Cyber Defense eMagazine June 2020 Edition

Post-COVID-19 Cybersecurity Predictions 

Cybersecurity Strategies That Protect 

Business Operations Now and Tomorrow 

Cybersecurity Education and Practice: 

Never Stop Learning 

The Stats on Cyber Security Perception 

Heading into the COVID-19 Challenge 

…and much more… 

Cyber Defense eMagazine –June 2020 Edition 1 

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.

CONTENTS 

Welcome to CDM’s June 2020 Issue ------------------------------------------------------------------------------------------------ 7 

Post-COVID-19 Cybersecurity Predictions -------------------------------------------------------------------------------- 23 

By Ilia Sotnikov, Vice President of Product Management, Netwrix 

Cybersecurity Strategies That Protect Business Operations Now and Tomorrow --------------------------- 26 

By Leo Taddeo,Chief Information Security Officer, Cyxtera Technologies and President, Cyxtera Federal 

Group 

Cybersecurity Education and Practice: Never Stop Learning ------------------------------------------------------- 29 

By Ken Sigler, Dan Shoemaker, and Anne Kohnke 

The Stats on Cyber Security Perception Heading into the COVID-19 Challenge ------------------------------ 33 

By Stephen Stott, Founder & CEO, Stott and May 

ISF: Behavioral Analytics Expected to Trigger a Consumer Backlash -------------------------------------------- 36 

BY Steve Durbin, Managing Director, Information Security Forum 

Mobile App Security in The Midst of a Pandemic---------------------------------------------------------------------- 39 

By Tom Tovar CEO and co-creator of Appdome 

Managing an Information Security Risk Program --------------------------------------------------------------------- 42 

By Adriano Novaes, Senior Cybersecurity Consultant 

Ensuring Cybersecurity in A Remote Workplace ----------------------------------------------------------------------- 48 

By Ryan Ayers, Freelance Writer & Tech Consultant 

GDPR Working from Home Checklist in The Light Of COVID-19 --------------------------------------------------- 51 

By Susan Alexandra, Contributing Writer 

Cyber-Secure Access Control Solutions for Workplaces -------------------------------------------------------------- 54 

By Imran Anwar 

Cleaning up “Dirty” Wi-Fi for Secure Work-from-Home Access --------------------------------------------------- 58 

By Matias Katz, CEO, Byos 

Cyber Crime is Paying ---------------------------------------------------------------------------------------------------------- 61 

By Ricardo Arroyo, Senior Technical Product Manager, WatchGuard Technologies 



Ditch Legacy Approaches – Reimagine Cloud Security Based on Virtualization ------------------------------ 64 

By Avi Shua, CEO and co-founder, Orca Security; former chief technologist at Check Point Software 

Technologies 

Building a “Culture of Caring” for Clients -------------------------------------------------------------------------------- 69 

By Jessica Smith, Senior Vice President, Crypsis Group 

Newsjacking COVID-19 and Other Common Cybersecurity PR Mistakes --------------------------------------- 72 

By Evan Goldberg, SVP and Cybersecurity Practice Group Director, ARPR 

New Expectations for the Network Perimeter -------------------------------------------------------------------------- 76 

By Barrett Lyon, Co-founder and CEO, Netography 

The Devil Inside ------------------------------------------------------------------------------------------------------------------ 79 

By Mary Roark, VP of Marketing, Cyberhaven 

Digital Healthcare: How Secure Is the Care Data? -------------------------------------------------------------------- 84 

By Prerna Lal, Assistant Professor, International Management Institute New Delhi, India 

Women’s Health and Safety Amidst COVID-19 Cybercrime -------------------------------------------------------- 95 

By Sarah Katz, Senior Cyber Security Analyst, NASA Ames Research Center 

Network Monitoring Solutions and Their Contribution Towards Developing A Robust IT Infrastructure 

---------------------------------------------------------------------------------------------------------------------------------------- 97 

By Saloni Walimbe, Content Writer at Global Market Insights, Inc. 

Still Using Spreadsheets to Manage Your Digital Certificate Security? --------------------------------------- 100 

By Ryan Sanders, Product Manager, Keyfactor 

Introducing the Role of The Chief Cybercrime Officer -------------------------------------------------------------- 103 

By Matt Cable, VP Solutions Architects & MD Europe, Certes Networks 

Fighting Back Against Powerful New DDoS Attack Vectors ------------------------------------------------------ 106 

By Tom Bienkowski, Director of Product Marketing, NETSCOUT 

How to Secure IT And OT In Industrial and Manufacturing Environments ----------------------------------- 109 

By Christopher Dobrec, Vice President of Product Marketing at Armis 

Biggest Obstacles Frustrating Cyber Security Job Seekers and Employer ------------------------------------ 113 

By Matt Donato, Co-founder of Charlotte, NC-based HuntSource 



Mitigating Against Ransomware: Don’t Let Backups Be the Back Door -------------------------------------- 119 

By Rick Vanover, Senior Director, Product Strategy, Veeam 

The Ransomware Age and How to Fight It ---------------------------------------------------------------------------- 122 

By Pedro Tavares, Editor-in-Chief seguranca-informatica.pt 

Security in A Multi-Cloud Environment --------------------------------------------------------------------------------- 128 

By Paul Nicholson, Sr. Director of Product Marketing, A10 Networks 

Cyber Operations Could Cause Traumatic Experiences ------------------------------------------------------------ 131 

By Milica D. Djekic 

Hackers Are the Future of Cybersecurity… ----------------------------------------------------------------------------- 141 

By Keren Elazari , ASIS International 

Cyber Crimes Will Increase with Shift to Teleworking ------------------------------------------------------------- 143 

By Andy Sauer, Director of Cybersecurity, Steel Root 

Cyber Attacks at Sea: Blinding Warships. ------------------------------------------------------------------------------ 145 

By Julien Chesaux, Cyber Security Consultant, Kudelski Security 



@MILIEFSKY 

From the 

Publisher… 

New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com 

Dear Friends, 

The sea change in the world of Cyber Defense is in full effect. The results of government 

actions to control the spread of COVID-19, intended and otherwise, have changed not only 

the players on the board, but the rules of the game and the board itself. 

We are now seeing the growing and persistent effects of social distancing and lockdown 

protocols in the national and international conduct of private and government activities, due 

to the battle against the spread of the Coronavirus. 

Even the modest "re-opening" of some public and private activities will not put Humpty-Dumpty together 

again. The continued fear of a "second wave" is being fuelled by many media and political forces, each with its 

own agenda. As a result, the lingering phenomenon of Work from Home ("WFH") still requires the attention of 

all those with access to any portion of the organization's electronic information. Cyber criminals have figured out 

in many situations how to exploit these vulnerabilities, and the ones growing out of the decentralization of 

information resources. 

We are pleased to report the growth and impact of CDM's initial webinar presentations, addressing in the most 

cogent manner the challenges and responses to these powerful threats, found 

at www.cyberdefensewebinars.com 

We are pleased to provide this powerful combination of monthly eMagazines, daily updates and features on the 

Cyber Defense Magazine home page, and webinars featuring national and international experts on topics of 

immediate interest. 

Warmest regards, 

Gary S. Miliefsky 

Gary S.Miliefsky, CISSP®, fmDHS 

CEO, Cyber Defense Media Group 

Publisher, Cyber Defense Magazine 

P.S. When you share a story or an article or information about CDM, please use #CDM and 

@CyberDefenseMag and @Miliefsky – it helps spread the word about our free resources even more 

quickly 



@CYBERDEFENSEMAG 

CYBER DEFENSE eMAGAZINE 

Published monthly by the team at Cyber Defense Media Group and 

distributed electronically via opt-in Email, HTML, PDF and Online 

Flipbook formats. 

InfoSec Knowledge is Power. We will 

always strive to provide the latest, most 

up to date FREE InfoSec information. 

From the International 

Editor-in-Chief… 

Both the spread of the novel Coronavirus and its effects on national 

and international cyber vulnerabilities continue to grow with little 

abatement. While physical travel may be moving beyond draconian 

restrictions, cyber travel (both literally and figuratively) appears to 

be in the process of replacing “work in the workplace” in many 

situations. 

The international implications of these developments 

unfortunately have also resulted in more and deeper opportunities 

for exploitation by cyber criminals. There are apparent strains 

among national States which participate in international 

organizations. Trust, and its concomitant funding commitments, 

have eroded. 

This fragmentation operates to the disadvantage of the defenders 

of the integrity, confidentiality, and accessibility of vital information 

stored in data facilities all over the world. Our failure to work 

together in a cooperative fashion can only provide more 

opportunities for the abuse and misuse of sensitive information, 

even leading to the compromise of the command and control 

systems of our critical infrastructure. 

By means of this message, let me renew the call for all of the 

affected organizations and individuals to take the lead in creating 

cybersecurity defenses to protect all aspects of IT in our lives, 

including (but not limited to) medical, financial, social, and 

government functions. 

Once again, may I suggest, that in the days ahead, we agree to put 

our differences aside in favor of responding to our common 

enemies: the COVID-19 virus itself and those who would take 

advantage of this crisis to perpetrate criminal schemes. 

To our faithful readers, we thank you, 

Pierluigi Paganini 

International Editor-in-Chief 

PRESIDENT & CO-FOUNDER 

Stevin Miliefsky 

stevinv@cyberdefensemagazine.com 

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER 

Pierluigi Paganini, CEH 

Pierluigi.paganini@cyberdefensemagazine.com 

US EDITOR-IN-CHIEF 

Yan Ross, JD 

Yan.Ross@cyberdefensemediagroup.com 

ADVERTISING 

Marketing Team 

marketing@cyberdefensemagazine.com 

CONTACT US: 

Cyber Defense Magazine 

Toll Free: 1-833-844-9468 

International: +1-603-280-4451 

SKYPE: cyber.defense 

http://www.cyberdefensemagazine.com 

Copyright © 2019, Cyber Defense Magazine, a division of 

CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a) 

276 Fifth Avenue, Suite 704, New York, NY 10001 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 

PUBLISHER 

Gary S. Miliefsky, CISSP® 

Learn more about our founder & publisher at: 

http://www.cyberdefensemagazine.com/about-our-founder/ 

8 YEARS OF EXCELLENCE! 

Providing free information, best practices, tips and 

techniques on cybersecurity since 2012, Cyber Defense 

magazine is your go-to-source for Information Security. 

We’re a proud division of Cyber Defense Media Group: 

CYBERDEFENSEMEDIAGROUP.COM 

MAGAZINE TV RADIO AWARDS 



Welcome to CDM’s June 2020 Issue 

From the U.S. Editor-in-Chief 

Although we don’t claim to have a crystal ball, we would like to replay a paragraph from our Welcome 

Message from only a few months ago, in the CDM January issue: 

“If we consider for a moment the increasing speed at which cyber developments occur, and place that in 

the perspective of 20-year increments, we must be prepared to deal with new and growing challenges to 

cybersecurity. 

Foremost among them will likely be based on Artificial Intelligence, Machine Learning, the 5G network, 

and no doubt more we have not yet seen or imagined.” 

At that time, there were few, if any, cybersecurity professionals who foresaw the advent of the 

Coronavirus and COVID-19 phenomenon. Fewer still would have predicted the Work From Home (WFH) 

implications or the vastly increased vulnerabilities accompanying this pseudo-migration. 

How will these developments affect our everyday lives? Consider this: Who would have predicted 20 

years ago the effects of TSA screenings on air travel? 

Readers will notice that this month’s topics include many which have a direct bearing on the response to 

these new and challenging threats arising out of the mass exodus of information workers from an office 

environment to a (usually less secure) home set-up. 

At Cyber Defense Magazine, we endeavor to keep our audience informed and ahead of the curve of 

these very developments. 

Wishing you all success in your cyber security endeavors, 

Yan Ross 

US Editor-in-Chief 


About the US Editor-in-Chief 

Yan Ross, J.D., is a Cybersecurity Journalist & US Editor-in-Chief for 

Cyber Defense Magazine. He is an accredited author and educator and 

has provided editorial services for award-winning best-selling books on 

a variety of topics. He also serves as ICFE's Director of Special Projects, 

and the author of the Certified Identity Theft Risk Management Specialist 

® XV CITRMS® course. As an accredited educator for over 20 years, Yan addresses risk management 

in the areas of identity theft, privacy, and cyber security for consumers and organizations holding sensitive 

personal information. You can reach him via his e-mail address at 

yan.ross@cyberdefensemediagroup.com 



















Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those 

vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep 

understanding of your web application vulnerabilities, how to prioritize them, and what to do about 

them. With this trial you will get: 

An evaluation of the security of one of your organization’s websites 

Application security guidance from security engineers in WhiteHat’s Threat Research Center 

Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well 

as share findings with internal developers and security management 

A customized review and complimentary final executive and technical report 

Click here to sign up at this URL: https://www.whitehatsec.com/info/security-check/ 

PLEASE NOTE: Trial participation is subject to qualification. 















Post-COVID-19 Cybersecurity Predictions 

By Ilia Sotnikov, Vice President of Product Management, Netwrix 

Lots of pundits are speculating about what effects the COVID-19 pandemic will have on the economy, 

social behavior, politics and related topics. Today, however, let’s focus on how the IT threat landscape is 

likely to evolve. I don’t envision a dramatic shift in the makeup of cybersecurity threats; rather, I predict 

an acceleration of important trends we have already been battling. Here are the key threats I predict will 

increase during the global lockdown and beyond. 

More remote employees will mean more insider threats. 

Remote work is here to stay. Some organizations will stay fully remote while others will make it optional, 

but all IT teams will have to adapt to the new reality of a larger remote workforce and lack of control over 

more endpoints and network devices. 

From a cybersecurity standpoint, they will have to regard each remote worker as a potential threat, 

capable of both malicious actions of their own and negligence that opens the door to attackers getting 

inside the network. Therefore, organizations will have to develop new security strategies that reduce risk 

to an acceptable level, possibly using a zero trust model. They will need to pay special attention to the 

security and privacy of sensitive data, for example, by enforcing measures to prevent this data from 

spreading across employee endpoints and cloud collaboration tools. 



Online scams will increase. 

Ecommerce and online services are experiencing massive growth today. Shops that weren’t selling online 

before were forced to change their business models, and consumers who weren’t shopping online had 

to learn new skills fast. When the lockdown is over, many consumers will keep this habit —along with 

their poor knowledge of (and attention to) cyber threats. Hackers will be ready and waiting, eager to 

commit fraud and steal personal and payment data. 

To reduce risk, organizations will have to simplify their cybersecurity practices. In particular, they will 

need to eliminate complex jargon and antiquated interfaces. The value of clearly communicating security 

risks to customers and building in as many safeguards as possible will be higher than ever, and 

organizations need to start working on this as soon as possible. Since solutions will have to be simple 

and clear about security settings, the value of UI/UX will grow. Online services — from retailers to social 

media sites to cloud storage providers — will be under more scrutiny to enable secure settings by default, 

and some vendors will use advanced security options as a market differentiator. 

Spoofing will go to the next level with deepfakes. 

Hackers are already experts at sending emails in which they impersonate C-level management and ask 

employees to transfer money or provide access to sensitive data, and we’ve even started to see voice 

spoofing. With organizations now relying on video conferencing extensively, we are likely to see more 

hackers using live deepfakes to spoof video calls. While this is not something that will happen to the 

majority of organizations tomorrow, AI and neural networks are making deepfake tech not just possible 

but more widely available and affordable. There are multiple ways this technology could used, including 

deception using face recognition technologies, and even video-spoofing-as-a-service. 

Organizations that will be using video conferencing for regular communication will be vulnerable to this 

new variant of cybercrime. To protect themselves, they will need to reshape their business processes, 

especially approval workflows for budget spending and data access. In addition, IT teams will need to 

increase the accountability of all employees, especially those with admin rights, to prevent illegitimate 

elevation of privileges. 

The number of data breaches will increase. 

Enabling employees to be productive from home and maintaining business operations has been a huge 

stressor for IT teams. The need for them to shift their focus to these priorities is giving hackers plenty of 

opportunities to hide their malicious activity long enough to cause serious damage. In addition, any AIor 

ML-based security monitoring solutions that organizations had in place became useless instantly, since 

the dramatic changes in user activity patterns generated vast numbers of false positive alerts. While this 

security intelligence and IT routines will adapt to the new normal in time, everything is likely to get crazy 

again when employees return to the office, and organizations will again be blind to suspicious activity 

that could lead to breaches until the solutions and IT teams can adapt again. 



Indeed, almost all organizations are more vulnerable now than they were before mid-March. While, the 

full impact is hard to predict now, we should expect a large number of reports of breaches from the start 

of the work-from-home trend and potentially lasting through 2021. To avoid being among the victims, 

organizations need a solid plan for addressing data privacy and security risks both now and when the 

remote working situation shifts again. 

Organizations will move beyond passwords. 

Password authentication is perhaps the weakest link in cybersecurity. The increased use of online 

services is forcing users to create new accounts, each with its own password. Faced with the challenge 

of remembering more and more complex passwords, users resort to reusing one or two passwords. This 

increases the risk of data breaches, since credentials stolen from one organization become available on 

the dark web and hackers attempt to use them against other companies. 

As a result, organizations will likely start adopting non-password authentication methods, such as 

biometric data like fingerprints or eye scans. This trend could increase the amount of personal data 

transmitted and stored online, as more organizations will be collecting biometric data for authentication. 

And of course, attackers will be looking for techniques to circumvent or hack any new authentication 

strategies, and it’s impossible to predict what they will come up with. Therefore, organizations need to 

have an adaptive risk management program and have security in mind every time they implement new 

services and technologies. 

About the Author 

Ilia Sotnikov is an accomplished expert in cybersecurity and IT 

management. He is Vice President of Product Management at Netwrix, 

provider of a visibility platform for data security and risk mitigation in hybrid 

environments. Netwrix is based in Irvine, Calif. 



Cybersecurity Strategies That Protect Business 

Operations Now and Tomorrow 

Planning for the future means moving secure remote access toward the top of your list 

By Leo Taddeo,Chief Information Security Officer, Cyxtera Technologies and President, Cyxtera 

Federal Group 

In terms of a global cyber conflict, data centers are the modern-day equivalent to the ball bearing plants 

of WWII. Just as ball bearings were essential to the tools of mechanized warfare, data centers are key 

components of the infrastructure that supports the modern economy. The effects of a successful 

cyberattack on a few data centers would cascade across other critical sectors to cripple the country’s 

digital backbone. Protecting data centers from threats to continued and uninterrupted operations must be 

a top priority in any national or commercial cybersecurity strategy. 

To that end, the main pillar of information security for data centers, and other industrial control systems 

(ICS), is effective user access control. For many data center and ICS security plans, user access was 

partly secured by requiring the user to be on site. This made sense up until 2020 BC (“Before COVID”), 

when few CISOs thought about social distancing for ICS and data center operators. While keeping 

unauthorized users out has, and always will be, essential, the pandemic has added a new reason to 

focus on secure remote access. Beyond keeping unauthorized users out, effective remote access tools 

can keep authorized users apart. 



Being Inside the Physical Perimeter Means Risk 

The response to COVID-19 forced businesses to scramble to keep employees productive as they 

transitioned from the office to home workstations. Fortunately, most office employees can remain 

productive by using videoconferencing and familiar applications that are highly scalable in cloud-based 

SaaS offerings. The security for these productivity suites is built into the application — easy. 

But what about highly skilled technical employees who need access to systems that run only on corporate 

networks? These include sensitive ICS like cooling, power, and humidity. How can a CISO ensure only 

the right people have access at the right time and for the right purpose? In the pre-COVID world, the 

employee had to be on-site to access the system. Keeping employees together on-site is no longer a net 

benefit to security. The potential for infection and loss of key personnel is too great. 

In addition, most data centers and other ICS facilities have been relying on an outdated contractor service 

model, where in the interest of efficiency, specialized technicians travel from facility to facility in an 

ongoing cycle of install, repair, and update. In a pandemic environment, each visit by a technician is an 

opportunity for the virus to spread. The visiting technician model creates real cross-contamination risk 

within campuses and across regions. One contagious technician could potentially visit multiple sites in 

the course of several days with the potential to knock out dozens of those sites before he knows he is 

contagious. 

This, in a nutshell, is why CISOs need to reprioritize remote access for as many users as possible. If an 

employee, especially a highly skilled technician, can operate off-site, the contamination risk goes down 

and resilience goes up. 

Rethinking Remote Access Tools 

As the foundation of our digital critical infrastructure, data center operations teams have so far met the 

pandemic’s immediate needs — scaling up clients to deal with shifting demand and a newly remote 

workforce, to name a few. But the fact is that geopolitical tensions are rising and cyber conflicts between 

rival powers are transitioning from a simmer to a low boil. Reports from reliable sources, including 

government agencies and private threat intelligence firms, reveal a disturbing uptick in activity from 

China, Russia and North Korea. As we grapple with the real health threats caused by the pandemic, we 

can’t forget that adversaries are lurking in the wings, waiting for us to look away so they can get inside 

our critical infrastructure and potentially do damage. 

In the past, practically the only option for CISOs was to allow remote access through a traditional VPN. 

Unfortunately, nation state actors are known to have exploited vulnerabilities in legacy VPN technologies 

to steal credentials and gain access to sensitive systems. In October 2019, the UK’s National Cyber 

Security Center warned that Chinese intelligence agencies had used these tactics. The US Department 

of Homeland Security and National Security Agency issued similar warnings. 

Far too many data centers and ICS facilities are burdened with legacy VPN systems, which are simply 

not designed to meet today’s risks. They are incompatible with new technology, lack scalability, and 

expose the companies using them to regulatory and compliance risks. In addition to being vulnerable to 



several common attack vectors, VPNs limit operational flexibility in that they don’t allow for dynamic 

access based on conditions and user context. 

Make Secure Remote Access a Business Enabler 

For data center operators, maintaining building management systems is a non-negotiable requirement. 

Many data center operators are looking for an alternative to the VPN. The answer for many operators of 

sensitive industrial systems, including data centers, is the Software Defined Perimeter (SDP). One of the 

big advantages of SDP is the ability to enforce least privilege access to third-party support organizations. 

Unlike with a VPN, SDP can allow access to specific systems included in a contractor’s support 

agreement without giving them wide access to the network. As an example, the RF code wireless 

temp/humidity sensors in some data centers are supported by specialized service providers. Using SDP, 

CISOs can limit the contractor’s access to those servers without opening up our other BMS platforms. 

CISOs can also use SDP to ensure that the contractor’s machines meet security requirements before 

they connect. If the laptop is not sufficiently updated and protected by antivirus software, SDP will block 

the connection. These additional audit and security controls are a far superior solution than legacy VPNs. 

As data centers look to fortify their security posture, there is the realization that a full-scale overhaul isn’t 

economical. Incremental refreshes are, however, so as components and systems such as humidifiers or 

cooling systems are updated or replaced, cost, efficiency, and security must be paramount. Outmoded 

systems that require people onsite to run them open enterprises up to future vulnerabilities to threats that 

are known, unknown, or unforeseen — such as a pandemic. 

Designing ICS and data center systems that are naturally and organically configured for secure remote 

access produces a number of benefits. First, remote access can result in cost savings over on-site access 

requirements as the latter incur additional travel and head-count costs. Second, modern remote access 

tools improve security flexibility. Lastly, remote access allows for separation between operators and 

vendors that adds to resilience against operational interruptions caused by pandemics and natural 

disasters. 

Planning for the future means moving secure remote access toward the top of the list of criteria for IT 

investments. The world has changed dramatically. We must ensure our security solutions keep pace. 


Leo Taddeo, Chief Information Security Officer, Cyxtera Technologies and 

President, Cyxtera Federal Group, is responsible for oversight of Cyxtera's 

global security operations, investigations and intelligence programs, crisis 

management, and business continuity processes. He provides deep domain 

insight into the techniques, tactics and procedures used by cybercriminals, to 

help Cyxtera and federal agencies defend against advanced threats. Leo can 

be reached at @LeoTaddeoCZ? and at our company website 

https://www.cyxtera.com. 



Cybersecurity Education and Practice: Never Stop 

Learning 

By Ken Sigler, Dan Shoemaker, and Anne Kohnke 

As the number of industries, organizations, and educational institutions continue to recognize the 

scope and impact of cybersecurity, the means in which the crisis is approached cannot be made 

haphazardly. For many years cyber professionals have been able to apply consistency within 

practices aimed toward minimizing the effects of cyber-attacks by using international and 

domestically adopted standards, guidelines, and frameworks. These standards, guidelines, and 

frameworks aim to put into context how some facet of cybersecurity should be accomplished. While 

well-intentioned, this wide array of sometimes overlapping standards can be quite overwhelming to 

the practitioners and organizations that need them the most. 

Organizations tend to fit into one of two categories when considering their adherence to standards 

and guidelines. Many take the unsystematic (and sometimes chaotic) approach by either ignorantly 

or willfully neglecting the value of standards and guidelines or by ignoring them entirely and just doing 

their own thing. It is those organizations that find themselves strapped with the complexities and 

budgets of recovering from data breaches, much less understanding how the breach happened in 

the first place. 



The second group of organizations successfully adopt applicable standards and guidelines and make 

valiant efforts to abide by them. The problem resides in the interpretation of those resources. These 

valuable resources are written by industry experts charged with providing detailed explanations of 

cybersecurity practices at a very concrete level. The organization is left to make their own 

interpretation that sometimes can lead them into a direction that will be more costly, compared to if 

they were not to have adopted the standard and guideline in the first place. Thankfully, recent books 

have been published that provide greater understanding into such cybersecurity areas as: 

understanding and applying the National Institute of Standards and Technologies (NIST) 

Cybersecurity Framework, standardized approaches for implementation of cybersecurity controls, 

understanding cybersecurity risk management and the implementation of risk practices using the 

NIST Risk Management Framework, implementing guidelines that support cybersecurity 

management throughout the entire supply chain, and how to make an organization truly cyberresilient. 

Similarly, educational Institutions have struggled to find the right fit for how to prepare students for 

careers in cybersecurity. Since the turn of the century many Information Technology programs saw 

cybersecurity as solely the need to implement technology aimed at protecting information; hence the 

reason for the old way of referring to the field as “Information Security”. Programs taking on that 

understanding of the field prepare students with a narrow scope of simply presenting the technologies 

that protect information. And in many cases those presentations are done through simulated 

approaches. 

However, as the field of cybersecurity has evolved, educators cannot take as narrow of an approach 

to preparing students. Realistically, the field has become much more than just securing information. 

Rather it is becoming a discipline in and of itself, which encompasses a complete body of knowledge 

that requires standardized approaches (with well-defined outcomes) to introducing the expanded 

areas that make up the entire field of cybersecurity. No longer can someone be prepared for work 

within the field simply by understanding the difference between a router, switch, and firewall. 

Cybersecurity has expanded to the extent that data security, software security, component security, 

connection security, system security, human security, organizational security, and societal security 

should all necessarily be included (from an interdisciplinary approach) within cybersecurity curriculum 

in order to adequately prepare individuals for work within the field. And to that extent, organizations 

should endeavor to understand the interdisciplinary knowledge of the individuals that they hire. 

To support the growing need for standardized and interdisciplinary approaches of educating future 

professionals in the entire cybersecurity body of knowledge, two standards have been developed to 

assist educational institutions in the development of their cybersecurity curriculum. NIST published 

the second version of the “National Initiative for Cybersecurity Education (NICE) Cybersecurity 

Workforce Framework” in 2017. NICE breaks the field of cybersecurity down into specialty areas and 

specifies what each areas of the workforce should be doing to ensure that security functions of 

identification, protection, defense, response, or recovery are being carried out properly. 

Similarly, later that same year, the Joint Task Force on Cybersecurity Education in association with the 

Association for Computing Machinery (ACM), IEEE Computer Society (IEEE-CS), Association for 

Information Systems Special Interest Group on Information, Security and Privacy (AIS SIGSEC), and 



International Federation for Information Processing Technical Committee on Information Security 

Education (IFIP WG 11.8) was formed and published in December 2019 the Curriculum Guidelines for 

Post-Secondary Degree Programs in Cybersecurity Education (more commonly known as CSEC2017). 

The purpose of CSEC2017 is to provide a summary of the underlying topics that encompass eight 

knowledge areas that define the boundaries of the discipline of cybersecurity. The premise of the 

guideline is to provide educators an understanding of what topics should be included in cybersecurity 

curriculum, a common set of outcomes, and provides adequate flexibility into how the topics are 

introduced and outcomes realized. 

