Cyber Defense eMagazine November 2020 Edition

4 Reasons Why Cyber Security Is 

Important in Your Business 

Changing Cybersecurity Culture One Habit 

at A Time 

Ransomware Is Evolving 

Data Migration Security 

…and much more… 

Cyber Defense eMagazine – November 2020 Edition 1 

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.

CONTENTS 

Welcome to CDM’s November 2020 Issue ---------------------------------------------------------------------------------------- 7 

4 Reasons Why Cyber Security Is Important in Your Business --------------------------------------------------- 21 

By Gabe Nelson, Content Specialist, Bonus.ly 

Changing Cybersecurity Culture One Habit at A Time ------------------------------------------------------------- 26 

By George Finney, Chief Security Officer for Southern Methodist University and Author of Well Aware: 

Master the Nine Cybersecurity Habits to Protect Your Future 

In the Midst of the Pandemic, Cybersecurity Professionals Show an Uptick in Job, Salary Satisfaction 

Despite High Stress Levels ------------------------------------------------------------------------------------------------ 29 

By Samantha Humphries, security strategist, Exabeam 

3 Educational Cyber Security Steps for The Protection of Your Personal Data ------------------------------ 34 

By Ankit Rajpurohit 

Why Cybersecurity Awareness is More Important During COVID-19 ------------------------------------------ 39 

By Susan Alexandra, Contributing Writer 

Ransomware Is Evolving--------------------------------------------------------------------------------------------------- 42 

By Jeff Warren, General Manager, Products, Stealthbits Technologies, Inc. 

How COVID Tests the Resilience of Your Cloud Data Infrastructure -------------------------------------------- 46 

By Noah Johnson, Co-founder & CTO, Dasera 

The Impact of Ransomware on Cloud Services and How to Stop Attacks ------------------------------------- 50 

By Davit Asatryan, Product Manager, Spin Technology 

Perfecting Your Cybersecurity Sales Process ------------------------------------------------------------------------- 53 

by Katie Teitler, Senior Analyst, TAG Cyber 

Data Migration Security --------------------------------------------------------------------------------------------------- 58 

By Devin Partida, Cybersecurity Writer, ReHack Magazine 

Has Your Data Been Leaked to the Dark Web? ---------------------------------------------------------------------- 61 

By Randy Reiter CEO of Don’t Be Breached 

No Meows Is Good News: Proactive Nosql Database Security in The Era of Meow Attacks ------------- 64 

By Jack Harper, Director of Professional Services at Couchbase 



Takeaway from the SANS Institute Attack: Without Proper Care, “Consent Phishing” Can Happen to 

Anyone ------------------------------------------------------------------------------------------------------------------------- 68 

By Chloé Messdaghi, VP of Strategy, Point3 Security 

Behind the Scenes of AppSec’s Misalignment------------------------------------------------------------------------ 71 

By John Worrall, CEO at ZeroNorth 

Emotet Attacks Surge in 2020, but Could Be Prevented ----------------------------------------------------------- 74 

By Dan Piazza, Technical Product Manager, Stealthbits Technologies, Inc. 

Zero Trust Model Is Meaningless Without TLS Inspection -------------------------------------------------------- 77 

By Babur Khan, Technical Marketing Engineer at A10 Networks 

Automated Pentesting – Ready to Replace Humans? ------------------------------------------------------------- 81 

By Alex Haynes, CISO, CDL 

Mitigating the Pitfalls of Onedrive Security -------------------------------------------------------------------------- 84 

By Veniamin Simonov, Director of Product Management, at NAKIVO Inc. 

Emerging Technologies Create A New Line of Defense in The Fight Against Fraud ------------------------ 87 

By Brett Beranek, Vice President and General Manager, Security and Biometrics, Nuance Communications 

How to Adapt Financial Services to The Online Space Securely – And Still Sleep at Night --------------- 90 

By Robert Capps, VP of Marketplace, NuData, a Mastercard Company 

Cybersecurity Best Practices for End Users --------------------------------------------------------------------------- 94 

By Jay Ryerse, CISSP, Vice President of Cybersecurity Initiatives, ConnectWise 

The One-Stop Spear Phishing Defense Guide You Will Ever Need ---------------------------------------------- 98 

By Jeff Penner, Senior Manager at ActiveCo Technology Management. 

The Serverless Security Machine -------------------------------------------------------------------------------------- 102 

By Art Sturdevant, Director of Operations, Censys 

Unlocking the Promise of Packet Capture -------------------------------------------------------------------------- 105 

By Kathryn Ash, President, IPCopper, Inc. 

Intelligent Protection Against DNS DDoS Attacks is Critical Part of Cybersecurity Architecture ------ 108 

By Ashraf Sheet, Regional Director, Middle East & Africa at Infoblox 

NCSAM Provided an Opportunity to Reset Our Approach to Cybersecurity -------------------------------- 111 

By Sam Humphries, Security Strategist, Exabeam 

How Blockchain Is Helping Stop the Spread of COVID-19 ------------------------------------------------------- 116 



By Robert Galarza, CEO, TruTrace Technologies 

Patched Minimizes Risk - But Opens the Door for Compatibility Problems -------------------------------- 119 

By Egon Rinderer, Global Vice President of Technology & Federal CTO, Tanium 

For Federal Agencies, Securing Internet of Things Devices Is A Growing Challenge --------------------- 123 

By Katherine Gronberg, Vice President of Government Affairs, Forescout 

Nations—Not Individuals—Are After Your IP ---------------------------------------------------------------------- 126 

By Ryan Benner, Anexinet 

Video Intercom Systems Reinvent Building Security ------------------------------------------------------------- 130 

By Melvin Braide, Content Writer 



@MILIEFSKY 

From the 

Publisher… 

New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com 

Dear Friends, 

Viewing, as I do on a regular basis, both public reports and other resources on developing trends in cybersecurity, 

I see continued focus on the effects of and responses related to COVID-19. 

I’d like to reiterate my observation from last month: “As the months go by with no apparent resolution of the 

COVID-19 impact on business, employment, and our economy in general, the importance of cybersecurity 

continues to grow in every sector.” 

As demonstrated by the articles we publish in Cyber Defense Magazine for November, the authors and their 

organizations continue to address cybersecurity implications at all levels. 

In the main, this is good news for our readers, as we are fortunate to receive for publication the best thinking and 

guidance from the best cybersecurity professionals in the field today. The effects of COVID-19 on nearly all 

enterprises which depend on cyberspace for their operations are growing. The actionable intelligence Cyber 

Defense Magazine provides is the first and best means of meeting these challenges. 

On that note, we are looking for infosec innovators who are one step ahead of the next threat, so we’ve opened 

up our 9 th annual Global InfoSec Awards for 2021, this month. Nominations at www.cyberdefenseawards.com. 

In addition to the relevant articles in the November issue, we are pleased to continue providing the powerful 

combination of monthly eMagazines, daily updates, and features on the Cyber Defense Magazine home page, and 

webinars featuring national and international experts on topics of current interest. 

Warmest regards, 

Gary S. Miliefsky 

Gary S.Miliefsky, CISSP®, fmDHS 

CEO, Cyber Defense Media Group 

Publisher, Cyber Defense Magazine 

P.S. When you share a story or an article or information about 

CDM, please use #CDM and @CyberDefenseMag and 

@Miliefsky – it helps spread the word about our free resources 

even more quickly 



@CYBERDEFENSEMAG 

CYBER DEFENSE eMAGAZINE 

Published monthly by the team at Cyber Defense Media Group and 

distributed electronically via opt-in Email, HTML, PDF and Online 

Flipbook formats. 

PRESIDENT & CO-FOUNDER 

Stevin Miliefsky 

stevinv@cyberdefensemagazine.com 

InfoSec Knowledge is Power. We will 

always strive to provide the latest, most 

up to date FREE InfoSec information. 

From the International 

Editor-in-Chief… 

From the international perspective, we can see growth and 

deepening of the challenges we face in this time of the novel 

Coronavirus. 

Although there do not appear to be reliable statistics on the 

correlation between national reports on newly diagnosed COVID- 

19 cases and the adverse influence on the economic sector, 

common sense tells us that such a relationship must exist. 

Social distancing and isolation, whether voluntary or mandated, 

continue to impact both financial and emotional wellbeing of 

national and international populations. 

In that context, we can but hope that in our world of cybersecurity 

and privacy, there may be room for both national and global 

interests. 

While we don’t formally take positions for or against individual 

national policies, we can only encourage cooperation and 

compatibility among nations on cybersecurity and privacy matters. 

Let me re-post my query from last month: “Hypothetically: What if 

there were a vaccine against cyber exploits? Would it be shared 

among nations? Could our hope for positive results overcome our 

fear of national competitive disadvantage?” 

I’d still like to think so. 

To our faithful readers, we thank you, 

Pierluigi Paganini 

International Editor-in-Chief 

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER 

Pierluigi Paganini, CEH 

Pierluigi.paganini@cyberdefensemagazine.com 

US EDITOR-IN-CHIEF 

Yan Ross, JD 

Yan.Ross@cyberdefensemediagroup.com 

ADVERTISING 

Marketing Team 

marketing@cyberdefensemagazine.com 

CONTACT US: 

Cyber Defense Magazine 

Toll Free: 1-833-844-9468 

International: +1-603-280-4451 

SKYPE: cyber.defense 

http://www.cyberdefensemagazine.com 

Copyright © 2020, Cyber Defense Magazine, a division of 

CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a) 

276 Fifth Avenue, Suite 704, New York, NY 10001 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 

PUBLISHER 

Gary S. Miliefsky, CISSP® 

Learn more about our founder & publisher at: 

http://www.cyberdefensemagazine.com/about-our-founder/ 

8 YEARS OF EXCELLENCE! 

Providing free information, best practices, tips and 

techniques on cybersecurity since 2012, Cyber Defense 

magazine is your go-to-source for Information Security. 

We’re a proud division of Cyber Defense Media Group: 

CYBERDEFENSEMEDIAGROUP.COM 

MAGAZINE TV RADIO AWARDS 

WEBINARS 



Welcome to CDM’s November 2020 Issue 

From the U.S. Editor-in-Chief 

In receiving and reviewing the article submissions from over 30 authors for the November edition 

of Cyber Defense Magazine, I am struck by the thoughtful and actionable information provided 

by our contributors. They represent a broad range of professionals, from CISOs, to providers of 

cybersecurity products and services, to commenters from other media. They do enjoy in 

common a passion and willingness to share their knowledge and wisdom, all to our mutual 

benefit. 

To be sure, it’s not getting any easier. There are no cure-all solutions for the current challenges 

of social distancing and isolation we are experiencing in the world of business, government, and 

even personal use of cyber facilities. 

My work in cybersecurity is grounded in my continuing study and writing on risk management. 

Of particular note is the need to make informed decisions on the scope of risks to retain and 

those to be laid off on others, such as through insurance and related resources. In that context, 

I see the range of articles in the November issue as providing valuable information on meeting 

the threats and risks we all face during this time of the COVID-19 pandemic. 

May I commend your review of the Table of Contents first, so you can prioritize reading the 

articles which most closely pertain to your own cybersecurity concerns. (I make this suggestion 

with full confidence that all of the articles have value to all of our readers, just to differing 

degrees.) 

With that introduction, we are pleased to present the November 2020 issue of Cyber Defense 

Magazine. 

Wishing you all success in your cyber security endeavors, 

Yan Ross 

US Editor-in-Chief 


About the US Editor-in-Chief 

Yan Ross, J.D., is a Cybersecurity Journalist & US Editor-in-Chief for 

Cyber Defense Magazine. He is an accredited author and educator and 

has provided editorial services for award-winning best-selling books on 

a variety of topics. He also serves as ICFE's Director of Special Projects, 

and the author of the Certified Identity Theft Risk Management Specialist 

® XV CITRMS® course. As an accredited educator for over 20 years, 

Yan addresses risk management in the areas of identity theft, privacy, 

and cyber security for consumers and organizations holding sensitive personal information. You can 

reach him via his e-mail address at yan.ross@cyberdefensemediagroup.com 





























4 Reasons Why Cyber Security Is Important in Your 

Business 

By Gabe Nelson, Content Specialist, Bonus.ly 

Cyber-attacks are incredibly common and anyone can fall victim to them. Cyber-attacks can cause 

electrical blackouts, failure of military equipment, and breaches of national security secrets. Entire cities 

have been hacked and personal information is used maliciously. 

While those might seem large-scale and unlikely to occur in your business understanding that no 

computer or internet account is immune to the potential cyber-attack is key to having great cyber security. 

Even small businesses run the risk of having valuable information stolen. Cyber-attacks are so common 

it’s not a matter of if a data breach will happen but when because modern businesses rely heavily on 

technology. 

Smaller businesses are often easier targets for cyber-attacks because they lack the resources to set up 

adequate cyber security. Don't let your business run the risk of being attacked; setting up a good defense 

with cyber security is more important than ever. This can be ensured by hiring certified IT professionals 



who can be found using this State of It Jobs Map. Here are some reasons why cyber security is important 

in your business: 

1. Cyber-attacks Affect Everyone 

Anytime your personal data can be taken by someone who is unauthorized to have it is considered a 

cyber-attack. Data breaches are incredibly commonplace, which is why having adequate password 

strength is crucial as a consumer. As a business owner, your customers and patrons trust you with their 

information. 

It’s not safe to assume you’re fine and no one would want to steal your business’ information. If you are 

thinking about your business in terms of longevity, you want to stay on top of the cyber security trends 

and protect the information. 

As a business owner, the topic of cyber security might seem overwhelming and complex. However, a 

basic understanding of technology is considered essential for running a business in today's world. It’s 

also important that you are diligent in hiring certified IT professionals; especially if you have any kind of 

online presence. 

Cyber-attacks can be launched through email text messaging and voice phishing. And what may be even 

worse, a reputational attack can be launched. This is where individuals post negative information on 

social media websites and blog posts to harm your business’s reputation and brand image. 

Cyber-attacks in security breaches can cause millions of dollars in damage to recover data and penalties 

that need to be paid. All of these expenses can cause even large businesses to go under. Being prepared 

with excellent cyber security could be the reason your business stays solvent. Protecting your financial 

information allows your business to keep going forward. 

Cyber-attacks cause downtime with businesses, meaning time spent where you will not be able to run 

your business at all. The downtime your company endures could be hours, even days. The monetary 

cost of each and operable hour might be devastating to your business. 

