defenders to properly identify the problem 

and respond. This brings us to the next problem: in most organizations, either no one is looking or there 

isn’t a method to detect the problem, and all action is reactive. In a nutshell, there is no prevention, only 

detection and response capabilities. 

AI-Driven Attack Capabilities 

AI’s broad availability allows adversaries to create and launch smarter, more effective cyberattacks to 

steal credentials and data. To be clear, this doesn’t change the vector or even the attack profile; it simply 

evades many of our well-established technical and human controls– for example, phishing training. 

These intrusions maintain their high efficacy because stolen credentials allow them to mimic typical user 

activity, making them harder to catch. 

Two notable incidents in the past year come to mind when discussing these AI-driven attacks: 

• The first is the finance employee working with a multinational firm who fell victim to a 25 milliondollar 

deepfake scam. Fraudsters leveraged deepfake technology and made themselves out to 

be the organization’s Chief Financial Officer (CFO) along with several other staff members during 

a video call. Previously, the employee had suspected foul play as the fraudsters used written 

communications to first make contact. Unfortunately, the deepfakes in the following live video call 

were convincing enough to defraud the company and the employee. 

• Second, LastPass recently experienced a voice phishing attack utilizing audio deepfake 

technology. An employee of the company was bombarded with calls, messages, and voicemails 

from what sounded like LastPass’ CEO Karim Toubba, and although they recognized it as a scam, 

the implications are concerning. What if the fraudsters hadn’t used WhatsApp as their method of 

contact? What if they had called during more regular hours? Social engineered attacks are 

becoming harder to spot, and individuals now must focus on these types of details to discern 

illusion from reality. 

Attacks like these showcase the increasing frequency with which threat actors are harnessing AI in 

sophisticated attacks, most commonly to influence behavior or compromise their identity. 



As security professionals, we always advocate for establishing cyber hygiene best practices to safeguard 

personal and professional identities to prevent credential-based cyber attacks; this shouldn’t change. 

A more advanced method is understanding the behavior of your human and non-human identities and 

assets. Generally, this involves the investment in AI-based capabilities, just as the adversaries have. The 

main requirement is twofold: to understand what is real and what is normal, and to immediately flag when 

a legitimate user account is exhibiting anomalous behavior. When security operations center (SOC) and 

identity analysts are given greater insights into the compromised and the malicious user, they can shorten 

response times and prevent data loss. 

There may not be a straightforward answer to spotting these attempts and securing your digital identity, 

but these steps can be taken to decrease the likelihood of adversary success. 


Steve Moore is the Chief Security Strategist and Co-Founder of TEN18 at 

Exabeam. Steve has over 20 years of experience in information security, 

intrusion analysis, threat intelligence, security architecture, and web 

infrastructure design. Before joining Exabeam, Steve spent seven years at 

Anthem in various cybersecurity practitioner and senior leadership roles. He 

played a leading role in identifying, responding to, and remediating their data 

breach involving a nation-state. Steve has deep experience working with 

legal, privacy, and audit staff to improve cybersecurity and demonstrate 

greater organizational relevance. Steve can be reached online on LinkedIn 

and at our company website https://www.exabeam.com/. 



Using AI And Machine Learning to Detect and Respond To 

Contact Center Security Threats In Real-Time 

By Jerry Dotson, Vice President of U.S. Federal, Avaya Government Solutions 

You’re managing a federal agency contact center when someone calls in with a bomb threat targeting a 

government building. The employee immediately begins working to obtain as much information from the 

individual as possible including the type, placement, and alleged detonation time of the device – but the 

call ends. Before you inform the appropriate agency of the threat, you need to validate if it’s in fact real. 

How can you move as fast and efficiently as possible? 

The number of federally charged threat cases has risen 47% over the last five years, according to data 

from the Justice Department. With threats, hoaxes, and harassments growing not just in number but in 

digital complexity, federal agencies need to consider the use of innovative technology like Artificial 

Intelligence (AI) and Machine Learning (ML) to gain a significant lead against even the most sophisticated 

attackers. With deep data extraction, analysis, and reporting capabilities, AI and ML can pinpoint patterns, 

predict potential threats, and verify recognized threats virtually in real-time. 



A Quick Rundown of AI and ML for Threat Detection & Response 

To better understand how AI and ML supercharge threat detection and response, it’s important to 

understand how these technologies work at a base level. 

Supervised ML: Machine Learning can be trained by a human programmer to distinguish between 

normal vs. malicious activities; however, this is a complex, iterative process that requires deep skill and 

expertise. You need to define the problem (in other words, decide what kind of threats the technology 

should detect), collect and prepare (clean) data for it to use, choose an AI model, effectively train the 

model, and continuously test and improve. 

Unsupervised ML: Machine Learning can also work autonomously, learning to detect unknown or 

emerging threats by identifying anomalies and patterns based on established thresholds of what’s 

considered normal. Patterns can vary depending on the type of attack. In the case of a phishing attack, 

patterns may include where the email came from and how many servers it bounced off. In the case of a 

Denial-of-Service (DoS) attack, patterns may include how many times the attack has happened in the 

past days/weeks/months and how many other agencies have experienced it. 

AI: AI algorithms can crunch volumes of data for threat detection and response in a way human analysts 

can’t, including more subtle signs of malicious activity that go undetected by the human eye. 

Simultaneously, AI works 24x7 to collect, clean, and analyze vast amounts of data, continuously checking 

for potential incoming threats and using new intelligence as its collected to grow smarter in its threatidentifying 

work. 