Much like the earlier discussion related to whether organizations adopt cybersecurity industry standards, 

the same is true of educational institutions. It is a growing imperative that all cybersecurity curriculum 

provide greater scope of instruction into the entire body of knowledge, while providing hands-on 

approaches to introduce and dive deeper into each topic. While standards and guidelines provide the 

detail of what needs to be included in cybersecurity curriculum, books on NICE, such as A Guide to the 

National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0) and 

CSEC2017 The Cybersecurity Body of Knowledge The ACM/IEEE/AIS/IFIP Recommendations for a 

Complete Curriculum in Cybersecurity, have been published that provide specific examples into how they 

can be implemented successfully. 

Cybersecurity is not a field that should be approached carelessly. Many organizations and educational 

institutions have taken that approach and failed to the extent of costing millions of dollars. In a time where 

many are being forced to rethink their cybersecurity strategies as a result of COVID-19, the use of 

standards and guidelines accompanied by numerous books that bring standardized topics into context, 

provide the capability of implementing cybersecurity instruction and practice in a manner that will 

circumvent the effect of attacks for years to come. 



About the Authors 

Ken Sigler, is a faculty member of the Computer Information Systems (CIS) 

program at the Auburn Hills campus of Oakland Community College in 

Michigan. His primary research is in the areas of software management, 

software assurance, cybersecurity risk management, and cybersecurity 

education. He Has spoken nationally on numerous topics related to 

cybersecurity and has served as served as the liaison for the college to the 

International Cybersecurity Education Coalition (ICSEC), of which he is one of 

three founding members. Ken is a member of the University of Detroit Mercy 

Center of Cybersecurity and Intelligence Studies Board of Advisors. 

Daniel P Shoemaker, is principal investigator and senior research scientist 

at the University of Detroit Mercy’s Center for Cyber Security and Intelligence 

Studies. Dan has served 30 years as a professor at UDM with 25 of those 

years as department chair. He served as a co-chair for both the Workforce 

Training and Education and the Software and Supply Chain Assurance 

Initiatives for the Department of Homeland Security and was a subject matter 

expert for the NICE Workforce Framework 2.0. Dan has coauthored six 

books in the field of cybersecurity and has authored over one hundred 

journal publications. Dan earned his PhD from the University of Michigan. 

Anne Kohnke, is an Associate Professor of Cybersecurity and the PI for the 

Center of Academic Excellence in Cyber Defense at the University of Detroit 

Mercy. After a 25-year career in IT, Anne transitioned from a Vice President of 

IT and Chief Information Security Officer (CISO) position into full-time 

academia in 2011. Dr. Kohnke was also a tenured Associate Professor at 

Lawrence Technological University where she taught technical IT and 

cybersecurity courses. 

Dr. Kohnke’s research is focused in the area of cybersecurity, risk 

management, threat modeling, and mitigating attack vectors. Dr. Kohnke has 

recently coauthored six books and several peer-reviewed journal articles in this field of study. Dr. Kohnke 

earned her PhD from Benedictine University, an MBA from Lawrence Technological University, and 

courses in the Master of Science in Information Systems and Technology at the University of Michigan 

Dearborn. 



The Stats on Cyber Security Perception Heading into the 

COVID-19 Challenge 

By Stephen Stott, Founder & CEO, Stott and May 

There is a lot of debate currently around whether the cyber security profession is recession proof. 

Answering that question largely depends on board level perceptions around the strategic importance of 

the function and how that shifts over the coming months. Business is business, as they say, and ultimately 

for security functions to sail through largely unscathed they will need to be able to help the board deliver 

value for shareholders in the short, medium and long term. 

A recent Stott and May report suggests that 55% of security leaders believe that their business see cyber 

as a strategic priority, with a further 31% suggesting it’s a very real technical problem. In high growth midmarket 

firms that number is even more prominent, with 83% pointing towards its strategic significance. 

The overwhelming majority of respondents (69%) also outlined that the security function had a key role 

to play in enhancing the value proposition for customers. 

It’s fair to say that both B2B and B2C consumers have become far more educated on the issue of cyber 

security and see this as an important feature in purchasing decisions around products and services going 

forwards. This will be an important point for CISO’s to home in on in the months ahead. 



This concept of making security features more prominent could also help to play an important role in 

building a stronger culture of security within an organization. A key challenge experienced by many 

CISO’s we interact with. Jim Rutt, CISO at the Dana Foundation, a participant in this research report and 

stated “CISO’s need to ensure that with every initiative, whether that be digital transformation or new 

applications being rolled out, they make the security features and ‘asks’ prominent within the project. 

Raise awareness of where the issues exist and where the gaps could be exposed.” To maintain a holistic 

security posture, it is going to be essential to create this level of collective commitment and focus. 

The carrot of an enhanced value proposition also needs to be balanced with the stick of protecting 

business operations as the attack surface increases in light of COVID-19 related events. CISO’s surveyed 

in the Cyber Security in Focus 2020 research suggested that they felt investment decisions would largely 

be driven by the stick (57%) and it’s important to keep this balance of risk and reward in mind when 

dealing with the board. 

Ultimately, strategy execution is going to be key. According to the research, the largest single barrier to 

delivering on cyber security initiatives is internal skills (39% of respondents felt this way). A significant 

percentage of CISO’s (76%) are still reporting a shortage of talent within their businesses with some 72% 

struggling to source cyber security candidates. Will candidate availability improve as a result of COVID- 

19? Certainly, there may be more candidates on the market, but we are seeing businesses be very 



deliberate around retaining mid to senior security talent amid the layoffs in other areas. They have the 

battle scars to prove how challenging the cyber security recruitment market can be. Time to hire will 

remain a challenge for organizations seeking to address their skills shortage as hiring managers seek to 

acquire soft skills and cultural fit in conjunction with their technical requirements. 

The Stott and May Cyber Security in Focus Survey examines the key issues that have made an impact 

on the market over the course of this year. The research is based on the collective experience of 55 cyber 

security leaders sourced from Stott and May’s professional network. Respondents were asked to share 

their views across a wide range of issues including, but not limited to, the skills shortage, the boardroom 

perception of cyber security, talent attraction and the challenges associated with securing business in 

the cloud. 

The full report is available here. 


Stephen Stott is the Founder and CEO of Stott and May. He founded 

the business in December 2009. Stott and May are a talent 

acquisition agency that specialize in cyber security, data and 

analytics, tech sales and software engineering recruitment. Stephen 

divides his time between Stott and May’s UK and US locations with 

a clear mission; to connect the world’s professionals to make them 

more productive and successful than they ever believed imaginable. 

Stephen can be reached online at 

https://www.linkedin.com/in/stephen-stott-18a94219/ and at our 

company website http://www.stottandmay.com 



ISF: Behavioral Analytics Expected to Trigger a Consumer 

Backlash 

Organizations whose business model is dependent on behavioral analytics will be forced to backtrack 

on costly investments 

BY Steve Durbin, Managing Director, Information Security Forum 

In the coming years, organizations’ insatiable desire to understand consumers through behavioral 

analytics will result in an invasive deployment of cameras, sensors, and applications in public and private 

places. A consumer and regulatory backlash against this intrusive practice will follow as individuals begin 

to understand the consequences. 

Highly connected ecosystems of digital devices will enable organizations to harvest, repurpose and sell 

sensitive behavioral data about consumers without their consent, with attackers targeting and 

compromising poorly secured systems and databases at will. Impacts will be felt across industries such 

as retail, gaming, marketing, and insurance that are already dependent on behavioral analytics to sell 

products and services. There are also a growing number of sectors that will see an increased dependency 

on behavioral analytics, including finance, healthcare, and education. 

Organized criminal groups, hackers and competitors will begin stealing and compromising these treasure 

troves of sensitive data. Organizations whose business model is dependent on behavioral analytics will 

be forced to backtrack on costly investments as their practices are deemed to be based on mass 

surveillance and seen as a growing privacy concern by regulators and consumers alike. 



What is the Justification for This Threat? 

Data gathered from sensors and cameras in the physical world will supplement data already captured by 

digital platforms to build consumer profiles of unprecedented detail. The gathering and monetization of 

data from social media has already faced widespread condemnation, with regulators determining that 

some organizations’ practices are unethical. For example, Facebook’s role in using behavioral data to 

affect political advertising for the European Referendum resulted in the UK's Information Commissioner’s 

Office fining the organization the maximum penalty in late 2019 – citing a lack of protection of personal 

information and privacy and failing to preserve a strong democracy. 

Many organizations and governments will become increasingly dependent on behavioral analytics to 

underpin business models, as well as for monitoring the workforce and citizens. The development of 

‘smart cities’ will only serve to amplify the production and gathering of behavioral data, with people 

interacting with digital ecosystems and technologies throughout the day in both private and public spaces. 

Data will be harvested, repurposed, and sold to third parties, while the analysis will provide insights about 

individuals that they didn’t even know themselves. 

An increasing number of individuals and consumer-rights groups are realizing how invasive behavioral 

analytics can be. An example of an associated backlash involved New York’s Hudson Yard in 2019, 

where the management required visitors to sign away the rights to their own photos taken of a specific 

building. However, this obligation was hidden within the small print of the contract signed by visitors upon 

entry. These visitors boycotted the building and sent thousands of complaints, resulting in the 

organization backtracking and rewriting the contracts. Another substantial backlash surrounding invasive 

data collection occurred in London when Argent, a biometrics vendor, used facial recognition software to 

track individuals across a 67-acre site surrounding King's Cross Station without consent. 

Attackers will also see this swathe of highly personal data as a key target. For example, data relating to 

individuals’ personal habits, medical and insurance details, will present an enticing prospect. 

Organizations that do not secure this information will face further scrutiny and potential fines from 

regulators. 

How Should Your Organization Prepare? 

Organizations that have invested in a range of sensors, cameras and applications for data gathering and 

behavioral analysis should ensure that current technical infrastructure is secure by design and is 

compliant with regulatory requirements. 

In the short term, organizations should build and incorporate data gathering principles into a corporate 

policy. Additionally, they need to create transparency over data gathering practices and use and fully 

understand the legal and contractual exposure on harvesting, repurposing and selling data. 

In the long term, implement privacy by design across the organization and identify the use of data in 

supply chain relationships. Finally, ensure that algorithms used in behavioral analytical systems are not 

skewed or biased towards particular demographics. 




Steve Durbin is Managing Director of the Information Security Forum (ISF). 

His main areas of focus include strategy, information technology, cyber 

security, digitalization and the emerging security threat landscape across 

both the corporate and personal environments. Steve can be reached online 

at @stevedurbin and at our company website www.securityforum.org. 



Mobile App Security in The Midst of a Pandemic 

By Tom Tovar CEO and co-creator of Appdome 

In the “new normal” of COVID-19, businesses are relying on mobile apps to ensure business operations 

and revenue flowing. 

Restaurants, grocery stores and essential businesses, for example, now enable customers to order food 

via their phone for curbside pickup or delivery via apps like GrubHub, DoorDash and UberEats, increasing 

safety for consumers. 

Businesses face a two-pronged challenge. First is the need to rely on mobile apps to maintain sources 

of revenue. Second, and equally important, is a massive shift to work-at-home, which has dramatically 

increased the reliance on mobile apps for internally-focused enterprise processes vital for managing and 

executing day-to-day workflows. 

To cope, organizations are rushing to add new functionality and updates to both their consumer-facing 

and internal mobile apps, but in so doing, many are making security an afterthought. Indeed, the Verizon 

Mobile Security Index 2020 found that 43% of organizations knowingly cut corners on mobile security to 

“get the job done.” And that was before the additional pressure put on development teams by COVID-19. 



Organizations that neglect security do so at their peril. Certainly, they may be able to get apps in the 

hands of end-users faster without adding security protections, but should an attacker compromise their 

app, the damage to their reputation and their revenue stream could far outweigh any advantage. Brands 

whose apps have suffered security breaches must often spend millions repairing their brand, fighting 

lawsuits and compensating consumers, not to mention the danger they face having their own data stolen 

or encrypted for ransom. In fact, attackers are already taking advantage of the pandemic and people’s 

increased reliance on mobility. For example, a recently released Covid-19 tracking app turned out to be 

ransomware. 

One of the big problems, of course, is knowing where to start. It can feel overwhelming. After all, a 

development group can spend months fixing hundreds of vulnerabilities, while a cybercriminal only needs 

to find one to mount a successful attack. But while you can’t necessarily anticipate every possible attack, 

you can address the most serious vulnerabilities, and the Open Web Application Security Project 

(OWASP) has already identified the most important vulnerabilities found in mobile apps. Protecting 

against these will significantly increase the security posture for your apps. 

Broadly speaking, here are the areas that require the most attention: 

Reverse engineering and app tampering protections: Most apps are not protected against attempts to 

probe them to discover exactly how they work. By tampering, debugging and reverse engineering apps, 

hackers can not only identify promising vectors for attack, but they can also create malware that closely 

resembles the real app, which they can then distribute to end-users. Using techniques such as app 

shielding, developers can prevent hackers from gaining access to the internal operations of their apps. 

It’s critical to make sure app shielding is properly implemented, however, because if it’s done poorly, 

hackers can turn off the protections it provides. 

App shielding is best implemented alongside code obfuscation, which makes an executable unintelligible 

so that hackers are unable to read the source code and glean useful information. Together, these two 

measures can prevent hackers from picking an app apart to recreate it or identify coding vulnerabilities. 

Securing data storage: End-users are very concerned about the security of their personally identifiable 

information (PII) such as passwords, bank accounts and credit card numbers … and they should be. In 

many apps, this information is stored on the device without any protection at all. As a result, anyone who 

can get into the phone — a trivial task for a sophisticated hacker in possession of the device — can read 

or export all the data it stores. For the most part, that’s what thieves are after when they steal a device. 

They can make much more money off financial fraud and credential theft than they could by simply selling 

the device on the black market. 

Data on the device must be encrypted, both at rest and in use, which means data will be completely 

unreadable to anyone who does not possess the encryption key to decode it. It’s important to use strong 

security, as older encryption algorithms may be vulnerable to cracking. The Advanced Encryption 

Standard using encryption keys that are 256 bits in length — known as AES-256 encryption — is the 

industry standard. 



Secure communication: It’s not that much of an exaggeration to describe a mobile app as a connected 

bundle of APIs. Mobile apps must communicate via the Internet with other services in order to function, 

which means communications must be secured. If not, mobile users can fall victim to man-in-the-middle 

(MitM) attacks, where a hacker intercepts communications between a mobile user and the server they’re 

trying to reach. A successful MitM attack enables hackers to steal information and even change the data 

communicated to upload malware onto the end-user’s device. 

These attacks are more common than one might think. The Verizon Mobile Security Index 2020 shows 

that just under 1 in 10 of protected mobile devices detected an MitM attack attempt in 2019. 

To secure communications, developers must ensure that the app connects to the back-end server 

through an encrypted tunnel that uses the secure socket layer (SSL) as well as the transport layer security 

(TLS) protocols. In addition, developers can also choose to pin a static client certificate to the built app 

to prevent credential stuffing attacks on the back-end server. Without these protections, end-users’ 

communications can be easily intercepted and compromised by any hackers. 

Of course, implementing these measures requires not only time, but also the right skills, and iOS and 

Android-specific security skill sets are in high demand. Thankfully, automated, AI-powered platforms now 

exist that can integrate all of these security measures into a mobile app binary in minutes without any 

coding at all. 

Even before the pandemic, the importance of mobile apps to commerce and day-to-day business was on 

the rise. During the lockdowns, this trend has accelerated, and it’s unlikely to slow down even once the 

disease finally recedes. In our new normal, mobile apps have become the primary way for people to do 

their banking, shopping, order food, transact business and work. It is paramount that, during the COVID- 

19 pandemic, the mobile apps people use are secure so that the people and businesses are protected. 


Tom Tovar is the CEO and co-creator of Appdome. 



Managing an Information Security Risk Program 

A Managerial Approach 

By Adriano Novaes, Senior Cybersecurity Consultant 

Every organization should have an information security management program. The program consists of 

the totality of all activities and expenditures the organization takes to protect sensitive information. The 

program may be formal with a specific executive tasked with management responsibility, or it may be 

informal with activities and expenditures spent as needed. Formal or ad hoc, proactive or reactive, 

effective or not, every organization manages the security of its critical information. 

Set the goals 

The objective of an organization’s Information Security Management Program is to prudently and costeffectively 

manage the risk to critical organizational information assets. 

• The risk that critical information is compromised 



• The risk that critical information becomes unavailable 

• The risk that critical information is changed without authorization 

Associated with risk is cost. Security incidents cost money. So does preventing them. The cost, for 

example, of a computer virus is the loss in productivity of an organization’s personnel plus the time and 

expense for IT personnel to remove the virus and restore availability. The cost of a theft of a trade secret 

by a cyber-thief is the value of the trade secret. Implementing security also has costs. Firewalls and other 

security technology take capital away from other uses. Information security personnel come at the 

expense of personnel who can directly more contribute to the bottom line. And every hour management 

spends in a security meeting, or personnel spend on security awareness training, is an hour that could 

otherwise also contribute to the bottom line. 

Requirements for an Information Security Management Program 

The drivers behind an organization’s information security management program are the evolving 

landscape of laws, regulations, and competition, as well as evolving information security “best effective” 

practices. Organizations that hold personal, financial or health information of others are required to 

adhere to various federal and state laws and regulations. These include 

• HIPAA (electronic protected health information) 

• Sarbanes-Oxley 

• GDPR – General Data Protection Regulation 

Organizations may also have various contractual requirements for information or data security. Credit 

card processors, for example, must conform to the Payment Card Industry Data Security Standard. 

As organizations come to more deeply understand the competitive value of the information stored in their 

computer networks and the need to make that information securely available anytime and anywhere, 

they discern the need for a formal information security management program to assure that information 

is kept confidential, available, and correct. 

As organizations have increasing needs to share information with suppliers, customers, and other 

business relations they are increasingly becoming concerned with the information security capabilities of 

these third parties. 

An organization’s information security management program must be built upon current and emerging 

information security “effective best-practices.” As the information security industry has evolved, the 

industry has tended to settle on three distinct models as to what constitutes a set of “effective bestpractices” 

for managing the security of information: 

• ISO-27001 Specification for an Information Security Management System 

• ISO-27002: Code of Practice for Information Security Management 



• ISACA: Information Security “Management Maturity Model” 

Managing the Security of Critical Information Assets 

Information Security Control Objectives 

While the prevailing ‘consumer perspective” of information security is that it is concerned with protecting 

the confidentiality of sensitive information. 

The control objectives recognize that it is not enough to put all of one’s security resources on protecting 

information. Information is under stealth attack and it is only prudent to commit resources to detecting 

attacks and to be sure that one can recover from attacks. And while compliance is linked to protect, detect 

and recovery controls, it requires management oversight and corporate resources as well. 

Information Security Critical Success Factors 

Information security has seven Critical Success Factors which must be implemented if an organization is 

to meet its information security control objectives. 

1. Executive Management Responsibility: Senior management has responsibility for the firm’s information 

security program, and this program is managed in accordance with the enterprise’s information security 

policies. 

2. Information Security Policies: The enterprise has documented its management approach to security in 

a way that complies with its responsibilities and duties to protect information. 

3. User Awareness Training & Education: Information users receive regular training and education in the 

enterprise’s information security policies and their personal responsibilities for protecting information. 

4. Computer and Network Security: IT staff and IT vendors are securely managing the technology 

infrastructure in a defined and documented manner that adheres to effective industry information security 

practices. 

5. Physical and Personnel Security: The enterprise has appropriate physical access controls, guards, 

and surveillance systems to protect the work environment, server rooms, phone closets, and other areas 



containing sensitive information assets. Background investigations and other personnel management 

controls are in place. 

6. Third-Party Information Security Assurance: The enterprise shares sensitive information with third 

parties only when it is assured that the 3rd-party appropriately protects that information. 

7. Periodic Independent Assessment: The enterprise has an independent assessment or review of its 

information security program, covering both technology and management, at least annually. 

Management Control Domains 

These seven critical success factors play themselves out across three fundamental management control 

domains: 

1. IT Infrastructure Security: Control elements in this domain identify specific point-in-time technical 

information security countermeasures. Examples include the security architecture; firewall rules; 

technical access controls; backup status; use of encryption; virus, worm, Trojan horse prevention; current 

patch levels; intrusion detection capabilities; etc. 

2. Secure IT Management: This control domain contains information security management controls 

specific to managing the Information Technology infrastructure. Control elements in this domain include 

documentation of IT systems, procedures, etc; management of systems development and maintenance 

processes, including change control; incident response and disaster recovery planning; IT staff 

education; IT vendor security; etc. 

3. Entity Security Management: This control domain contains management controls hierarchically “above” 

and outside of the management of the Information 

Technology infrastructure. Control elements in this 

domain include the chief information security 

officer, information security policies, employee 

education and awareness training, business 

process security, physical security, personnel 

security, etc. 

Managing an Information Security Structure 

CISO 

As an information security leader, It is expected to: 

• Take a systematic approach to IT security 

• Determine which risks have most impact on 

your organization and protect the assets 

that matter most 

• Proactively mitigate risks and minimize 

damage from cyber attacks and data breaches 



• Ensure your organization can recover from security incidents faster and more easily 

• Justify investments in IT security to the board of directors 

Information Security Steering Committee 

The CISO is supported by a cross-functional Information Security Steering Committee. In order to make 

sure that information security leadership and management extends across the organization, Steering 

Committee members need to include senior representatives of marketing, sales, operations, HR, finance 

and IT. Formal appointment to the Information Security Steering Committee is made by the COO in 

consultation with the CISO. 

Stablishing an Information Security Culture 

The effectiveness of an information security program ultimately depends upon the behavior of people. 

Behavior, in turn, depends upon what people know, how they feel, and what their instincts tell them to 

do. While information security policies, an awareness training program and the other required information 

security practices can define, regulate and impart information security knowledge these rarely have 

significant impact on people’s feelings about their responsibility for securing information, or their deeper 

security instincts. The result is often a gap between the dictates of information security policy and the 

behaviors of our people. 

Develop a risk assessment process 

Risk assessment is an important part of any cybersecurity risk management plan. It is important have in 

mind the following points, as find as below: 

• Identify all your company's digital assets, including all stored data and intellectual property 

• Identify all potential cyber threats, both external (hacking, attacks, ransomware, etc.) and internal 

(accidental file deletion, data theft, malicious current or former employees, etc.) 

• Identify the impact (financial and otherwise) if any of your assets were to be stolen or damaged 

• Rank the likelihood of each potential risk occurring 



Speed as an action 

When a security breach or cyberattack occurs, an immediate response is required. The longer it takes to 

address the threat, the more damage may be done. Studies show that 56% of IT managers take more 

than 60 minutes to get information about an ongoing cyberattack. But a lot of damage can be done in an 

hour. 

Speedy reaction must be a part of your security-forward culture. That means you need to develop an 

early recognition of the potential risks, an immediate identification of the attacks and breaches, and a 

rapid response to security incidents. When it comes to risk containment, speed is of the essence 

Incident Response Plan 

Last but not least, It is required to develop an incident response plan, focusing on the priority of risks 

previously identified. You need to know what you need to do when a threat is detected—and who needs 

to do it. This plan should be codified so that even if an incident occurs after you've personally left the 

company, the team currently in place will have a roadmap for how to respond. 


Adriano Novaes is a senior cybersecurity consultant with more than 15 

years of experience in the Cyber security space. He is experienced in 

Governance, Risk and Compliance and strong expertise in the 

information security projects involving IT Risk Management, Network 

Security, IT vulnerability management besides providing security advice 

in information assets to Brazilian and international companies across the 

world. Adriano has worked in multiple projects from different clients in 

Brazil, Africa and The United States. He is graduated in Network 

Technology and certified as Cybersecurity specialist by Georgia Institute 

of Technology in the US. Adriano Novaes can be reached out online at 

adriano.novaes@yahoo.com.br or https://www.linkedin.com/in/adrianonovaes 



Ensuring Cybersecurity in A Remote Workplace 

How to Make Sure your Remote Team is Secure 

By Ryan Ayers, Freelance Writer & Tech Consultant 

With ecommerce at an all time high in the wake of the COVID-19 lockdown, cybersecurity is even more 

important than it was in 2019 when the U.S. government, alone, spent $8.5 billion defending against 

hackers and other types of cyber criminals. 

The future of cybersecurity looks bright from a jobs standpoint, but that obviously means there is 

heightened anxiety regarding the threat of attacks. As the remote work trend will most likely continue 

after stand down, here are some tips on ensuring cybersecurity for your company. 

Educate Your Employees 

Self-education on hacking trends is paramount if you’re someone who is responsible for securing 

personal information shared on a website, and passing that information to any and all employees/thirdparty 

workers who may have access to parts of your website that have sensitive information is just as 

important. 



Having a positive workplace culture in place is the first step, so your employees respect and listen to the 

information you pass down regarding the hacking trends. Additionally, simple but important reminders to 

change passwords and always logout need to be said, as old habits die hard and most people don’t do 

these things as regularly as they should. 

Educate Your Consumers 

A fairly new type of cyberattack is called “MITM” attacks, or “man in the middle.” Though an insensitive 

name in regards to female hackers, it’ a very sensitive issue in the world of cybersecurity. In MITM 

attacks, a hacker will create a network that mimics that of a local WiFi hotspot like a coffee shop. It’s 

already not great practice to do ecommerce over a public network, but it’s especially troublesome when 

the network is phony and someone is simply watching you input data and stealing what you input. 

Making sure customers stay aware of the threats without scaring them away, is a tough line to toe but 

one that should err on the side of protecting the consumers and your website. 

Protect the Money 

Any remote workplace that offers online monetary exchanges needs to triple up on security in a world 

where security breaches are expected to cost the global economy $6 trillion (with a “t”) in 2021 (some 

estimates are lower, but all well above the $3 trillion the economy lost to cyber criminals in 2015). 

Let Everyone Know About Your Security Measures 

One of the best ways to secure your ecommerce website is to subtly-but-noticeably display your security 

measures on your website. This is a three-fold measure when it comes to the protection and success of 

your ecommerce business. First, you do, indeed, have quality security measures in place to protect 

against hacking, including automated hacks which account for a large percentage of hacking. When it 

does come to human hackers, your advertised security measures will also play a part in deterring them 

from targeting your site and your customers’ information. Third, those same customers will see it and 

think, “Hey, this website is a secure, let’s buy some stuff,” and that’s the ultimate goal in ecommerce! 

Repeat Regularly 

All of these practices will help your remote company stay protected from cyber threats, but the world of 

hacking is as rapidly changing as any tech-related arena and it is paramount to the protection of your 

information to constantly bring yourself up to speed on trends and tribulations from the dark side of 

ecommerce. 

As the threats of hacking continue to increase, it’s also a good idea to look into third-party services that 

display expertise in defending against the ever-changing cyber criminals of the world. Just as with any 



investment, it should certainly be weighed against the alternatives, but the weight of poor security has 

and can again be the beginning of the end for an ecommerce site that ends up in a hacker’s crosshairs. 


Ryan Ayers is a researcher and consultant within multiple 

industries including information technology, blockchain and 

business development. Always up for a challenge, Ayers enjoys 

working with startups as well as Fortune 500 companies. When 

not at work, Ayers loves reading science fiction novels and 

watching the LA Clippers. Ryan can be reached online at 

@biztechguru. 



GDPR Working from Home Checklist in The Light Of 

COVID-19 

Working from home in this pandemic period? Check some risk associated with it and Follow this step 

by step checklist that organizations need to take... 

By Susan Alexandra, Contributing Writer 

EU General Data Protection Regulation (GDPR) imposes strict check and balance for any mishandling 

or accidental leakage of personal data. Companies and businesses have to take some mandatory 

measures to maintain GDPR compliance. The responsibility of the organizations for protecting data turns 

multifold in the current situation of work from home. 



Risks of Working from Home 

COVID-19 has forced the corporate industry to opt for remote working in place of an office setting. This 

has increased the risk of a data breach. The major causes of this increase in risk are: 

● Work from home means that several devices are connected to the company's database. This 

increases the chances of data theft and leakage. 

● The flow of data to and fro the company's system is carried out through multiple networks with 

varying security levels. This eases the work of predators and cybercriminals. 

● Most of the employees working in a traditional setting are not familiar with the usage of online 

tools. This increases the chances of human error and mishandling of data. 