Arming your business with cyber security not only protects your customer's information but also allows 

your business to keep running as usual without interruption. What might seem harmless such as an 

employee clicking a link in an email could open the doors to a complex cyber security attack disguised 

as a bank notification. 

Damages could include not only financial ramifications but also the possibility of job loss for employees. 

If you want your business to succeed you need to be aware of cyber security issues. Unfortunately, 

danger is literally lurking in every email unless you know what to look for. Don't let your business be at 

risk for failure, stay on top of your cyber security. 



2. Reassure Your Customers 

Your business reputation depends on you staying on top of cyber security. Your customers put their trust 

in your business, and that you will keep their private information safe. To lose that trust could be 

devastating for your company moving forward. 

You need to reassure your customers that you are doing everything in your control to combat cyberattacks. 

You may not be able to prevent cyber-attacks completely, but you can protect yourself from the 

disastrous legal and public relations consequences of a data breach. 

Staying on top of security updates is an easy way to prevent cyber-attacks. Many security hacks exploit 

known holes in systems. Cyber security companies are often making updates in order to increase 

security. But if you delay updates or even postpone them you leave yourself vulnerable to a cyber-attack. 

Making cyber security a priority for your business is a smart move. You can reassure your customers that 

you are doing everything in your power to keep their information safe and stay in business long term. 

3. Security May Not Keep Up with Technology 

There’s one thing for certain, technology 

is updating frequently. And with a 

change in applications, programs, and 

even 5G capabilities comes changes in 

how cyber security works. You need to 

be sure that you’re following 

recommendations and updating your 

protections as you add new technology 

to your business. 

One way to limit cyber security issues is 

to limit which employees can access 

information. Most cyber-attacks are just 

waiting for someone to slip up and make 

an error. Limiting the number of people who can access data and information can help, but it probably 

isn’t enough to prevent cyber-attacks altogether. 

Because technology changes quickly malicious individuals are finding new and unique ways to attack. 

Hackers can now utilize artificial intelligence to trigger automated cyber-attacks when they find an 

opportunity to do so. Taking the time to educate your employees about cyber-attacks and your 

companies’ risk is only the first step. 



The world is moving into using cloud computing more and storing personal information not on their 

computers but in internet databases. This gives hackers more potential hacking options. 

The increase in cyber vulnerabilities is not just limited to software and emails. Don’t trust cloud storage 

alone to keep information safe. 

If your business is updating its technology your cyber security options should also be updating. Do not 

let your cyber security lapse or become an afterthought especially if you're storing customer information 

or data. Even if your business isn’t utilizing the latest technology, the hackers certainly are. 

4. Cyber Issues May Lead to More Legislation 

Because cyber-crimes are getting more attention, legislators have stepped in to demand public 

disclosure. There are national guidelines from the Federal Trade Commission that can help you respond 

to a data breach. Plus, many states have their own laws that businesses have to follow. 

Keep your business away from the risk of both data breaches and the consequences that could result. 

Being forced to disclose a data breach could open you up to lawsuits and other fines which could damage 

your business beyond recovery. 

Certainly harsher penalties should be placed on perpetrators of attack but that's simply the first step. 

Being sure to stay on top of any laws passed as a business owner and following cyber security 

recommendations can help protect your business from any negative fallout from a cyber-attack. 

A Final Thought 

The good news is that with vigilance, many 

attacks can be avoided. Businesses are 

vulnerable to cyber-attacks but preparedness 

can help prevent them. Staying on top of security 

updates and making sure you’re aware of the 

technologies your business uses and that they’re 

adequately protected is a great start to keeping 

attacks at bay. 

Cyber security will never stop being important; in 

fact, it will likely become more important every 

year. Keep your business strong and your customer’s information safe when you take cyber security 

seriously. 



About the Author 

Gabe Nelson is a content specialist of over 7 years of experience, 

currently working with Bonus.ly. Bonus.ly is a company that helps with 

employee recognition to bring teams together. Just out of high school 

he set off crab fishing on the Bering Sea in Alaska. From there he went 

back home to finish his college degree at the University of Montana. He 

has a passion and keen understanding when it comes to Employee 

Relations inside and out. He has written hundreds of content pieces in 

numerous niches. Currently, he lives in Missouri with his wife and kids. 

Gabe can be reached online at: 

https://twitter.com/GabeBNelson 

https://www.linkedin.com/in/gabrielnelson87/ 

and at our company website https://bonus.ly/ 



Changing Cybersecurity Culture One Habit at A Time 

By George Finney, Chief Security Officer for Southern Methodist University and Author of 

Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future 

My first job out of college was at a call center doing tech support for an Internet Service Provider. This 

was a long time ago, but one of the first things I learned were the phrases “ID10T Error” and “PEBKAC”. 

Both were jabs at the sometimes-frustrating customers who would do weird things like use their CD tray 

as a cup holder. We still use these acronyms today and have built them into our culture as though they 

were a motto. 

In cybersecurity, everyone knows our secret motto:” people are the weakest link.” We say this even 

though it’s totally wrong. People aren’t the weakest link. As Lance Spitzner of the SANS Institute says, 

“People aren’t the weakest link, they are the largest attack surface.” And this way of thinking is making 

us less secure. 

In the 1960s, Lenore Jacobson conducted an experiment. Jacobson was an elementary school principal, 

and she had just read an study by psychologist Dr. Robert Rosenthal about how expectations can lead 



to higher performance. So she set out to give all the students in her elementary school an IQ test. Then 

she shared this information with the teachers. But she lied to the teachers about the students’ scores. 

The students that she said had the highest test scores were actually the lowest and vice versa. 

At the end of the school year the students were tested again. The students that the teachers believed to 

have the highest scores in the beginning made significantly more improvement than the students the 

teachers believed to have the lowest scores. What mattered more than students innate intellectual ability 

was the teacher’s belief that the students were “intellectual bloomers”. 

If we in the cybersecurity community believe that people are the weakest link and always will be, then 

our belief will ensure that this comes true. But what if we believed something different? 

When I came into my role as a CISO, I did a monthly report to my executive team with lots of dashboards. 

I was constantly searching for metrics that should show how effective our security program was. There 

are lots of metrics you can report on, like the total volume of attacks, that are helpful to understand the 

scope of the problem, but don’t reflect how good a job your team is doing. A large volume of attacks 

doesn’t mean you aren’t good at your job, it just means that you are a large target. 

We began sending simulated phishing messages to our users in 2014, and I started reporting on the 

number of users that clicked on the phishing links. Over time this number went down, but I realized that 

this metric didn’t tell the whole story. Focusing on how low the percentage got focused on the negative 

aspects of my campaign and distracted from the positive. Instead of saying that we reduced our click 

through rate down to 3%, I started saying that we increased our phishing recognition rate to 97%. 

For me, this was a big change. Instead of normalizing bad behavior, I started sending the message that 

the vast majority of our community was highly effective at recognizing phishing. 

This approach was, for lack of a better term, infectious. In my security awareness newsletters, I began 

using images that are of people, not random pictures of technology, to reinforce the message that people 

are the ones we’re protecting. I began telling stories of how people were impacted by security incidents, 

and more importantly how they responded. I wanted to show my community how to improve rather than 

constantly telling them to improve. 

But all this required that I let go of the belief that people are the problem and I had to start believing that 

they were the solution. And one of the ways that I’ve changed my security program is to embrace what I 

call “fearless learning”. When someone makes a mistake, whether or not they can learn from that 

mistakes comes down to whether they’re afraid of changing afterwards. If they feel like they could me 

made a scapegoat and be fired means, from a neuroscience perspective, that their cognitive capacity will 

be reduced. We see this degradation of mental capacity effect in all kinds of stressful situations. 

When a user clicks on a phishing message, I never report this information to anyone. I’ve gotten requests 

from people who want to use this information to discipline employees. I’ve resisted this at all costs 

because I want to create a culture where users have a safe environment to learn and practice before 

there is an incident. I do this because I believe that they can change their habits. And I’ve seen that this 

is possible. 

Stanford Professor BJ Fogg believes the reason we fail at changing things in our lives is because we 

start big. In his book, Tiny Habits, he describes habits as a rope with hundreds of knots. If you go for the 

largest knot to unravel, you will fail. But if you loosen an easy knot, you will be able to work your way up 

to the bigger challenges. And with each small knot, you build your own skill at mastering change. 



Changing our cybersecurity cultures may seem like an insurmountable problem, but it’s not. We can start, 

not just small, but tiny. We need to make it incredibly easy to get started. We need to celebrate even the 

smallest successes rather than condemning mistakes. And over time, we can start to build momentum. 

As I’ve researched the habits we use in cybersecurity, I distilled all of the advice and training we give to 

people down to nine distinct categories of habits. The habits are: Literacy, Skepticism, Vigilance, Secrecy, 

Culture, Diligence, Community, Mirroring, and Deception. 

The nine cybersecurity habits are what Fogg calls constellations of tiny habits. Changing works best when 

you focus on related habits all at the same time. If you miss a habit for a day because you went on 

vacation, that’s ok. If you only do the minimum, you still celebrate because you’re building a lasting habit. 

And you get the satisfaction of knowing that you’re not just protecting yourself, but you’re protecting those 

around you as well. 

Can making tiny changes really change the whole culture of an entire organization? 

To be successful, we need to start small. We don’t need to change everyone all at once. But to start, we 

do need a small committed group of people to be our vanguard. These will create a tipping point to 

change our culture. According to Dr. Damon Centola at the University of Pennsylvania, the tipping point 

for creating large scale change is only around 25% of the population of a group. 

25% is still a large number, but we don’t need to start big. We can start by working with 10 people to 

teach them how to change their cybersecurity habits. And if we deputize them to be cybersecurity habit 

evangelists, each of them can teach 10 more. But it starts with believing people are the solution to our 

cybersecurity challenges. 

Changing culture won’t happen overnight. But it will happen if we change one habit at a time. 


George Finney is a CISO, author, speaker, professor, and consultant who 

believes that people are the key to solving our cybersecurity challenges. He 

has worked in cybersecurity for nearly 20 years and has helped startups, 

global telecommunications firms, and nonprofits improve their security 

posture. As a part of his passion for education, George has taught 

cybersecurity at Southern Methodist University and is the author of Well 

Aware: Master the Nine Cybersecurity Habits to Protect Your Future. George 

has been recognized by Security Magazine as one of their top cybersecurity 

leaders in 2018 and is a part of the Texas CISO Council. 

George can be reached via LinkedIn, Twitter @wellawaresecure, and on his 

website where you can find more information about the nine cybersecurity 

habits http://www.wellawaresecurity.com/ 



In the Midst of the Pandemic, Cybersecurity 

Professionals Show an Uptick in Job, Salary Satisfaction 

Despite High Stress Levels 

By Samantha Humphries, security strategist, Exabeam 

Interested in a career in cybersecurity -- or are you wondering what your peers in the space are thinking? 

Exabeam’s 2020 Cybersecurity Professionals Salary, Skills and Stress Survey, compiled from a survey 

of 351 international security professionals has revealed some interesting findings: 

● Cybersecurity professionals are satisfied and secure in their jobs despite high-stress levels 

● Ongoing education and automation are opportunities for positive change 

● Diversity is still low, but moving in the right direction 



Fifty-three percent of participants reported they felt their jobs were “stressful” or “very stressful.” Further 

analysis results reveal that professionals in medium businesses with 251-500 employees are more 

stressed than their peers in smaller and large enterprises. Based on respondents’ titles, SOC content 

creation engineers and security engineers reported the highest stress (at 80% and 75%, respectively). In 

terms of the type of work, participants with packet analysis and penetration testing responsibilities 

reported the highest stress (57% and 58%, respectively). And respondents in Australia cited the lowest 

stress levels compared to their peers in the U.S., Australia, Singapore, and Germany. 

Yet, despite the high levels of stress, an overwhelming majority (96%) of cybersecurity professionals 

stated they were happy with their role and responsibilities, and 89% reported being secure or very secure 

in their careers. Seventy-seven percent cited a positive work/life balance. 

Respondents were also satisfied with their salaries. Eighty-seven percent of respondents reported they 

are pleased with their wages and earnings. Salary satisfaction was generally similar, regardless of 

gender, industry, company size, or title. The one notable difference was a lower salary satisfaction 

reported by respondents without a college degree. 

Figure 1: Eighty-seven percent of cybersecurity professionals report satisfaction with their current 

salaries. 

The paradox between high job stress and high job satisfaction could be related to the inherent nature of 

cybersecurity itself. Cybersecurity is just hard work. Security professionals accept and embrace this 

reality. 

Senior managers should be aware of their staff’s stress level and proactively reach out to their teams. 

Fifty-four percent of respondents reported that frequently communicating with their managers about their 

objectives is a primary method for managing heavy workloads. Managers should be empathetic in their 

endeavor to understand and address factors contributing to their employees’ high-stress levels. 



Senior leaders: Use ongoing education and automation as career levers for your team 

Senior leaders should also take an active interest in their team’s career paths, including their ongoing 

education. Investing in training would help employees develop advanced skills, open up new job 

opportunities, and enable organizations to deal more effectively with new, emerging threats. 

Many cybersecurity professionals are highly educated and value learning. Sixty-six percent cited being 

self-educated. Ninety-six percent of respondents have a degree or have completed some college. Of 

those with a degree, 43% hold a master’s degree. Regarding ongoing learning, 34% are participating in 

continuing education, with 33% using their funds. 

Figure 2: A significant number of security staff fund their own education leaving an opportunity for 

employers to add training as a benefit. 

Education and training are also critical, given the increase and importance of automation in cybersecurity. 

Eighty-eight percent of respondents believe automation would make their jobs easier. Forty percent are 

currently using artificial intelligence and machine learning. Eighty-six percent believe SOAR technology 

can help security analysts and SOCs improve SOC response times. 

Despite the use of automation and the view that it simplifies cybersecurity work, 47% of respondents also 

believe it’s a threat to their jobs. 



Figure 3: Forty-seven percent of respondents view automation including AI and machine learning as a 

threat to job security. 

Security leaders should reassure staff members that automation improves productivity and outcomes 

rather than eliminate jobs. Leaders can discuss how automation provides security professionals with an 

opportunity to transition from lower-valued activities to other high profile, strategic projects. Senior 

security leaders may also consider partnering with their IT peers to share automation best practices 

further to alleviate concerns. 

Diversity is still low, but remote work provides an opportunity to accelerate change. 

Last year, our survey highlighted the lack of diversity in the cybersecurity profession. This year, there’s 

been some progress as 21% of respondents self-identified as women. However, our survey also revealed 

that women in most countries are paid less than their male counterparts. 