How Do AI and ML Help monitor and Manage Potential Contact Center Threats? 

Let’s continue with our bomb threat scenario but change the form of communication from phone to email. 

Here’s a rough step-by-step summary of what would happen in the call center with AI and ML in action. 

• ML algorithms dedicated to immediately spotting problems flag the email and quarantine the file 

as soon as it hits your server. 

• AI rapidly processes and analyzes the content of the message and reports on what you need to 

know (where the email is coming from), including the validity of the threat based on vast historical 

data and threat intelligence. 

• AI-powered automation immediately sends responses to the appropriate people or departments, 

including a threat signature if the threat is valid. 

• AI can work proactively with certain protocols and procedures to identify threats from the same 

source even faster in the future. 

This is just one of countless ways AI and ML can be used to accelerate and improve threat detection and 

response. Let’s look at a different use case. Let’s say you’re a government worker stationed overseas 

with your family and a real threat has potentially happened. Not only does the agency you work for need 

to ensure your safety as an employee but also the safety of your family. 



Leveraging AI and ML, the agency can automatically reach out via multiple channels including email, 

text, and phone to verify that you and your family are in safe locations as well as communicate critical 

next steps. All you need to do is hit a key on your phone to verify that they’re okay. In the rare case that 

someone is being forced to hit the key, AI can monitor human temperature and heartbeat to verify that 

they are not under duress. All of this happens in mere minutes. 

Improve Threat Detection & Response without Disrupting your Current System 

AI shouldn’t be considered a one size fits all solution, especially at the government level. The technology 

must be customized based on personnel, location, and dozens of other crucial factors – something that 

requires deep expertise, engineering support, and knowledge. 

Learn more about how Avaya helps federal agencies fast track adoption of AI and ML for threat detection 

and response as a DIY approach without risking resilience or disrupting current operations. 


Jerry Dotson is Vice President of U.S. Federal at Avaya’s Government 

Solutions, a global provider of business collaboration and 

communications solutions and a key technology partner for the US 

Federal, State, and Local Government. In his current role, Jerry 

oversees the business operations supporting the missions of all US 

Federal (Civilian & Intel) and Department of Defense customers. He 

joined Avaya in 2005, focusing on the Public Sector. 

Prior to his current position, Jerry served as the Regional Sales Lead 

for Avaya’s Foreign Account Module, managing key accounts such as 

HUD, NRC, and EPA, among others. With over 32 years of experience 

in the Information Technology industry, Jerry's expertise spans 

installation, operations, implementation, engineering, and proposal management. Throughout his entire 

career, Jerry has dedicated himself to supporting government entities, contributing to various challenging 

requirements, including pioneering the first VoIP implementation for the US Department of State. Jerry 

earned his PhD in 2011 from Kingsbury University. 

He is blessed with a wonderful wife of 24 years, a son who is currently attending Liberty University, and 

a daughter who is a senior in high school. Jerry and his wife are deeply committed to their community, 

having established and operated a food bank in Fairfax County, VA. This food bank has supported as 

many as 500 families a month over the past six years. 

Jerry can be reached at online at LinkedIn and at our company website: 

https://www.avaya.com/blogs/author/jerrydotson/ 









cyberdefensetv.com now has 200 hotseat interviews and growing… 

Market leaders, innovators, CEO hot seat interviews and much more. 

A division of Cyber Defense Media Group and sister to Cyber Defense Magazine. 



Free Monthly Cyber Defense eMagazine Via Email 

Enjoy our monthly electronic editions of our Magazines for FREE. 

This magazine is by and for ethical information security professionals with a twist on innovative consumer 

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our 

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best 

ideas, products and services in the information technology industry. Our monthly Cyber Defense e- 

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare 

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of 

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here 

to sign up today and within moments, you’ll receive your first email from us with an archive of our 

newsletters along with this month’s newsletter. 

By signing up, you’ll always be in the loop with CDM. 

Copyright (C) 2024, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. 

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a 

CyberDefenseAwards.com, CyberDefenseConferences.com, CyberDefenseMagazine.com, 

CyberDefenseNewswire.com, CyberDefenseProfessionals.com, CyberDefenseRadio.com,and 

CyberDefenseTV.com, is a Limited Liability Corporation (LLC) originally incorporated in the United States of 

America. Our Tax ID (EIN) is: 45-4188465, Cyber Defense Magazine® is a registered trademark of Cyber 

Defense Media Group. EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide. 


All rights reserved worldwide. Copyright © 2024, Cyber Defense Magazine. All rights reserved. No part of this 

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, 

recording, taping or by any information storage retrieval system without the written permission of the publisher 

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of 

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may 

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect 

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content 

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at 



276 Fifth Avenue, Suite 704, New York, NY 1000 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 


https://www.cyberdefensemagazine.com/ 

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA) 

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 11/04/2024 



Books by our Publisher: Amazon.com: CRYPTOCONOMY®, 2nd Edition: Bitcoins, Blockchains & Bad 

Guys eBook : Miliefsky, Gary: Kindle Store (with others coming soon...) 

12 Years in The Making… 

Thank You to our Loyal Subscribers! 

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know What You Think. 

It's mobile and tablet friendly and superfast. We hope you like it. In addition, we're past the five 

nines of 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content 

Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and 

CyberDefenseMagazine.com up and running as an array of live mirror sites. We successfully 

launched https://cyberdefenseconferences.com/ and our new platform 

https://cyberdefensewire.com/

The Cyber Defense eMagazine November Edition for 2024

Transform your PDFs into Flipbooks and boost your revenue!

Delete template?

Save as template ?