● Unprotected devices are always an easy target for phishing emails and malware. Just one risky 

device or a single random click by any employee can risk the whole system. 

Checklist for GDPR Compliance 

Here are some necessary measures that your company or organization must take, especially in this 

current situation of remote working, to maintain their compliance with GDPR. 

● The company must update its privacy policy for employees working from home. 

● New agreements must be made with third parties and outside vendors to maintain compliance 

with GDPR. 

● All the employees should be provided with secured devices by the company. 

● If employees are using their own devices, they must be well protected with an up to date version 

of antimalware and firewall. 

● The encrypted network is a must for data security. Therefore, the company should provide VPN 

protected Wi-Fi devices to all the employees working from home. 

● If the employees are using their own Wi-Fi, they must be restricted to use password-protected 

Wi-Fi only. They must avoid using shared or public Wi-Fi for accessing and sharing the company's 

data. 

● Limit access to important files and data. 

● Two-factor authentication must be used for allowing access to the company's database. 

● All the tools and software used for communicating and data transfer must be encrypted. 

● Employees must be asked to limit their online activities on the devices that are used for accessing 

the company's database. 

● Employees must be restricted from sharing any details and passwords with unauthorized people. 

Company's data should not be shared with anyone, not even with the family members. 

● Employees must be trained for the usage of online tools and software to decrease the chances 

of human error. 

● Employees must also be educated about online safety and how to stay safe from phishing emails 

and invading malware. 

● Companies should have a proper IT infrastructure to monitor remote devices connected with their 

system. 

● Notifications must be set to get an alert in case of any security risk from any device connected 

with the system. This device should be immediately removed from the system and denied access 

for the time being. 



● Companies must have taken Data Processing Impact Assessment (DPIA) to detect any issue in 

the security system. 

● If there are any loopholes in security, they must be dealt on an urgent basis. 

● Companies must have prepared an alternate plan in case of a data breach. 

● Employees must also be trained to urgently deal with any security issue at their end. 

These are some crucial steps that every organization must take to maintain GDPR compliance and avoid 

any fines by GDPR. According to a report by PrivacyAffairs, “the total number of GDPR fines are 256 

yet”. 

Maintaining GDPR compliance has become challenging for organizations in this work from home 

situation. GDPR is detecting more data breaches than ever and is actively imposing fines on the 

companies not following a proper data security regime. The time demands companies to be extra vigilant 

about their data security. They must revise their policies and devise new strategies for safer handling and 

storage of confidential and crucial data. 


Susan Alexandra is an independent contributing author at SecurityToday 

and Tripwire. She is a small business owner, traveler and investor in 

cryptocurrencies. 



Cyber-Secure Access Control Solutions for Workplaces 

By Imran Anwar 

FBI has reported a 400% increase in cybercrime reports during the COVID-19 pandemic. Cybersecurity 

has become a big challenge for business owners while they try to keep their business running amidst the 

lockdown. The access control system is your first and final line of defense against cyber attacks carried 

out with the intent of gaining unauthorized access to the workplace. 

Access Control and Cybersecurity 

Right now, most organizations are working remotely or in shifts. Cybercriminals or disgruntled employees 

can take advantage of such times. Someone may try to steal your company’s vital information through 

MITM (Man in the Middle) attacks, a hacking technique in which the attacker secretly relays and possibly 

alters the communications between two data end points such as a card reader and key card. 



Cybercriminals can also send phishing emails and malware to hack into your company server from where 

they can break into your on-premise access control system, enter the workplace, and walk away with 

physical or digital assets without you knowing it. 

Are Key Cards Cyber-Secure? 

A couple of years ago, a couple of scientists discovered a major vulnerability in hotel key cards that could 

have been exploited by intelligence agencies, thieves and other criminals to gain access to rooms and 

cause further damage. 

It is estimated that 80% of all key cards being used to control access to workplaces can be hacked or 

copied. All card readers run on Wiegand interfaces, a 1980s technology that even a complete idiot can 

easily hack by following commonly available online tutorials. 

Electronic locks that need no wiring and only an internet connection to grant access can become the 

target of a cyber attack when the data communication is not secured by end-to-end encryption. 

How Secure is Smartphone Access? 

Smartphone based access control solutions that run on company networks should be a cause of concern 

for cyber security teams. These systems make use of Bluetooth HID or NFC channels to relay data, which 

can be hacked unless secured with encryption. 

Your network is only as secure as the devices attached to it. To be cyber secure, your access control 

system should offer endpoint security to prevent hackers from sneaking into the network by hacking 

someone’s phone and manipulating access control. 

Requirements of a Cyber-Secure Access Control Solution 

A cyber-secure access control system should provide protection against threats at all vulnerable points, 

which include data and application storage, access control devices, and the channel through which data 

is transmitted. 

Data and Application Storage 

Access control systems that store information on-site and work on your organization's internal network 

are a big hassle to manage and a looming security risk. Thanks to cloud computing, modern access 

control systems are virtually impregnable and effortless to maintain. The backend is fully secured and 

managed through Google, Amazon, or other reputed cloud servers, so you can sit back and relax. 



Using a simple mobile or desktop interface, the security team can grant or revoke access to any user to 

any particular section of the building or office. The cloud offers enterprise grade security and trouble free 

management and mitigates the risk of data loss, hacking, malware, and physical threats. 

Access Control Devices 

Key Cards: Most RFID cards can be duplicated in a matter of minutes using $10 devices easily available 

on the market. HID and NFC cards can be copied to phones. There are access control companies that 

claim their cards are cyber secure because they use 128 bit AER encryption, TLS and PKI security. 

However, cards or fob access looks outdated with the advent of mobile and face recognition access 

control. 

Smartphones: Smartphone access is a better choice from the cyber security standpoint. However, bad 

guys can steal or hack smartphones by using malware or even USB charging cables at public phone 

charging points. Theoretically speaking, someone can steal user credentials and clone them into another 

device to illegally enter the workplace. 

Face Recognition: Facial recognition based access control systems provide a better solution to cyber 

threats. Fraudsters may still be able to beat the system by wearing masks, but it would be like Mission 

Impossible. 

Smart Locks: Cnet reports that out of 16 different Bluetooth enabled locks were tested at the Las Vegas 

based hackers convention, 12 had inadequate BLE security. So, yeah, they can be hacked unless your 

access control solution provider has done a really good job at encryption. 

Communication Channels 

Bluetooth, NFC and HID: Bluetooth has several known vulnerabilities that make it as secure as a 

padlock made from pizza dough. NFC and HID are no better—they are just channels that you have to 

make secure by encrypting the data stream. 

LAN/WAN: Access control systems that run on internal networks are not cyber- secure at all. WiFi 

networks are easy to hack. There’s always a risk of data theft or the server crashing or network glitches 

that make the system unusable. 

Internet: Cloud based systems with robust transitory and endpoint encryption make the data stream 

impossible to crack. However, users should make sure their internet connection is secure. 

Face recognition based access control systems offer better protection against cyber security threats; not 

only because they use cyber-secure components and encryption, but also because they allow you to 

monitor and record everyone who’s entering the workplace or accessing its different sections. Moreover, 

you can implement two-factor authentication based on face and mobile credential to eliminate the risk of 



unauthorized access. Face recognition access control also adds video surveillance and video intercom 

functionality to the workplace without incurring extra expenditure. And speaking of expenses, the most 

cyber-secure access control systems are available for a pay as you go pricing model and require minimal 

upfront investment. 

Author the Author 

Imran Anwar, Staff Writer.Imran Anwar has 10+ years of professional 

writing experience about technology-related topics including digital 

marketing, cloud computing, SaaS, mobile apps, artificial intelligence, 

IoT, face recognition, and building access control systems. As a Staff 

Writer at Swiftlane, Imran focuses on creating useful content pieces for 

blogs, case studies, white papers, and user guides. An outdoor 

enthusiast, Imran likes to garden and spend time with his family when he 

isn’t writing about access control and touchless technology. 



Cleaning up “Dirty” Wi-Fi for Secure Work-from-Home 

Access 

By Matias Katz, CEO, Byos 

A great deal of emphasis has been placed on the use of VPNs to help provide safe, secure connectivity 

during this historic COVID-19 crisis and the massive move to working from home that has resulted. 

However, VPNs are not a definitive answer for secure connectivity; the major problem lies with the nature 

of home Wi-Fi, and with threat vectors that VPNs can’t address. VPNs encrypt data in transit, but they 

don’t isolate the device from the network. This means that corporate devices are still exposed to threats, 

even when using a VPN. 

The Risks of Home Wi-Fi Networks 

Wi-Fi networks, whether in public or private, are by their very nature dirty, and home Wi-Fi networks are 

no different. 

There are often 10 or more unmanaged devices connecting to the average home Wi-Fi network, such as 

personal laptops, cellphones, gaming consoles, and home IoT devices. Home internet usage compounds 

the risk because family members often unwittingly helping bad actors: gamers may download malicious 



executables, teens are known to visit risky sites, and many family members don’t understand the risks of 

spam, unable to spot the difference between real and fake apps and emails. 

Each of these devices represents an entry point for attackers, and threat actors know this. They 

understand that WFH employees are unprotected by centralized enterprise security stacks. Once a bad 

actor has gained access to an edge device on the home network, they can go undetected, moving 

laterally across the network to the end goal: the company’s corporate devices and data. 

With the millions of additional points of remote access now in use, threat actors will be scanning more 

often, leading to more brute force attacks and more lateral movement. Security teams quickly need to 

find an alternative method for securing WFH Wi-Fi connections. 

Shoring Up Home Defenses: 

Work from Home (WFH) is a viable alternative for many companies, but unfortunately, IT teams weren’t 

ready for the inherent risks and implications that home Wi-Fi networks pose. 

Organizations have no visibility or control over these home Wi-Fi networks, and therefore cannot trust 

them. 

Home Wi-Fi hygiene can be improved by regularly changing passwords for Wi-Fi networks, changing the 

default router password, creating a guest network, and keeping router's firmware up to date. However, 

even with those steps, risks persist for organizations with WFH employees because enforcement is 

impossible, meaning the organization will never achieve full compliance. These steps also don’t solve 

the gap in protection left by VPNs 

Organizations need to find an easier, enforceable way for securing WFH employees. 

Extending Zero Trust Access to Any Remote Wi-Fi Connection 

The assumption that all networks are dirty is fundamental to any effective remote work security strategy 

such as Zero Trust. The best way to ensure that a home worker doesn’t corrupt the corporate network or 

otherwise expose key assets is to isolate their devices from their untrusted home Wi-Fi networks. In 

essence, this means micro-segmenting the remote device and creating a network of one. This step 

extends Zero Trust access to any remote Wi-Fi network connection. 

The Center for Internet Security's Wireless Access Controls recommends users “Create a separate 

wireless network for personal or untrusted devices. Enterprise access from this network should be treated 

as untrusted and filtered and audited accordingly.” 

That’s what endpoint micro-segmentation achieves: the employee’s device is physically isolated from the 

rest of the home Wi-Fi network, with plug and play USB hardware that delivers a “micro-segment of one.” 

This approach protects the individual’s device and the organization’s network from the various home Wi- 

Fi borne threats that security software doesn’t address. 



Compliance Assurance: Endpoint micro-segmentation gives security administrators real-time security 

policy enforcement capabilities and proof of compliance over devices connected to uncontrollable Wi-Fi 

networks. 

This new approach is easy to deploy, provision and manage security in WFH environments. The only 

other fully secure current alternative – installing network security gateways and cloud controllers on every 

remote employee’s home Wi-Fi network for traditional network segmentation – is impractical and 

unrealistic. 

Now more than ever before, organizations must make working from home frictionless and secure. 

Endpoint micro-segmentation is a practical, painless, plug and play way to home Wi-Fi security gaps. 

About the author 

Matias Katz is the founder and CEO of Byos. Matias has 15+ years of 

experience in Information Security. He founded his first company (Mkit) 

in 2008, which provided defensive and offensive security solutions. 

Matias is an official CISSP instructor. He has presented his research at 

Cybersecurity conferences around the world, and has a TEDx talk. He 

is a published author - “Redes y Seguridad” (Networking and Security) 

and founded an international Hacking conference, Andsec, hosting 

1500 attendees during its final edition in 2017. 

Media Contact: 

Maureen MacGregor 

Madison Alexander PR 

(978) 473-1016 



Cyber Crime is Paying 

What the Evolution of Ransomware Means for the Security Industry 

By Ricardo Arroyo, Senior Technical Product Manager, WatchGuard Technologies 

If you were talk to a retired police officer or FBI agent about kidnappings, they will tell you not to pay the 

ransom. Criminals are not bound by any sort of honor requiring them to stick to the deal. Many times, 

threats to the lives of the kidnapped are still carried out in spite of the ransom being paid. Paying the 

ransom also emboldens the criminal kidnap more often. In some countries, kidnappings are so lucrative, 

it's become a big business. The last 18 months of ransomware incidents have shown an escalation that 

mirrors that of kidnapping enterprises. 

While ransomware is not about kidnapping real 

people, it is about holding something almost as 

important for ransom, your information. Today, 

we spend a majority of our working and 

recreation time on the internet. We play games 

online, we video call online, we work online and 

we shop online. We even bank online. All this 

requires us to confirm we are who we are and 

allowing our personal information or company 

proprietary data to be held by a criminal means 



they can pose as you, open credit, and even steal your money. This is why ransomware is so dangerous, 

it is a prime gateway towards stealing your identity, all while convincing you to pay a ransom to keep it. 

When a piece of ransomware lands on your computer and is executed, it starts restricting access to 

important parts of your computer. Early on it would simply encrypt documents on your system, restricting 

access to the data you need to do your job. Eventually, newer types of ransomware restricted access to 

the computer itself, either by blocking access to your desktop or rebooting your computer into a locked 

state. Lately, some more recent pieces of ransomware will copy your important data off of your computer. 

In all cases a message is flashed on the screen instructing you to pay a ransom in some sort of 

cryptocurrency. 

In the first wave of ransomware (2016-2017), the model was 

to ask for a small ransom, sometimes as low as $100, while 

infecting as many people as possible. Starting in 2019, 

ransomware’s second wave shifted in operating model. 

Instead of widespread infection, newer campaigns started 

targeting specific companies. Attackers worked for weeks or 

months to get access to a specific company and would 

deploy the ransomware on many internal computers once 

they got access. The ransoms for these attacks grew to 

thousands of dollars. The increase in ransom becomes viable 

because the ransomware scare has increased the demand 

for cyber insurance. If a ransomware event happens to a victim with cyber insurance, the insurance 

company will assist in recuperating the ransom paid. This means the company is more likely to pay the 

ransom. 

As if all of this weren't bad enough, in January 2020 the 

Maze ransomware campaign made a major escalation. In 

addition to restricting access to the computer and/or 

documents, this ransomware transmitted some of that data 

off the computer to some sort of command and control 

system. This bridges ransomware into the other major 

business model of cybercrime, selling stolen data. Until 

2016 the major source of revenue for cyber criminals was to 

sell the data they stole to anyone willing to pay. Put it all 

together and attackers can now turn hacked access to a 

company into two separate revenue streams. 

What's even more worrisome about these new ransomware 

campaigns is that victims now must assume the 

ransomware can and will transmit their confidential data over 

the internet. These incidents suddenly fall into the realm of 

mandatory data loss laws in California and Europe. The 

burden suddenly doubles on the victim, since they were 

ultimately responsible with safely storing personal data. 



With all of this doom and gloom from ransomware, is there anything we can do? Luckily, the security 

basics still apply. Layered security is still important. Companies should secure their gateways with nextgen 

antivirus, intrusion prevention, DNS and URL filtering, and deep packet inspection. Credentials 

should be secured with multifactor authentication and endpoints should have up to date EPP and EDR 

solutions and be fully patched. To address ransomware directly, EPP or EDR solutions should have 

capabilities targeted at preventing ransomware, and organizations should also back up their critical files 

frequent. Lastly, the scare of having your data actually stolen, while nothing new, should be addresses. 

An old but effective solution, if you have the infrastructure to support it, is Data Loss Protection (DLP). If 

you have gateway or endpoint security solutions that support DLP, you might consider activating them to 

prevent your precious PII from being transmitted to the criminals. 


Ricardo Arroyo is the senior technical product manager and 

ThreatSync guru at WatchGuard Technologies, where is 

responsible for guiding the design and implementation of threat 

detection and response. Following a 15-year career at the NSA, 

where he worked as an analyst and cyber operator, Ricardo now 

uses his extensive offensive cyber security experience to solve 

complex security problems and develop the latest defenses for 

small and midsized enterprises. Ricardo can be reached online at 

https://www.linkedin.com/in/arroyoricardo/ and at our company 

website http://www.watchguard.com/ 



Ditch Legacy Approaches – Reimagine Cloud Security 

Based on Virtualization 

By Avi Shua, CEO and co-founder, Orca Security; former chief technologist at Check Point 

Software Technologies 

Abstract: Humans are used to thinking in metaphors. While convenient, this limits our ability to innovate. 

Most cloud security solutions suffer from the same problem because they carry biases from the physical 

world. For cloud security to truly succeed, we need to stop iterating on tools designed for on-prem 

environments. 

Look at your keyboard. That odd QWERTY layout dates back to the invention of the manual typewriter 

over 150 years ago. The keys were positioned in such a way to prevent the type bars from jamming on 

their way to striking the paper. 

As technology advanced to computers, tablets, and smartphones, manufacturers continued to use the 

QWERTY keyboard layout. It’s crazy to think that 21st-century devices still carry the vestiges of a design 

from the mid-1800s. 

The problem is that we tend to think in metaphors (e.g., “the PC is the new typewriter”). This limits the 

ability to truly innovate and leverage new capabilities as technology evolves. It happens all the time. 

Unfortunately, the limitations of old tools can influence and constrain how we approach new problems. 

For software, this can lead to biased and suboptimal solutions for security, architecture, and performance. 

The consequences can be especially harsh when it comes to cybersecurity. 



Lifting Physical Security Measures to the Cloud Is a Failed Strategy 

Consider the days when on-premise datacenters were full of physical servers. To verify the security state 

of those machines, administrators had two options: run code on each via a software agent, or scan every 

system from the network to look for vulnerabilities, misconfigurations, and other risks. When businesses 

began to move their workloads to the cloud, these same security technologies were merely lifted and 

shifted. 

Organizations ended up having both an agent – the same agent from the on-prem days bolted on to the 

cloud – as well as the same scanners. But those tools weren’t reimagined to support the unique 

characteristics of cloud computing, thus the limitations of agents and scanners were magnified on the 

new platform. 

While agents can see everything that happens, they have to be installed on every machine to be scanned. 

This simply isn’t practical in a cloud environment that uses ephemeral servers, containers, and serverless 

workloads that burst into existence for a short time and then disappear just as quickly. No human—and 

perhaps not even automation tools—can keep track of software agents and ensure they’re consistently 

installed in such a dynamic environment. What’s more, the high cost and complexity of agent deployment 

and maintenance, as well as friction with DevOps teams, make agent-based scanning totally unsuitable 

for the cloud. 

As for network scanners—which are essentially whitelisted hacking tools—visibility is critically limited to 

just those assets that are already known and accessible. Moreover, scans put data integrity at risk, use 

significant system resources during test procedures, and completely miss some assets and risks because 

they simply aren’t visible or accessible. 

New Tools Address (Some) Cloud Security Needs 

With legacy security tools leaving gaps, new cloud-native tools attempt to fill the need to assess risk in 

cloud estates. For example, Cloud Security Posture Managers (CSPMs) verify that cloud configurations 

are following security best practices and compliance standards such as the CIS framework, Azure and 

GCP benchmarks, and PCI DSS or HIPAA guidelines. While CSPMs do look at configurations unique to 

cloud environments, at best they provide shallow coverage because they don’t go inside machines, but 

rather view them from the outside. 

Cloud platform hosts provide a number of security tools exclusive to their own environments. Amazon, 

Google, and Microsoft all offer tools/services to detect threats, analyze application security, investigate 

potential security issues, discover unprotected keys and sensitive data, identify non-compliance with 

security frameworks and regulations, and more. Third-party vendors also provide tools—many of them 

retreads from the on-premise environment—in each of these areas. 

The key issue with such tools is that they only provide a partial view into your cloud estate’s risks and 

vulnerabilities. An organization must deploy multiple tools or services to get the full picture, and even 

then it’s not a holistic view. Each tool performs its own vulnerability detection and getting them all to 

communicate with one another and provide clear context regarding each finding is nearly impossible. 



The onus is on you to establish the context before beginning to understand and prioritize the risk, then 

ultimately address the vulnerabilities. 

In the network diagram below, two identical web servers that have the same vulnerability. Without context, 

how would you know which alert is an imminent threat and which is just informational? 

Cloud security is far too important to cobble together solutions and hope there aren’t any gaps. Clearly a 

new approach is needed. 

The Characteristics of the Ideal Cloud Security Solution 

A different mindset is required—one in which there are no assumptions regarding existing approaches 

as the only possible solutions. In completely reimagining how to discover and manage all possible risks 

across AWS, Azure, and GCP, the following characteristics of the ideal solution emerge: 

● Detect all important risks in an organization’s cloud environment—both workload and control 

plane—whether it’s a piece of vulnerable software, an infected workload, a misconfigured S3 bucket, 

a lateral movement risk, improperly secured keys, or unsecured PII—whatever the issue may be. 

● Integrate with any cloud environment in minutes—without any side effects on performance and 

availability, thereby eliminating organizational (e.g. DevOps) friction. It should do so without running 



a single opcode on the customer environment and without sending a single packet—all while 

guaranteeing 100% coverage. 

● Prioritize alerts based on all available data, while presenting a manageable number of alerts. 

It makes no sense to 1) have a vulnerability management agent notify about 1,000 workloads at risk 

due to vulnerabilities, then 2) have to go to a CSPM to assess whether there is a real attack vector 

involved, followed by 3) having to install another distinct agent-based antivirus solution to detect 

existing compromises. That approach doesn’t work. The ideal solution must deliver the functionality 

of multiple tools out of the box and provide context-based actionable alerts—not “security concerns 

by the kilo.” 

A Breakthrough Technique for Deeper Cloud Inspection Across 100% of AWS, Azure, and GCP 

Assets 

Any solution based on these characteristics must leverage the cloud computing paradigm and abandon 

the biases of the physical computing world. It can be achieved by embracing virtualization instead of 

devices as the premise of inspection. 

Today’s cloud datacenter separates storage devices and compute devices, connecting them via highspeed 

fiber optics. This enables a unique approach to deep cloud asset inspection. Through the proper 

configuration of privileges and roles, it’s possible to take a “snapshot” of an organization’s bits and bytes 

of block storage, rebuild a read-only image of the full environment on the side (i.e., out of band), then 

scan through the resulting image to look for risks and vulnerabilities. 

This approach can see everything without the hassle of installing agents. It can scan the cloud 

configuration, network layout, and security configuration while reading into virtual machines’ disks, 

databases, and datastores, as well as logs for all of the cloud assets. It can analyze the data, build a fullstack 

inventory, and assess the security state of every discovered asset throughout the stack. All this, 

without impacting performance or availability. 

Here is the real value of this approach: All of this information can be combined with contextual information 

from the cloud infrastructure to gain a context-aware view of the findings—the true level of risk. Context 

is important because it helps alleviate alert fatigue on behalf of the security team. Actionable findings can 

be immediately prioritized and assigned to security engineers or DevOps developers for mitigation or 

follow-up. 

Upon completion of data analysis and reporting, the snapshot can simply be deleted without a trace. 

There is nothing to maintain or deprovision. 

Legacy approaches to security have no place in the cloud. It takes a new mindset that is free from the 

past to envision innovative solutions for complete cloud security. 




Avi Shua is the CEO and co-founder of Orca Security. He invented 

the patent-pending SideScanning technology upon which Orca 

Security is built. SideScanning uses novel, out of band, zero 

impact integration with the cloud virtualization layer to gain full 

visibility into those risks that matter most—vulnerabilities, 

malware, misconfigurations, weak and leaked passwords, lateral 

movement risk and improperly secured customer data. Learn 

more at 

Company Website: - https://orca.security/ 

LinkedIn - https://www.linkedin.com/in/avishua/ 

Twitter - https://twitter.com/orcasec?s=20 



Building a “Culture of Caring” for Clients 

By Jessica Smith, Senior Vice President, Crypsis Group 

When you work in a services industry, it’s natural to become frustrated when clients don’t do the 

fundamentals that could prevent significant problems down the line. In cybersecurity, we see it 

frequently—much of our business involves helping clients after they have had a significant cybersecurity 

incident. It’s possible that a doorway may have been left open for an attacker to enter, and in some cases, 

we may learn the root cause of the incident and know the issue could have been prevented. 

This frustration is common across many services-based businesses: The dentist treating gum disease 

on patients who neglect regular oral hygiene; the IT firm brought in to fix poorly maintained systems; 

plumbers called in to do thousands of dollars in repairs when a $100 fix a year ago would have averted 

the issue; law firms serving clients who made bad choices; auto mechanics repairing high-end vehicles 

that ran dry of oil. 

As experts in our field, we may know the steps that could have/should have been taken, and it can seem 

on the surface that clients can be their own worst enemies. But it’s important to remember that, no matter 

how passionate we may be about our business, our clients have many other concerns beyond 

cybersecurity, or dentistry, or plumbing, etc. What may be our core purpose in life is not theirs—and they 



have budget and time constraints, knowledge gaps, competing priorities, even personal life challenges 

we know nothing about. Naturally, we know our field better than they do—that is why they come to us in 

the first place. 

In my field of cybersecurity, victims of breaches are often blamed (very visibly so, as large breaches can 

impact many thousands of people and end up in the news). As experts, however, we realize what they 

are up against: even with heavy financial investments, it is nearly impossible to mitigate every risk across 

the IT landscape, especially given their competing fiscal priorities. They have to make tough choices. In 

other fields, clients may be similarly challenged or lacking fundamental knowledge to address the basics 

needed to avert issues, both large and small. 

But, even if we know and understand some degree of client neglect may have been the source of their 

own woes, we must resist judgement and focus instead on helping them and caring about their current 

problem at hand. When companies come to us, they are often afraid—for their jobs, health, finances, 

business solvency, etc. What they need from their services professionals is knowledgeable assistance— 

and a healthy dose of empathy. 

Building a Culture of Caring: It Starts from the Top 

To be successful in creating a “culture of caring” for clients, it has to be driven from the leadership on 

down and cultivated throughout the employee base. It must become part of the company DNA, ingrained 

in how we hire, train, lead, communicate, and reinforce through the company culture. As leaders, we 

must ensure our employees across the business remember that “blaming” is not a company value, and 

that caring about people—both clients and coworkers—is. Even if it weren’t a simple human value to 

demonstrate caring, it certainly is a fiscal one: clients will return to companies that demonstrate 

compassion and shun those that make them feel judged for the problems for which they seek assistance. 

A Step-by-Step Approach 

Below are some concrete steps you can take to build a more compassionate culture: 

Lead by Example: Be a caring leader. By demonstrating that the company cares about their employees’ 

overall wellbeing—beyond just their revenue-generating potential—you set an example of how you 

expect employees to treat each other. This includes soliciting feedback; demonstrating humility (we don’t 

have all the answers and should be willing to listen to better ideas); understanding that employees have 

personal lives; getting to know your employees on a personal level. 

Hire the Right People: Go beyond the resume to find people that fit your desired culture of caring. Hiring 

the smartest people won’t yield the best results if they are arrogant, disruptive, or harmful to employee 

dynamics and service orientation. Don’t be afraid to let the wrong people go if issues cannot be addressed 

with an adequate investment in coaching. 

Empathetic Coaching: Few employees enter the workplace without areas for improvement, and leaders 

aren’t exempt, either. When you see opportunities for employees to improve in their interactions with 



clients and employees, guide them on better methods, but do so with empathy (and not punitively). By 

setting this example even in coaching scenarios, they will get the message of what is expected. 

Invest in Your Culture: In my experience, happy employees do, in fact, make happy customers. Focus 

on building a culture that includes rich offsite experiences not focused on work, volunteering events, a 

strong total rewards package, and employees from diverse backgrounds. However, having a strong 

culture has to go beyond the obvious benefits and team building events—it means creating a place where 

employees feel heard and can safely voice their opinions, ideas, and frustrations, and know that valid 

input will be acted upon. 

Employ Customer Satisfaction Programs: If you haven’t operationalized a Customer Satisfaction 

feedback program, it is highly recommended to gain feedback directly from clients on their interactions 

with staff. Share this feedback with all customer-facing personnel regularly, set goals around these areas, 

and track progress with the whole team. 