As remote work continues to take hold in most organizations, senior managers have an opportunity to 

diversify their workforce further by recruiting talent from anywhere in the world. A diverse team can bring 

creativity and new out-of-the-box ideas to cybersecurity. Studies have shown that diversity is a 

competitive advantage. Another related study found diverse groups make better decisions 87% of the 

time. In particular, women carry a high level of emotional IQ and empathy, which aids in facilitating team 

collaboration. To protect users within an organization, cybersecurity teams should reflect a broader, more 

diverse workforce to address threats that are continually changing. Fresh ideas, better teaming, and new 

cybersecurity approaches will yield positive results for the business and professionals. 

Download the full 2020 Cybersecurity Professionals Salary, Skills and Stress Survey report for further 

insights from your peers. 




Samantha Humphries has 20 years of experience in 

cybersecurity, and during this time has held a plethora of 

roles, one of her favourite titles being Global Threat 

Response Manager, which definitely sounds more glamorous 

than it was in reality. She has defined strategy for multiple 

security products and technologies, helped hundreds of 

organizations of all shapes, sizes, and geographies recover 

and learn from cyberattacks, and trained many people on 

security concepts and solutions. In her current role at 

Exabeam, she has responsibility for EMEA, data lake, 

compliance, and all things related to cloud. Samantha authors 

articles for various security publications, and is a regular 

speaker and volunteer at industry events, including BSides, 

IPExpo, CyberSecurityX, The Diana Initiative, and Blue Team Village (DEF CON). 



3 Educational Cyber Security Steps for The Protection of 

Your Personal Data 

By Ankit Rajpurohit 

1. Data protection on the Internet 

Our data is collected, stored, analyzed, sold, and exchanged like never before. And we should not forget 

that they are often stolen and abused. 

Data has become a "currency" for many digital services that we receive "for free. Instead of currencies, 

people pay by sharing their data across countless applications. This trend of data as currency concerns 

every part of our lives - networked homes, connected cars, health and fitness management, map and 

traffic tools, online shopping. Consumers do not trust companies in terms of their data, but they do not 

know what to do about it. 

Given the numerous excesses and cases of data leaks that filled the headlines, our position is that you 

need to start an open conversation with your consumers about how you use and protect their data. 



That almost always triggers a bigger debate. How do we do that? What about data and privacy? How do 

we strike a balance between openness and sharing too much information? 

For many brands, this may be the first situation in which they will have to work deeply on reputation and 

crises or problems. Companies may witness fans of their brand turn into "techruptors" - a pioneering 

audience that research shows will be at the forefront of the demand for change in the way companies 

operate and treat them. So we advise you to be proactive, inform yourself and prepare for the coming 

changes, and thus increase the chances of keeping the "techruptors" as your allies and fans. 

2. Misuse of personal data on the Internet 

The expansion of social networks also has a "dark side" - there is a noticeable increase in criminal 

activities aimed at users. We are witnessing a qualitative and quantitative expansion of social networks. 

This expansion, however, also has a "dark side" - there is a noticeable increase in criminal activities 

directed at users. 

Privacy is the cancer-wound of online social networking. Although it is not possible to say that all services 

on the Internet put privacy at the forefront, in social networks, privacy is most drastically, most concretely, 

and most often violated. Users themselves post personal information, data, and material that belongs to 

the private domain, and then share it with other users. In this way, they unknowingly and directly provide 

an opportunity for their data to be misused. 

The user's privacy is violated by the very publication of any information on the social website because it 

automatically belongs to the company and remains stored on its servers even when the user closes the 

account. 

By accepting strangers as friends on social networks, the user risks that his data, which he shares only 

with friends, will be used for various purposes. Private data such as e-mail addresses can reach spam 

lists so that the user receives e-mail of his own free will, which is usually of a commercial or propaganda 

nature. Visiting suspicious links on social 

networks, for example, puts the user at risk of 

becoming infected with "harmful" software, 

exposing the data to the public, and becoming 

a subject of fake multimedia content. 

Bearing in mind that most, if not all social 

networks are based on economic business 

principles, the technical platform of social 

networks is designed to collect from users the 

data necessary to meet and communicate with 

others, but also data that are segmented and 

used in filtering. marketing purposes. 

It is noticeable that personal data from social 

networks are used to realize the initial stages 

of a certain criminal activity, while the sequel is 

realized classically, in the real world. 

In this context, social networks are used to find collaborators and perpetrators of criminal activity, to 

recruit victims to prepare the crime, to gather relevant information, to assist in carrying out certain 



activities, to provide funds and the like. With the advent of social networks and the spread of electronic 

transaction services, criminals have, so to speak, begun not only to innovate methods for committing 

fraud but also to automate personal data collection techniques to make as much money as possible. 

Cybercriminals use social engineering and phishing techniques to access the victim's personal 

information. In this way, victims can suffer significant financial losses or, in more serious cases, even the 

loss of "electronic identity", which is used for criminal purposes. The damage caused by data theft, 

therefore, should not be expressed only in financial loss but also in the loss of psychological integrity of 

personality, reputation, and credibility. 

Users of social networks, due to the lack of education regarding the dangers to which they are exposed, 

recklessly leave information and multimedia content on their profiles that can be misused by differently 

motivated Internet users. In addition to being at risk of violating personal privacy and abusing private 

content, users are at risk of political or ideological manipulation. 

The information posted on a social network can be misused by a criminal. Users, unaware of the dangers, 

leave information about their residential address, telephone numbers, information on whether they live 

alone or in a community, etc. 

3. How to get more secure codes 

When we think about the privacy of our data, the first thing that comes to mind should be the password. 

Why? Because, in essence, the classic symmetric encryption is reduced to the code that the user enters 

and the data to which that code is applied using a certain algorithm a finite number of times. Let's look at 

where we rely on codes today to protect ourselves from attackers and preserve privacy. First, we all use 

email, then social networks, maybe we are active on forums or use one of the cloud storage services, 

there is also access to our computer or phone, wireless (Wi-fi) network to which we are connected, et 

cetera. The list can be tediously long, and you have to take care of all these codes to access a particular 

account. 

The Internet user has more than 10 different accounts, that number of exact codes is not easy to 

remember, and it can be especially difficult to remember which code is for which account. To make 

everyday life easier for the average user, there are password managers in the cyber world. 



More importantly, there are those among them who are open source. Password managers, like Keeper 

Password Managers, will generate a random password/phrase of the desired length and security for your 

account, storing it in an encrypted database with other accounts. The database of all your accounts is 

encrypted with one code that you must remember. The advantage of the Keeper Password Manager, 

which you can read more about here, is that you remember one password instead of each account 

separately. There are also network password managers who synchronize the encrypted password 

database with a network server. That way, if you lose your device where you kept the passwords, you 

can still access your passwords stored on the server. Redundancy of all your ciphers is really necessary, 

especially if you are not good at remembering ciphers. How you generate and where you store the codes 

is definitely up to you. 



Using secure passwords is not difficult, and programs like password managers make it as easy as 

possible. It’s definitely worth a little effort around your ciphers, not because we’re hiding something, but 

so we don’t get a headache when some hacker breaks in. 


Ankit Rajpurohit is a tech lover and enthusiast who prefers to 

write about security steps, internet protection, and how to prevent 

your devices from hackers and potential harm. His main goal is 

to help people, through his articles, to upgrade their online 

protection.” 



Why Cybersecurity Awareness is More Important During 

COVID-19 

Do you know the need for cybersecurity training for your organization? If not, learn more about the 

importance! 

By Susan Alexandra, Contributing Writer 

Cyber-attacks, malicious activity, and phishing scams have significantly increased during this pandemic 

of COVID-19. With that, it has highlighted the importance of cybersecurity more than ever before. There 

have been reports of hackers and cybercriminals exploiting the pandemic with fake websites, money 

scams, and emails being phishing scams. 

So, we thought of spreading awareness about cybersecurity. That being said, here are some areas for 

you to consider within your personal and organizational cybersecurity. 

Phishing and the COVID-19 Pandemic 

As the public seeks details on the global pandemic, coronavirus phishing attacks have targeted recent 

trends in news and statements released by governments. 

As a result of coronavirus-related phishing attacks, the National Fraud Intelligence Bureau (NFIB) 

reported a 400% rise in scams. 

Recent campaigns have also seen cybercrimes build emails masquerading and fake websites as official 

authorities, like the HMRC and World Health Organization, to compromise accounts, steal personal 

information, and hack malicious apps. 

The most common scams are those which claim to share tips about how to prevent infection, access to 

personal protective equipment, provide financial support advice, and offer updates about virus spread. 



According to a study, the click rate for phishing attacks has increased from less than 5% to more than 

40% for COVID-19 scams. This number was increased significantly by provoking fear and curiosity 

amongst individuals. 

Remote Work Vulnerabilities 

Work from home has now become the new standard; however, there is a rise in threats for several 

businesses. Around 95 percent of Cybersecurity professionals claim they face additional challenges, with 

new remote work demands and increased threats. 

The sudden change in circumstances has changed the way employees access business applications 

and increased the potential of future attacks. 

To steal sensitive information, hackers exploit several vulnerabilities in unsecured Wi-Fi and to take 

advantage of workplace disruption.To stay safe from such exploitation, you must download VPN to keep 

your sensitive information safe. 

With some workers forced to use personal devices for work tasks, the risk of malware finding its way on 

devices has also increased, resulting in personal and work-related information being compromised. 

These devices also lack the resources built into corporate networks, including custom firewalls, corporate 

antivirus software, and online backup resources. The use of personal computers offers hackers many 

chances to exploit. 

Some organizations are also urging their staff to turn off voice assistants and smart speakers like Apple 

HomePod, Amazon Echo, and Google Home devices to prevent fraudsters from listening to confidential 

conversations and conference calls. 

The Northeastern University study shows that smart speakers accidentally activate as many as 19 times 

a day, recording as much as 43 seconds of audio each time. The latest research also shows that 59 

percent of smart speaker consumers have concerns about privacy, with front and center undesirable 

listening and data collection. 

Even in regular times, remote working can make people vulnerable to attacks. The current environment, 

however, has created the perfect storm where spammers, hackers, and scammers will thrive. 

Zscaler researchers say they have seen a 15% -20% increase in hacking incidents every month since 

January, and a rise in hacking threats using terms like "Covid-19" or "coronavirus." 

Video Conferencing and COVID-19 

Just like any other technology, video conferencing is also at risk for the privacy and security of personal 

information if not appropriately handled. With organizations and individuals increasingly relying on video 

conferencing, hackers have been targeting the opportunity quickly. 

As a result, fraudsters and cybercriminals have managed to enter video conferencing calls as well as 

eavesdropping on private conversations, hijacked screen controls, and launched many malicious attacks. 

Security issues were posed earlier this year when a UK cabinet meeting's Zoom ID was posted in a social 

media post. Some of the cabinet ministers' usernames were also identified along with the ID, which 

allowed hackers to access the private meeting. 



The Washington Post also revealed that thousands of Zoom meetings can be accessed online, including 

financial meetings, counseling sessions, school classes, and telehealth calls that exposed children's 

faces and other details. 

While most applications for video conferencing have controls that can be programmed to minimize these 

hazards, it also poses a variety of additional dangers, such as having sensitive data displayed in the 

background of the video or unintentionally displaying confidential information on the screen. With saying 

that, user education is essential for raising awareness about the risks of video conferencing and how to 

alleviate them. 

Combatting Business Email Compromise During a Crisis 

With the significant increase in coronavirus-related phishing attacks around the world, business email 

compromise attacks are now considered one of the biggest threats facing organizations. 

BEC attacks are expected to double each year to over $5 billion by 2023, according to Gartner, leading 

to major financial losses for companies by 2023. 

Though relatively easy to execute and low-tech, these sophisticated scams not only cause devastating 

financial losses but also affect organizational integrity, relationships, and the trust of stakeholders. 

A study took place in February, and according to that, BEC attacks increased by nearly 25 percent, 

ranging from fake invoices to CEO frauds and compromising employee email accounts. To further 

leverage Covid-19 fears, fraudsters have been cashing in by asking companies to contribute to bogus 

charities and invoicing for cleaning products and PPE. 

Fraudsters and hackers are continually changing their strategies to take advantage of new 

circumstances, and this pandemic is no exception. When cybercriminals increase their efforts, knowledge 

of these emerging threats and tactics becomes the most effective tool against them. 

Scammers will be swift to take advantage of any security lapses, and organizations should continue to 

empower and educate staff to remain vigilant. Cybersecurity is the responsibility of all, and creating a 

culture of cyber awareness with so many potential attack points is the key to improving security. 


Susan Alexandra is an independent contributing author at SecurityToday 

and Tripwire. She is a small business owner, traveler and investor in 

cryptocurrencies. 



Ransomware Is Evolving 

These attacks thrive on overprovisioned administrator access. Understanding where data resides, and 

adopting zero standing privilege are key. 

By Jeff Warren, General Manager, Products, Stealthbits Technologies, Inc. 

When most people think of a ransomware attack, they probably imagine their company coming to a 

screeching halt as the infection spreads across the network, encrypting everything in its path and leaving 

a trail of ransom notes in its wake. This type of devastating event can take an organization down for 

hours, days, or indefinitely. Regardless of whether the ransom is paid, however, the cost of these attacks 

can be astronomical. 

These days, companies are better prepared for catastrophic events, with detailed incident response and 

disaster recovery plans in place. Increased cloud adoption also makes this more achievable and helps 

avoid ransomware-related downtime. There is a growing community drive to help infected organizations, 

with initiatives like The No More Ransom Project, which exists to help companies avoid ransom payments 

and decrypt their data for free. Additionally, law enforcement agencies, including the FBI, are advising 

victims not to pay these ransoms as the proceeds help fund further cybercrime. 

Ransomware groups are aware of these trends and are responding with a renewed focus on the added 

exfiltration of sensitive data, which they can use to extort companies into paying an even more exorbitant 

ransom. 

Ransomware’s New Tricks Are After Your Sensitive Data 

The goal of ransomware has never been crypto-locking an organization’s IT network – that’s just a means 

to an end. Ransomware is about extorting a ransom payment, by any means necessary. As organizations 

become more prepared to recover from a crypto-ransomware event, attackers are pivoting into new ways 

of putting the pressure on organizations to pay up. 

The threat of a data breach is enough to get any organization’s attention. This has become a weapon of 

choice for the Maze Ransomware Group, which has been involved in several high-profile ransomwareattacks-turned-data-breach 

this year. At first, they will crypto-lock your systems, and then if the ransom 

is not paid, they will leak compromised sensitive data to force their victim’s hand. They have even gone 



as far as hosting a “Name and Shame” site where they will expose a company’s private data to the world 

to prove they have it. 

This behavior is a logical extension of the more advanced, human-operated tactics that have been used 

in targeted ransomware attacks. Once an adversary lands within a victim’s network, they perform 

reconnaissance, learn the lay of the land, and gradually expand their foothold, acquiring more privileges 

as they go. We’ve seen common malware variants leveraged by multiple attack groups like the Emotet 

malware, which comes with an evolving bag of tricks to commoditize this infection and lateral movement. 

This process typically ends with Domain Administrator access within an Active Directory domain and 

provides the attackers carte blanche ability to move within the organization and access any and all data, 

including sensitive personnel and customer records. It’s a simple behavior change for these adversaries 

to gather and exfiltrate this data prior to dropping a crypto-ransomware payload. 

The Maze Ransomware Group isn’t alone in this approach. We’ve seen other recent examples of attacks 

resulting in data breaches affecting students in the Clarke County school district and children and parents 

participating in Child Protective Services. Each of these attacks leaked information including Social 

Security Numbers, showing attackers have no remorse when it comes to putting the identities of innocent 

bystanders in their wake – even children. 

This seemingly subtle, yet highly substantial evolution in ransomware is catching companies off guard. 

The focus has been on recovering from a ransomware attack, not mitigating a data breach. Whether a 

ransomware attack constituted a data breach had once been a debated topic that was taken on a caseby-case 

basis, but that is quickly becoming a thing of the past as the data is undoubtedly stolen and, in 

many cases, exposed. 

This shift in behavior by ransomware groups should not be taken lightly. The message is loud and clear. 

Attackers will go to whatever lengths necessary to extort a ransom payment, and the identities of millions 

of unsuspecting victims are at risk. 

An Attack on Data Privacy 

This behavioral shift is concerning in more ways than one. It’s hard enough to protect your network from 

crypto ransomware. Now, with each ransomware attack equating to a potential data breach, new 

challenges arise. 

Recently, companies have been more focused on data privacy with the rise in regulations such as the 

EU's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). 

These regulations place a greater responsibility on organizations to protect their customer and employee 

data and improve data breach notification policies. Failure to comply can result in fines, and even class 

action lawsuits by affected individuals. 

As if ransomware wasn’t costly enough, modern privacy regulations up the ante. As a result, new 

strategies are needed to shift focus from recovering from a ransomware attack to mitigating the risks 

associated with credential and data theft and protecting your critical data from the prying hands of 

attackers. 



You Can’t Protect What You Don’t Know 

Traditional ransomware strategy would dictate you just need to be able to blow away compromised 

devices and restore from backup. While this is still a costly endeavor, it is becoming more and more 

reasonable, and admittedly still worthwhile. With ransomware focusing on exfiltration before encryption, 

data security now lands squarely in the middle of ransomware prevention. 

The first step to mitigating a data breach is to gain an understanding of where your data resides. This is 

also typically required for companies undertaking Data Privacy Impact Assessment (DPIA) or a Data Risk 

Assessment (DRA). 

While many organizations can point to where customer and employee data enters their organization, its 

typically difficult to track where it goes from there. Examples of activities that can lead to data sprawl for 

sensitive customer data can include: 

• Extracting information from applications into spreadsheets and saving them to network file shares, 

collaboration sites, or sending as email attachments 

• Pasting or discussing sensitive information within chat applications like Microsoft Teams or Slack 

• Creating copies of production data for development or integration testing 

• Employees saving local copies of customer data to their laptops to work with, and then leaving them behind 

If you don’t take the time to locate this data within your network, you can trust that your attackers will. 

Once you can identify and corral your sensitive data, you can now focus on protecting it. 

Zero Trust is Not Enough, It’s Time for Zero Standing Privilege 

Most ransomware attacks follow similar patterns. After the initial infection occurs within the network, they 

will go through a pattern of credential compromise, lateral movement, and privilege escalation. These 

attacks thrive on overprovisioned administrator access, and in many cases can compromise an entire 

Active Directory domain within hours of initial compromise. 

Many cybersecurity initiatives have focused on implementing the tenets of a Zero Trust Model, with the 

mantra of “never trust, always verify” and a focus on implementing a least privilege model and adopting 

strong authentication. All of this is a great step towards improved security and mitigation of data breach 

activity. 

However, attackers have proven they can still patiently learn the ins and outs of any network, 

masquerading as legitimate users, bypassing multi-factor authentication (MFA) and other obstacles put 

in their way. One of the primary contributors to this being possible is an overabundance of privileged 

accounts that maintain persistent access to an organization’s IT infrastructure. Regardless of whether 

privileged account credentials have been rotated, attackers can still compromise these accounts and 

leverage the artifacts they leave behind to move laterally on their way to privileged escalation, and 

ultimately domain dominance. 

A new focus needs to be on evolving the Zero Trust methodology to one of Zero Standing Privilege, 

where persistent privileged access is removed altogether, specifically for privileged accounts. This 

doesn’t mean only Domain Administrator and root accounts with full administrative access; this includes 

any users with highly privileged access to your critical systems and private data. 



When these individuals need access, they must go through special procedures to be granted just enough 

access, only when they need that access, and then the privileges should be entirely removed when their 

privileged activity is done. 

The removal of the vast majority of privileged accounts is what will ultimately reduce the attack surface 

every organization is struggling to defend. It raises the drawbridge around your sensitive data, keeping 

attackers out. This not only helps companies protect themselves from ransomware attacks, but keep the 

data and identities safe for the individuals who they rely on the most – their customers and employees. 


Jeff Warren is Stealthbits’ General Manager of Products. Jeff and his 

teams are responsible for designing and delivering Stealthbits’ high 

quality, innovative solutions. He has held multiple roles within the 

Technical Product Management group since joining the organization a 

decade ago, initially building Stealthbits’ SharePoint management 

offerings before shifting focus to the organization’s Data Access 

Governance solution portfolio as a whole. Before joining Stealthbits, Jeff 

was a Software Engineer at Wall Street Network, a solutions provider 

specializing in GIS software and custom SharePoint development. Jeff 

holds a Bachelor of Science degree in Information Systems from the University of Delaware. 

Jeff can be reached on Twitter at @SbitsJeff and at our company website https://www.stealthbits.com/ 



How COVID Tests the Resilience of Your Cloud Data 

Infrastructure 

By Noah Johnson, Co-founder & CTO, Dasera 

In recent years, we’ve seen a massive shift as companies eliminate the physical restraints of IT 

infrastructure and its users by moving to a cloud-based computing environment. According to a Gartner 

forecast from November 2019, worldwide public cloud revenue is predicted to increase to a whopping 

$308.5 billion. 

“As organizations increase their reliance on cloud technologies, IT teams are rushing to embrace cloudbuilt 

applications and relocate existing digital assets.” 

While this is great for convenience and your wallet, the security of your infrastructure comes into question 

when so many businesses have shifted to a work from home setting, whether permanent or temporary. 

How resilient is your cloud data infrastructure when the safety net of the perimeter is gone, and what is 

the best way to protect yourself and your data moving forward? 

COVID-19 and the new environment 

We have seen so many changes this year in how we live our lives that it’s become hard to keep up. While 

the big shifts, like permanent or extended work from home, have been obvious changes, what about the 

more subtle ones, like protecting your business while your employees are working remotely? 

The attacks on cloud services more than doubled in 2019. In the Red Book of Insider Threats, Amol 

Kulkarni, Chief Product Officer at Crowdstrike mentions a 330% increase in e-crime attacks since the 



start of the pandemic. In the same book, Jintendra Joshi, the Head of Information Security at BetterUp 

says, “In the post-COVID world, our perimeters have disappeared and the line between trusted insiders 

and outsiders have blurred.” 

Without the safety net of the perimeter in-office, companies need to innovate when it comes to their 

security just as much as they’ve had to with remote work. 

Personal networks 

The biggest security issue that companies face right now is the simple fact that employees and 

contractors have to access the cloud via less secure personal networks and personal devices. This 

means that before 2020, protecting your networks or endpoints was the simple solution to cloud data 

breaches, the solution that blanketed all of your employees under one security umbrella. With your 

employees working from home or using personal devices, that security umbrella has all but closed. 

Instead of focusing on the missing blanket, businesses should put a magnifying glass on how data is 

being used by employees in order to protect against cloud data breaches. This approach is based on two 

salient points: 

• Security has to be applied at runtime, rather than just at rest or after the fact 

• Security has to sit closer to the source i.e. the datasets where sensitive data is stored 

Adopting a proactive approach that protects data upstream and at runtime doesn’t have to be 

complicated; all it takes is foreseeing how data is used in normal situations and identifying anomalies that 

can result in breaches. 

Let’s use two scenarios that can potentially be very dangerous in the current COVID pandemic. 

Know when an employee is being unnecessarily inquisitive 

The pandemic has left a trail of employees experiencing remote work burnout. Reports suggest as many 

as 69% of employees are experiencing burnout symptoms while working from home. Combining this with 

employees taking fewer holidays means lesser opportunities to decompress and relax. Tired and 

frustrated employees might also behave recklessly or become prone to errors of judgement. 

This leads to situations where people might use cloud data in ways that are not appropriate or in line with 

company ethics and policies. For example: 

• Looking at a celebrity’s PII data out of inquisitiveness (e.g. health issues or items bought) 

• Finding out what their partner or ex has been doing in an app (e.g. purchase/ messaging history) 

• Checking out data on their peers’ work (e.g. sales performance of other reps or territories) 

How you can build resiliency: every time a data request hits a cloud repository, it generates a SQL 

query. This SQL query holds the key to understanding anomalous behaviors. AI solutions like Dasera 

can identify when a possible (accidental or malicious) privacy violation happens. Alternatively, if the 

number of data requests per day aren’t too high, the security ops team should review the logs manually. 



If a violation occurs, bring it up with the person, their manager, and in some cases (e.g. repeat offenders) 

send the case to HR or the person in for training. 

The extra line of defense against a credential thief 

External hackers are leveraging the uncertainty of the times and the additional vulnerability of remote 

teams to step up their phishing attacks and stealing credentials. Once an external attacker possesses 

valid credentials, it’s very hard for security teams to differentiate between an actual user (who’s getting 

work done) and a thief trying to steal information. 

Attackers now apply several sophistications in their exfiltration attempts in order to bypass established 

security systems that monitor user behavior. Once again the SQL acts as the best possible means to add 

an extra layer of protection against nefarious activities. 

How you can build resiliency: AI can once again understand which data fields are more sensitive and 

personal in nature (e.g. emails, social security numbers) compared to others (e.g. last purchase date). 

Algorithms can also detect even the most sophisticated exfiltration attempts on these fields e.g. data 

downloaded in randomized batches that are not big enough to flag alerts in your current security stack. 

How resilient would you say your cloud data in use is? 

The question readers should ask themselves at this point is: am I 100% certain neither of the above 

scenarios happened in our organization since March or April 2020? Shopify just announced two of its 

employees siphoned off customer data for personal gain. The pandemic has thrown all security teams in 

the deep end of the pool. And the speed of business requires all of us to be agile and to be able to 

leverage cloud data to grow faster. The difference in resilience determines which security team keeps 

dealing with incidents versus which one becomes a true enabler of cloud technology. 




Noah Johnson is Co-founder & CTO, Dasera 

Noah Johnson is a security researcher, entrepreneur, 

and co-founder & CTO of Dasera. Noah received his 

Ph.D. in Computer Science from UC Berkeley and has 

founded three companies based on his academic 

research. Noah recently developed the first practical 

system to provide differential privacy for general SQL 

queries. This work was featured in Wired and Gizmodo, 

and serves as the technical foundation of Dasera’s 

products. Previously Noah led a team of students in 

developing a platform for automated security analysis 

of mobile apps. Noah commercialized this work by co-founding Ensighta Security, which was acquired 

by FireEye in 2012. Noah received several awards as a graduate student including the Signature 

Innovation Fellowship, Sevin Rosen Award for Innovation, and the Tony Leong Lim Pre-Doctoral Award. 



The Impact of Ransomware on Cloud Services and How 

to Stop Attacks 

By Davit Asatryan, Product Manager, Spin Technology 

Cloud technology and services continue to gain popularity due to their ability to allow businesses to cut 

costs, improve an outdated IT infrastructure, and stay current with the competition. However, security 

isn’t always top of mind when adding new services. The dramatic increase in connected devices and the 

web of hardware and software used to connect to the internet and cloud means organizational data is 

more vulnerable than ever to attack. Without the proper security protections to protect employees using 

these cloud services, organizations can easily fall victim to ransomware. 

Ransomware works by infiltrating a user’s PC or mobile device via malicious software that is usually 

installed unintentionally after clicking a link in an email that’s posed as something else. Once installed, 

the software uses cryptography to prevent users from accessing their files and demands a sum of money 

to unencrypt the data. Until recently, ransomware was mostly an issue on local computers or mobile 

devices. However, the most recent wave of ransomware attacks is infiltrating cloud apps. This introduces 



a new and more serious threat for modern businesses, especially those that rushed to the cloud to enable 

remote workers without taking proper security precautions. 

Types of Ransomware 

A large percentage of malware is known to deliver ransomware, and more than half of malware-infected 

files are shared publicly. The most common types of cloud malware include JavaScript exploits and 

droppers, Microsoft Office macros, PDF exploits, Linux malware, and Backdoors. If a hacker manages to 

gain access to a cloud service provider successfully, they can essentially launch a ransomware attack 

that can affect every customer. 

Ransomware called Cerber targets Office 365 users via malicious macros in Office documents attached 

to spam emails. While Office 365 automatically disables macros to prevent malware from entering the 

system, Cerber uses social engineering to trick the user into bypassing this security feature. While many 

cloud services offer the option to recover a previous version of files, this does not mean that they are 

safe from ransomware. If the user has the opportunity to delete these previous versions, so does the 

malware. The cloud can also spread malware to other users through the sharing of infected files and 

automatic syncing. For example, Virlock ransomware specifically targets cloud storage and collaboration 

platforms, allowing it to replicate rapidly through the whole network from a single infected user. 

Cloud applications, including file sharing, collaboration, and social networks, are becoming one of the 

most common ways of spreading malware. One out of every ten companies has malware in their cloud 

storage facility. It is therefore vital that any company using the cloud for storage or collaboration invests 

in automated daily backup and daily cloud apps auditing to detect and recover from malware attacks. 