At the end of the day, services staff are people too. Frustration is understandable, especially when 

common mistakes with serious, preventable consequences are seen frequently. But it’s important to stay 

focused on the mission—helping clients and driving revenue. Demonstrating empathy helps accomplish 

both goals while improving the overall culture of the organization. 


Jessica Smith is the Senior Vice President of The Crypsis Group. Jessica 

is a veteran practitioner of digital forensics with an extensive record of 

involvement in complex civil and criminal cases, Jessica brings her 

experience and know-how to The Crypsis Group’s client engagements 

as well as helping direct the daily operations of the firm, focusing on 

professional service projects that allow Crypsis to continue to scale. She 

previously was Managing Director of Digital Forensics in Stroz 

Friedberg’s Washington, DC office, where she was responsible for comanaging 

the firm’s technical operations in the areas of computer 

forensics, cybercrime response, and incident handling. Over the course 

of her career, Jessica has provided expert testimony and performed 

forensic analysis of digital media in many challenging and high-profile 

cases. She has evaluated obstructive deletion activity in securities fraud 

cases, covertly acquired and analyzed media in cases involving theft of intellectual property, and 

identified and reconstructed deleted, fragmented digital DNA files relevant to a multiple homicide 

investigation and death penalty trial. A member of the American Academy of Forensic Sciences, she has 

presented at the group’s Annual Meeting and received its 2008 General Section Achievement 

Award.Jessica can be reached at our company website https://www.crypsisgroup.com/ 



Newsjacking COVID-19 and Other Common Cybersecurity 

PR Mistakes 

By Evan Goldberg, SVP and Cybersecurity Practice Group Director, ARPR 

If you were to reflect back to the beginning of the previous decade, you’d be hard pressed to remember 

more than a handful of cybersecurity stories per month outside of the industry trades. Aside from Stuxnet, 

there were relatively few cyber incidents that media deemed significant enough to warrant mainstream 

attention. And to be frank, the media’s interest in Stuxnet was probably less about cybersecurity and 

more about the national security implications of the U.S. and Israel conducting an intelligence operation 

within Iran’s borders. 

Fast forward to 2020 and there is absolutely no shortage of cybersecurity hacks, breaches, threats and 

vulnerability discoveries in the mainstream news on a daily basis. The evolution of press coverage has 

directly coincided with the rather dramatic increase in cyberattacks of consequence to the critical mass. 

From a cybersecurity perspective, it’s certainly an interesting time to be alive. 



To rapid response or not to rapid response - that is the question 

To unearth cybersecurity stories, reporters are tipped off by security analysts, white hat hackers, 

penetration testers, government agencies, PR flacks and yes, even cybersecurity vendors like you. 

Over the years, cybersecurity PR professionals have developed a reputation for overly aggressive media 

relations efforts that are sometimes void of the best practices proven to build and sustain journalist 

relationships. This is particularly true with newsjacking, a rapid response media relations technique in 

which brands attempt to insert their key messages and thought leadership into the narratives that are 

consuming the news cycle at a specific point in time. 

The appeal of newsjacking is understandable. When successful, newsjacking can bestow brands with 

invaluable third-party validation and heightened perception during times when people are focused intently 

on an issue of relevance. 

However, the misapplication of newsjacking by a vocal minority has stigmatized the cybersecurity 

industry as a whole. Currently, there are far too many examples of prominent cybersecurity reporters 

showcasing frustration by the continuance of overtly promotional, unfitting and off-topic pitches 

penetrating their inboxes. For context, it is not uncommon for influential journalists to receive 50-100 

pitches each day and only have use for one. 

COVID-19 epitomizes cybersecurity’s newsjacking predicament perfectly. While some cyber companies 

have found success in penetrating the coronavirus narratives via strategic rapid response, many others 

have drafted pitches that have fallen on deaf ears. Why? While I don’t have all of the answers, I can 

surmise that far too many brands likely pursued journalists with subjective speculation and unproven 

claims about the origins of pandemic-themed phishing attacks and advertorial points of view about how 

to mitigate the increasing risk. 

For media, such pitches often trigger an immediate delete, as the messages’ contents lack the objective 

intel and information that add credibility and uniqueness to stories that are shaping the news cycle. 

Inadvertent missteps linked to cybersecurity’s competitiveness and growth 

There is undoubtably the potential for long-term reputational impacts to cybersecurity brands that 

continuously newsjack inappropriately. Hopefully, those at fault will soon realize that it’s often more 

advantageous to withhold from engaging in rapid response except for instances when your company is 

uniquely positioned to respond objectively. 

But the misuse of rapid response isn’t the only PR mistake that can negatively impact a brand’s equity, 

perception and pipeline. 

Today’s cyber marketers are frequently tasked with accelerating brand awareness and lead generation - 

often at a clip much faster than what they are accustomed to. This is especially true for marketers new 

to cybersecurity, since the industry’s intense pace and variability cannot be simulated in a classroom or 



during an onboarding session. For cyber marketers, the need to act quickly and with conviction can cause 

unfortunate mistakes to be made, misconceptions to flourish and high ROI tactics to be overlooked. 

These are some of the most common mistakes in cybersecurity PR, along with an objective 

explanation as to why each misstep should no longer be overlooked: 

• Over-pitching products - Most cybersecurity reporters cannot or do not want to write about a 

company’s self-described “revolutionary” product. In fact, more than 90% of today’s 

cybersecurity news spans just four topics: 1) zero days and threat discoveries, 2) surveys and 

proprietary data, 3) transaction news (funding, M&A, partnerships, etc.), and 4) national 

security. 

• Forgetting SEO - Sometimes cybersecurity marketers get persuaded by product teams and 

other decision makers to message and position products using terminology that is not consistent 

with what buyers are actually searching for. This is counterintuitive to demand generation and 

can damage a brand’s searchability among competitors. 

• Category hopping - The temptation to hop from category to category in cybersecurity is 

compelling, and perhaps there is an argument for doing so that does make sense. But from a 

media, analyst and buyer’s perspective, nothing looks more suspicious than a perceived knee 

jerk reaction to switch sectors and subject matter with the change of the news cycle. 

• Presuming customers and partners are a “No” - As cyberattacks become more mainstream, 

companies are beginning to find it advantageous – both from a reputational and competitive 

standpoint - to be more forthcoming with their threat mitigation strategies. So, the next time you 

need third-party validation, don’t let the perils of presumption prevent you from making the ask. 

• Devaluing awards - It can be harder to track the overall business impact of industry awards, 

which is why this budget line item is usually the first to be cut. However, research reveals that 

award winners have 37% more sales growth compared to others. Aside from the positive impact 

on revenue, awards are also very important to help recruit top talent, provide competitive 

intelligence, and bolster SEO. 

• Underrating executive social media - In such a competitive industry, the lack of executive 

social media is a significant missed opportunity. Not only does the authenticity of executive 

visibility lead to greater engagement, but it can be the competitive differentiator needed to 

propel your brand from a prospect’s consideration phase to purchase. In fact, 83% of executives 

that chose a vendor in 2018 used social media in their decision-making process. 

• Undervaluing thought leadership - Demand for thought leadership is high, and vendor neutral 

articles present realistic opportunities for brands to insert themselves into publications that are 

otherwise difficult to penetrate. More importantly, 82% of c-suite and business decision makers 

say that thought leadership increases their trust in an organization. 



In a highly competitive industry such as cybersecurity, marketers must understand how to optimize all 

public relations opportunities to their advantage. But to successfully do so requires debunking lingering 

misconceptions, embracing important best practices and challenging conventional ways of thinking. And 

after reflecting on this article, it is my hope that all cybersecurity marketers feel empowered to do just 

that. 


Evan Goldberg is the senior vice president of client service at ARPR and 

the director of its cybersecurity practice group, which in 2019 was named 

the Best Overall PR Firm for InfoSec Companies. 



New Expectations for the Network Perimeter 

Patchwork network of legacy solutions won't keep bad actors out 

By Barrett Lyon, Co-founder and CEO, Netography 

U.S. government agencies are placing increased importance on cross-network visibility for cloud and onprem 

environments and, with that, the significance of having shared visibility and traffic analysis across 

networks for real-time detection and remediation is moving to the forefront. 

Help or hindrance? 

No one can accuse the government of rushing into anything, and security is no exception. In recent years, 

however, there has been a noticeable acceleration of security initiatives as the import of a robust cyber 

defense plays out on a global stage. Dating back to the establishment of the American Technology 

Council in 2017 to the creation the following year of the Cybersecurity and Infrastructure Security Agency 

(CISA), government entities have been moving at relative warp speed (note, I said relative) to safeguard 

those assets that are deemed essential by the Federal government. 



Over the course of this journey, the one thing that has become apparent is that a patchwork network of 

legacy solutions isn’t up to the task of keeping the bad actors out. What passed for high tech 15 years 

ago is now acting as a hindrance rather than a help. Reliance on legacy systems comes with a list of 

disadvantages as long as your arm – everything from unpatched vulnerabilities and point products no 

longer suited to today’s environment to cost inefficiencies and a lack of personnel trained to use the 

products. These impediments translate into security vulnerabilities that turn government agencies into 

sitting ducks from a cybersecurity standpoint. Moreover, legacy solutions are incapable of protecting 

dynamically and are limited in the kinds of attacks they can detect and stop. 

Unfortunately, the government has lagged behind in adopting new and innovative technologies due, in 

part, to a lengthy approval process before a vendor can be sanctioned to work with the Federal 

government. Luckily, that’s starting to change. The Department of Defense (DoD) has come to recognize 

the importance of utilizing pioneering technologies from private-sector companies, as have various 

branches of the military. To that end, a grant program through AFWERX and the Small Business 

Innovation Research has been developed to foster innovation and speed the vetting process, in effect 

giving grant recipients the green light to partner with entities from within the DoD. 

Novel times, novel measures 

Today’s novel Work from Home (WFH) situation calls for novel security solutions. Thanks to a massive 

exodus of workers from the walls of their office buildings to the walls of their homes, the network perimeter 

has all but vanished. Remote workers, the use of unsanctioned equipment (that’s also likely to be running 

an outdated security solution, assuming it has one at all), data scattered across different locations, and 

a variety of cloud services mean but one thing: Shared, cross-network visibility is a must. 

Lacking shared visibility and traffic analysis across your network means you are foregoing the chance for 

real-time detection and remediation. And while some cloud solutions may bill themselves as offering 

“real-time” analytics, if you want to detect and remediate as events happen rather than hours or days, 

out-of-the box solutions aren’t going to cut it. 

Like enterprises, government entities need real-time protection against millions of network-based threats 

across their entire infrastructure, whether it’s on-premises, in the cloud, or a hybrid environment. Today’s 

WFH challenges mean an unprecedented number of end-users in remote locations. This makes it even 

more critical that network systems utilizing Virtual Private Networks (VPNs) — which by all accounts 

come with their own set of security issues — are monitored for any anomalies or known threats that might 

be present on the network as a result of using the VPN. 

To be truly effective, a system needs to offer network and security teams shared visibility into their 

security posture at any — and every — point in time. As government agencies begin to take advantage 

of enterprise solutions, they need to ensure that they aren’t simply patching a one legacy solution with 

yet another only to cause more problems down the road. Solutions should break down the silos rather 

than establish new ones. 

Because of the highly sensitive nature of government data, it’s especially important that a security solution 

also offers high-performance processing power. This allows complex algorithms to run in real-time, and 

means automatic remediation translates into a significant reduction in mean-time-to-repair. Another 



feature to look for is single-pane view of traffic flow, whereby agencies get full network visibility of cloud 

and on-premises devices with minimal effort. 

There are new expectations for the network perimeter. Isn’t it time your network security solution provides 

them? 


Barrett Lyon is the co-founder and CEO of Netography, whose Security 

Platform provides cross-network visibility, encompassing cloud and onpremises 

environments. His experience and successes have led to 

collaboration with Tier 1 and Tier 2 carriers, as well as national security 

agencies in North America and Europe to mitigate and track hundreds of 

DDoS attacks. He holds multiple technology patents and is a pivotal 

subject in the best-selling cybersecurity book, Fatal System Error. Barrett 

can be reached online at @BarrettLyon and at our company website 

https://netography.com/. 



The Devil Inside 

Insider Threats on the rise 

By Mary Roark, VP of Marketing, Cyberhaven 

With growing economic uncertainty all indicators point to a sharp increase in insider threats across all 

industries. There has been mounting pressure on security and IT teams who are overwhelmed with alerts 

and lack the appropriate tools to combat insider threats. The situation has worsened with the COVID 

crisis requiring more employees to work from home, many from unsecured devices, as organizations and 

their employees adapt to the new normal. The economic uncertainty adds fuel to the fire. 

58% of organizations consider themselves only somewhat effective or worse at combating insider threats. 

The 2020 Insider Threat Report by Cyberhaven and Cybersecurity Insiders reveals the latest trends and 

challenges facing organizations in this new environment and how IT and security professionals are 

tackling insiders. Only 12% thought their organizations were extremely effective at monitoring, detecting 

and responding to insider threats. 



The devil is inside 

60% of respondents believe detecting and preventing insider attacks is more difficult than external 

attacks. Why is it more difficult? It is more difficult because employees can easily hide behind their normal 

tasks. Accidental and careless leaks are the hardest to detect. While 53% are worried about contractors, 

an almost equal 50% is worried about employees. Many users have access to more sensitive information 

in a world of new collaboration apps and cheap cloud storage. 

The devil collaborates 

42% of organizations consider collaboration and communication applications (email, messaging, etc) to 

be a root cause of insider threats. Employees readily share information in the spirit of collaboration but 

sometimes are not careful and data is exposed via applications that are not secured. Productivity is king, 

especially in today’s world so any tool that improves productivity is quickly adopted. IT and Security are 

not able to vet platforms or educate users on best practices. 



The devil lives the cloud 

39% consider cloud storage and file sharing apps (Dropbox, OneDrive, Office365, etc), most vulnerable 

to insider attacks. These apps enable easy transfer of sensitive data in bulk so it is not surprising that 

they can quickly expose sensitive data. 

The devil is an employee 

Employees who are nervous about job security start to gather and stockpile examples of their work, a 

valuable report, a presentation template they hope to reuse - but in many cases they are putting valuable 

company information at risk by sending it to their personal email or putting information on public cloud 

shares. The majority of insider threat tools rely on monitoring employees. Companies rely on tools to 

record every action taken by an employee while using company resources. For many this feels like an 

invasion of privacy. But for many who work in call centers, help desks, and industries like banking with 

heavy regulation this is the new norm. 

UEBA which monitors user behavior try to establish a baseline of user behavior and highlight anything 

that is out of the norm. 36% of organizations are exploring UEBA solutions to tackle insider threats. 

Unfortunately, UEBA solutions require time to establish a baseline which reflects normal behavior. What 

is the normal now? Without a strong baseline, security teams are overwhelmed by false positives. 



The devil wants your data 

Organizations are flying blind to how much data is leaving the perimeter. Many enterprises continue to 

struggle with DLP for insider threat scenarios. DLP challenges include: difficulty keeping policies up to 

date at the rate of business needs (27%), limited data/file visibility (25%), and too many false positives 

(23%). Further, DLP tools are cost-prohibitive for 37% of organizations, while many lack the necessary 

staff to implement (42%) and maintain (32%) them. 



36% of organizations are looking at Data Behavior Analytics (DaBA) to gain visibility into data movement 

without cumbersome policies and a large security team. With Cyberhaven, an innovator of DaBA, security 

teams get real-time visibility into the movement of intellectual property as it travels across cloud and onpremises 

environments — revealing intent of data exfiltration and exposing both careless and malicious 

insider threats. 


Mary Roark is VP of Marketing at Cyberhaven. She has extensive 

security experience at RSA, Sophos, and Veridium across network, 

mobile and identity management. She has an Electrical Engineering 

degree and an MBA from Stern. 

Reach out to Mary at https://www.linkedin.com/in/maryroark or our 

company website http://www.cyberhaven.com/ 



Digital Healthcare: How Secure Is the Care Data? 

By Prerna Lal, Assistant Professor, International Management Institute New Delhi, India 

Abstract 

Digital revolution has changed the way organizations work; the healthcare industry is no exception. 

Technologies like cloud computing, big data, analytics, Artificial intelligence has transformed the way 

data is stored and analysed. Healthcare data contain sensitive information about an individual making it 

a unique situation as compared to other industry. Thus, the security of this care data becomes critical 

and needs consideration. The objective of this paper is to understand the information systems used by 

the healthcare industry and the kind of threats they face. Finally, what kind of steps organizations should 

take to ensure the security of carte data. 

Introduction 

From paper-based medical records to wearable medical devices, technology has played a crucial role in 

changing the healthcare landscape drastically over the past few years. Introduction of technologies such 



as cloud computing, big data, Internet of Things (IoT), mobile applications, and analytics are the force 

behind this digital revolution in healthcare. On one hand it has changed the way patients receive care 

be it tracking doctor’s appointment online, monitoring vitals through mobile-based health applications, or 

consulting doctors through telemedicine. While on the other hand availability of electronic health records 

(e.g. patient’s medical history, lab reports, etc.) has also helped doctors in making better and informed 

medical decisions. Thus, making it a win-win situation for two key stakeholders in the healthcare industry. 

As we can see whether it is providing or receiving care every decision requires one crucial component 

i.e. data. This is where technology comes into the picture. The exact role of technology in healthcare is 

to provide solutions where data is stored in a structured form, as well as it should be available anytime, 

anywhere through various devices either for quick reference or for decision making. Technology which is 

providing strength to the data in healthcare is also the one which is making it more vulnerable. Let’s look 

at one of the headline 

“HIV status of over 14,000 people leaked online, Singapore authorities say” 1 (CNN, Jan 29, 2019) 

Scary, right! 

Healthcare industry has witnessed a surge in the cyberattacks in the past few years. According to Statista 

medical/healthcare organizations has been the second-most attacked industry with 366 data breaches 

after businesses with the majority (571) breaches out of total 1244 data breaches reported during 2018 2 . 

Healthcare is attracting more cybercriminals for being more lucrative than any other industry. 

Interestingly, personal health information is 50 times more valuable on the black market than financial 

information, and stolen patient health records can fetch upwards of $60 per record (which is 10-20 times 

more than credit card information) 3 . Further, the weekly or daily frequency of cyberattacks on healthcare 

organizations is 39 percent as compared to financial organizations which stand at 34 percent 4 . 

The kind of cyberattacks faced by healthcare organizations varies from ransomware, malware, phishing, 

to insider errors. What makes this situation unique is that the impact of these cyberattacks not only put 

patient data at risk but also disrupt the healthcare service provider’s ability to provide care to the patients. 

Thus, leading to situations where the loss may not be limited only to money or data but a life. 

1 

https://edition.cnn.com/2019/01/28/health/hiv-status-data-leak-singapore-intl/index.html 

2 

https://www.statista.com/statistics/273572/number-of-data-breaches-in-the-united-states-by-business/ 

3 

https://cybersecurityventures.com/cybersecurity-almanac-2019/ 

4 

https://www.radware.com/ert-report-2018/ 



Looking at these statistics we can see that there is an urgent need for designing and implementing 

efficient data security controls in healthcare. To understand these issues, we first need to look at the 

landscape of healthcare and what makes it vulnerable. Why hackers want health data? And what can be 

done to ensure the security of data. 

Healthcare industry and information technology 

Last decade has witnessed a drastic change in the fundamental business processes in the healthcare 

industry. Global health care expenditures are expected to continue to rise as spending is projected to 

increase at an annual rate of 5.4 percent between 2017-2022, from USD $7.724 trillion to USD $10.059 

trillion 5 .Key stakeholders of healthcare i.e. patients, providers, payors, and policymakers (4P’s) 6 are now 

looking for innovative patient care services which are cost-effective, technology-enabled, easy to access 

and avail anywhere breaking the boundary of hospital walls. The healthcare environment is becoming 

more and more complex wherein patient care service are now not limited to hospitals but also at their 

home which may be in a different city or even a different country. Healthcare service providers such as: 

doctors, nurses, pharmacists, administrative staff, technologists and technicians, therapists work in 

different locations and use different information systems to manage healthcare data at their end. Payors 

in healthcare are entities (e.g. insurance providers) that take care of the financial aspect of health 

services which involves processing of patient eligibility, services, claims, enrollment, or payment 7 . Finally, 

policymakers are the one who establishes the framework within which health care is provided to the 

country's citizens. It is evident that there is a strong relationship between these key stakeholders which 

entirely depends on the collaboration of data which in turn is becoming a driving force behind the adoption 

of healthcare information systems (HIS). 

Technologies such as cloud computing, Big data, virtual reality, artificial Intelligence and analytics have 

played a significant role in the evolution of healthcare information systems (HIS). These technologies are 

used to provide a networked HIS wherein data from each stakeholder of the healthcare industry can be 

stored and shared for compilation, analysis and synthesis, and communication and use 8 . The global 

healthcare information systems market size is expected to reach USD 169.2 billion by 2025, registering 

a 7.7% CAGR during the forecast period 9 . 

5 

https://www2.deloitte.com/global/en/pages/life-sciences-and-healthcare/articles/global-health-care-sector-outlook.html 

6 

https://jln1.pressbooks.com/chapter/3-introducing-the-key-stakeholders-patients-providers-payors-and-policymakersthe-four-ps/ 

7 

https://blog.definitivehc.com/top-healthcare-payers 

8 

https://www.who.int/healthinfo/statistics/toolkit_hss/EN_PDF_Toolkit_HSS_InformationSystems.pdf 

9 

https://www.researchandmarkets.com/research/jvdvpz/the_global?w=5 



Healthcare information systems market comprises of various healthcare solutions targeting different 

stakeholders. It can range from Practice Management systems (PMS), Electronic Health Record (HER), 

Electronic Medical Record (EMR), Patient Engagement solutions, Revenue cycle management, 

Pharmacy information system, Laboratory information system, to the medical imaging system. Table 1 

presents a summary of these tools and key players. With the advance technologies cloud computing it is 

possible to integrate these systems to provide care services which are more efficient in terms of 

collaboration, operations and cost. 

Table 1. Types of healthcare information systems 

System Application Examples 

Practice Management 

Systems (PMS) 

PMS are used to streamline the 

administrative workflow of practice 

(e.g. hospital). 

AdvancedMD, 

Advanced Data 

Systems 

Electronic Medical Records 

(EMR) 

Electronic Health Records 

(EHR) 

An electronic medical record (EMR) is 

a single practice’s digital version of a 

patient’s chart. An EMR contains the 

patient’s medical history, diagnoses 

and treatments by a physician, nurse 

practitioner, specialist, dentist, 

surgeon or clinic. 

EHRs are built to share information 

with other health care providers and 

organizations – such as laboratories, 

specialists, medical imaging facilities, 

pharmacies, emergency facilities, and 

school and workplace clinics – so they 

contain information from all clinicians 

involved in a patient’s care. 

Epic, Allscripts 

eClinicalWorks, 

Cerner 

Patient 

solutions 

engagement 

Patient engagement software is an 

electronic system designed to 

communicate with patients, provide 

educational resources, or manage the 

patient-provider relationship. 

NextGen 

Healthcare, 

AdvancedMD 



Revenue 

management 

cycle 

Revenue cycle management (RCM) is 

the financial process, utilizing medical 

billing software, that healthcare 

facilities use to track patient care 

episodes from registration and 

appointment scheduling to the final 

payment of a balance. 

Athenahealth, 

Convergent 

Pharmacy 

System 

Information 

Assists pharmacists to manage the 

medication process. 

Laboratory 

Systems 

Information 

A laboratory information system (LIS) 

is a software system that records, 

manages, and stores data for clinical 

laboratories. 

Sunquest 

Information 

Systems, SSC Soft 

Computer 

Medical 

Imaging 

Information System 

Tracking billing information and 

radiology imaging. 

Softneta, eMedica 

Security issues in healthcare 

Today healthcare industry relies a lot on technology solutions that are connected and accessible through 

the internet. These networks aide providers and payors in making a quick and efficient decision so the 

care can be provided with better efficiency. But we cannot oversee the fact that these technologies or 

networks are also making the healthcare industry a soft target for cybercriminals and hackers for wrong 

motives. 

What is at risk? 

Yes, you guessed it right, data. As mentioned in Table 1 there are various types of healthcare information 

systems that can be used by providers or payors to manage data of different entities. First, the key data 

in healthcare is of the patient which will include personal information such as name, address, social 

security number, contact details, date of birth and health data like illnesses and hospitalizations, allergies 

and adverse drug reactions, medications and dosing, surgeries, clinical data etc. Second, financial data 

i.e. bank account number, credit card details etc, which patients may have used to make payments using 

their credit cards or online banking etc. Third data regarding claims settlement with payors. Finally, it can 

be the Intellectual healthcare data regarding medical research, patents, etc. 



What is the motive? 

First and foremost, the main reason for data breaches is to make a lot of money by selling patient health 

data. In deep web marketplaces medical health record is expected to be worth hundreds or even 

thousand dollars as compared to the credit card or social security number which are around 25 cents and 

10 cents respectively 10 . Further data can be used to make money by creating duplicate credit cards and 

conducting frauds. Another scenario may be medical identity theft wherein patient’s data can be used by 

someone else for receiving medical treatment, drugs or submitting false claims for medical services. 

Finally, the motive can be to damage the healthcare provider’s brand or business by hacking the 

intellectual property and selling it to the competitors. 

What type of security threats are there? 

Hackers and cybercriminals have been keeping the IT security companies on toes. It will not be wrong to 

say that as compared to organizations they are the ones using new technologies for devising new ways 

to do the crime. 

a) Ransomware and other malware 

In Nov 2018, two hospitals owned by Ohio Valley Health Services & Education Corporation (Ohio Valley 

Medical Center in Wheeling and East Ohio Regional Hospital in Martins Ferry, Ohio) became the victim 

of ransomware attack. This attack impacted the emergency functions of medical care as they were forced 

to shut down their IT systems. 

“At the moment, our emergency rooms are unable to take patients by E-squads, but we can take patients 

by walk-in 11 ,” (Karin Janiszewski, director of marketing and public relations for EORH and OVMC, 25 Nov 

2018) 

Ransomware attack in healthcare has serious implications as they can be used to hijack information 

systems as well as the medical devices connected through the network or even shut down the entire 

medical facility until the ransom is paid. Out of all the industries healthcare is one of the top industries 

targeted by ransomware attack i . Moreover, 18 percent of medical devices have been the target of 

malware attacks in last year ii . 

10 

https://www.forbes.com/sites/mariyayao/2017/04/14/your-electronic-medical-records-can-be-worth-1000-tohackers/#3c11158050cf 

11 

http://www.timesleaderonline.com/news/local-news/2018/11/hospitals-patient-information-safe-in-eorh-ovmccomputer-attack/ 



) Phishing 

On August 20, 2018, Portland, Oregon-based Legacy Health notified 38,000 patients that a phishing 

attack might have breached their data iii . Further their investigation revealed that unauthorized third party 

gained access to some of the email accounts of employees that may have contained some patient 

information e.g. patients’ name, dates of birth, health insurance information, billing information, medical 

information regarding care received at Legacy Health and, in some cases, social security numbers and 

driver’s license numbers. 

In a phishing campaign, an attacker poses as a legitimate person or entity in an email to get the target to 

provide valuable information, such as credentials, or click on a link that results in ransomware being 

downloaded on the victim’s machine. Employees who are not careful may click on the link or provide 

confidential details which may lead to fraud. According to the study conducted by Cofense “Payment 

Notification” emerged as the top healthcare phishing attack Subject iv .The 2018 Verizon data breach 

report revealed that phishing attacks are not only prominent, they’re also on the rise, with 43% of data 

breaches stemming from such incidents v . 

c) Insider threats 

On Jan 20, 2016, Wall street journal reported that five people, including two former research scientists of 

the pharmaceutical giant GlaxoSmithKline (GSK), were charged in the U.S. with scheming to steal trade 

secrets and sold them to the organizations operating in China vi . The stolen data included intellectual 

property such as information regarding the research development of multiple biopharmaceutical products. 