However, these examples do not mean that using the cloud for backup and collaboration is riskier than 

confining all software to in-house. Most small to medium businesses do not have the resources to ensure 

state-of-the-art security for their data. In this case, relying on the more sophisticated security measures 

of enterprise cloud providers is both economical and provides enhanced data security. 

Reducing the Risk and Impact of Ransomware in the Cloud 

The best way to protect yourself from vulnerabilities is to ensure that software is always kept up to date 

and patched for urgent security updates. Many businesses struggle with ensuring patches are current 

and installed on every machine within the organization. Hence, a system for deploying updates in a timely 

fashion is essential for network integrity. Mobile code such as Java and Flash can make calls to a website 

to download malicious software. Removing them from your browser will increase the security and make 

ransomware attacks less likely. It is also essential to provide thorough security training for staff and 

educate them on how malware can infect files. This alone can reduce the risk of ransomware that is 

installed due to a user clicking a link in a phishing email, for example. 

Each organization should carefully develop its IT security policies, making sure to account for working in 

the cloud. For example, restricting the use of cloud applications to enterprise-level software will 

significantly reduce the risk of malware attacks due to their superior security controls. Cloud-based 

antivirus software, network monitoring, and threat detection, including the ability to block suspicious 

activity, is another effective way to create a more secure computing environment when there are a lot of 

users on the network. Regular backups with efficient recovery capability are the best way to recover from 



a ransomware attack. They allow an earlier, unencrypted version of the data to be restored, thereby 

nullifying the effect of the ransomware. 

Most cloud service providers have secure backups (this should be an essential requirement when looking 

for a cloud provider), however, if they do not have an efficient recovery procedure in place, it may take 

days or weeks to restore files to their original unencrypted state, which can cost affected organizations 

substantially in terms of lost business hours. It’s also essential that cloud service providers use 

sophisticated and up-to-date anti-malware on their servers to detect infected files. 

Encryption is Key 

In many cloud applications such as Google Apps, Office 365, and Salesforce, data is created in the cloud 

and copied to the backup provider. Cloud backup providers have their security in place to ensure the 

safety of the physical servers, but data may be vulnerable while it is in transit. Any communication of data 

between the client and the cloud provider must be encrypted. Not all encryption algorithms are equal, 

and it’s important to make sure the provider you use is utilizing industry-standard encryption protocols. 

Cloud data services should use only protocol TLSv1.1 or higher. Additionally, they should own a security 

certificate that has been confirmed by a well-known and trusted certification. Data should be encrypted 

while in transit and once it reaches the servers of the cloud provider and remains in storage. Storing the 

data in encrypted format means that if an unauthorized person manages to achieve physical or electronic 

access to these backup servers, the actual data will still be inaccessible. 

A Multi-Faceted Defense 

Businesses are becoming increasingly high-tech and connected. As their needs and demands grow, so 

too will the digital security industry to meet these needs. The security needs of digital businesses include 

more sophisticated security policies and management, advanced monitoring, detection, and autoresponse 

systems, and more secure access control. The challenge is providing all these things in an 

environment that is growing and has diverse needs. Businesses need to remain vigilant and continuously 

alert to the potential of cloud ransomware attacks, especially in a national climate where employees are 

working off-site and using unprotected personal devices to access company cloud files. 


Davit Asatryan, Product Manager, Spin Technology.Davit Asatryan is a 

Product Manager who has been working with Spin Technology since 2018. 

He is a Cloud Security & Backup specialist focused on protecting G Suite 

& Office 365 data.Davit can be reached online at (davit@spintech.ai) and 

at our company website www.spin.ai. 



Perfecting Your Cybersecurity Sales Process 

by Katie Teitler, Senior Analyst, TAG Cyber 

How Is Your Cyber Security Sales Process? 

Sales has been around since the dawn of tradesmanship. Even before the term was codified, heck, 

probably before humans’ early ancestors spoke a language anyone alive today would recognize, humans 

have been selling wares. Looking at more recent history, pre-1990s or so, sales were conducted in person 

or over the phone. In person—even door-to-door—sales were considered the best and most reliable 

method. If you could look someone in the eye and shake their hand, your chances of making a sale were 

greatly increased. 

When email and the internet started to become ubiquitous, salespeople held on to tried and true methods, 

dialing for dollars, as it were, and racking up thousands of dollars in travel fees and air miles to visit 

prospects in cities wide and far. By the early 2000s, the digital realm changed sales for good. LinkedIn 

was launched in 2002 and suddenly businesspeople had a new way to connect. It wasn’t long before 

savvy salespeople saw an opportunity and started trying to connect with new, prospective clients, then 

move them to the next phase, a.k.a., the one-on-one, in-person meeting where the relationship was fully 

developed. 

As time went on, and other platforms made it easier for salespeople to find their “financial buyer” via a 

quick internet search, the number of unsolicited cyber sales pitches increased exponentially. Executives 

were inundated with the one-two punch of email-followed-by-phone-message—always under 30 

seconds!—in an effort to reach new prospects. As it became easier for salespeople to identify and 

connect with potential buyers, buyers found new ways to filter out the noise. Thus, it grew even more 

imperative for salespeople to connect with a greater number of people every day. It didn’t matter how you 



got through. Just get through. Just get someone to take a call. Just get someone to sit through a demo. 

Just get them to know you. 

Sales digital transformation 

Consequently, over the last few decades, sales has evolved from a highly personalized profession to a 

high velocity numbers game. Especially in light of COVID, without any in-person meetings or industry 

events, and as the economy has presented numerous sales challenges, enterprise buyers have reported 

a massive uptick in digital solicitations. But because cyber security product sales, for many (not all), has 

become high volume, high velocity outreach, product seekers and budget holders have become the 

causalities of a spray and prey sales approach. TAG Cyber’s enterprise clients note this all the time: I’m 

receiving more LinkedIn messages where the person has no idea what my job title is or what my 

responsibilities are. I got two emails today where the note read, “Dear %FirstName%.” I, myself, have 

receive several messages in the last few weeks asking if I am interested in buying networking equipment, 

phishing prevention software, video conferencing software, and lead generation lists. I’m a cyber security 

industry analyst. I need none of these things (OK, maybe technically I need the phishing [spam] 

prevention but it’s not my network, not my budget, not my decision). 

Quite simply, this spray and pray approach doesn’t work for end users, practitioners, implementers...i.e., 

buyers. Good salespeople know this, but they can feel trapped by arbitrary metrics required by 

management teams pushing employees to hit their quotas. Somehow, a good portion of sales has 

become like the 1980s perfume sales reps in the mall who would ask if you wanted a spritz of their new 

perfume, and even when you said no, would spray it in your direction anyway. Maybe the shopper will 

catch a whiff and realize they really do want to buy this perfume. Today, the sales process has changed, 

and many salespeople have lost sight of the need to educate themselves on prospects—the individuals 

they’re contacting—before reaching out. And spritzing. 

The art of taking the time to get to know a prospect has been lost, and it has been precipitated by our 

overreliance on technology and the rush, rush, rush world we live in. As a result, nearly every time we 

talk to an enterprise security client about vendor product selection, we hear the same things: It’s hard to 

find a salesperson who will listen to what we need. Vendors have canned product pitches, and they all 

focus on the same “differentiators” as their competitors. We went through multiple sales calls and an 

entire demo then found out their product is incompatible with our environment. On the first call, the vendor 

said they could do X, but when we were ready to purchase, they said they’d be building that capability 

custom and we wouldn’t have it until 4 weeks after we deploy. 

But we know that there are good cyber salespeople out there who believe in their products and have just 

lost their way. The startup SaaS culture has turned sales into metrics rather than relationships. And it’s 

hurting both sides of the equation. 

Because, as analysts, we sit at the intersection of vendors and buyers, we recommend cyber security 

salespeople return to the “old-fashioned” mentality of a personalized sales approach but combined with 

the advantages of modern technology. If done correctly, the result will be more conversations, more 

opportunities, and more (possibly higher value) sales. One challenge, in certain cases, will be convincing 

sales managers to adjust metrics to reflect the time and effort it takes to get to the first meeting—more 

reflective of a pre-2000s sales cycle where “hitting the number” is more important than number of new 

contacts added to the CRM. 



Do your homework 

For those with true sales persuasive powers (or enough trust of their sales leadership), we recommend 

getting back to sales basics. Selling your cyber security solution is about people and their needs. And no 

two companies have the exact same needs, so throw out the corporate pitch deck and start your meetings 

with conversations. Before you're given the permission for a conversation, though, you'll need to do your 

homework on the person whom you’re trying to convince to make time in their schedule. This convincing 

will require more time than stalking the surface of someone‘s LinkedIn profile. For instance, my profile 

says that I am a cyber security analyst. Job titles in security can be tricky, but it’s well worth a 

salesperson’s time to a) visit my company’s website to see what the company does and the context of 

my work as an employee and, b) look at my LinkedIn activity. Literally two minutes is all it would take 

someone to figure out that I am a research analyst, not the person who monitors network/cloud 

technologies and investigates alerts and security issues. 

Many security executives intentionally have sparse social media profiles, but a quick Google search will 

often provide greater context about the person’s offline activity and interests. For instance, before Ed 

(TAG Cyber’s CEO, founder, and lead analyst) founded TAG Cyber, he did a ton of presenting and 

speaking as AT&T’s Chief Security Officer. His presentations were varied—Ed could/can speak 

eloquently on any security topic—but often his presentations reflected what his internal team was 

currently working on. Even if this isn’t the case for other CSOs/CISOs, it’s at least an opening for a 

conversation. And it shows the CSO/CISO that the salesperson bothered to minimally look into the 

individual rather than simply spamming them because of their job title. 

For large, publicly traded companies, salespeople should peek at the Annual Report/10K, other investor 

information, and company press releases to see what security tidbits they can glean. As cyber security 

has become a top-line business risk, security initiatives have made their way into these public documents 

and can give hints about the company’s approach to security. And again, if it doesn’t give the salesperson 

specific information about the prospect, referencing business goals in the context of security will at least 

demonstrates effort to learn and listen. That said, don’t half @$s it. Do your homework with honest 

intentions and you’re more likely to gain the connection. 

After the connection 

If the salesperson has done a bit of background investigation and catches the eye or ear of a potential 

buyer, the next step is...more research! This time, though, in the form of listening. Use the 80/20 rule: 

listen 80% of the time; speak 20% of the time. If you’re a salesperson doing more speaking than listening 

on your first few calls, you’re headed down the wrong path. Don't make it about your groundbreaking, 

fully automated, cloud-based, zero latency, environment-agnostic powered by artificial intelligence 

solution. 

Go in with the intention of fact finding. A good salesperson must understand the buyer’s/enterprise’s: 

● 

Business requirements: How will the technology be used? In what context? What are the 

intended outcomes? What are the KPIs the tool will be measured against? Who will be responsible 

for the day-to-day management/operation of technology? How much professional service support 

will they need? Are there additional stakeholders involved in the decision (who are not involved 

in current discussions)? 



● 

● 

Architectural requirements: What networks/data/apps/OSs/languages does it need to support? 

Does the company run legacy tech, or does it operate int he cloud only? Will the company need 

help migrating from on-prem to cloud? What are the company’s plans for scaling? 

Implementation requirements: Can the company support network changes? Can the company 

support integrations themselves? What is their timeframe for implementation? What is their 

timeline for results/reports/data? 

The main thing for salespeople to remember is that there are humans on the other end of the 

phone/keyboard/screen who need to solve real problems for their businesses. For them, buying a product 

is about a need, not your quota. While it’s a conundrum—the more product you push, the more you get 

paid, the better your job security—the irony is that the more you listen, the quicker and easier it will be to 

find the right buyers and the less time you will spend time sending blind emails. 

For example, on a recent call with a major enterprise, the security program owners were complaining that 

they were about to enter the POC stage with a security vendor and it became clear the vendor was 

unaware that the company was still running a large chunk of its infrastructure on Linux/Unix. To the 

enterprise, it was obvious—it’s what they dealt with every day. The vendor, on the other hand, was 

thinking about its cloud-friendly tech and missed a major foundational element that made the product 

incompatible with the enterprise’s environment. 

Because the vendor didn’t take the time to learn about the business’s requirements, discussions were 

halted in their tracks after months of conversations. This was wasted time for everyone; the salesperson 

would have been better served gathering requirements in the first calls and moving on to a more viable 

prospect with real sales potential, and the enterprise would have been better off evaluating a different 

vendor. 

More than enough prospects to fill your funnel 

The reality of today’s cyber security landscape is that there are more than enough enterprise buyers. The 

trick is finding the right match. And salespeople won’t do that with vanilla emails or messages that aren’t 

suited to the buyer and don’t touch on a pain point. 

Every day I log on to social media and see end user friends and colleagues complaining about the 

inappropriate and off-target messages they’re receiving from product salespeople. Yet, they all need to 

buy products to run their companies! In fairness, and salespeople know this, there is some recalcitrance 

around the idea of “sales.” The spray and prey method used by few (but too many) salespeople has 

soured the soup for potential buyers—they’ve come to expect a smash and grab approach rather than 

someone who takes the time to get to know them and their security technology needs. 

Technology has made it possible for people to reach farther and wider than ever before. And as such, 

there’s been a loss of personalization in how we interact. However, technology has also given us the 

tools to learn more about people—or any subject—from anywhere and at any time. While digital 

transformation has largely made sales a numbers game, it also has the potential to bring it back around 

and create opportunities for customization. One very successful salesperson I know recently said to me, 

“Sales has gone way too far into metrics and away from actually being human and solving real needs. 

So, anything I can do to correct that is top of my list. It's easier for me to work on a problem when they 

know I'm not just trying to shove software down their throats.” 



Though sales culture won’t change overnight, I firmly believe we have a huge opportunity—as most of 

us still sit at home, working in isolation—to start connecting better with others. In a sales context, this will 

result in less time spent on emails that are inevitably filtered directly into spam, never read, and only 

count toward arbitrary metrics goals. A personalized approach to connecting will, in fact, lead to quicker, 

larger deals that end in bigger paychecks and President’s Club awards...when we can all travel and see 

each other in person again. 


Katie Teitler is a Senior Analyst at TAG Cyber 

where she collaborates with security 

organizations on market messaging, positioning, 

and strategy. In previous roles, she has 

managed, written, and published content for two 

research firms, a cybersecurity events company, 

and a security software vendor. Katie is a coauthor 

of “Zero Trust Security for Dummies." 