In 2018, both scientists pleaded guilty to committing intellectual property theft, but the exact amount of 

financial damage has yet to be calculated. Additionally, insider threats not only include employee stealing 

data but vary from incidents happening due to error or carelessness to theft of employee laptop containing 

confidential data vii . 

d) Technology management issues 

On Dec. 26, 2018, UW Medicine reported that misconfigured database lead to the exposer of patient data 

on the internet for several weeks. The exciting part is that breach was discovered by a patient looking for 

his own name on google and ended up finding the data related to UW medicine files containing patients’ 

names, medical record numbers, and a description and purpose of the information viii . Other than 

misconfigured databases or servers, lack of appropriate IT security implementation in the organization or 

IT vendors who are providing or managing IT solution on your behalf may be the reason for a data breach. 



In addition to that usage of cloud platform by the HIS providers is also increasing the risk of security of 

data. 

e) Risks of using Internet-enabled connected healthcare devices 

With the introduction of the Internet of Medical Things (IoMT) has made it possible to provide real-time 

care to the patients can save lives in emergency situations like heart-failure, asthma attacks, or diabetes. 

IoMT devices can collect real-time data regarding blood sugar levels, blood pressure, heartbeat etc. 

which can be monitored by the care provider to make decisions regarding medication. Continuous 

Glucose Monitor, Closed-loop (automated) insulin delivery system, smart inhaler, Bluetooth-enabled 

coagulation system are a few examples of IoMT systems in healthcare. The market of IoMT is growing 

and is expected to drive nearly $47 billion in revenues in healthcare revenue by 2020 ix . With convenience 

comes the cost. The cost here is the risk of loss of very personal health data captured by these devices 

which are stored using cloud platforms. In one of the cases in 2018, a fitness tracking application Strava 

which is used to track and share daily exercise routes by individuals revealed the sensitive information 

about the location of US army bases x . 

In sum, security risks faced by healthcare information systems range from ransomware, malware attacks, 

phishing, a threat from inside actors such as employees, HIS solution providers or maybe the technology 

mismanagement. Table 2 lists some of the significant breaches to understand that these attacks are not 

just limited to a specific type of attack, specific geography or a variety of healthcare information system. 

Table 2: Major attacks faced by the Healthcare industry 

S.N 

o. 

Year Organizatio 

n 

Type of breach Impact Reference 

1 Mar 

ch 

201 

9 

Meditab, 

California 

Fax server wasn’t 

properly secured i.e. 

no password, giving 

access to anyone 

who could read the 

transmitted faxes in 

real-time. 

Thousands of records 

leaked including 

medical records, 

doctor’s notes, 

prescription amounts 

and quantities, as well 

as illness information, 

such as blood test 

results etc. The faxes 

also included names, 

addresses, dates of 

https://techcru 

nch.com/2019/ 

03/17/medicalhealth-dataleak/ 



irth, and in some 

cases Social Security 

numbers and health 

insurance information 

and payment data. 

2 May 

201 

8 

Rush 

University 

Medical 

Center, 

Chicago, 

USA 

An employee from 

billing department 

disclosed a file to an 

unauthorized party 

Names, addresses, 

birth dates and Social 

Security numbers of 

45,000 patients were 

exposed 

https://www.go 

vtech.com/sec 

urity/Medical- 

Center-Data- 

Leak-May- 

Have- 

Exposed-45K- 

Patients.html 

3 Oct 

201 

8- 

Mar 

201 

9 

Secur 

Solutions 

Group 

(SSG), a 

vendor of 

the Health 

Sciences 

Authority 

(HSA), 

Singapore 

Accessed 

from 

system 

illegally 

vendors 

Personal information of 

more than 800,000 

blood donors exposed 

online 

https://www.ch 

annelnewsasia 

.com/news/sin 

gapore/blooddonorsinformationexposedonline-hsa- 

11349308 

4 Dec 

201 

8 

UW 

Medicine, 

Washington 

A misconfigured 

database which was 

the result of a coding 

error 

Data of around 

974,000 individuals 

was exposed on the 

internet 

https://www.ba 

nkinfosecurity. 

com/misconfig 

uration-leadsto-majorhealth-databreach-a- 

12042 



Steps to be taken to ensure the security of data 

Looking at the increasing number of data breaches in healthcare over the years raise the alarm for 

healthcare organizations to take strong measures to deal with the situation and ensure that they should 

be ready to deal with these threats. They need to change their approach from being reactive to proactive 

in their approach to deal with the situation. Some of the actions they may take are as follows: 

a) Raising awareness of vulnerabilities and threats among users 

Users are the one posing major threat to any information systems. Users in case of healthcare information 

systems include patients, hospital staff, doctors, nurses, therapist etc. who are using the systems to store, 

retrieve or analyse care data. Any human error or carelessness in using a system may lead to data 

breach. Thus, healthcare organizations should ensure that they provide training to the employees with 

respect to the usage of HIS as well as what are the risks associated with them. Users should have a clear 

understanding of what kind of data they are dealing with and how sensitive the data is and what steps 

they should take to ensure that none of their actions should cause the breach. It may be as simple as 

ensuring that they log off from the system after using it, don’t share their login credentials even with peers 

and keep their laptop safe. The awareness regarding the security should not be one-time activity, users 

should be reminded again and again over a period for better results. 

b) IT Compliance 

Organizations that follow security compliance are always at lower risk and better prepared to deal with 

security threats. NIST, HITRUST, Critical Security Controls, ISO, COBIT are few examples of the IT 

security frameworks followed by organizations all over the world. In a 2018 HIMSS Cybersecurity Survey, 

NIST was identified as the most popular framework adopted by 57.9 percent of the healthcare 

organizations. The guidelines for security standards differ from country to country for example ISO 27001 

is applicable internationally while HIPAA is applicable in the United States. 

The benefit of compliance to any security standard ensures that proper measure has been taken by the 

organization to safeguard the data. In addition to that they also have well-defined procedures for risk 

management and business continuity in the organisation. 

c) Using Artificial intelligence-based security solutions 

Latest trends in IT security is the use of artificial intelligence-based security solutions. The benefit of using 

AI-based solutions is that they have the capability of identifying any unusual activity or behaviour in the 



organizational network and raise the alarm. This can help IS security managers in taking preventive steps 

to stop the breach. In addition to that there are automatic AI-based response systems are available that 

can handle any incident and act without human intervention. In case of healthcare organizations need to 

invest in AI-based solutions because it can help them in saving a lot of cost due to the data breach. 

Conclusion 

Though data is an important asset for any industry but in case of healthcare it poses unique challenges 

as discussed. Ensuring the security of data in healthcare is not the responsibility of just one stakeholder 

but everyone must do their part to make it work be it patient, provider, payor or policymaker. Healthcare 

information systems can’t operate in isolation they need an integrated approach to provide efficient 

collaboration and communication between information systems used by different providers. In case any 

one of the links in the network is weak the ball will be in the court of criminals which may lead to a breach 

leading to severe damages. Research studies suggest that the healthcare industry is becoming one of 

the prime targets by criminals, therefore, there is an urgent need to take preventive measures by the 

industry stakeholders to ensure the security of care data. 


Prerna Lal is an Assistant Professor in Information Management at 

International Management Institute New Delhi, India and a published 

writer in journals and publications, both Indian and international. She 

is an engineer with an MBA degree (IIT-Roorkee). She is a SAPcertified 

consultant and has ITIL® V3 Foundation-level certificate in 

IT Service Management. She has more than 16 years of experience 

in academics and research with areas of interest being Data 

Warehousing and Data Mining, Business Analytics, Management 

Information System, Software Project Management, IT Service 

Management, Cyber Law, and Cloud Computing. She earned her 

Ph.D. in the area of Cloud Computing from Banasthali University, 

Rajasthan, India. She can be reached at prernalal@yahoo.com. 



Women’s Health and Safety Amidst COVID-19 Cybercrime 

By Sarah Katz, Senior Cyber Security Analyst, NASA Ames Research Center 

As the past two months have seen the COVID-19 pandemic sweep the globe, domestic violence has 

spiked across multiple continents. Forced to stay indoors, many individuals are encountering partner 

struggles, some of which have turned abusive. In particular, many women in Asia, Europe and the United 

States have reported feeling unsafe and wonting for reliable access to safety resources. 12 

Adding to the global increase in domestic abuse, abundance of cybercrime has surged since the start of 

the COVID outbreak. With particularly enhanced rates of phishing campaigns, the healthcare industry 

has born a significant brunt in struggling to balance resource provision for patient care with cybercrime 

prevention. 13 

12 

Taub, Amanda. “A New Covid-19 Crisis: Domestic Abuse Rises Worldwide.” The New York Times, 

The 

New York Times, 6 Apr. 2020, www.nytimes.com/2020/04/06/world/coronavirus-domesticviolence.html. 

13 

“WHO Reports Fivefold Increase in Cyber Attacks, Urges Vigilance.” World Health Organization, 

World 

Health Organization, 23 Apr. 2020, www.who.int/news-room/detail/23-04-2020-who-reports-fivefold 

increase-in-cyber-attacks-urges-vigilance. 



When coupled with the heightened frequency of domestic violence due to close quarters in quarantine, 

the threat of cyber attacks such as phishing rendering healthcare resources inaccessible poses immense 

risk for abuse victims. In particular, phishing campaigns or Trojans that lead to ransomware threaten 

women’s health facilities to the point where if a ransom is not paid on time and physicians are unable to 

access patient records in time, victims with critical injuries could lose their lives. 

This clear correlation between COVID-19 and ensuing rise of cybercrime has spurred the development 

of many initiatives to combat the potential devastating effects of threat actors taking advantage of the 

pandemic. Along with UN efforts and the volunteer-based COVID-19 CTI, which focus on healthcare in 

general, Cysec Health emerges as a nonprofit that specifically connects women’s medical providers with 

cyber security professionals to help protect patient health information. Founded by a female cyber 

security professional, this initiative aims to support all global providers dedicated to the medical care of 

women and girls both during and after the COVID-19 crisis has passed. 


Sarah Katz is a cyber security analyst at NASA Ames Research 

Center, author and Berkeley alum. In addition to information security, 

her passions include medicine and caving. Sarah can be reached on 

Twitter @authorsarahkatz. 



Network Monitoring Solutions and Their Contribution 

Towards Developing A Robust IT Infrastructure 

Network monitoring solutions are becoming increasingly vital given that they help detect abnormalities 

in IoT device functionality & prevent attacks before they take place. As IoT continues to disrupt the 

global technology landscape, the vulnerability of IoT devices to malware will keep increasing. 

Increasing malware attacks, network outages, and more have an adverse impact on enterprise 

infrastructure, prompting the implementation of efficient network monitoring solutions. The proliferation 

of smart cities will also lead to the demand for a highly sophisticated infrastructure equipped with 

advanced technologies, making the entire urban ecosystem susceptible to performance problem and 

discrepancies. This will increase the demand for network monitoring solutions and emphasize their 

significance in the global technology spectrum, a gist of which has been given in this post. 

By Saloni Walimbe, Content Writer at Global Market Insights, Inc. 

In order to facilitate smooth operations in the increasingly technology-driven industry space, businesses 

are becoming more and more reliant on their network to accommodate client demands. In short, networks 

are the lifeline for any modern enterprise. This means that even the slightest slowdown or discrepancy 

in network performance can create significant disruptions in the IT infrastructure of a business. 



Considering the impact of network outages and performance issues, in terms of both productivity as well 

as cost, it is essential for enterprise of all sizes to have an efficient network management solution in 

place, to enable proactive measures towards resolving performance problems and gaining valuable 

network insights. One of the most essential network management tools is network monitoring. 

For IT professionals, network monitoring is a vital discipline. Network monitoring tools are designed to be 

proactive as well as reactive, which means they can preemptively detect discrepancies in the system, 

helping to avoid system crashes before they occur. 

Essentially, network monitoring solutions are tools that allow IT administrators to monitor networks more 

efficiently. Solutions across the network monitoring market are vast and varied, depending on myriad 

factors including system specifics, automation, as well as business size & scale. 

Burgeoning requirement for IoT security solutions 

The emergence of advanced technologies, from connected devices to cloud computing to IoT (Internet 

of Things) has added great impetus to the adoption of network monitoring tools across the industrial 

landscape. 

Studies suggest that IoT could become a multi-trillion-dollar industrial sphere by 2020. As such, IoT is 

already making its mark across several industries, including transportation, healthcare, utilities, 

manufacturing, etc. The technology is anticipated to assert a significant influence on professional and 

consumer lives across the globe, in addition to transforming perceptions regarding networks in general. 

Despite its revolutionary nature, however, IoT does have one major area of concern, security. Lack of 

efficient IoT security solutions has posed a considerable challenge for IoT adoption. For instance, IoT 

devices are highly susceptible to malware attacks. One of the most notable malware strains to affect IoT 

devices was Mirai, in 2016. The malware, which affected security cameras and wireless routers, led to a 

massive DDoS attack on Dyn, the internet provider for prominent sites including Spotify, Twitter and 

more. 

Given this vulnerability of IoT devices, network monitoring is an ideal solution to detect abnormalities in 

their performance and prevent attacks before they take place. 

Key players in the network monitoring industry are taking stock of this and developing innovative solutions 

that offer robust IoT security. For example, PathSolutions, a network performance management firm, has 

recently introduced its TotalView 10 solution, which can offer network security policy monitoring, IP 

address management, device monitoring, among other benefits to IoT devices. The technology helps 

monitor the network for unauthorized access and identifies any suspicious activities which could indicate 

potential security breaches. 



Emergence of smart cities and the subsequent requirement for a strong network infrastructure 

In an effort to become more technology-driven and smart, many local municipalities have adopted 

technologies like IoT enabled devices, used across myriad applications including traffic systems, smart 

street lighting, CCTV cameras, public security systems, etc., through smart networks and data collection. 

For example, Boston and Baltimore municipalities have deployed smart garbage cans which can 

communicate their existing capacities, making it easier for municipal systems to plan suitable routing for 

disposal services. 

With the development of smart cities expected to make such a prolific impact on efficiencies and resource 

management, a robust infrastructure becomes paramount. The ideal smart infrastructure is a network of 

networks, using sophisticated technologies alongside integrated network management solutions, 

allowing for higher visibility, cost reductions and enhanced reliability of network infrastructures, operations 

and services. 

Considering the prevalence of such IT infrastructures in smart city development, one of the most essential 

components of these cities is a network monitoring solution that can connect with distinct network 

elements and facilitate a smooth flow of information between systems. 

One such network monitoring tool is Montdata’s log management & network management solution. This 

tool allows smart city IT administrators to manage and supervise the entire smart city infrastructure 

including servers, firewall, network traffic, sensors, CCTV, and other network elements, using a single 

dashboard. 


Saloni Walimbe. An avid reader since childhood, Saloni is currently 

following her passion for content creation by penning down insightful 

articles relating to global industry trends, business, and trade & 

finance. With an MBA-Marketing qualification under her belt, she has 

spent two years as a content writer in the advertising field. Aside from 

her professional work, she is an ardent animal lover and enjoys 

movies, music and books in her spare time. 

Company Website: - https://www.gminsights.com/ 

LinkedIn - https://www.linkedin.com/in/saloni-walimbe-5929b99b/ 

Twitter - https://twitter.com/WalimbeSaloni 



Still Using Spreadsheets to Manage Your Digital 

Certificate Security? 

Here are 5 reasons to stop. 

By Ryan Sanders, Product Manager, Keyfactor 

The proliferation of devices and applications like IoT, DevOps and cloud has dramatically increased the 

number of digital certificates in any given organization. Most of the applications and systems we rely on 

today use digital certificates to authenticate and secure connections, which makes the task of managing 

certificate requests, issuance and renewal much more challenging. 

For years, InfoSec teams have relied on basic tools like Excel spreadsheets to track and log certificates, 

but today’s certificate volumes, combined with its certain rise as more devices are added to the network, 

make spreadsheets an archaic and error-prone system. From a security perspective, consider that even 

just one missed device or server certificate can shut down your entire network or worse – lead to potential 

breach. 

InfoSec teams have options when it comes to certificate management tools. Most of those options have 

the ability to discover and automate the lifecycle of X.509 certificates, yet many teams still use 



spreadsheet-based tracking and manual processes. While well-meaning, the combination of complex 

ecosystems and manual processes almost always lead to undocumented installations and risk exposure. 

Like any IT security initiative, the best place to start is with an updated system audit to help you assess 

where your tools and processes rank in terms of efficacy and security. Regardless of the program you’ve 

got in place Gartner suggests program managers conduct a periodic evaluation of certificate usages, 

volume and expected use-case expansion. Inevitably more use cases mean more risk - security and risk 

managers should consider a certificate management solution over spreadsheet-based methods. 

Still think spreadsheets are the right tool for your organization? Here are five reasons to reconsider 

spreadsheets as your primary certificate management tool: 

By 2022, organizations that leverage X.509 certificate management tools will suffer 90% fewer certificaterelated 

issues and will spend half the time managing these issues, compared with organizations that use 

spreadsheet-based management methods. ~ Gartner 

Gartner cited a certificate management tool vendor who recently pointed out that when it observes clients 

executing on a discovery process, clients typically see five to 10 times more certificates in their 

environment than expected. 

Reason #1: Spreadsheets don’t scale 

Spreadsheets can’t natively scale alongside your Public Key Infrastructure (PKI) program and its growing 

number of digital certificates. The manual effort required to maintain spreadsheets never decreases, 

especially as new certificates are regularly deployed on the network. Growing certificate counts and 

shorter validity periods make spreadsheet-based tracking infeasible for most organizations today. 

Reason #2: Spreadsheets aren’t audit-ready 

To prove compliance, you need to be able to demonstrate that you have complete visibility to all digital 

certificates, detailed information about the algorithms they use, where they were issued from, where 

they’re installed, who owns them and what applications rely on them. It’s next to impossible to capture 

that level of detail and updates with a manual spreadsheet. 

Reason #3: Spreadsheets lack automation 

Many organizations underestimate the care and feeding required to continuously manage their 

certificates. The issuance process alone typically takes three to six hours which includes generating a 

key pair on a server, exporting the public key, ensuring certificate authority certification (thereby 

converting it into X.509 certificate format), installing it, verifying that it’s active and finally returning the 

server to live operation. That doesn’t account for time spent continually tracking down assets with 

certificates, general maintenance and updates. 

Reason #4: Spreadsheets create visibility gaps 

It’s not the certificates you track that will cause your next outage - it’s the one’s you haven’t yet discovered. 

Spreadsheets only allow you to account for and track the certificates you know about. The reality is that 



most organizations don’t actually know how many keys and certificates they have. Known certificates 

account for a small percentage of an organization’s overall inventory. As a result, unknown or rogue 

certificates create significant exposure to unexpected outages and downtime. 

Reason #5: Spreadsheets are a time-suck 

Organizations who have roughly 100 or more X.509 certificates and use manual processes typically need 

a full-time, dedicated resource to manage certificates within their business. In most organizations 

responsibility is juggled between several team members. This isn’t only a time-suck, it’s a budget drain, 

too - the reality is that IT and security resources are already spread thin. InfoSec teams juggle multiple 

responsibilities at any given time, which creates more room for error and oversight when it comes to 

certificate management. 

If you’re starting to reconsider the way you manage your digital certificates, consider these criteria: 

● Scale – do you have more than 100 digital certificates? 

● Complexity - do you use multiple certificate authorities (CAs), network devices and cloud 

platforms? 

● Resources – does your staff spend too much time on certificate-related tasks rather than IT 

priorities? 

● Outages – have you experienced certificate-related outages over the last two years? 

If you answered yes to any one of these criteria, you may want to consider certificate lifecycle automation 

to lessen the burden on your in-house team. An automated platform not only streamlines your certificate 

management process, it also monitors and reports on certificate status for compliance, saves time and 

mitigates security risks posed by manual processes. And with the number of choices available, 

onboarding an automated platform is a lot easier than managing your digital certificate spreadsheets. 


Ryan Sanders is a Toronto-based product lead with Keyfactor, a 

leader in providing secure digital identity solutions for the Global 

2000 Enterprises. Ryan has a passion for cybersecurity and 

actively analyzes the latest in compliance mandates, market 

trends, and industry best practices related to public key 

infrastructure (PKI) and digital certificates. For more information 

visit: www.keyfactor.com or follow @Keyfactor on Twitter and 

LinkedIn. 



Introducing the Role of The Chief Cybercrime Officer 

Can the CISO and CCO work in harmony? 

By Matt Cable, VP Solutions Architects & MD Europe, Certes Networks 

The TalkTalk data breach in 2015 had big repercussions. With the personal details of 157,000 customers 

accessed, including bank account numbers and sort codes of over 15,000 customers, it certainly was not 

the largest the industry had seen. However, it resulted in government recommendations that a specific 

officer should be appointed with day-to-day responsibility for protecting computer systems from cyber 

attack. 

In most organizations, this responsibility fell to the Chief Information Security Officer (CISO), supported 

by the CEO, with the main task of strengthening the organization’s cyber security capabilities. While the 

role of the CISO is certainly not new, it has evolved over recent years to keep up with the advancements 

in the threat landscape. A CISO’s job description is now extremely varied, including managing security 

operations, cyber risk and cyber intelligence, security architecture, data loss and fraud prevention, 

program management, identity and access management and compliance and governance. 



As well as adding to the CISO’s job description, the rise of cyber crime has also put the role under 

increasing scrutiny. It’s easy to see why, as research shows that most CISOs and the entire C-Suite 

believe the CISO is ultimately responsible for responding to a data breach on behalf of the organization. 

With numerous day-to-day responsibilities, many organizations have decided to add another role into the 

mix to give the CISO a helping hand. This is where the Chief Cybercrime Officer (CCO) comes in. 

Say hello to the CCO 

The CCO’s role involves ensuring the organization is cyber-ready. They bear the responsibility of 

mitigating breaches, taking the lead if a breach does occur and providing the necessary link between the 

Board and the rest of the company to reduce risk and work cohesively to resolve problems 

instantaneously. This role should ease the load on the CISO and ensure the organization can get one 

step ahead of hackers in the cyber crime race. However, organizations must take into account the need 

for both the CISO and CCO to work in tandem, which involves ensuring each role is clearly defined and 

has full support from the Board. 

CISO and CCO working together 

The CISO and CCO share a common goal of keeping the company’s data safe from cyber threats. Yet, 

the definition of what each role entails might be different for each organization. While the CCO will be 

focused on the system architecture, the CISO will be focused on the security of the information within the 

organization. With this defined, there should be no reason that both roles can’t work collaboratively 

towards keeping the organization and its data safe. 

With both roles working in harmony, the next step that organizations need to take is ensuring the CISO 

and the CCO have enough influence with the Board to make critical decisions and resolve issues 

immediately. To do this, the Board should have full visibility of the entire cyber security strategy, which 

should be regularly reviewed and updated in line with new threats and intelligence. From this, the CCO 

and CISO can be given the responsibility to report and respond to incidents and make rapid decisions on 

behalf of the business. This is essential as, in the event of a data breach, removing unnecessary 

authorization steps ensures that the organization can respond quickly and put remediating measures in 

place to minimize potentially catastrophic repercussions. 

Cyber security threats are increasing day by day and these threats can’t be ignored. Organizations must 

consider what the most effective structure is that will enable decisions to be made quickly and that will 

leave space for both the CISO and CCO to work in tandem. 




Matt Cable is VP Solutions Architect and MD 

Europe, Certes Networks. Matt is a Cyber-Security and 

Cryptography expert with more than 20 years of consultancy 

experience that covers IT Strategy and Enterprise. Matt can 

be reached on LinkedIn here - 

https://www.linkedin.com/in/mattcable72/ - and at our 

company website www.certesnetworks.com 



Fighting Back Against Powerful New DDoS Attack Vectors 

By Tom Bienkowski, Director of Product Marketing, NETSCOUT 

Conniving hackers are launching sophisticated Distributed Denial of Service (DDoS) attacks more 

quickly, which presents many risks for enterprises. Research shows there were 8.4 million DDoS attacks 

globally over the last year alone. That’s 23,000 hacks every day and 16 each minute. 

These sophisticated attacks can easily breach enterprise defenses and wreak havoc because bad actors 

are relentlessly uncovering and exploiting dangerous new vectors–especially on IoT devices. Service 

providers need to defend themselves and protect their customers by getting greater insight and visibility 

into these threats. 

The Modern DDoS Attack Landscape 

The Internet of Things (IoT) has changed everything about DDoS attacks. Before IoT, hackers would 

scan the web for vulnerable network hosts with lax security, weak passwords, or neglected systems that 

they could compromise. 



Not only do IoT devices share some of these vulnerabilities, but they also have a much weaker security 

posture overall. They are often far less secure out of the box because that makes deployment easier. 

Many use default or weak passwords and rely on older protocols without built-in firewalls, direct user 

interfaces, or automated patching. Finally, manufacturers usually sell these items at low margins, so they 

have little incentive to enhance security or fix issues. 

Since the Mirai malware went live in 2016, hackers have developed many different IoT-based DDoS 

attack strains. These botnets discover newly connected devices within 60 seconds of them going online 

and weaponize everything from smartphones to smart homes. Even worse, hackers can now target entire 

IP address ranges by combining multiple vectors or overwhelming systems through short, sustained 

DDoS attacks. 

These budding Mr. Robots and Lisbeth Salanders also have a much larger pool of victims to choose 

from, along with seemingly unlimited resources. That allows them to change tactics on the fly while 

accessing more attack surfaces through cloud services and mobile networks. 

Hackers who use these sophisticated methods make it harder to contain damage. Cybercriminals deploy 

attacks as a smokescreen while they invade systems and access massive amounts of sensitive data. 

They then distribute it widely, which can lead to severe financial losses. 

Enterprise IT teams must employ advanced defense strategies to analyze and fight back against these 

threats. Telecommunications carriers and processing centers specifically are subject to more hacks, 

which can target both the providers themselves and their customers. Because of this, all parties need to 

plan for the worst by using smart data to optimize security. 

Organizations Can Update, Innovate, and Evolve 

Even the most well-prepared companies should maintain constant vigilance against formidable online 

threats. The digital world has changed rapidly in recent years, so organizations need to protect all their 

distributed environments, on-premises and in the cloud, by employing DDoS prevention solutions. 

IT teams will increase their chances of successfully countering opponents if they connect and collaborate 

while simplifying workflows and staying resilient. These professionals should routinely secure vulnerable 

hardware and software to ensure only legitimate users can access those services. They also need to 

monitor all traffic and respond immediately if suspicious vectors appear. 

Enterprises should further conduct regular attack mitigation drills and employ automated detection tools 

during normal operations. That way, staff can evolve internal processes to defend networks and respond 

swiftly to cyberthreats using the proper protocols. 

Business leaders also need to ensure they don’t put a lid on staff innovation after hacks occur. When 

companies suffer lengthy outages following cyberattacks, some C-suite leaders think twice about 

adopting any new technologies. 

That’s a dangerous proposition, since businesses end up trailing the competition. Organizations need to 

encourage the use of modern tools that protect industries while decreasing risk. 



Today’s hackers have more dangerous vectors in their arsenals than ever before, and they know how to 

deploy them for maximum impact. The good news is that when enterprises deploy the right tools, they 

can fight back. By using innovative solutions that keep assets safe, cybersecurity teams will defend their 

systems from DDoS attacks for years to come. 


Tom Bienkowski has been in the network and security field for over 20 

years. During this time, he worked for large enterprises as a Network 

Engineer and for multiple network management and security vendors 

where he has had roles in Sales Engineering/Management, Technical 

Field Marketing and Product Management. He currently serves as 

Director of Product Marketing focusing on NETSCOUT's industryleading 

DDoS protection solutions. 



How to Secure IT And OT In Industrial and Manufacturing 

Environments 

By Christopher Dobrec, Vice President of Product Marketing at Armis 

Operational Technology (OT) systems, which include critical infrastructure, are increasingly becoming 

more exposed to cyber attacks. The control and telemetry systems used in industrial plants and 

manufacturing environments are being connected to traditional enterprise IT networks like Ethernet or 

Wi-Fi. Meanwhile, device manufacturers are building OT devices and control systems on top of common 

operating systems such as Windows, Linux, Android, and VxWorks. 

Compounding this issue is the fact that traditional consumer-centric connected devices are being brought 

into industrial and manufacturing environments. For example, as Ford starts to consider how 

manufacturing workers can return to plants following the COVID-19 impact, it’s testing wearable devices 

that would buzz when employees are closer than 6 feet apart. 

These developments make control systems vulnerable to the same kind of attacks used to compromise 

devices on corporate IT networks. Recent attacks on industrial control systems (ICS) and OT 

environments illustrate the damage that these threats are already having. WannaCry and NotPetya 



malware had major impacts on manufacturing companies like Merck, causing hundreds of millions of 

dollars in quarterly losses due to production downtime, in addition to loss of customer satisfaction due to 

missed shipments. After suffering a WannaCry attack across its worldwide network, A.P. Moller - Maersk, 

one of the world’s largest shipping conglomerates, lost communication with its OT network, shutting down 

entire ports. 

In another example, the digital systems at the smelting plants of Norsk Hydro, one of the world’s largest 

aluminum producers, were shut down after the firm was attacked by LockerGoga. Norsk Hydro reportedly 

lost $40 million because of the incident, and aluminum prices were driven to a three-month high. 

In order to mitigate these new threats, organizations must understand two major challenges to securing 

these environments and evolve their security strategies to secure and manage connected devices across 

both industrial and IT environments. 

Connected OT Devices are Un-Agentable 

The growing trend in manufacturing and industrial 

plants is to connect OT devices directly to the 

enterprise network. But one of the main challenges is 

that these devices often have no built-in security and 

cannot be protected with traditional security tools like 

agents used by enterprise security teams. These 

devices were not initially designed to be installed on 

the enterprise network, however, the convergence of 

IT and OT networks has made this a reality. Because 

these devices can’t run agent software, security 

teams have no visibility into whether device behavior 

is abnormal or malicious and could indicate a risk. 

OT Device Vulnerabilities Are Increasing 

While OT devices become more accessible to cyber attackers, they’re also increasingly vulnerable to 

attack. Based on ICS-CERT’s advisory page, which lists a large number of vendors that have disclosed 

vulnerabilities, public vulnerability advisories continue to increase year over year. There were 204 

advisories in 2018, an increase of 25% compared to 2017. Over half of the ICS-related vulnerabilities 

reported in 2018 rated high in terms of severity level. These vulnerabilities exist in field devices, humanmachine 

interface systems, and engineering workstation software. 

In 2019, a set of 11 zero-day vulnerabilities was discovered, dubbed Urgent11, that impact seven 

common real-time operating systems, including VxWorks® by Wind River. These systems are widely 

used by SCADA systems, industrial controllers, firewalls, routers, satellite modems, VoIP phones, 

printers, and many other devices. Urgent11 could allow attackers to remotely exploit and take over 

mission-critical industrial devices, resulting in costly disruption of essential processes. 



It’s clear that as these vulnerabilities grow, manufacturing and industrial leaders must devote greater 

attention to securing their environments. 

A Different Approach to OT Security 

Industrial and manufacturing organizations need a security strategy that is specifically tailored to all 

devices across OT and IT environments. This approach could better protect essential tools and 

processes with the following focus areas: 

• Agentless. Most OT enterprise IoT devices, such as SCADA systems, PLC’s, RTU’s, HMI’s and 

engineering workstations, cannot accommodate security agents, so a security strategy should be 

able to function without relying on these agents. 

• Passive. A security strategy that uses network scans or probes can disrupt or even crash OT 

devices, which would interfere with important industrial control operations like plant operations. A 

strong system should be able to function using only passive technologies. 

• Comprehensive security controls. A security strategy designed to mitigate risks in an OT 

environment should have the same outcomes as one designed for IT devices. These outcomes 

are listed in security frameworks such as the NIST Cybersecurity Framework (CSF) or the Center 

for Internet Security Critical Security Controls (CSC). In the IT world, this typically requires the 

use of several different security tools. For the OT environment, it would be desirable to obtain 

comprehensive coverage of the required security controls using as few tools as possible. 

• Comprehensive device coverage. A comprehensive security strategy will encompass all 

managed, unmanaged or industrial IoT devices in the enterprise—from the manufacturing floor to 

the executive suite—because in an interconnected environment, you can’t secure OT unless you 

secure IT along with it. The security platform should work for all types and brands of industrial 

control systems, along with other kinds of devices common to the enterprise such as HVAC 

systems, IP security cameras, fire alarm systems, building access management systems, 

switches, firewalls, wireless access points, printers, and more. 



• Comprehensive communication coverage. The strategy should be able to directly monitor all 

communication pathways that could be used in a cyber attack, including Ethernet, Wi-Fi, 

Bluetooth, BLE, and possibly other wireless protocols such as Zigbee. Wireless coverage is 

important because attackers can exploit vulnerabilities such as BlueBorne, KRACK and 

Broadpwn to compromise OT devices wirelessly, without any user interaction. 

Protecting OT devices from a growing list of cyber attacks and vulnerabilities brings many challenges, 

but can be achieved with the right focus, backed by the right tools. What’s clear is that industrial and 

manufacturing organizations cannot use traditional methods to secure OT devices being used in nontraditional 

ways. As these essential devices continue to be integrated into enterprise networks, a new 

approach must be used to keep them from being exploited and, ultimately, leaving valuable processes at 

risk of disruption. 


Chris Dobrec, Vice President of Product Marketing, Armis.As Vice 

President of Product Marketing, Chris is responsible for Armis’ product 

marketing strategy and vision. He is a seasoned product and business 

development executive leading teams through development and 

marketing of exceptional products and cutting-edge technologies 

across enterprise and consumer market segments. Prior to Armis, 

Chris held executive management roles in product management, 

product marketing and business development at MobileIron, Cisco, 

Nokia, Ipsilon Networks and Kalpana. Chris’ journey to Silicon Valley 

started after leaving college early to pursue his passion for building 

great products. He can be reached by Armis’ company website at 

www.armis.com. 



Biggest Obstacles Frustrating Cyber Security Job Seekers 

and Employer 

By Matt Donato, Co-founder of Charlotte, NC-based HuntSource 

You’re a cyber security engineer and want to find an exciting career opportunity in this arena. 

But several obstacles are preventing you from making this happen. For example, you may get offered a 

big salary, say $200,000 per year. The fact that someone is willing to pay you that much strokes your 

ego. 

Yet you take that job and find out the work itself doesn’t appeal to you. Or the corporate culture doesn’t 

align with your values. 

You saw the big dollar signs and took the position but now you realize you made a big mistake. You now 

have to start over finding another job or stay in a place where you are not happy. 



You lack skills in a key area 

Or here’s another problem you might have. You know a lot about cyber security but the position you’re 

applying for requires that you also understand and have skills using machine learning, for example – a 

hot new trend. You haven’t had time to learn about it because your current job eats up 80-100 hours a 

week of your time. 

With this technology industry changing so fast, and the demands of your current job so all-encompassing, 

you haven’t had time to keep get your head around what machine learning is all about or how to get 

caught up in your free time. 

You don’t know what certifications to get 

Or you have a related problem. You need web application security knowledge to land a dream job, but 

you don’t know what certification to get that employers will want before hiring you. 

Some employers want you to take one type of certification course and another specifies that you pass 

another course. Which one do you take? And which job do you want more? It’s all complicated and 

uncertain, a crapshoot. 

You believe employers will come after you 

Or you may have more fundamental obstacles to overcome. You believe you can send out your resume 

and employers will come chasing you because there’s a shortage of cyber security professionals. You’re 

a hot commodity. They’ll come chasing you. 

All you have to do is make them aware you’re looking around. But you find out that’s not nearly enough 

effort and unrealistic. You have to do much more. Even when demand for your skills is intense. 

You have LinkedIn fatigue 

Or you find that every day you get at least five messages on LinkedIn from employers wanting to know if 

you’re interested in a new cyber security position. But the notices are poorly targeted for positions far 

below your experience level. 

Worn out by “LinkedIn fatigue,” you stop going to that page in your job hunt because so much of the 

information wastes your time. But that’s where so many opportunities for you await. It’s a conundrum. 

How to overcome these obstacles 

There are several actions you take to overcome these hurdles. One of the most important is to stay 

current and keep your skills relevant and fine-tuned in the cyber security market. 



You must be current 

Your knowledge has to be up-to-speed with what’s going on right now and where the market is headed. 

Three-year-old information and skills won’t cut it in the ultra-high-speed cyber security arena. One-yearold 

information doesn’t amount to much either. It’s all about now and what you know and what value you 

can offer today and tomorrow. 

Next, focus on improving your written and verbal communications skills. Yes, technical knowledge 

remains important, but plenty of strong competitors have that. 

You will separate yourself from competitors if you show you can handle the technical aspects of the work 

and communicate well. This would mean, for instance, simply and clearly explaining to upper 

management why the cyber security projects you and your team are working on are important to the 

financial growth of the business. 

Be authentic 

Want to enchant employers? Be authentic. Employers can tell when someone is faking who they are or 

what they can do. Be candid with employers about what you can and cannot do, what your passions are, 

why you want to work specifically for them, why you believe cyber security is important, and show them 

you understand the cyber security problems they need solved. 

Obstacles from Employer’s Perspective 

Employers struggle to find and hire cyber security professionals. They often don’t understand well what 

cyber security is, why their company needs it, and how it can help their businesses grow or prevent 

losses. They have a general sense that they need to have better cyber security so they seek to hire 

people who do know about it. 

But these employers often cannot communicate who they want to hire because they don’t know what 

they want the cyber security person to do. 

Be more flexible with job requirements 

Another problem: Written job descriptions for cyber security jobs are too lofty, demanding, and stringent. 

If a candidate meets six of the eight requirements, for example, but the corporate policy stipulates that 

they need to meet all of them, the application won’t move any further in the process. 

Companies often miss on what could have been a great hire. Inflexible hiring practices blocked the 

process. This is a huge problem. 



Shorten the job hunt process 

The problems don’t end there. Companies often take far too long to hire anyone. The process tends to 

be overly laborious – even when searching for employees in a high-demand market such as cyber 

security. 

Positions can stay open for nine months and often longer. Corporate recruiters often are asked to fill 50 

or more jobs at once. Even when hundreds of people apply to one position, few people have time to 

review them, or at least not for several months. 

Cybersecurity affects finances 

Companies also wrestle with cyber security hiring because cyber security does not generate revenue. 

It’s an expense. Naturally, the company wants to keep the revenue-generating engine humming. They 

are therefore more inclined to hire salespeople and others who can affect the bottom line. 

The flaw in this logic, of course, is that if the company’s cyber security stays weak, fraudsters are more 

likely to steal millions of dollars and valuable information from the company. But until that happens, 

companies de-prioritize cyber security hiring in favor of people who bring in the cash. 

Overreliance on certifications 

Cybersecurity professionals rely too much on certifications and are not familiar enough with the 

certification programs to assess whether they show that an applicant is competent in a discipline just 

because they gained the certification. Some certifications are easy to get and don’t require much skill. 

Too often companies place too much value on one applicant who has a certification when another 

applicant who does not is better qualified for the position. 

It’s not all about the money for employees 

Employers also underestimate how much job applicants value doing meaningful work. They frequently 

assume the salary constitutes the overriding force for luring candidates. But actually the work they will do 

and how valuable it is to the employer means a great deal to employees. 

How to overcome these obstacles 

To be more successful hiring cyber security professionals, companies need to become much more 

knowledgeable about what cyber security is and pinpoint exactly why they need to hire people to help 

them with this important program. 



There are no perfect candidates 

Companies also need to be much more flexible in ascertaining who fulfills enough of their job 

requirements to deserve an interview. There just aren’t that many people anywhere who know everything 

there is to know and have all skills needed to do a cyber security job. 

The technology is too new, the skills take too long to refine, the specific niches are too numerous and 

disparate. There are no perfect applicants. Applicants who show they can do most of what the job requires 

should be given more consideration. 

Weak cyber security weakens businesses 

Companies also need to be careful not to underestimate the financial impacts of not hiring cyber security 

professionals. Granted, this is not a revenue-generating discipline. But it does help reduce revenue 

losses, which can be huge when cyber breaches occur. 

Don’t overestimate value of certifications 

Companies should also not overestimate the value of cyber security certifications. Some people might 

take an easy course while others may not. It’s important to figure out which certifications show a job 

applicant’s mastery of a skill or subject matter. 

Final thoughts 

Professionals seeking jobs in cyber security have their hands full. It’s a market moving at blazing speeds. 

The dynamics are complicated and tough to synthesize. Above all else, the key is to stay current on the 

latest news in cyber security, track market dynamics, and keep taking courses that help you develop 

skills valued right now by employers. 

Employers need to do their part to really get their minds around what cyber security is all about so they 

can hire people to do meaningful cyber security work. They can’t rely on the people they hire to figure all 

this out. 

And they need to move much faster and get more aligned on their corporate storyline when they interview 

candidates. A quick way to turn off a job candidate is to have that person interview four different people 

within your company who give the person four different stories about what’s important to the business. 

Get your story straight. The applicant will be more inclined to work for you if you are all singing the same 

tune. It eases their minds and shows them your company has its act together. Additionally, even if the 

role you discuss is not the right match, you’ll earn tremendous credibility and trust with the candidate as 

someone who may want to revisit joining your team. 




Matt Donato is the co-founder of Charlotte, NC-based HuntSource. 

He can be reached at mdonato@huntsource.io. HuntSource 

provides comprehensive talent recruiting services for companies 

and professionals in the cyber security, data intelligence, and 

analytics markets. The company accelerates, streamlines, and 

simplifies the hiring process for companies and professionals in all 

three of these industries. The company’s capabilities include 

performing direct hires and executive searches, retained searches, 

and various staffing solutions. www.huntsource.io. 



Mitigating Against Ransomware: Don’t Let Backups Be 

the Back Door 

By Rick Vanover, Senior Director, Product Strategy, Veeam 

The damage ransomware can inflict on businesses is staggering. For businesses who feel they have no 

choice but to pay cybercriminals in order to unlock their files, they not only put their money at risk, but 

also put their reputation at stake. According to a report produced by Cybersecurity Ventures, global 

ransomware damage costs are predicted to cost upwards of $20 billion in in 2021. 

While the best remedy for a ransomware attack is prevention, in the prevailing threat landscape that isn’t 

always possible. The same Cybersecurity Ventures study forecasts that an organization will fall victim to 

a ransomware attack every 11 seconds in 2021. Ultimately, almost all computer systems are fallible to 

breach. So, businesses must be prepared for the reality of relentless cyber-attacks and have a 

contingency plan in place should the worst happen. 

Having offsite and offline backups and robust disaster recovery capabilities can help businesses restore 

data that has been encrypted by attackers. However, the risks and possibilities of ransomware are varied. 

So, businesses need a plan for prevention and ensure their backup data cannot be used against them. 



The threat landscape is evolving 

There is a growing amount of fragmentation in the types of ransomware attacks in play today. Chief 

Security Officers (CSOs) mainly associate ransomware with data encryption. This involves malicious 

agents gaining access to sensitive or mission-critical data and encrypting it. The ‘deal’ in this scenario is 

the business pays a ransom in exchange for files to be decrypted and returned to their original, usable 

form. This is by no means the only threat for CSOs to consider. In other cases, cyber-attackers will upload 

data instead of encrypting it. This means the ransom is to prevent a public leak of potentially sensitive 

data. 

These disguises and behaviours make it very difficult to consistently defend against the widening 

landscape of threats. The golden rule for organizations to follow is to maintain a clear view of what is 

normal behaviour within their own IT infrastructure. This can be achieved through continuously monitoring 

data and cloud storage, as well as leverage analytics on networks, operating systems and applications. 

This increased awareness of what a secure state of play looks like can make suspicious and malicious 

activity easier to spot, crucially accelerating time to response. 

Making good use of encryption is also key for organizations. If malicious threats cannot ‘see’ your data, 

it’s more difficult for them to use it against you. According to Duo’s Privacy in the Internet Trends report, 

87% of web traffic is encrypted – a number that is rising all the time. However, it is less clear what 

percentage of enterprises’ data is encrypted. Zscaler’s IoT in the Enterprise found that 91.5% of traffic 

on enterprise IoT networks is non-SSL encrypted. These contrasting figures suggest there is a sizable 

gap between how enterprises generally are leveraging encryption versus major web platforms and 

service providers. 

Are backups cyber-crime’s high-value target? 

One area where encryption is vital to bolster organizations’ defences against ransomware and insider 

threats is implementing ‘nearline’ encryption on data backups. The Veeam 2019 Cloud Data Management 

report found that over two thirds of organizations are producing backups of their data. While this is, of 

course, a good thing, imagine the blackmail potential for a cyber-attacker of gaining access to a backup 

of an organization’s entire digital infrastructure? 

Given that cyber-criminals using ransomware to blackmail businesses are looking for data, in theory they 

can find whatever they need in an organization’s backed up files. These could be in all manner of forms: 

from system disks and removable hard drives, to offline tape devices and cloud backups. Whichever 

option a business chooses, the backup repository itself must be protected against attack with an ultraresilient 

media type. Otherwise, there’s a chance that in attempting to protect business continuity, 

businesses may be creating a trove of poorly protected data that could be used against them. 

For some threat behaviours, this can be mitigated by encrypting backups every step of the way – from 

the first disk resource on-premises. Encrypting backups historically is a great idea when tapes leave the 

IT facility or if data is transmitted over the Internet. Given the prevalence of modern cyber-threats, 

encryption must take place nearer to the backing up process. The most effective technique however is 

resiliency in the backup data. 



Securing data backups 

This brings us to a conversation around ultra-resilient backup storage – the single most effective form of 

storage to be resilient against ransomware. There are a number of ways organizations can achieve this 

level of protection to ensure their data backups do not resemble a back door for cyber-attackers. 

The first is utilising offline tapes, which are a very effective air-gapped form of backup media. While tape 

is often purported to be an old-fashioned and inefficient storage technology, it cannot be beaten when it 

comes to producing highly portable, secure and reliable backups at low-cost. Much like tape, removable 

drives have an offline element in that they are not online unless being read-from or written-to. This makes 

them a preferable option when it comes to reducing the visibility of backed up files to malicious agents. 

Immutable backups in the cloud, such as AWS S3 storage’s compliance mode for object lock, supported 

by Veeam, mean backup data stored in the cloud cannot be deleted by ransomware, malicious 

administrators or even accidentally. This is available in the public AWS S3 offering as well as a number 

of S3-Compatible storage systems (both on-premises and as a public offering). Furthermore, Veeam 

Cloud Connect offers protection through a capability where copies of backup data can be kept completely 

out of bounds for customers. This is delivered through a service provider and helps end-users protect 

against ransomware, insider threats and accidental deletion. 

CSOs are constantly weighing up a trade-off between convenience and security. While enterprises 

undergoing digital transformation have multiple investment needs, protecting against ransomware is 

critical to ensuring business continuity. Offsite and offline backups can help mitigate the effects 

of ransomware. Combined with the right security solutions and employee training, ultra-resilient backup 

for Cloud Data Management can give organizations peace of mind that they are as protected as they can 

possibly be even in this evolving threat landscape. 


Rick Vanover (MVP, vExpert, Cisco Champion) is 

the director of Technical Product Marketing & 

Evangelism for Veeam Software based in Columbus, 

Ohio. Rick’s IT experience includes system 

administration and IT management; with 

virtualization being the central theme of his career 

recently.Rick can be reached online at 

(rick.vanover@veeam.com) and at our company 

website https://www.veeam.com/ 



The Ransomware Age and How to Fight It 

By Pedro Tavares, Editor-in-Chief seguranca-informatica.pt 

We are living in an age where ransomware continues to grow and the number of attacks has increased 

especially during the COVID-19 pandemic. Data encryption malware is an emergent threat evolving and 

changing its Tactics, Techniques, and Procedures (TTPs) along the time. 

In general, data encryption malware so-called ransomware is a type of malware that prevents victims 

from accessing their systems and demands ransom payments in order to regain access to the data. The 

affected systems include network assets, servers, backups, personal data, and so on. 

In early ransomware versions - the 1980s, the ransom paid was paid via snail mail. Today the schema 

evolves an order sent via cryptocurrency (bitcoin) and credit card. 

These kinds of attacks generally start via email, with social engineering campaigns in place, namely 

malspam, malvertising and phishing schemas sent to a huge group of users every day. 



Ransomware can be grouped into some categories, namely: 

● Scareware: includes rogue security software and tech support scams. 

● Screen lockers: freeze the system and a window is presented after login with payment details. 

● Encrypting ransomware: the files are encrypted and a ransom must be paid to recover the data. 

● Destructive ransomware: less common, it only aims to destroy systems. 

Mediatic Ransomware 

There is a collection of mediatic ransomware that have been made headlines due to their damage. 

GoldenEye: One of the most well-known ransomware in the world is GoldenEye, which was responsible 

for a complete shutdown, crashing Ukrainian systems. The impact of this attack hit the banking networks, 

the system of the largest airport in the country, and the main electricity company. Three crucial points for 

society, which proved to be extremely vulnerable. 

Wannacry: A cryptographic malware that hijacks and blocks files and folders promising to return them 

only by paying a ransom in bitcoins (virtual currency). This ransomware was based on a security breach 

and was largely responsible for an internet blackout. Criminals asked for $600 to unlock the content on 

each computer. 



Locky: it encrypts files and holds them hostage for ransom. Locky was first discovered at the beginning 

of 2016 and immediately became one of the most significant malware threats in the wild. This 

ransomware was developed by the same hackers in charge of Dridex botnet, considered one of the 

largest botnet networks in the world. 



Jigsaw: it was inspired by the protagonist of the “Mortal Games” movie franchise. This attack begins with 

a salute, followed by a request for ransom. The malware encrypts computer files and gradually deletes 

them unless a ransom is paid to decrypt the files. 

Ryuk: it’s specifically used to target enterprise environments. Ryuk is a modified version of Hermes 

ransomware. Ryuk ransomware is more lucrative than its predecessor. It targets large organizations and 

government agencies that end up paying up large amounts based on the exfiltrated information. 



Ragnar Locker: This is one of the most recent piece of ransomware. Ragnar Locker is a ransomwaretype, 

designed not only to encrypt data but also to terminate installed programs (like ConnectWise and 

Kaseya) that are commonly used by managed service providers and various Windows services. 

How to Prevent a Ransomware Attack 

There is no perfect solution to prevent attacks of this nature, however, there is a set of good practices 

that can be applied in order to minimize the impact of data encryption malware. I can enumerate some 

of them below. 

● Use live, active anti-virus which are regularly updated. 

● Patch updates regularly. Update all software including operating systems, network devices, 

applications, mobile phones, and other software. 

● Maintain a proper backup mechanism and made it mandatory. 

● Regularly test the recovery function of backup and restore procedure and also test the data 

integrity of backups. 

● Conduct simulated ransomware preparedness test. 

● Install Microsoft Office viewers and always keep macros disabled. 

● Limit end-user access to mapped drives and don’t enable file sharing. 

● Don’t enable remote services. The organizations with RDP, VPN, proxies, and servers are to be 

provided with better IT Security standards. 

Take home message: Implement effective security awareness training to improve cyber education and 

don’t download anything from unknown sources. 




Pedro Tavares is a cybersecurity professional and a 

founding member of CSIRT.UBI and Editor-in-Chief 

of seguranca-informatica.pt. In recent years he has 

invested in the field of information security, exploring 

and analyzing a wide range of topics, malware, ethical 

hacking (OSCP-certified), cybersecurity, IoT and 

security in computer networks. He is also a Freelance 

Writer. 

Segurança Informática blog: www.seguranca-informatica.pt 

LinkedIn: https://www.linkedin.com/in/sirpedrotavares 

Twitter: https://twitter.com/sirpedrotavares 

Contact me: ptavares@seguranca-informatica.pt 



Security in A Multi-Cloud Environment 

By Paul Nicholson, Sr. Director of Product Marketing, A10 Networks 

As companies leverage a multi-cloud strategy to improve IT operations and provide better services to 

their customers, they can’t afford to overlook the implications for security. This is especially true with the 

emergence of a new paradigm to run multiple disparate compute environments for application delivery. 

In fact, while issues like creeping complexity, non-existent cross-platform visibility, and multiple vendor 

standards all compete for IT focus in a multi-cloud environment, enterprise leaders cite security as the 

top challenge of all. 

This trend was illustrated in a global survey of IT and business executives conducted by A10 Networks 

in partnership with the Business Performance Innovation (BPI) Network. In the survey, respondents 

reported that ensuring strong security across clouds, networks, applications and data will be critical for 

realising the advantages of multi-cloud IT. This is clearly a work in progress; to date, only 11 percent 

believe they have been highly successful in seeing the full value of their multi-cloud strategy, while a 

majority (51 percent) rate themselves as only somewhat successful or unsuccessful so far. 

A quick web search will uncover many cases of vulnerabilities and real-life incidents. In one blog post by 

VMware, it is noted that it’s the job of IT and security teams, not just cloud providers, to take care of many 

aspects of security. To stop sophisticated bots, frequent data exfiltration of personally identifiable 

information (PII), application attacks, and other threats, it’s essential to implement a security strategy 

across all your clouds, private or public that is as stringent as the one used for your on-premises solutions, 

if not more so. 



Deterministic or Accidental Multi-cloud Complexity – It All Needs to be Secured 

It’s easy to understand why the proliferation of multi-cloud environments has tended to outpace the 

evolution of multi-cloud security. While the move to multi-cloud is often part of a clearly defined and 

intentional strategy, this isn’t always the case. For many organisations, the shift happens on a more ad 

hoc basis. For example, it may happen when a company with a single-vendor cloud strategy acquires or 

merges with another organisation using a different cloud platform. Business units and development teams 

may source their own cloud resources, with or without IT’s blessing as shadow IT. New requirements for 

specific services, data sovereignty (such as GDPR), or integration lead IT to add new vendors to the 

environment. As a result, most companies end up in a more complex multi-cloud setup than they had 

envisaged. 

Intentional or not, the evolution to multi-cloud environments typically focuses on the business and IT 

factors driving it. As with many technologies in IT operations, organisations first provision the services 

they need to address various requirements, and only then turn their attention to how best to control, 

govern, and manage the resulting environment. This often proves more difficult than anticipated, as 

shown in the results of the survey. Nearly two-thirds of respondents (63 percent) said that ensuring 

security across all clouds, networks, applications and data was the top challenge of multi-cloud IT, which 

is good news, as it is top-of-mind, even if the solutions are not ubiquitous today. Management skills and 

expertise (37 percent) and centralised visibility and management (33 percent) were also cited—both key 

concerns for effective multi-cloud security. 

Essential Security Capabilities and Practices 

As IT, security teams, and business leaders have worked to close the security gap in their multi-cloud 

environment, a clear sense of the most relevant technologies to leverage is needed. In the BPI report a 

majority named centralised visibility and analytics into security and performance (56 percent), automated 

tools to speed response times and reduce costs (54 percent), and centralised management from a single 

point of control (50 percent) as the top capabilities for improving multi-cloud security, reliability, and 

performance. With the volume of digital business data and transactions constantly rising, 38 percent of 

respondents also pointed to the need for more scalable, higher-performing security solutions. This will 

only be exacerbated over time, especially with the rise of IoT and the emerging 5G connectivity. 

Looking at the most important considerations in protecting the security and reliability of multi-cloud 

environments, 62 percent of survey respondents agreed on the importance of centralised authentication 

or pre-authentication to help maintain effective control over the users, admins, and systems allowed to 

access various resources across multiple clouds. One respondent, Raja Mohan, senior strategic architect 

for cloud and platform services at Franklin Templeton, explained the reasoning behind this emphasis: 

“How do we deliver highly secure applications in a way in which it doesn’t matter where they reside? How 

do we provide seamless, secure services? That’s the goal.” 

An answer to this question is seen in the high ranking of centralised security policies as a critical practice 

for multi-cloud IT (46 percent). Among defensive technologies, many respondents called out specific high 



value defences such as robust web application firewalls (WAFs) (40 percent) and DDoS protection (33 

percent). 

IT Operations Need to Partner with the Security Teams for Cross-Cloud Security 

Organisations have been doing their best with the security tools available to them, but they’re far from 

satisfied with the results. “At this juncture, we’re taking advantage of security solutions from our public 

cloud providers augmented with our existing toolset, but we are continuing to evolve in that space,” said 

Mohan. 

Indeed, IT organisations are continually reassessing their solutions and vendors and identifying areas 

where change is needed. Only nine percent of survey respondent are extremely satisfied with their current 

security solutions for multi-cloud environments—while 38 percent see a need for significant 

improvements. Only 18 percent believe they do not need to re-evaluate their suppliers. Figures like these 

are a wake-up call for everyone in the multi-cloud security space. 