Katie Teitler can be reached online at katie@tag-cyber.com and at our company website https://www.tagcyber.com/. 



Data Migration Security 

WHAT TO KNOW 

By Devin Partida, Cybersecurity Writer, ReHack Magazine 

If you're planning a data migration soon, there are some crucial things to do to increase the likelihood of 

keeping it safe. Migrating data means moving it between locations, formats or locations. 

Prioritizing data security is essential for successful outcomes. However, doing that is not as 

straightforward as some people think. These tips will help with that all-important matter. 

1. Confirm the Location of Your Critical Data 

If your data migration includes critical content, do you know where all of it resides? If not, you're in the 

majority. Research indicates that 82% of respondents from organizations did not know where those 

enterprises kept all the critical data. The same study showed that 55% cited data fragmentation across 

multiple databases as slowing their progress. 

That's a data security risk because it could give the false impression that all the most important 

information got safely moved to the new destination. That may not be a valid conclusion to make. Audit 

the data before a migration happens. Doing that helps ensure you find all the necessary records. Tools 

also exist to help find duplicate or obsolete content that you can delete before starting to move the data. 



2. Plan a Phased Migration 

When learning about data migrations, you'll almost certainly come across details about a process called 

Extract, Transform and Load (ETL). It encompasses the three main stages that happen when moving 

information. 

The extract portion involves collecting data and reading it from a database. The transform step then 

converts the extracted data from its previous form to the format required by the new location. Finally, the 

load step writes the data to the target database. 

Keep security in a top-of-mind position by opting for a phased approach. In other words, decide to migrate 

your least-important data first. Focus on the material that has business value but does not include 

sensitive details. 

You should also hold off on migrating any data deemed essential to your company's operations. Doing 

that allows you to vet the security of the data host's systems and avoid major unforeseen problems. 

3. Become Familiar With Applicable Cybersecurity and Encryption Protocols 

A frequently chosen kind of migration occurs when companies shift some of their on-premises information 

to cloud data centers. This decision is often a smart one from a data security standpoint. Cloud platforms 

usually include dedicated encryption and cybersecurity protocols that customers automatically have 

access to through their service packages. 

However, consider how you could beef up cybersecurity and data encryption with additional measures 

applied by your company. Taking that approach is especially wise when the information in question is 

highly sensitive or includes customer details. 

When people get word of data breaches or other security-related matters affecting their details, they 

rapidly lose trust in the involved companies. 

4. Back Up the Data First 

As you map out the schedule for data migration, don't start moving the content before backing up all the 

files. Even if things go relatively smoothly, you could still end up with missing, incomplete or corrupt files. 

Having the data backed up supports data security by letting you restore content when needed. 

Weigh the pros and cons of all the options available to you before choosing one. For example, if you're 

only migrating a small number of files, putting them on a USB drive might be the simplest possibility. A 

mirrored drive or a cloud backup service is likely more appropriate for more extensive migration efforts. 

5. Maintain All Necessary Compliance and Access Requirements 

If your data migration involves keeping some content in on-premises facilities, and moving the rest to the 

cloud, ensure that your security standards are identically tight across those locations. A common way to 

do that is to set up security policies for aspects like access control. Once you lay out the desired security 

environment for the data, check that the cloud host meets or exceeds them. 



Verify that your data security plans include specifics for all applicable laws that dictate how to handle 

customer information, such as the General Data Protection Regulation (GDPR). Other data privacy 

stipulations relate to patient medical data. Your company must continue to abide by the rules before, 

during and after a migration. 

Fortunately, automated tools can make that easier by automatically applying the parameters you set. 

Cutting Data Migration Risks 

Many of today's businesses are extremely dependent on data. The trouble is that the information 

possessed by a company could grow to such a gigantic amount that migrating it becomes too much of a 

hassle or prohibitively costly. 

Moving smaller databases of information still includes risks that could threaten data security. However, 

by following the suggestions here and doing more research to determine which challenges your company 

faces, you can reduce data migration problems. 


Devin Partida is a cybersecurity and technology writer. She is also 

the Editor-in-Chief at ReHack.com. 



Has Your Data Been Leaked to the Dark Web? 

By Randy Reiter CEO of Don’t Be Breached 

The part of the internet not indexed by search engines is referred to as the Dark Web. The Dark Web is 

however frequently misunderstood. The Dark Web is a network of forums, websites and communication 

tools like email. What differentiates the Dark Web from the traditional internet is that users are required 

to run a suite of tools such as the Tor browser that assists in hiding web traffic. The Tor browser routes 

a web page request through a series of proxy servers operated by thousands of volunteers around the 

globe that renders an IP address untraceable. 

The Dark Web is used for both illegal and respected activities. Criminals exploit the Dark Web’s 

anonymity to sell drugs and guns. Organizations like Facebook and the United Nations use the Dark Web 

to protect political and religious dissidents in oppressive nations. Legitimate actors like law enforcement 

organizations, cryptologists and journalists also use the Dark Web to be anonymous or investigate illegal 

activities. 

A 2019 study, Into the Web of Profit, conducted by Dr. Michael McGuires at the University of Surrey, 

shows that the number of Dark Web listings that could harm an enterprise has risen by 20% since 2016. 

Of all listings (excluding those selling drugs), 60% could potentially harm enterprises. 

On the Dark Web one can purchase personnel information such as names, addresses, phone numbers, 

tax ids, credit card numbers, login ids, passwords and hacked Netflix accounts. Software that hackers 



use to break into workstations and servers are also for sale. Some of the darker items for sale include 

guns, drugs, counterfeit money and Hackers that can be hired to perform cyber-attacks. 

For example for $500 the credentials to a $50,000 bank account can be purchased. Or for $500 one can 

buy prepaid debit cards having a $2,500 balance. A lifetime Netflix premium account goes for $6. 

In a recent 2020 report by the security company ImmuniWeb they report that 97% of the leading 

cybersecurity companies had data leaks or security incidents exposed of the Dark Web. They found over 

4,000 incidents of stolen confidential data exposed on the Dark Web per cybersecurity company. Half 

the Dark Web exposed data was plaintext credentials such as financial and personal information. 

A large number of these data leaks were attributed to cybersecurity company third party suppliers or subcontractors. 

Some of these data breaches occurred as recent as August, 2020. 

Even cybersecurity companies are not immune to Data Breaches (e.g. caused by Zero Day attacks and 

other methods). The ImmuniWeb report covered almost 400 cybersecurity companies in the USA, 

Canada, UK, Ireland, Germany, France, Czech Republic, Israel, Japan, Russia and India. Cybersecurity 

companies in the US suffered the highest incidents, followed by the UK and Canada, then Ireland, Japan, 

Germany, Israel, the Czech Republic, Russia, and Slovakia. 

Today’s mega Data Breaches are now costing companies $392 to recover from. 

How to Stop Confidential Database Data from Being Ransomed or Sold on the Dark Web? 

Confidential database data includes: credit card, tax ID, medical, social media, corporate, manufacturing, 

law enforcement, defense, homeland security and public utility data. This data is almost always stored in 

Cassandra, DB2, Informix, MongoDB, MariaDB, MySQL, Oracle, PostgreSQL, SAP Hana, SQL Server 

and Sybase databases. Once inside the security perimeter (e.g. via a Zero Day attack) a Hacker or Rogue 

Insider can use commonly installed database utilities to steal confidential database data. 

Non-intrusive network sniffing can capture and analyze the normal database query and SQL activity from 

a network tap or proxy server with no impact on the database server. This SQL activity is very predictable. 

Database servers servicing 10,000 end-users typically process daily 2,000 to 10,000 unique query or 

SQL commands that run millions of times a day. 

Advanced SQL Behavioral Analysis of Database Query and SQL Activity Prevents Data Breaches 

Advanced SQL Behavioral Analysis of the database SQL activity can learn what the normal database 

activity is. Then from a network tap or proxy server the database query and SQL activity can be nonintrusively 

monitored in real-time and non-normal SQL activity immediately identified. These approaches 

are inexpensive to setup. Now nonnormal database SQL activity from Hackers or Rogue Insiders can be 

detected in a few milli seconds. The Hacker or Rogue Insider database session can be immediately 

terminated and the Security Team notified so that confidential database data is not ransomed or sold on 

the Dark Web. 

Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum 

amount of data queried plus the IP addresses all queries were submitted from for each of the 2,000 to 

10,000 unique SQL queries sent to a database. This type of data protection can detect never before 

observed query activity, queries sent from a never observed IP address and queries sending more data 

to an IP address than the query has ever sent before. This allows real-time detection of Hackers and 



Rogue Insiders attempting to steal confidential database data. Once detected the security team can be 

notified within a few milli-seconds so that an embarrassing and costly data breach is prevented. 


Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools 

company. He is the architect of the Database Cyber Security Guard 

product, a database Data Breach prevention product for Informix, 

MariaDB, Microsoft SQL Server, MySQL, Oracle and Sybase 

databases. He has a Master’s Degree in Computer Science and has 

worked extensively over the past 25 years with real-time network 

sniffing and database security. Randy can be reached online at 

rreiter@DontBeBreached.com, www.DontBeBreached.com and 

www.SqlPower.com/Cyber-Attacks. 



No Meows Is Good News: Proactive Nosql Database 

Security in The Era of Meow Attacks 

By Jack Harper, Director of Professional Services at Couchbase 

This summer, a spate of cyberattacks in which cybercriminals targeted internet connected ElasticSearch 

and other unsecured databases continued to fuel concerns about database security. And the attacks 

were not only prolific, they were more brazen: the “Meow” attacks in particular were a series of automated 

malware that completely destroyed unsecured databases vs. taking the data hostage. It was game over 

before the ball was even in play. 

Deja Vu? 

In 2017, thousands of unsecured instances of MongoDB and ElasticSearch fell prey to attacks by a threat 

actor using the moniker Krakeno. These types of attacks resurfaced this summer with nearly 30,000 

users affected in July. Thousands of businesses lost their data in this mass data hostage event, then the 

Meow attack came along--accessing unsecured databases-- and one-upped the Krakeno-like attacks by 

completely destroying the data with its automated malware. 

The ongoing attacks suggest that database administrators or developers continue to overlook appropriate 

security in their internet-facing databases (NoSQL) that are at the crux of these attacks, leaving them to 

fall prey to the likes of Meow. To understand how to implement adequate security in a NoSQL 

environment, let’s first take a closer look at what a NoSQL database is and better educate ourselves on 

what tighter security controls in a NoSQL environment actually look like. 

A NoSQL Primer 

NoSQL databases are a product of the 21 st century’s desire to deliver increasingly fast, always-on digital 

experiences. Unlike their older and better-known ‘relational' database relatives that require predictable 

and structured data to operate, NoSQL (Not-Only-SQL) provides an extremely dynamic and cloud- 



friendly way for organizations to manage real-time, unstructured data. NoSQL databases commonly 

deployed to be internet-facing, which can allow cybercriminals to poke holes in them if they are unguarded 

or poorly planned and executed. 

The reality is that modern applications need NoSQL databases, which places the onus on the designers 

and developers to build or use better systems to protect them. The issue can be addressed if vendors 

create secure-by-default features and users follow security best practices. 

Planning is everything 

It really is this simple: plan correctly, and your business will be able to prevent vulnerabilities and leaks 

before they occur. And it starts with choosing the right NoSQL provider. If the vendor sells security as a 

bolt-on feature that’s not baked into the system, they probably aren't the right partner to start with. It’s 

your duty to ask the hard questions around their knowledge of end-to-end security. Check their 

development logs to see if they have been reporting vulnerabilities in their systems and ask about how 

easy it is to implement security capabilities around the database. Research can be a tedious step in 

selecting the right provider, but it’s also imperative. It could make the difference between suffering an 

attack and not. 

Next, think about how your data is secured in transit. Data is never only transferred behind the firewall, a 

lot of it is going to move outside of your organization, and while this isn't dangerous in and of itself, it is 

where the most risk lies. Beyond your network are a host of third parties that may not follow your 

encryption policies, making it even more important for you to encrypt every dataset – regardless of where 

it’s stored. Make sure your planning includes securing data both at rest and in transit by investing in SSL 

connections for client/server and server/server communications. 

Your NoSQL database needs to form part of your security planning and must have a visible security 

roadmap that provides insights into how its developers are ensuring that it is continually updated and 

secured. As with any new technology, improvements are continuous, making it essential for your teams 

to regularly check and implement these changes, especially if they have a material impact on your 

cybersecurity policies or needs. 

Nine tips to NoSQL security success 

Once the planning is done, now it’s time to put it into practice. Here are nine tips on how to avoid falling 

prey to cyber-attacks--or becoming “Meow Mix”: 

#1 Don’t expose raw databases to the internet. This is a fundamental security rule, and as simple as 

it sounds, it is important as they come. If you don’t store all your nodes behind a secure database firewall, 

you risk the security of your sensitive information. 

#2 Keep your software up to date. Security professionals will warn that security starts at the weakest 

link, and this is often out of date server operating systems. So unless you install the latest encryption 

patches, no data security can be guaranteed. As the WannaCry, Spectre/Meltdown, and now Meow 

attacks have highlighted, there’s no substitute for responsible patch management. 



#3 Delete “default” and sample databases. The word “default” is the playground for cybercriminals. 

Those who have suffered cyber breaches will know, it can nearly always be replaced with the phrase 

insecure: default passwords are weak passwords; default settings are unsafe settings. If there is a default 

anything in your environment – always delete it. 

#4 Strong passwords are essential. Again, another seemingly mundane and straightforward action, 

but one that is the most overlooked. Default or weak passwords attract cybercriminals like bees to honey. 

Change passwords often, use unique passwords for different projects, make sure passwords are strong, 

and very importantly, change all default passwords. 

#5 Use role-based access control (RBAC) and Active Directory. Control privileges to both 

administrative activities and data access with fine-grained access control. Also, protect user credentials 

and manage them at a centrally controlled place with Active Directory. 

#6 Encrypt your data in-transit, on the wire, and at rest: Make sure that your data is encrypted as it 

travels over networks during client-server communications or when it is being replicated within the 

database server or being replicated between database servers in different data centers/zones/regions. 

Likewise, you should encrypt the data when it is stored for persistence. These measures prevent 

unauthorized access to data at all levels. 

#7 Use updated TLS Ciphers. Transport Layer Security (TLS) enables secure network communications. 