This evidence shows the need to adopt a Polynimbus secure application services approach to give the 

power back to IT and security teams so they can provide a secure and consistent secure application 

services environment across their clouds. Powered by application delivery controller (ADC) solutions, 

Polynimbus mindsets and practices will be the most effective way to ensure that multi-cloud compliance, 

security policies, functionality, and expectations are met, while easing the burden of over worked and 

stressed IT and security teams. Ultimately, this approach will make vigilance easier to enact and 

responsibility easier to fulfil. 

You can learn more about the security challenges that come with multi-cloud IT and how they’re being 

addressed in the complete report, “Mapping the Multi-Cloud Enterprise: Next Steps in Optimising 

Business & IT Agility, Efficiency & Security.” 


Paul Nicholson is Head of Product Marketing, Technical Marketing, and 

Analyst Relations teams. He has responsibility for all enterprise and 

service provider GTM activities for all A10 products.Paul can be reached 

online at (pnicholson@a10networks.com) and at our company website 

https://www.a10networks.com/ 



Cyber Operations Could Cause Traumatic Experiences 

By Milica D. Djekic 

It's quite risky spending your time in cyberspace. This environment could deal with so many traps, holes 

and weird openings. In other words, it’s possible only to make a simple click on your screen and arrive at 

an very inconvenient location downloading to your IT system the content that could be frightening and 

damaging. The cybercrime masterminds would be well-familiar with these scenarios and, indeed, they 

would create so sophisticated traps that would not make you get you are already in trouble once you 

choose such a path. 

Any cybercrime and cyber terrorism operation has a background and it’s important to go deeply into the 

past of the offense in order to discover its root. Before they make any move the hackers must know who 

would be interested to pay for their services, so they would not touch anyone without the certain need. 

The law enforcement cyber crime investigation is not only about arresting the cyber criminals or terrorists, 

but rather it’s about understanding the entire scheme and getting who got correlated with whom and what 

the higher goals of those campaigns are. So, let’s go deep into the past of any illegal activity because 

the hackers would conduct their operation from some location, but they would not sit there and wait for 

you to come and catch them. The experience would suggest that within 24 hours after the successful 

attack they could get many miles away from their initial base. 

On the other hand, the cyber terrorists could operate from some distant region and there is no chance to 

find them, so what you only can do is to utilize some kind of cyber warfare operation that would give you 



an option to destroy their equipment for a period of time. They would repair their resources and keep 

attacking again and again. That could be quite unpleasant, could it not? In other words, always keep in 

mind that some mommy with the baby would be stuck at her home while not getting important web 

connectivity for her smart kitchen and her baby would undoubtedly be scared from not getting warm milk 

for a dinner. 

A similar scenario could happen in any office or factory if your IT infrastructure gets overwhelmed with 

viruses, spyware, malware and advanced persistent threats. In these cases, you would definitely deal 

with the business discontinuity and ineffectiveness, so your IT support team would need some time to fix 

everything for you. If such a situation proceeds – the things could get a bit of annoying to everyone, of 

course. The fact is you would not suffer the stressful condition if these situations were rare, but if it’s 

happening day by day, week by week and if you are losing so confidential information frequently – you 

would definitely get frustrated with your everyday routine for a reason the majority of your hard work 

would just go to waste. So, you are losing your effort just in the middle of your business day and your 

boss has required you to resolve your task by the end of that working week. Indeed, you are frustrated 

and by the bad situation – you did not expect that cyber attack at that moment – so you did not cope with 

your regular daily backup procedures and nothing has been saved for just in case. 

The bad situation could be even worse if someone has compromised your IT system from the outside 

and inexperienced IT security professional could blame you for dealing with the high risk cyberspace 

content. You would try to explain what you have done and if the law enforcement cyber team is that naive 

as well they could believe that you are the potential insider threat, so your firing would simply smile on 

you. Being the insider threat is so criminal stuff and there could be a lot of those to explain to the Police 

officers. Well, if you put all these into account – you would get that any cyber operation with the possible 

complications at work could cause real drama and trauma in your everyday life. So many people getting 

the skill to obtain something on the computer with internet connectivity could just get less productive and 

somehow paralyzed if they try to imagine what can happen if anyone seeks from them any sort of answers 

getting provided to the critical questions. If anyone would report about you as the possible trouble maker 

at least you would get suspended from your work waiting for the justice to come. The people would make 

the mistakes and anything that can go wrong will go wrong, so for such a reason it’s not surprising at all 

that you can feel a sense of fear, doubts and pessimism waiting for the IT security team and authorities 

to estimate what happened within the entire network. 

On the other hand, if your IP address is not compromised you can expect that someone could play with 

your network traffic and shut down your business for the several working shifts. Losing the information 

and especially the time is like a losing the money and so many businesses would simply collapse in front 

of so untactful hackers and terrorists. As it is so well-known, the cyber crime would cost the global 

economy a lot and no one would get avoided, so far. Well, that’s why we say it’s so significant to put your 

accent on the background of the cyber campaigns for a reason the masterminds of those actions would 

see the much bigger picture and carefully choose the time and moment to accomplish what they want to 

obtain. 

In this effort, we would go step by step through the main questions being so obvious here and we hope 

our contribution would find some practical applications in the world of investigative procedures and 



policies. Apparently, there is still the huge shortage for the cyber defense staffs, so what we need right 

here is to suggest how such a need for the skill could get overcome in reality. 

Assumption #1. The honest workforce would always try to make an advantage to the good 

employer. 

Explanation #1. If the people are happy at their work, they would push harder and harder in order to make 

their organization getting beneficial from their effort. No honest person would do anything against the 

good employer and if there are the cloudy days to the entire business – the loyal staffs would not leave 

and they would commonly get organized to save what they can save. If the relations between the 

employer and employees are fair, those two parties would attempt to develop the relationship full of trust, 

confidence and solidarity. The business is so dynamic area and there could be a plenty of ups and downs 

through every working day and if your mangers are kind and supportive about your effort – you would 

always want to remain the part of such a successful team. The solidarity between co-workers is from the 

crucial importance to the majority of people and only together the folks could obtain a lot. The big 

challenge to any organization is the insider threat and anyone being aware of the possible consequences 

of such a choice would never try to ruin its organization from the inside. The both – small and large 

businesses – are equally vulnerable to the insider threats and the employer should try to confirm all of its 

staffs from time to time. The honest guy if satisfied at work would always try to improve his effort and 

make the advantage for the entire team. On the other hand, if the relations at work are fuzzy – no honest 

person would attempt to go against anything and that individual would simply leave such an unhealthy 

surrounding. In addition, let’s say that everything inside would work perfectly and in such a situation 

everyone would be so pleased with everyone. The reason why we believe that any good employer would 

undoubtedly cope with the deep loyalty of its staffs is that if you make people feeling like the part of the 

healthy team, if you make them gain confidence and if you give them the chance to rise and grow as the 

whole – they would always remain grateful to such an organization and try to return all the received and 

given support coming from their principles. Anyone with the deep approach would try to develop his skills 

in details and that’s feasible only if your employer offers you an opportunity for such a progress. The 

marketplace could be the big dilemma to many business actors and no one knows what tomorrow can 

bring, so it’s not easy to take the right course through such a challenging journey and what you need the 

most in order to succeed in such a mission is the honest workforce that would not cheat on you or trick 

you in any sense. The people would know that and they would always be nice and helpful about anyone 

providing them the good conditions at work for a reason the employment is something that is needed to 

progress, learn and at least feed your family. No honest staff would try to be disappointing to anyone 

offering the fair treatment and healthy business environment to all, so far. 

Assumption #2. Cyber operations could be so annoying and cause the business discontinuity 

and ineffectiveness. 

Explanation #2. Imagine yourself at the work doing something in the digital environment and trying to 

make some backups of your efforts on a daily basis. You would know all necessary procedures and 

policies how to cope in the well-organized environment and it could appear that everything would go so 

smoothly from hour to hour. Suddenly, your machine would get some malware and the entire effort would 

go to waste. That’s quite annoying, right? What would that mean in practice? Basically, you would lose 

everything you have done that day and once you fix your system – you would need to start from the 



eginning which can be somehow embarrassing, so far. Also, your curves of productivity and 

effectiveness would show you are dealing with the declining trend and that could seriously impact the 

entire business continuity of the entire team as the entire IT network to your office would get infected with 

the same malware or exposed to the similar attack. Anyhow, as a professional who would get resilient to 

many external factors – you would yet remain somehow annoyed. The worst possible thing is you would 

never know when the bad guys could attack again, so you could feel some sort of frustration if such a 

situation gets repeated again and again. The main problem here is the business discontinuity and 

ineffectiveness that could dramatically impact your finances on a weekly, monthly or even annual basis. 

In the business world, the time is money, so if you are spending your time repairing something that should 

not even happen – you would affect your budget so comprehensively. Such a condition could lead to the 

smaller incomes to the entire organizations and once that business gets pushed into the crisis – everyone 

including the staffs would feel the negative impacts. From such a point of view, it’s important to take into 

account the cyber security and any investment in such a way could be only the advantage to everyone. 

The people in business could be under the pressure for working hard and getting constrained with so 

short deadlines, so they can manage some level of the stress – but if you put them on the fire every single 

day and if they begin suffering the hacking attacks periodically – they would definitely get overannoyed 

and need some time to overcome such a given obstacle. The major point in this case could be that the 

business would cope with so many marketplace challenges and demands, so any sort of loss coming 

from the lack of safety and security procedures as well as policies should get avoided or if happens – 

fixed as soon as possible. The good managers would deal with the strong leadership capacities and they 

would always try to encourage and motivate the people to work hard and go beyond their limits. In other 

words, if there is any issue regarding your operating system crashes or DDoS campaigns – that’s 

something the great leader at work should need to know to mange as well – as that could be from the 

critical significance to the entire team and its productivity and effectiveness. 

Assumption #3. The repeated IT anomalies at work could impact stress and anxiety with 

employees. 

Explanation #3. It’s the beginning of your working day and you would cope with the brief catch up meeting 

with your supreme and the rest of the colleagues in order to try to figure out how to make your daily 

schedule and the listing of tasks. It could appear as quite advantaging to do some brainstorming at the 

beginning of your business day because the good team would encourage you to go beyond your limits 

giving you the chance to feel the deep thankfulness to everyone for making you provide the best out of 

your own performances. In the healthy team, everything is about who would motivate whom to give his 

maximum every single day and become the meaningful member of the group. So, if you woke up with 

the thought that you could never accomplish something and at the end of that working day you even gave 

more, you would definitely get proud of yourself and truly grateful to the guys in your workplace for letting 

you obtain so. Well, your business day would begin in the quite constructive manner and you would be 

full of confidence about the coming obligations and challenges you should face up tomorrow. The next 

day would come and you would start it with the same routine being so excited that even then you would 

be better than yourself. And suddenly – the collapse! The entire IT infrastructure would shut down and 

you would lose a lot of your current effort. It’s OK! You are the professional and you can manage the 

stress. Well, someone would fix everything and you would proceed with your hard work and probably get 

chosen for the employee of the month for such a season. New month, new expectations! You would feel 

like a boxer in the ring getting ready to knock down all your tasks for such a tournament. And then – the 



new collapse! Your entire IT asset would go down. That’s the quite annoying condition, right? It would 

appear that you would need to kick off not only your tasks, but rather the entire hacker’s community. You 

are the champ and you know that, but if those anomalies keep repeating you could develop some kind 

of stress as well as anxiety. No champ wants to lose, but those annoying bad guys could make you lose 

your patience. The champ with the mental health concern is not the champ and that’s literally the 

message that the cyber criminals send to you. If you are upset, you cannot win the tournament and they 

know that – so, in such a sense you would get knocked down by them and that’s seriously what you did 

not want at all. Well, if you notice that someone in your company is moving your cursor in front of your 

nose – you would if anxious need to break your workstation in pieces. That’s what we call the violence at 

the workplace! So, few months ago you were the champ in your office and now you are only someone 

getting so impatient about everything that is happening around you. The obvious reasons for that are 

those so crazy anomalies in your IT environment. So, the point is clear! Even the best performance 

workers could feel like losers if they got no appropriate condition to operate. The bad guys would know 

that and they would so lucidly exploit such a weakness and make even the best employees feel like 

dummies. That’s quite discouraging, is not so? As time goes on everyone would become resilient to that 

amount of stress, but the first reaction could be quite irrational and that’s something no one would need 

at all. 

Assumption #4. The state of readiness could turn into a waiting condition if the common worker 

got insufficient abilities in the cyberspace. 

Explanation #4. So, maybe you lost your temper with the first IT anomalies occurring in your network, but 

sooner or later you would build on your resilience to cope with those incidents. In other words, you would 

get in the state of preparedness regarding the possible hacking attacks. The state of readiness is so 

positive attribute, but if you have developed the fear that everything could go wrong – you are definitely 

dealing with the waiting condition. That’s could be quite distracting for a reason it would lower your 

concentration as well as focus on your tasks. So, if your inner voice is telling you to watch out from the 

possible cyber operations happening at your work, your entire business performances would decrease 

and you would easily get upset about anything you do. It can happen that you would sooner or later 

develop the scary emotions about your work and that’s something that should get prevented if possible. 

As there is the suggestion to many employers to invest into the cyber defense – we could add it’s 

significant to care about the staffs’ mental health and provide them the training how to cope with their 

anxiety level. The fact is some workforce would not be that brilliant in the cyberspace, so they would 

undoubtedly develop the waiting condition if they face on several cyber campaigns and lose some of their 

valuable data. In other words, these guys would be less confident with the company and they would 

easily get bullied by such skillful cybercrime actors. The waiting condition could get manifested with so 

obsessive thoughts and sometimes emotions about some event. If your mind is preoccupied with so 

many repeating thinking patterns about some pessimistic ideas – you would obviously get less effective 

regarding your usual routine. The cybercrime can occur at any time and any place and the experienced 

IT security professionals would sit in front of their screens and tackle those concerns applying so 

sophisticated cyber defense tools on. You should always get that in mind before you let your overobsessive 

fears taking control over your ratio. If you really cope with the insufficient IT skill – you could 

get annoyed with anything happening in the cyberspace. Your subconscious mind would accumulate so 

many doubts, questions and ugly memories and that’s why you would feel the frustration about any new 

working hour waiting for something bad to happen again and again. In other words, it’s quite clear that 



carefully prepared and conducted cyber operations could cause some kind of drama and trauma in the 

business arena. Even the most experienced IT security professionals are not fully immune to these 

scenarios as they need the huge concentration to take control over their irrational drives and let their 

rational thoughts get their place in their awareness. So, the question is what the chances of the common 

employee to handle all those are. Practically, any competitive employer would try to offer the suitable 

working conditions to all its staffs, but the bad guys simply must keep us in fear – so, if anyone wants to 

use anyone in the business sense, he should provide some kind of support to all about all unwanted and 

unpredictable situations and events coming on. 

Assumption #5. The traumatic syndrome is a manifestation of the negative emotions about some 

event, person or relation from the survived experiences. 

Explanation #5. Dealing with the crime scene could be the quite unpleasant experience. Even the law 

enforcement professionals tackling some crime in the physical environment could not be fully resilient to 

those insights. Apparently, they need to get developed the stress management skills at some level, but 

sometimes it’s so hard to cope with all the challenges of such a career. The cyberspace itself could also 

get correlated with the crime scene and indeed, so many high tech offenses have been committed there. 

The cyber defense specialists who would assure the digital devices being in the network would cope with 

some amount of the stress management capacities, but the common employees not being that familiar 

with the IT world would easily become the victims of the cybercrime and hacker’s attacks, so they could 

develop the quite inconvenient condition, so far. The traumatic syndromes are frequently linked with the 

victims of the crime and those persons could struggle about some survived experiences from their past 

getting correlated with the persons, events or relations on. The masterminds of the cybercrime and high 

tech terrorism are so dangerous guys providing so harmful strategies and tactics in order to make the 

psychological impact on their victims. In addition, these malicious actors would see the ordinary people 

as their targets and especially in the sense of the terrorism – there would be a lot of offenses that should 

push the victims into the crisis. The cybercrime groups would commonly work for the profit, but as the 

armed robbery could be the nightmare to anyone being present on the crime scene – the similar case is 

with the cybercrime victims. They could stay deeply frustrated about what happened in their virtual 

environment. On the other hand, the cyber terrorists are far more frightening for a reason they would try 

to conduct the cyber operation in order to shake someone’s confidence or leave so deep impact on his 

mental health condition. In other words, it’s not only about who would annoy whom – in the case of the 

terrorism, the bad guys would go far more beyond the typical bullying and they would literally attempt to 

intimidate their victims, so far. In such a case, the fear could go deeply into your bones and if you choose 

to attend your doctor, he could diagnose you with some traumatic syndrome. These sorts of attacks are 

happening every single day at so many places and it’s important to build on the adequate response 

techniques and methodologies to these kinds of crimes. The cyberspace is never safe enough and does 

not matter how hard the IT security professionals would work to assure all of us – the bad guys would 

always find the holes in the system to approach us. So, if we talk about the traumatic experiences, we 

could mention so obvious case of losing data and passing through so requiring procedure in order to 

prove that you have done something that day, but you remained without such an effort due to the hacker’s 

operations. In the business sector, we all would cope with some rules and follow the strict behavioral 

codex that would not let us getting so personal with our co-workers, so sometimes it’s so complicated 

explaining your boss that you have worked so hard to produce something and all of it just vanished in the 

sub-second period of time. The cybercrime investigation would probably find the clues for your story, but 



so many inexperienced staffs would not know that and they would pass through the real hell being so 

scared that no one would trust them or they could cope with some restrictions for not dealing with the 

enough evidence at that moment. So, in our opinion – such a situation could get prevented and the entire 

traumatic impact could get reduced if the employees would know how to handle such a case. For 

instance, it’s important to teach your staffs to respond so appropriately to that occurrence and it’s needed 

to suggest to everyone that there must exist the certain level of the trust amongst the team’s members. 

Well, if your heavy work has been destroyed in any sense while you were operating in the cyberspace, 

you are definitely the victim of the illegal activity and only that could be quite traumatic to your mental 

health state. In other words, it would seem that we are still on the search to the accurate responses to 

these occurrences, so at this stage, it’s crucial to understand that we need to protect our assets as well 

as people the best we can. 

Assumption #6. Cyber operations need skillful hackers. 

Explanation #6. Hacking is easy if you have someone’s IP address and the rest of the access details. 

There are so many professional tracking tools that could support you to track anyone’s accounts on. 

Simply the black market would get in possession of these effective applications and the bad guys would 

so massively exploit these gadgets. The reasons why the black market has become overwhelmed with 

such software is the never ending insider threat challenge. In other words, someone from the legal system 

would sell those products to the malicious actors not caring at all about the possible consequences to 

the community. Also, we would notice that there are a lot of email address hunting tools that could serve 

for discovering someone business account details and once you get someone’s email address you would 

not need his password as the professional security tool would give you the tracking permissions. In 

addition, if you are playing with someone’s email detail – it’s quite clear that you can easily conduct the 

phishing campaign that would offer you much more access information. So, once you get enough data 

to make a breach to someone’s device – you would be in position to expose the entire network and make 

some changes regarding those IT assets. The experience would show that the hackers are so skillful 

guys and they can do a lot in order to offer the access to any digital environment. Indeed, there are a 

plenty of the social engineering techniques that could get applied in order to threaten everything – 

including the both – physical and virtual security. If anyone believes being the hacker is easy task, he is 

purely mistaken. The practice would suggest that those guys are outstandingly intelligent and quite quick 

in the cyberspace. Maybe someone would formulate the strategy on what is needed to get done in sense 

of either psychological or profit making operations and those cyber criminals would just find the way to 

accomplish such a requirement. So, as it is quite well-known there is the entire black market on the 

Darknet that would offer you a plenty of services beginning with the narcotics distribution, over contract 

murder, until the rent-a-hacker services. In other words, anyone getting the capacity to make the strategy 

could pay to the member of the cybercrime underworld to conduct some cyber operation that could cope 

with the wide spectrum of feasible applications and usages. Some studies would show that those hacker’s 

groups would function as the enterprises that would get capable to make the billions of dollars per an 

annum. In other words, if the terrorists or any transnational crime groups make a decision to attack 

anyone in order to do some sort of intimidation or cyber warfare – they would rent so skillful professional 

hackers that would so smoothly deliver those campaigns. Apparently, so many cyber terrorists would 

have the capabilities to provide the cyber operations in order to intimidate as many people as they can 

and in such a case – it’s clear that even those bad guys could deal with the exceptional hacking skills. 



No threat is naive and the members of the cyber defense community should get aware of so before they 

run any kind of the counter-offensive operation on. 

Assumption #7. Some cyber campaigns could be prevented. 

Explanation #7. In the majority of cases, so many business assets worldwide would cope with quite poor 

cyber defense. The samples of well-equipped security operating centers are so rare and it would seem 

that the small enterprise area would still be unprotected branch of human activity. So many legal 

businesses would need the better IT skill to all their staffs including the entire management as only some 

of them could get assumed as knowledgeable in the field of emerging technologies. So, if they would 

cope with the stronger IT security capacities – they could prevent so many of the incoming cyber attacks 

and operations, so far. From such a point of view, it would appear that the cyber skill shortage is still so 

deep and the smart management should think hard how to improve all it can advance in order to avoid 

so serious incidents as we mentioned before. The majority of businesses on the marketplace are small 

or medium sized and it’s quite obvious even if they are the key pillar of any economy – they cannot handle 

such a challenging situation on their own. In other words, they need the support from the government 

agencies in order to get some instructions how to improve and strengthen their IT infrastructure. The 

need for the qualified IT security staffs is bigger than ever as we would cope with so hard time in the 

history that would bring us the real worries and concerns. On the other hand, the crime is mainly the 

international business and for such a reason the international collaboration between the defense and 

intelligence services is more than necessary at the present time. In addition, everyone with the vision 

would know that the present is only the moment and it’s needed to think about the coming days that 

would seek from us to develop so deep and trustworthy connections between the national, regional and 

international security agencies. Next, let’s return to the ordinary office belonging to some firm that would 

have its own IT network, but not enough qualified cyber employees at all. If we keep developing our story 

we would figure out that so many common people would not even know that there are the quite suitable 

IT security tools that can prevent us from so basic hacking campaigns. In other words, it would be useful 

to install some anti-malware software on your device in order to prevent your system from any malware 

being matched with your application’s database. Also, there are a plenty of options for the relatively safe 

website usages and those gadgets should get applied in order to offer to yourself the quite convenient 

internet experience. It would not cost you a lot, but it would serve some purpose! On the other hand, 

there is no absolute security and it’s only the matter of time and effort when some system would get 

broken. That’s why the majority of software would need the patches and updates at the periodical level 

and if we take all those into the consideration – we would realize once well-equipped with the gadgets 

and skills we can expect that some of the incoming cyber operations could get prevented or at least 

reported to the law enforcement officers who would find the methods to tackle such a concern. 

Assumption #8. Experienced IT security professionals should rely on skills, not irrationalities. 

Explanation #8. If your IT asset is often exposed to cyber attacks, it could be quite tricky even to the most 

experienced IT security staffs to cope with such a task. The IT defense needs the huge concentration 

and ability to think fast as well as cope with the brilliant linkage capacities. So, if you are not capable to 

correlate the stuffs quickly and accurately or in other words – if you do not have the great reflexes, you 

could be quite useless for the role of the IT security support. It’s about the good defense, right? As the 

other security officers would be good in shooting and accurately hit all the moving aims the IT security 



manager should get capable to terminate all the external connections trying to log to his network. In such 

a case, maybe you would not be the excellent target shooter, but you would definitely get recognized as 

the outstanding trouble shooter for the cyberspace. Sometimes the web traffic is so busy and there are 

so many breach attempts, so our troubleshooter should demonstrate the strong focus and good patient 

in order to remain calm and rationally resolve any trouble being active in the asset’s network. The fact is 

even the well-trained police officer carrying on the gun could lose the control over the situation and cope 

with some kind of irrationality, so it’s not surprisingly at all for the experienced IT security professional to 

lose the battle with his impatience and push aside all his skill and logical reasoning. That can happen 

even to the most experienced cyber staff and the secret of how to stay away from such a scenario is to 

practice your mind to remain concentrated even when the things are so hard. Sometimes the hackers 

could be so annoying and you can lose your temper getting the real cyber warfare with the bad guys. 

Does not matter how hard you try to terminate them from your IT infrastructure – they would persist and 

persist. The first things you would want to do in such a case is to send everything to the hell, but that 

would lead you nowhere. You need to remain with your workstation and continue combating against 

those annoying folks that would simply want you lose control over the entire situation. In so many cases, 

if you are protecting the critical infrastructure – you would know that there is no place for the mistake. 

You just must win that war! So, your mind needs to be in the peace and you need to rule over your 

irrationalities in order to make the rational, prompt and accurate decisions on. No space for any mistake! 

You know that and at latest you are paid to be flawless. On the other hand, if situation goes outside of 

the control – the responsibility could be yours, yours and only yours. You do not want that, right? 

Additionally, the IT security role would seek from you to be the good team player and if there is no 

accurate communications between the team’s members the bigger is change to the bad guys to obtain 

what they wanted to do. 

Assumption #9. It’s inconvenient losing your IT resources frequently. 

Explanation #9. The IT resources could be your data, software, operating system or the entire hardware 

devices. The trouble with the new generation cyber threats is that they could make your gadget getting 

broken or fully damaged. So, it’s not only about spending your time to fix your software irregularities – it’s 

more about losing your money for the entire IT infrastructure replacements. That’s so expensive and if 

it’s happening from time to time – you would figure out you would deal with the real financial losses. No 

organization would want that happens to so, right? That’s why there are some guidelines and 

recommendations to invest into the cyber defense within your facilities. So, the need for the competitive 

cyber security is so big and if you do not want to repair, re-install or replace all your resources and the 

other IT capacities – you should know how to prevent those occurrences even appear. Simply, it’s the 

stress to everyone in the organization to cope with such a loss and business discontinuity. There are 

some suggestions that some advanced persistent threats could make your hardware getting 

malfunctioned. The fact is there are so many malware that could break your processor’s unit and in such 

a case – there is no way to fix anything – you just need to throw everything into the rubbish and buy the 

new hardware configuration on. It’s so inconvenient, right? 

Assumption #10. Cyber operations could have a psychological effect. 

Explanation #10. The greatest fear to any business is not only to lose its sensitive information, but rather 

the entire IT infrastructure. In other words, if you cope with the fear about anything you could go under 



the psychological effect that could get used by the bad guys who would want you to give up from your 

routine and activities. It would get the sense of sabotage, right – and basically, that’s the case! The aim 

of any psychological operation is to disable its enemy and make it getting so powerless in front of the 

offenders. Next, if the people are dealing with the irrationalities, that could fully decrease their focus on 

the work and make them getting less productive and effective about their tasks. Finally, if you are preoccupied 

with the thoughts that everything could go to the waste with the only one your click – it’s 

seriously something that can push you into the deep mental health crisis and probably personal 

frustration. If only one team’s member feels bad about anything that condition could get reflected to the 

entire team and that’s something any competitive employer is scared about. So, cyber operations could 

cause such traumatic experiences and there is the realistic need to think hard how to overcome such a 

condition. Sooner we get how – better we would cope with the coming perspectives! 

Comments 

In this effort, we would provide a deep insight into the certain topic in order to explain some of its 

perspectives in more detail. In our opinion, such a review could be used as the starting point to the 

development of some security and safety procedures and policies. Also, it could help to the law 

enforcement and intelligence agencies to navigate some investigative process as well as create the law 

enforcement and intelligence knowledge bases. Next, this effort could support the forensic detectives 

and investigators in their need to clarify some aspects of their work. In addition, those could be the helpful 

updates to the law makers to cover on and respond to all the security challenges through the appropriate 

legal frameworks and regulations. In our belief, some suggestions to the best practice in the criminal 

justice environment have been made as well. Finally, this review would cope with some business ideas 

and it could serve as the encouragement to an emerging marketplace economy, so far. 


Milica D. Djekic is an Independent Researcher from Subotica, 

Republic of Serbia. She received her engineering background 

from the Faculty of Mechanical Engineering, University of 

Belgrade. She writes for some domestic and overseas presses 

and she is also the author of the book “The Internet of Things: 

Concept, Applications and Security” being published in 2017 

with the Lambert Academic Publishing. Milica is also a 

speaker with the BrightTALK expert’s channel. She is the 

member of an ASIS International since 2017 and contributor to 

the Australian Cyber Security Magazine since 2018. Milica's 

research efforts are recognized with Computer Emergency 

Response Team for the European Union (CERT-EU), Censys 

Press and EASA European Centre for Cybersecurity in 

Aviation (ECCSA). Her fields of interests are cyber defense, 

technology and business. Milica is a person with disability. 