This security can be further enhanced by using updated versions of the ciphers and/or by picking 

customized ciphers. On top, a well-thought-out policy for certification expiration/rotation/revocation 

should also be implemented. 

#8 Limit port access. Allow firewalled access to the minimum set of network ports that are needed for 

your database to work. 

#9 Report security issues immediately. If your database has been breached or you think there may 

be a security flaw, report it. Immediately. There is a community of people out there that can offer you 

advice and benefit from this information. Security is always better when we pool resources and work 

together as an industry – keeping us one step ahead of cybercriminals. 

A problem shared 

Hackers and cybercriminals are always going to be part and parcel of our business life. It is a bleak 

reality. We need to invest in education and adopt best practices, and we need to acknowledge that 

ensuring compliance and adopting good security policies is an industry-wide responsibility. 

For those of us deploying, implementing, and developing on databases, this is even more relevant. From 

web, mobile, and app developers through to C-suite and technology executives, everyone involved in 

databases has responsibility for ensuring they are secure. NoSQL vendors also have a responsibility to 

ensure that their systems provide users with the tools to secure themselves better and secure their 

services by default. 



If the recent spate of attacks is anything to go by, it is unrealistic to think that NoSQL data breaches and 

leaks are a thing of the past. Instead, we need to view each one as a reminder for businesses to take 

database security seriously. 


My name is Jack Harper, I am the Director of Professional 

Services at Couchbase. 

Jack Harper is a leader on the Professional Services team at 

Couchbase, where he leverages nearly 20 years of 

experience identifying, mitigating, and resolving technical 

issues as well as architecting and implementing solutions for 

customers. His background also includes extensive 

experience with software testing and QA best practices and 

methodologies as they relate to various implementations of 

the SDLC (Agile, XP, RAD, waterfall). Jack is a Certified PMP 

(Project Management Professional) with 6+ years’ 

experience working on software development projects. 

Jack Harper can be reached online at (TWITTER, LinkedIn 

and at our company website https://www.couchbase.com / 



Takeaway from the SANS Institute Attack: Without 

Proper Care, “Consent Phishing” Can Happen to Anyone 

Gamified Training for Security Teams Can Raise Vigilance and Advance Skills to Defend Against the 

Latest Attack Exploits. 

By Chloé Messdaghi, VP of Strategy, Point3 Security 

The SANS Institute, established in 1989 as a cooperative research and education organization, has 

helped train and inform more than 165,000 security professionals around the world – from auditors and 

network administrators to chief information security officers and security experts across the global 

information security community. 

A deeply trusted source for information security training, security certifications and research, the SANS 

Institute also operates the Internet's well-regarded early warning system - the Internet Storm Center. 

So when the SANS Institute reported it was the victim of a phishing attack that led to the theft of 28,000 

records, the cybersecurity community echoed with the question: how could that have happened? 

We don’t know if the SANS employee who clicked the bad link (or links) was on the security team or if 

they were in another function such as sales, marketing or operations. If they were not on the security side 

of SANS, there’s the strong potential that they were apathetic about cybersecurity because they’ve never 



had an attack targeted at them before. If the phishing target was someone not on the SANS security 

team, it begs questions about what kind of training they had. Many companies train hundreds or 

thousands of “civilian” non-technical employees virtually and dryly, with multiple choice questions and 

very basic content, rather than employing ongoing training and testing. 

And as we’ve seen, if the employee is checking their email on their phone or a smaller device, they’re 

more likely to click on a bad link – both because the visual acuity to the bad link is very poor and because 

of the sense of immediacy that these devices drive in us all. 

It’s so important to train employees never to click on an embedded link from a stranger, and never click 

on a short URL such as a Bitly. Email recipients must be trained and regularly reminded to look for and 

identify the entire link before clicking on it – every time. 

We might not ever know exactly how the person fell into the trap - SANS might not share that - but the 

malicious payload could have been within any incoming message. A bogus sales or prospect email, a 

message purporting to be from the recipient’s manager, or some intriguing topic of broader interest are 

common ploys, as are urgent company security warnings, employee bonus and holiday notifications, and 

even messages claiming to hold confidential personnel data. 

Phishers definitely understand the human element, and they work to understand peoples’ pain points and 

passions to make their emails compelling. They also know when to send a phishing email to drive 

immediate responses. That why we counsel that if a supposed work email comes in after work hours, it’s 

best not to respond – especially from a mobile device. Or if there’s a time-sensitive, must respond email, 

the sender should also text the receiver both to let them know and to help the recipient know that the 

email is legitimate. 

And if the phishing victim at SANS actually IS someone on the security team, it’s important to realize that 

they’re likely not apathetic to security practices but that the organization either may not be investing in 

their own security teams, or team members may be suffering from burn out. 

It’s important to realize that burn-out is a natural by-product of both the transition to WFH and the urgency 

of the current situation. This means it’s more important than ever to gain an unbiased and equitable 

performance measurements, and to invest in the security team's development and up-skills training, and 

do so in ways (such as gamification) that are personally engaging as well as professionally helpful. 

Otherwise, we’re at risk of depending on security teams who are both under equipped and undermotivated 

to protect their colleagues. 

The objective assessment of skills that gamified training provides is also a wellspring of useful, unbiased 

information on some of the inherent strengths and weaknesses of individual employees, and helps both 

team members and employers address skills gaps in positive ways. 

At the core, gamification is play – it’s also an assessment means that offers benefits without injury to data 

or concern to talented team members. It’s proving to be a great way to cultivate talent, both security pros 

and those they serve, growing their skills in ways that hit the temporal lobe, actually rewards participants, 

and keeps vigilance against phishing and other attack methods front of mind. 

As the latest findings from Juniper Threat Labs on the continually evolving IcedID trojan and malware 

dropper show, the sophistication level of exploits is growing constantly, and bad actors are investing 

heavily in innovation. 

And unfortunately, too many companies aren’t following suit in investing in either their teams or defense 

strategies. For example, recent IBM findings showed that only one third of companies had a breach 



playbook, and of those having playbooks, most applied them inconsistently. Given that the average 

breach costs the organization $8.9 million, not counting the opportunity costs of lost business, it’s clear 

that proactive, ongoing cybersecurity awareness is imperative. 

At this point, the only two things that we know are that we are seeing more phishing attacks this year 

than ever before, and that SANS was fast and forthright in responding to this attack. While some personal 

information was disclosed, it could have been far worse – fortunately, no financial information was 

leaked. 

The takeaway is: we all need to stay aware, humble and prepared – if a phishing attack can snag 

someone at the SANS institute, it can happen to any of us who let our guard down. 


Chloé Messdaghi is vice president of strategy at Point3 Security, 

president at Women of Security (WoSEC), founder of 

WeAreHackerz, ethical hacker advocate, podcaster, and is an 

expert in the cybersecurity industry. She is a frequent speaker 

at cybersecurity conferences and events, and is a trusted source 

to business and security media. 

Chloé Messdaghi, VP of Strategy, Point3 Security 

Chloé can be reached online at @ChloeMessdaghi and at our 

company website Point3.net (ittakesahuman.com). 



Behind the Scenes of AppSec’s Misalignment 

There’s something to be heard in the conversation. 

By John Worrall, CEO at ZeroNorth 

We live in a world defined by software, which is precisely why it must be secure. From the everyday 

applications we use on our devices to the avionic software of modern commercial aircraft, the code 

embedded behind the functions of civilization matters in every way. But there’s a problem. Our current 

approach to building and delivering this critical software is now in the midst of a serious evolution, as it 

moves from siloed processes and mindsets to something more unified. 

Our current model for building secure software often revolves around buying a scanning tool… and then 

another… and another… until we find ourselves with a craftsman-like approach that produces data in 

different formats. Aside from the deep knowledge needed to run each tool, the even bigger obstacle is 

processing the overwhelming amount of information resulting from those scans. And just like a craftsmanstyle 

approach, it isn’t scalable and can’t cover the needs of a growing business—or a planet becoming 

increasingly reliant on software. 

Proof of the Problem 

Fortunately for those who care about the security of modern applications, there are some solutions on 

the horizon. A recent report conducted by the Ponemon Institute and sponsored by ZeroNorth provides 

some real insight on how the ownership and governance of application security is fragmented and in 

need of repair. But this “repair” comes from better relationships, not better code. 

Ponemon’s report clearly illustrates just how deep the divide between AppSec and DevOps has grown, 

more specifically around the issue of how to build secure software from day one. According to the 

research, 77% of developers say this existing schism affects their ability to meet organizational 

expectations, such as deadlines, while 70% of AppSec professionals claim the divide puts the security of 

applications at risk. 1 And what we see as a result is not technology holding up progress, but people. 

1 

Source: Revealing the Cultural Divide Between Application Security and Development 



As organizations continue to look for more effective ways of prioritizing software security, without 

impacting productivity, they are realizing that developers view these measures as a hindrance to 

innovation and speed. And, of course, AppSec teams believe DevOps should be far more vigilant about 

ensuring security happens at all stages of the development life cycle. In fact, 65% of security pros say 

developers publish code with known vulnerabilities, while the same exact percentage (65%) of 

developers say the security team doesn’t understand the pressure they’re facing. 2 And therein lies the 

misalignment. 

Another part of this misalignment comes from a lack of clarity about who actually owns the security piece 

in the first place. Only 67% of AppSec professionals believe their team is ultimately responsible for the 

security of software applications, compared to just 39% of developers. These numbers alone indicate a 

massive gap in the larger security effort, a gap that raises serious questions about accountability and 

visibility. When misalignment within an organization is this extreme, and no one knows who’s “watching 

the kids,” the integrity and success of the business is jeopardized. 

Thoughts for the Future 

So, what does a more unified mindset around security look like? It starts with a mutual understanding of 

each other’s roles and responsibilities, of each other’s requirements. A more federated outlook on 

AppSec means everyone involved—from security to business to product leaders—are doing their 

prescribed part to ensure security is prioritized. But it requires a coordinated effort and unified approach. 

The work is fragmented and so are the results. Everyone has to bond on their shared desire to build and 

deliver quality software to market, together as a larger team. 

Then we can improve things. This divide between security and development professionals offers up a 

much-needed opportunity for change, in both thinking and practice. With the right moves, CISOs and 

other security leaders can bridge this gap by embracing a unified approach for AppSec. This would allow 

security teams to sets standards and provides frameworks, while DevOps and product teams execute 

their work within those guidelines. By serving as unifier, CISO and other security leaders have a chance 

to make security front-and-center, without hindering the speed and velocity requirements of the Dev 

teams. 

The “right moves” will be different among organizations, but modeling a mindset and culture of security 

first is a great start. Everyone involved needs to remember that a robust AppSec program is not just nice 

to have, or worse an obstacle—it’s a business imperative. In this scenario, CISOs can advise teams to 

formulate a stronger coordinated effort, where security, DevOps and business teams come together for 

the good of software, for the good of the world. It may sound dramatic, but it’s entirely true. 

Security leaders also need to ensure the proper resources are allocated to safeguard applications in the 

development and production phase of the software life cycle. This includes training and support to help 

developers build the necessary secure coding skills. They also need to implement continuous testing 

throughout the development life cycle, starting at code check-in, to find and fix vulnerabilities early in the 

process. These moves help to stay on top of vulnerabilities, improve developer productivity and get 

product releases out the door on time. As members of senior leadership, CISOs need to build security 

into the organization’s overall risk management strategy and report out on the business’ most important 

KPIs. 

2 

Source: Revealing the Cultural Divide Between Application Security and Development 



Next Steps 

Where we go from here is actually pretty clear. We need to build a shared vision, bring teams together 

and communicate about who does what and when. Commitment from both sides is critical to build this 

kind of collaborative relationship, but it is possible. And once everyone acknowledges the many ways 

security can improve the final outcome, including all the business benefits resulting from strong product 

security, they will hopefully find things just work better when everyone’s on the same side. 


John Worrall joined ZeroNorth in 2019 as chief executive officer, 

leading the company in its delivery of the only platform for risk-based 

vulnerability orchestration across applications and infrastructure. As 

CEO, John heads up all aspects of the company’s strategy, product, 

operations and go-to-market functions. Prior to this role, John was 

chief marketing officer (CMO) at CyberArk, where he played a critical 

role in leading the company through its initial public offering. He also 

held the position of executive vice president at CounterTack, serving 

on the leadership team that secured the company’s Series A funding. 

Before his time at CounterTack, he was the chief marketing officer at 

ActivIdentity; vice president and general manager of the Security 

Intelligence & Event Management business unit at RSA; and CMO at 

RSA. John holds a bachelor’s degree in economics from St. Lawrence University. 

Website: https://www.zeronorth.io/ 

SOCIALS: 

Twitter 

Personal 

Company 

LinkedIn 

Personal 

Company 



Emotet Attacks Surge in 2020, but Could Be Prevented 

By Dan Piazza, Technical Product Manager, Stealthbits Technologies, Inc. 

The Emotet malware, originally detected as a banking trojan in 2014, has become one of those most 

prevalent malware threats in 2020, and the economic fallout from an Emotet attack can range into millions 

of dollars (USD). Over the years Emotet has evolved well beyond a banking trojan and is typically 

delivered via phishing emails that turn infected hosts into bots and malware spreaders. Emotet is also no 

longer content simply executing its own malicious code – once a victim is infected Emotet can download 

additional malware into the network, such as Ryuk or Trickbot. 

However, the biggest threat Emotet brings is still the spread of ransomware throughout an organization 

– encrypting everything in its path and often exfiltrating sensitive data so the attacker can threaten the 

victim with a public leak of that information if the ransom isn’t paid. 

Emotet is also quite hard to detect and eliminate. Emotet is polymorphic – meaning it constantly changes 

itself to maintain persistence and avoid signature-based detection by endpoint protection. It’s also 

modular, meaning components can easily be swapped in and out depending on what an attacker wants 

to achieve. Some variants act as ransomware, others target cryptocurrency wallets, and some may 

propagate botnets. Emotet is even aware of when it’s running inside a VM and will lay dormant to avoid 

detection in sandboxed environments – which security researchers use to observe and decompile 

malware in a safe space. 



Coupled with a wide variety of attack techniques, one could say Emotet’s complexity and effectiveness 

make it “enterprise-grade” malware. Additional techniques used by Emotet include password grabbers, 

software packing, obfuscated files, network sniffing, process discovery, remote service exploits, 

command and control (C2) using non-standard ports, data exfiltration via C2 channels, and more. With 

its current feature set and ability to quickly evolve, the danger Emotet poses is clear. 