Hackers Are the Future of Cybersecurity… 

By Keren Elazari , ASIS International 

Even before the age of the internet, you could always tell which young girls and boys were going to grow 

up to be engineers. They were the ones disassembling all the clocks, radios, and other electrical gadgets 

in their houses, vexing their parents. They were the ones building the earliest computers in their 

basements, with no other goal than to see if they could make the thing work – and then see if they could 

make it work faster. 

In the current technology era, you can identify many future cybersecurity experts in much the same way. 

They are the ones who are figuring out how to disrupt traditional systems, to slip unnoticed into networks 

or to create new pathways for information. In other words, they are hackers. 

Obviously not all hackers choose to use their craft for positive purposes. However, those who do provide 

a set of cybersecurity skills that are unmatched for their ability to solve problems, eliminate vulnerabilities, 

and prevent threats from becoming catastrophes. 

Keren Elazari understands this perspective much better than most. From a young age she saw herself 

as a hacker who uses her role to create better systems and improve outcomes. Throughout her career 

she has brought her hacker point of view to bear on strengthening network security for dozens of 

organizations, based on the premise that hackers can identify vulnerabilities and solve tech problems 

better than anyone else. 

Today, as a cyber security analyst, author, and researcher, Elazari has built an impressive roster of 

accomplishments. In her 2014 TED talk, "Hackers are the Immune System of the Internet", she shares 

her point of view about the vital necessity of working with hackers to build up the strongest possible cyber 



defenses. One of the most-watched TED talks on the subject, it helped shape the global conversation 

about the role of hackers and the evolution of cybersecurity in the information age. 

In September, Elazari will deliver a keynote address during a General Session at Global Security 

Exchange (GSX). This event brings together professionals from cyber, operational, and physical security 

– three disciplines which have merged to become inseparable. In her session, Elazari will present the 

hacker’s point of view in making a compelling case for why cybersecurity is now fundamental to our way 

of life. 

While hackers are typically thought of and depicted in the media as breaking into a network from a remote 

location, in fact the reality is quite different. Today, very often a network breach begins with a physical 

breach. Using social engineering, picking a lock, or otherwise breaking into a facility can be the fastest 

and easiest way for a cyber criminal to get easy access to the network. Once inside, they can steal a 

laptop or other device, or slip into a server room and simply plug in. 

For this reason, physical security has become more important than ever before. While this discipline has 

always been fundamental to protecting an organization and its people from workplace violence, theft, 

vandalism, and other risk, now it is also a critical cybersecurity measure. 

The opposite perspective is also true; a cyber breach can be the first step in engineering a physical breakin. 

Using a vulnerable entry point – which in the IoT world could be a Wi-Fi camera or something as 

esoteric as a smart fish tank or a gas pump – criminals can disarm alarm systems and electronic locks, 

making it easy to walk into a facility and commit theft or other crimes. Worse, all these IoT devices can 

be hijacked to become digital assets in wide-scale criminal activity. 

ASIS International, who produces GSX, has been a pioneer in recognizing the merging of physical and 

cybersecurity. Bringing speakers like Keren Elazari to the forefront each year has helped both physical 

security professionals and cybersecurity experts better understand how neither can properly function 

without the other. It is the responsibility of every citizen, consumer, and business owner to ensure that 

correct security protocols are in place at all times. As every hacker knows, it takes only the slightest crack 

in the cyber armor to enable a devastating attack. Read more details about Elazari’s GSX session as 

well as other cybersecurity education and training available at GSX.org/CDM_Hacker. 



Cyber Crimes Will Increase with Shift to Teleworking 

By Andy Sauer, Director of Cybersecurity, Steel Root 

With the sudden shift to work-from-home operations, businesses are now forced to deal with increased 

activity from both independent and nation-state cyber criminals. Unfortunately, malicious actors view any 

potential security weakness as an opportunity to access and steal your data. In fact, according to this 

story from The Hill, The Cybersecurity and Infrastructure Security Agency (CISA), the Department of 

Homeland Security’s cyber agency, recently issued an alert “pointing to specific cyber vulnerabilities 

around working from home versus the office. CISA zeroes in on potential cyberattacks on virtual private 

networks (VPNs), which enable employees to access an organization’s files remotely.” 

With entire companies teleworking from home, security can be compromised; companies need to be 

more vigilant and implement new processes and procedures to ensure that cybercriminals are not 

successful. 

Why the increased threat? There are a number of reasons why the sudden move to a remote workforce 

can lead to cybersecurity breaches. These include: 

• Behavioral changes: Working off site, employees tend to be more relaxed and more likely to let 

their guard down – perhaps even answering emails designed to provide data access to hackers. 

Also, with stress levels increased, staff might be more inclined to be reactive and less strategic in 

their actions. Malicious actors typically apply high pressure and quick turnaround. 

• Situational changes: Working in disparate locations, security instructions and access rules can 

fall through the cracks. This can result in less stringent oversight of transactions and other key 

workflows. 

• Technological changes: Suddenly companies are forced to extend their firewalls beyond the 

physical boundaries of their office. Company systems are being accessed from a wide range of 

devices, even personal devices. These changes can lead to compromise, data sprawl and other 

challenges. 



What businesses can do. There are practices companies can adopt to shore up their cybersecurity to 

prevent potential attacks and data breaches. Here are a few things companies can and should do. 

• Organize your response to this crisis in advance of a problem. Get communication, incident 

response and business continuity plans in place, and share with all personnel. 

• Adapt and set organizational expectations and rules of engagement for communications. 

• Make sure you have a Disaster Recovery plan, with Backup and Restore of all systems. Test your 

recovery plan regularly. 

• Establish approvals for key workflows, such as transactions or security permissions – and ensure 

that you have a process for verifying these critical activities (ex. wiring money). 

• Prioritize the use of multifactor authentication or other conditional rules for accessing company 

systems remotely. 

• Make sure your employees are only using approved devices to access company data – set strict 

guidelines for the use of personal devices. 

• Check to see that you are appropriately licensed – some VPN solutions will not allow users over 

the maximum license count. 

• Ensure your now critical remote access infrastructure is monitored and patched regularly. 

• Business must go on. Workflows must continue. Make sure you have the tools and infrastructure 

in place to support normal working conditions remotely. 

• With what may be months away from the office and from each other, keeping your teams engaged 

could become a challenge. As someone who generally works remotely, I recommend you use 

video liberally, even for quick conversations. This usually results in consistent engagement. 

• Enlist the assistance of your IT/security team/outsourced providers to support your business 

through this temporary but substantial change. 

There are actions every company can and should take to safeguard their systems and data in the new 

business landscape. When you plan for cyber criminals to give it their worst, you’ll be better prepared to 

survive, maintain connectivity and security, and even thrive during this time of disparate home offices 

and telework. 


Andy Sauer is Director of Cybersecurity at Steel Root in Salem, MA. In this 

role, he specializes in helping defense and federal contractors meet their 

compliance obligations and build their cybersecurity capability to meet the 

modern threat landscape head-on. Prior to joining Steel Root, Andy 

managed IT operations and cybersecurity in the defense industry, internally 

and as a consultant. He currently holds the following certifications: CISSP 

(Certified Information Systems Security Professional) from ISC2 and a 

CISM (Certified Information Security Manager) from ISACA. 



Cyber Attacks at Sea: Blinding Warships. 

Are GPS completely vulnerable to cyberattacks? 

By Julien Chesaux, Cyber Security Consultant, Kudelski Security 

Who Controls the Sea, Controls the World 

The annual multilateral exercise between the U.S. and Thai army, named “Cobra Gold” 14 sees the 

deployment of the latest navy warships as a proof of military domination in a contested region and 

reminds us the fragility of technologies at sea as a chain of incidents demonstrated in 2017. 

The world’s oceans can be beautiful and awe-inspiring, but also very dangerous. Most importantly, they 

are strategic for the global economy and, consequently, countries compete to control them. Statistics 

reveal the high value of the high seas: 70% of the globe is covered by water and over 90% of the world’s 

trade is carried by sea. Moreover, the global merchant fleet totals 50,000 ships that move 9 billion tons 

of merchandise annually, representing a turnover of $2,000 billion. 15 

Human history is punctuated with many regional or global exchanges that happened through decisive 

battles at sea. The battle of Salamin saw the Athenians saving the concept of democracy against the 

14 

WILLIAMS Zachary. “Cobra Gold 2020: America’s Strategic Shift in Southeast Asia”, The Diplomat, Mar 6, 2020 

https://thediplomat.com/2020/03/cobra-gold-2020-americas-strategic-shift-in-southeast-asia/ 

15 

Sea Europe. “2017 Market Forecast Report”, Sea Europe, 2016 

https://maritimetechnology.nl/media/2017-Market-Forecast-Report-finaal.pdf 



Persians. The battle of Actium allowed the Roman Republic to become an Empire. The battle of Trafalgar 

destroyed Napoleon’s aspiration to invade Britain. 

At the beginning of the 20 th century, in 1905, the battle of Tsushima humiliated the Russian Empire and 

opened the pathway for an Imperial Japan. During WWI, the battle of Jutland contained the Imperial 

German Navy and WWII witnessed the battle of Midway that established the U.S. as the new navy 

superpower after the destruction of Japanese’s aircraft carriers fleet in the Pacific. More recently, the 

Crimea annexation by Russia was, even if triggered by different causes, a geopolitical move to avoid the 

loss of access to the Mediterranean Sea. 

The current hawkish posture and the “gunboat diplomacy” followed by China is not a surprise regarding 

its ambitions to play a greater global leadership role, to protect its shores where most of its economic 

activity occurs (its “strategic belt”), and to defend its natural resources and sea lines to supply them from 

the South and East China Seas (represented by the Nine-Dash) to the Indian Ocean (currently projected 

as the “String of Pearls” 16 ). 

A Global Rivalry with Multiple Bottlenecks 

Because globalization increases global trade, sea roads are busy and multiple bottlenecks are under the 

spotlight, including many straits and canals. For instance, the Strait of Malacca represents 40 % of global 

trade, 50% of energy trade, and is indispensable for regional hegemons like China and Japan. 

Another geostrategic path is the Strait of Hormuz, between Oman and Iran, through which all the Gulf oil 

trade moves. In this region, the U.S. Navy is face-to-face with the Iranian one. The USS Harry S. Truman 

aircraft carrier is presently deployed in the Arabian Sea (near Oman) as part of the U.S. 5 th fleet, which 

covers the Middle East, a crucial region for the U.S. as 18% of its imported oil comes from the Persian 

Gulf countries. 17 In 1967, the blockade of the Strait of Tiran by Egypt was used as casus belli by Israel 

and started the Six-Day War. Indeed, the Strait is the only way to leave the Gulf of Aqaba and gain access 

to Iran’s oil. Other important passages such as the Bab El-Mandab Strait, the Danish Straits, or the 

Bosporus are well-known narrow gullies. 

Canals are equally critical for international trade, especially the Suez and the Panama ones. The former 

was the theater of a war in 1956 between Egypt and a French, British and Israeli alliance (encompassed 

in the secretive Protocol of Sèvres) to regain control after being nationalized by the infamous Egyptian 

President Nasser. The latter, under U.S. control for almost 100 years, was retroceded to Panama and 

recently enlarged to accommodate the new bigger ships and ensure revenue to Panama as it represents 

5.5 % of its GDP. 

16 

HUGHES Lindsay. “String of Pearls Redux: Increased Concern for India”, Future Directions International, Nov 13, 2018 

http://www.futuredirections.org.au/publication/string-of-pearls-redux-increased-concern-for-india/ 

17 

U.S. Energy Information Administration (EIA). “How much petroleum the United States import and export?”, EIA, Apr 4, 2017 

https://www.eia.gov/tools/faqs/faq.php?id=727&t=6 



The Art of Hacking Navigation Systems 

In 2017, some incidents at sea have sparked interrogations as hundreds of South Korean fishing vessels 

returned earlier to port after their GPS (Global Positioning System) signals were jammed, allegedly by 

North Korean hackers. 18 Later this year, a ship in the Black Sea reported to the U.S. Coast Guard 

Navigation Center that its GPS system had been disrupted and that over 20 ships in the same area had 

been similarly affected. 19 In Asian waters, deadly collisions happened twice in two months; In June 2017, 

the USS Fitzgerald was struck by a container ship off the coast of Japan, killing 7 sailors. Later during 

the year, an oil tanker smashed the USS John S. McCain near Malaysian coast and 10 sailors died. 20 

There were also two other lesser-known incidents in 2017: in January, the USS Antietam ran aground 

near its base in Japan and in May the USS Lake Champlain collided with a South Korean fishing vessel. 21 

Consequently, Vice Admiral Joseph Aucoin was relieved of his duty as commander of the U.S. 7 th Fleet, 

the largest forward-deployed U.S. fleet based in Japan and covering Asia. 22 

The causes of all these incidents are not clear. Some experts blame the weather, the heavily reliance on 

technology, the feeble signal of GPS, cyberattacks, the diminution of crew members or the high pace of 

deployment lacking training and maintenance. Regarding the number of incidents in a less-than-one-year 

period and the highly disputed regions where incidents happened (South East Asia and East Asia), the 

theory of a deliberated influence on navigation systems through cyberattacks is legitimate, especially 

when the navigation system used is analyzed. 

Ships orientate themselves through Global Navigation Satellite System (GNSS) with many countries 

using their own: GPS for the U.S., GLONASS for Russia, GALILEO for the E.U., QZSS for Japan, BeiDou 

for China, and NAVIC for India. Although precise to a few meters, this technology is not highly secure 

because the message is feeble and can be hacked. The same year of these incidents, a security 

researcher based in France was able to enter the satellite communications system of a ship: Through 

Shodan, a specific search engine that can reveal connected devices, and by entering a simple username 

(admin) and password (1234), he accessed the communication center of a commercial ship and posted 

his performance on Twitter: “I’m connected to a mother****ing ship as admin right now. Hacking ships is 

easy”. 23 

18 

SAUL Jonathan. “Cyber threats prompt return of radio for ship navigation”, Reuters, Aug 7, 2017 

https://in.reuters.com/article/us-shipping-gps-cyber-idINKBN1AN0HT 

19 

Ibid. 

20 

FIFIELD Anna. “Bodies of all 10 sailors missing on USS John S. McCain have been recovered”, The Washington Post, Aug 27, 2017 

https://www.washingtonpost.com/world/bodies-of-all-10-sailors-missing-on-uss-john-s-mccain-have-been-recovered/2017/08/27/a2af6c4a-8b8c-11e7- 

a2b0-e68cbf0b1f19_story.html 

21 

BARANIUK Chris. “Why it’s not surprising that ship collisions still happen”, BBC, Aug 22, 2017 

http://www.bbc.com/future/story/20170822-why-its-not-surprising-that-ship-collisions-still-happen 

22 

AFP. “U.S. Warship Collisions Raise Cyberattack Fears”, Security Week, Aug 23, 2017 

http://www.securityweek.com/us-warship-collisions-raise-cyberattack-fears 

23 

CHAMBERS Sam. “Ship’s satellite communication system hacked with ease”, Splash 24/7, Jul 19, 2017 

http://splash247.com/ships-satellite-communication-system-hacked-ease/ 



New Alternatives 

To prevent this over-dependency on GNSS for Positioning, Navigation and Timing (PNT), some states 

are developing alternatives that rely on radio frequency, an old technology used since WWII. One of 

these systems is called eLoran (Enhanced LOnge-RAnge Navigation) and although it is less accurate, 

regional, and only two-dimensional, it offers a powerful signal that deters jamming or spoofing. 24 The cost 

and the political inertia thwarted this technology, but this is likely to change given these events. South 

Korea is currently testing this technology and Russia is developing its own eLoran named eChayka. 25 In 

the U.S., the Director of National Intelligence told a Senate committee that the global threat of electronic 

warfare attacks against space systems would rise in coming years and the U.S. Navy launched a Hack- 

Our-Ship event to assess cyber threats at sea, such as hacking a complex system software system 

simulating the ones used to control the U.S. Navy fleets. 26,27 

Military and Economic Implications 

In network-centric warfare, the military relies on information gathering to Observe, Orient, Decide, Act 

(the OODA loop) and GNSS are part of the tools to collect it. In the battlefield, it is the capacity to make 

the right decision as quickly as possible, and most specifically quicker than your enemy, that makes the 

difference between victory/life or defeat/death. Therefore, an army relying too much on one technology 

could be “blinded” during a conflict and unable to allocate forces efficiently. 

Following 19 th Century American Navy Strategist Alfred T. Mahan, the U.S. developed a great power 

projection capability after WWII that enables it to rapidly deploy military means to defend any interest 

whether political, economic, military or humanitarian. Power projection is a mix of hard and soft power, 

depending on the situation. This approach is materialized by aircraft carriers and the separation of fleets 

allocated to specific regions of the globe (7 for the U.S. Navy). 

Aircraft carriers are not travelling the sea alone and an entire structure of ships and submarines escort 

them, known as a carrier strike group (CSG), with a total crew of more than 7,500. 28 The total acquisition 

cost of a CSG exceeds $25 billion, an air wing (the aircrafts on the aircraft carrier) another $10 billion and 

estimated annual operating costs are around $1 billion. 29 Currently, the U.S. has 10 Nimitz-class nuclear- 

24 



25 

DUNN John E. “Cyberattacks on GPS leave ships sailing in dangerous waters”, Naked Security, Aug 7, 2017 

https://nakedsecurity.sophos.com/2017/08/07/cyberattacks-on-gps-leave-ships-sailing-in-dangerous-waters/ 

26 



27 

OWENS Katherine. “Navy conducts ‘Hack-Our-Ship’ cybersecurity event”, Defense Systems, Mar 13, 2017 

https://defensesystems.com/articles/2017/03/13/hacknavy.aspx 

28 

WISE David W. “The U.S. Navy’s Big Mistake – Building Tons of Supercarriers”, War Is Boring, Dec 25, 2016 

https://warisboring.com/the-u-s-navys-big-mistake-building-tons-of-supercarriers/ 

29 

Ibid. 



powered supercarriers. Therefore, a major cyberattack on navigation systems, for example, could 

paralyze an entire CSG and considerably diminish the U.S. ability to maneuver. 

On the economic side, the world’s largest container ship and supply vessel company, Moller-Maersk, 

suffered from the wiper malware attack named NotPetya and the company reported a loss between USD 

200-300 million for Q3 2017. 30 More specifically, navigation systems such as the Electronic Chart Display 

(ECDIS) are very vulnerable and have also been hit with different attacks being reported in Asia. 

According to the maritime technical lead at cyber security firm NCC Group, "Ecdis systems pretty much 

never have anti-virus". 31 

Pyongyang Hackers are Smart 

Both of the military vessels involved in collisions, the USS Fitzgerald and the USS John S. McCain, are 

guided missile destroyers equipped with the Aegis Ballistic Missile Defense System (BMDS), which is a 

system allowing the interception of an ICBM (Intercontinental Ballistic Missile), the ones that are currently 

being tested by North Korea and usually equipped with one or multiple nuclear warheads. An ICBM has 

four phases: boost, post-boost/ascent, midcourse and terminal (reentry in the atmosphere). The Aegis 

BMDS aims at destroying an ICBM during the post-boost/ascent phase (before the missile leaves earth’s 

atmosphere). 

The Lazarus hacking group, famous for the Sony breach in 2014 and allegedly linked to North Korea, 

targets individuals associated with U.S. defense contractors with the same tools and tactics of the Sony 

breach. This time, the phishing emails display fake job listings and companies’ internal policies. 32 Some 

jobs listed were for the US (Terminal High Altitude Area Defense) THAAD system, which is a BMDS and 

intercept an ICBM in its terminal phase (after the missile re-enters in the atmosphere). 

Therefore, if the four U.S. Navy collisions in Asian waters are due to a cyberattack, the explanation could 

be that the North Korean government is attempting to infiltrate the U.S. military system to be able to 

collect information on the full spectrum of BMDS and, at best, disrupt the defense systems against its 

ICBM. On the diplomatic side, it could be a strong message sent to the US and its Asian allies assuring 

them that Pyongyang has serious capabilities and that it would be better to negotiate with it than escalate 

tensions. 

This strategy is part of a general trend in APT (Advanced Persistent Threats), long-term targeted specific 

cyberattacks mixing a combination of social engineering, cyberweapons, and vectors to get inside 

networks, instead of hacking directly the big fish such as the Department of Defense or a big player in 

weapons (Aegis, Boeing, Lockheed Martin, etc.), hackers will target a third party working for these targets. 

30 

MIMOSO Michael. “MAERSK Shipping Reports $300M Loss Stemming from NotPetya Attack”, Threatpost, Aug 16, 2017 

https://threatpost.com/maersk-shipping-reports-300m-loss-stemming-from-notpetya-attack/127477/ 

31 

BARANIUK Chris. “How hackers are targeting the shipping industry”, BBC, Aug 18, 2017 

http://www.bbc.com/news/technology-40685821 

32 

BARTH Bradley. “Lazarus Group tied to new phishing campaign targeting defense industry workers”, SC Media, Aug 14, 2017 

https://www.scmagazine.com/lazarus-group-tied-to-new-phishing-campaign-targeting-defense-industry-workers/article/681701/ 



Indeed, their cybersecurity posture will be lower than a critical administration or company with 

technologies and processes in places regarding cyberdefense, and with aware employees towards 

phishing campaigns. 

Future Tensions at Sea 

Among many strategic hotspots, the most sensitive ones are currently the Indian Ocean, the South and 

East China Seas, and, for the foreseeable future, the Artic. 

The Indian Ocean is now a space of geopolitical criticality from a maritime perspective, especially now 

that the U.S. wants to improve its relations with New Delhi to counterbalance Beijing’s aspirations in the 

context of the BRI (Belt and Road Initiative). China is determined to change the status quo in this region 

and is investing in ports (i.e. the String of Pearls) to control the flow of merchandise along sea lines from 

China to the Middle East and Africa. 

Indeed, these sea lines through the Indian Ocean are vital for China’s oil imports, as about 40% comes 

through the Strait of Hormuz and over 80% through the Malacca Strait. 33 Thus, the rationale of shifting 

from a land-based armed force to a sea-based one is to defend these interests at sea and protect China 

as a regional hegemon. Hence, the people’s liberation army is building aircraft carriers, submarines, 

patrol vessels, and has put in place an A2/AD (Anti Access/Area Denial) tactic with investments on shorebased 

anti-ship missiles. Ultimately, China wants to push the U.S. behind its second island chains (at the 

east side of the Philippine Sea). 

As pointed out by The Economist, the Asia Pacific is the trade region of the future: Eight out of the world’s 

ten busiest container ports are there. Two-thirds of the world’s oil shipments travel across the Indian 

Ocean. Almost 30% of maritime trade goes across the South China Sea; it accounts for over 10% of 

world fisheries production and is thought to have oil and natural-gas deposits beneath its seabed. 34 

Another strategic hotspot will emerge northward: the Arctic. Within decades, the ice melting phenomenon 

will open shipping lanes, allowing vessels like Russia’s first ice class LNG (Liquefied Natural Gas) tanker 

to travel through the region. It will also increase disputes for the access to resources and to preserve its 

fragile ecosystem. 35 

Like in Rudyard Kipling’s novel “Kim” where he made popular the great game at stake between the British 

and Russian empires to control Central Asia in the 19 th Century, the new great game is now between the 

US and China for the control of all Asia. This rivalry will encompass the use and leverage of sea power 

as naval strategist Alfred T. Mahan put in perspective in “The Influence of Sea Power Upon History” as 

33 

The Economist. “Who rules the waves?”, The Economist, Oct 17, 2015 

https://www.economist.com/news/international/21674648-china-no-longer-accepts-america-should-be-asia-pacifics-dominant-naval-power-who-rules 

34 

The Economist. “Who rules the waves?”, The Economist, Oct 17, 2015 

https://www.economist.com/news/international/21674648-china-no-longer-accepts-america-should-be-asia-pacifics-dominant-naval-power-who-rules 

35 

Author interviews. “‘Stavridis’ Book ‘Sea Power’ Explains Why Oceans Matter in Global Politics”, NPR, Jun 6, 2017 

http://www.npr.org/2017/06/06/531701056/stavridis-book-sea-power-explains-why-oceans-matter-in-global-politics 



national prosperity and power depend on the control of world's sea-lanes, thus: "Whoever rules the waves 

rules the world". 36 


Julien Chesaux is a Cyber Security Consultant at Kudelski Security, a 

Swiss and American cyber security company. Julien mainly works on 

cyber security, information security and geopolitics analysis in order 

to help clients to find solutions regarding their threats. He is also a 

speaker and writer for different think tanks, journals and events. He 

has worked in diplomacy and cyber security for 10 years in 

Switzerland, Australia, the Balkans and France. His main research 

interests are Global Security, Cyber Geopolitics, and International 

Affairs. 

LinkedIn profile: www.linkedin.com/in/julien-chesaux-65279456 

You can reach me at julien.chesaux@gmail.com 

36 

MAHAN Alfred Thayer, “The Influence of Sea Power upon History: 1660-1783” Little, Brown and Company, Boston, 1890 































Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS 

“Amazing Keynote” 

“Best Speaker on the Hacking Stage” 

“Most Entertaining and Engaging” 

Gary has been keynoting cyber security events throughout the year. He’s also been a 

moderator, a panelist and has numerous upcoming events throughout the year. 

If you are looking for a cybersecurity expert who can make the difference from a nice event to 

a stellar conference, look no further email marketing@cyberdefensemagazine.com 



You asked, and it’s finally here…we’ve launched CyberDefense.TV 

At least a dozen exceptional interviews rolling out each month starting this summer… 

Market leaders, innovators, CEO hot seat interviews and much more. 

A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine. 



Free Monthly Cyber Defense eMagazine Via Email 

Enjoy our monthly electronic editions of our Magazines for FREE. 

This magazine is by and for ethical information security professionals with a twist on innovative consumer 

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our 

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best 

ideas, products and services in the information technology industry. Our monthly Cyber Defense e- 

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare 

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of 

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here 

to sign up today and within moments, you’ll receive your first email from us with an archive of our 

newsletters along with this month’s newsletter. 

By signing up, you’ll always be in the loop with CDM. 

Copyright (C) 2020, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. 

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a 

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com, 

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability 

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465, 

Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS# 

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com 

All rights reserved worldwide. Copyright © 2020, Cyber Defense Magazine. All rights reserved. No part of this 

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, 

recording, taping or by any information storage retrieval system without the written permission of the publisher 

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of 

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may 

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect 

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content 

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at 



276 Fifth Avenue, Suite 704, New York, NY 1000 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 


www.cyberdefensemagazine.com 

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA) 

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 06/01/2020 



TRILLIONS ARE AT STAKE 

No 1 INTERNATIONAL BESTSELLER IN FOUR CATEGORIES 

Released: 

https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH 

In Development: 





8 Years in The Making… 

Thank You to our Loyal Subscribers! 

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know 

What You Think. It's mobile and tablet friendly and superfast. We hope you 

like it. In addition, we're shooting for 7x24x365 uptime as we continue to 

scale with improved Web App Firewalls, Content Deliver Networks (CDNs) 

around the Globe, Faster and More Secure DNS 

and CyberDefenseMagazineBackup.com up and running as an array of live 

mirror sites. 

Millions of monthly readers and new platforms coming… 













i 

https://www.beazley.com/documents/TMB/Factsheets/beazley-bbr-ransomware-factsheet-us.pdf 

ii 

https://www.healthcareitnews.com/news/malware-hits-medical-devices-18-percent-healthcare-orgs-last-year 

iii 

https://www.legacyhealth.org/our-legacy/stay-connected/newsroom/notice-of-email-phishing-incident.aspx 

iv 

https://cofense.com/state-of-phishing-defense-2018/ 

v 

https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf 

vi 

https://www.wsj.com/articles/five-charged-of-conspiring-to-steal-trade-secrets-from-glaxosmithkline-1453333452 

vii 

https://securityboulevard.com/2018/03/employees-are-biggest-threat-to-healthcare-data-security/ 

viii 

https://www.bankinfosecurity.com/misconfiguration-leads-to-major-health-data-breach-a-12042 

ix 

https://dzone.com/articles/addressing-security-issues-in-connected-healthcare 

x 

https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases

Cyber Defense eMagazine June 2020 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?