Taking advantage of another recent malware trend, Emotet has also become a malware-as-a-service 

that’s sold to various threat actors on the dark web that otherwise may not have had the capability of 

developing such complex malware themselves. This opens the door to less-skilled attackers utilizing the 

power of Emotet, resulting in even wider spread of the already prevalent malware. Add this to the malware 

“dropper” capabilities of Emotet, and it’s single-handedly keeping older malware variants alive, spreading, 

and prospering. 

User Education – More Important Than Ever 

Given that most Emotet infections start as phishing emails, this surge in matured Emotet attacks is a 

perfect example of why organizations need to continuously educate users on how to detect and avoid 

modern phishing emails. Although spam filters and other methods of blocking malicious messages should 

be in place for all organizations, it only takes one email to get through and successfully trick a user for 

Emotet to start moving laterally throughout a network and eventually into domain admin rights. Emotet 

will also hijack legitimate, existing email threads once a host has been infected, so users need to be wary 

of every email they receive and not just new threads from fake or spoofed addresses. 

Unfortunately, it's inevitable that a user will eventually slip up, succumb to a phishing attack, and become 

infected. That's when Emotet starts to move laterally through a network until it gains domain admin rights, 

which brings up two valuable points: limit special share access, and keep all systems patched and up to 

date. Emotet, and the malware variants it delivers, often prefer to target admin$, c$, and ipc$ shares to 

enumerate and move through a network. By limiting access to these shares to the absolute minimum, it’s 

possible to slow Emotet down and block its go-to infection routes. This should be coupled with ensuring 

all systems are running the latest updates provided by software and OS vendors, so vulnerable exploits 

can be patched and eliminated as they’re discovered. 

Limiting the Scope of Attacks 

Cybersecurity software, such as privileged access management, can also limit the scope of what 

privileged sessions (that Emotet targets) can do by not only limiting access to resources, but also by 

limiting which specific actions can be taken during these sessions. The goal of this workflow is to reduce 

the standing privilege in a network to zero, which drastically reduces the attack surface for Emotet and 

buys time for the security team to remove the threat once detected. 

Emotet continues to be a major threat and source of stress for IT and security professionals everywhere, 

however with proper preventative measures it’s possible to halt it dead in its tracks. 




Dan Piazza is a Technical Product Manager at Stealthbits 

Technologies, responsible for File Systems and Sensitive Data 

in their Data Access Governance solution, StealthAUDIT. He’s 

worked in technical roles since 2013, with a passion for 

cybersecurity, data protection, storage, and automation. 

Stealthbits is a cybersecurity software company focused on 

protecting sensitive data and the credentials attackers use to 

steal that data. 

Dan can be reached online at linkedin.com/in/danieljpiazza 

and at our company website https://www.stealthbits.com/ 



Zero Trust Model Is Meaningless Without TLS Inspection 

Protecting users against modern, invisible cyber threats 

By Babur Khan, Technical Marketing Engineer at A10 Networks 

A security strategy is only as strong as its weakest point. No matter how extensive your network defenses 

are, if there is even one blind spot, you are still vulnerable to attacks. This is true even for the Zero Trust 

model, at the core of modern cybersecurity. Fortunately, there is a way to fix it. 

Zero Trust Model: The Perfect Security Strategy…with a Catch 

Zero Trust security / Zero Trust model has become a critical element of network defense. Its rise has 

been driven by the way traditional concepts of secured zones, perimeters, network segments—even 

“inside” and “outside”—have been rendered outdated by the modern cyberthreat landscape. After all, you 

can’t count on walls to keep you safe from insider attacks by people with legitimate access, prevent multilevel 

attacks designed to bring networks down, or stop lateral movement during the course of an attack. 

• The Zero Trust model responds to these challenges by adopting the approach of “trust nobody”—inside or 

outside the network. Cybersecurity strategies are redesigned accordingly along four key principles: 

• Create network micro-segments and micro-perimeters to restrict east-west traffic flow and limit excessive 

user privileges and access as much as possible. 



• Strengthen incident detection and response using comprehensive analytics and automation. 

• Integrate solutions across multi-vendor networks with ease, so they can work together seamlessly, enabling 

compliance and unified security. The solutions should also be easy to use so that additional complexity can 

be removed. 

• Provide comprehensive and centralized visibility into users, devices, data, the network, and workflows. 

This sounds good in principle. Even the name “Zero Trust Security” is reassuring, with absolute terms 

that suggest absolute protection. But there is a catch: The Zero Trust model works only when you have 

full visibility into people and their activities. If something is invisible, there is no way for you to ensure that 

it does not pose a risk. And that is true for the vast majority of network traffic thanks to the widespread 

use of encryption. 

Zero Trust Model / Zero Trust Security Blind Spot 

Encryption is now ubiquitous across the internet. Google reports that over 90 percent of the traffic passing 

through its services is encrypted, and the numbers are similar for other vendors as well. This trend has 

been great for privacy—but it is devastating for security, whether you are implementing a Zero Trust 

model or something different. As encryption renders network traffic invisible to legacy solutions, your 

network’s security stack is effectively useless. 

In response, many security vendors incorporate TLS inspection into their solutions. In effect, they decrypt 

traffic, inspect it, and then re-encrypt it before passing it on. But this “distributed TLS inspection” 

approach, in which decryption and re-encryption happens separately for each device in the security stack, 

brings problems of its own. Network bottlenecks and performance problems typically compromise service 

quality for business users and customers—an unacceptable penalty in today’s competitive business 

environment. What is more, the need to deploy private keys in multiple locations across the multi-vendor, 

multi-device security infrastructure expands the attack surface, increasing risk. 

For the Zero Trust model to deliver on its promise, companies need a way to eliminate the Zero Trust 

model blind spot without sacrificing service quality. 

Full Encrypted Traffic Visibility via TLS inspection 

avoid the downsides of distributed encryption, a solution must provide full visibility to the enterprise 

security infrastructure through a dedicated, centralized SSL decryption solution. This needs to be 

complemented by a multi-layered security approach for optimal protection. 



Solutions need to take a “decrypt once, inspect many times” approach, letting the entire security 

infrastructure inspect all traffic in clear text, at fast speeds, to avoid performance penalties and excess 

complexity. The following additional features also support the four key principles of Zero Trust discussed 

above: 

User access control – SSL Insight can enforce authentication and authorization policies to restrict user 

access, log detailed user access information, and provide the ability to apply different security policies 

based on user and group IDs. Additional security services including URL filtering, application visibility 

and control, threat intelligence, and threat investigation help strengthen the security efficacy of the entire 

enterprise network. 

Micro-segmentation – Granular traffic control, user and group ID-based traffic control, and support for 

multi-tenancy facilitate micro-segmentation. 

Rapid incident detection and response – The Harmony® Controller SSLi app provides comprehensive, 

centralized visibility, and the ability to manage all SSL Insight deployments remotely from one location, 

ensuring that uniform policies are applied across the organization. 

Flexible deployment and integration – As a vendor-agnostic solution, SSL Insight integrates easily 

with existing security devices by placing them in a secure decrypt zone. 

Ease of Use – SSL Insight can be deployed within minutes in any network environment without causing 

any network outages or disruptions. Centralized management enables full visibility, uniform security 

policy enforcement, unified analytics, and SaaS traffic visibility across all SSL Insight deployments. 

Without centralized and dedicated SSL inspection/TLS inspection, the Zero Trust model is unable to do 

what it was designed to do – protect our networks, users and data from threats residing inside and outside 

the network. SSL Insight provides a complete solution that not only enables the inspection of all incoming 

and outgoing traffic, but also provides additional security services that can help strengthen your Zero 

Trust strategy 




Babur Nawaz Khan is a Technical Marketing Engineer at A10 

Networks. He primarily focuses on A10's Enterprise Security and 

DDoS Protection solutions. Prior to this, he was a member of A10's 

Corporate Systems Engineering team, focusing on Application 

Delivery Controllers. Babur holds a master's degree in Computer 

Science from the University of Maryland, Baltimore County. 

Babur can be reached at our company website 

https://www.a10networks.com/contact-us/contact-sales/ 



Automated Pentesting – Ready to Replace Humans? 

Is Automation the end of human pentesting? 

By Alex Haynes, CISO, CDL 

In the past few years, automation in many spheres of Cybersecurity has increased dramatically, but 

pentesting has remained stubbornly immune to this. While crowdsourced security has evolved as an 

alternative to pentesting in the past 10 years, it’s not based on automation but simply throwing more 

humans at a problem (and in the process, creating its own set of weaknesses). Recently though, 

automated pentesting tools have now surfaced to a point where they are usable to automate pentesting 

under certain conditions. This begs the question, are human pentesters heading for redundancy? Can 

we replace them with these tools? 

To answer this question, we need to understand how they work, and crucially, what they don’t do. While 

I’ve spent a great deal of the past year testing these tools and comparing them in like-for-like tests against 

a human pentester, the big caveat here is that these automation tools are improving at a phenomenal 

rate, so depending on when you read this, it may already be out of date. 

First of all, the ‘delivery’ of the pentest is done by either an agent or a VM, which effectively simulates the 

pentester’s laptop and/or attack proxy plugging into your network. So far, so normal. The pentesting bot 

will then perform reconnaissance on its environment by performing identical scans to what a human 

would do – so where you often have human pentesters perform a vulnerability scan with their tool of 

choice or just a ports and services sweep with nmap or masscan. Once they’ve established where they 

sit within the environment they will filter through what they’ve found and this is where their similarities to 

vulnerability scanners end. 



Vulnerability scanners will simply list a series of vulnerabilities and potential vulnerabilities that have been 

found with no context as to their exploitability and will simply regurgitate CVE references and CVSS 

scores. They will sometimes paste ‘proof’ that the system is vulnerable but don’t cater well to false 

positives. The automated pentesting tools will then choose out of this list of targets the ‘best’ system to 

take over, making decisions based on ease of exploit, noise and other such factors. So for example, if it 

was presented with an windows machine which was vulnerable to eternalblue it may favour this over 

brute forcing an open SSH port that authenticates with a password as it’s a known quantity and much 

faster/easier exploit. 

Once it gains a foothold, it will propagate itself through the network, mimicking the way a pentester or 

attacker would do it, but the only difference being it actually installs a version of its own agent on the 

exploited machine and continues its pivot from there (there are variations in how different vendors do 

this). It then starts the process again from scratch, but this time will also make sure it forensically 

investigates the machine it has landed on to give it more ammunition to continue it’s journey through your 

network. This is where it will dump password hashes if possible or look for hardcoded credentials or SSH 

keys. It will then add this to its repertoire for the next round of its expansion. So while previously it may 

have just repeated the scan/exploit/pivot this time it will try a pass the hash attack, or try connecting to 

an SSH port using the key it just pilfered. Then, it pivots again from here and so on and so forth. 

If you notice a lot of similarities between how a human pentester behaves then you’re absolutely right – 

a lot of this is exactly how pentesters (and to a less extent) attackers behave. The toolsets are similar 

and the techniques and vectors used to pivot are identical in many ways. So what’s different? 

Well first of all, the act of automation gives a few advantages over the ageing pentesting methodology 

(and equally chaotic crowdsourced methodology). 

The speed of the test and reporting is many magnitudes faster, and the reports are actually surprisingly 

readable (after verifying with some QSA’s, they will also pass the various PCI-DSS pentesting 

requirements). No more waiting days or weeks for a report that has been drafted by humans hands and 

gone through a few rounds of QA before being delivered into your hands. This is one of the primary 

weaknesses of human pentests since the adoption of continuous delivery has caused many pentest 

reports to become out of date as soon as they are delivered since the environment on which the test was 

completed has been updated multiple times since, and therefore, had potential vulnerabilities and 

misconfigurations introduced that weren’t present at the time of the pentest. This is why traditional 

pentesting is more akin to a snapshot of your security posture at a particular point in time. 

Automated pentesting tools get around this limitation by being able to run tests daily, or twice daily, or on 

every change, and have a report delivered almost instantly. This means you can potentially pentest your 

environment daily and detect changes in configuration on an exploitability level on a daily basis too rather 

than relying on a report delivered weeks later. 

The 2 nd advantage is the entry point. While with a human pentest you may typically give them a specific 

entry point into your network, with an automated pentest you can run the same pentest multiple times 

from different entry points to uncover vulnerable vectors within your network and monitor various impact 

scenarios depending on the entry point. While this is theoretically possible with a human it would require 

a huge budgetary investment due to having to pay each time for a different test. 

So what are the downsides to all this? Well first off, automated pentesting tools don’t understand web 

applications – at all. While they will detect something like a web server at the ports/services level they 

won’t understand that you have an IDOR vulnerability in your internal API or a SSRF in an internal web 



page that you can use to pivot further. This is because the web stack today is complex, and to be fair 

even specialist scanners (like Web Application Scanners), have a hard time detecting vulnerabilities that 

aren’t low hanging fruit (such as XSS or SQLi). This leads to a secondary weakness in automated 

pentesting tools in that you can only use them ‘inside’ the network. As most exposed company 

infrastructure will be web based, and automated pentesting tools don’t understand these, you’ll still need 

to stick to a good ol’ fashioned human pentester for testing from the outside. 

To conclude, the technology shows a lot of promise, but it’s early days and while they aren’t ready to 

make human pentesters redundant just yet, they do have a role in meeting today’s offensive security 

challenges that can’t be met without automation. 


Alex Haynes is a former pentester with a background in offensive 

security and is credited for discovering vulnerabilities in products by 

Microsoft, Adobe, Pinterest, Amazon Web Services and IBM. He is 

a former top 10 ranked researcher on Bugcrowd and a member of 

the Synack Red Team. He is currently CISO at CDL. Alex has 

contributed to United States Cyber Security Magazine, Cyber 

Defense Magazine, Infosecurity Magazine, and IAPP tech blog. He 

is also a regular speaker at security conferences on the topic of 

offensive security. 



Mitigating the Pitfalls of Onedrive Security 

By Veniamin Simonov, Director of Product Management, at NAKIVO Inc. 

With COVID-19 triggering a potential long-term shift to working from home, SecOps teams are coming 

under increasing pressure to keep data safe and systems secure. When it comes to cloud storage and 

the protection of business data and applications, remote work has increased the threat of data loss and 

data theft. Teleworking has also laid bare the data safety shortcomings of even established services like 

Microsoft OneDrive. 

Millions of people and businesses rely on OneDrive as a cloud storage and synchronization service and 

for good reason. It’s been built with cybersecurity in mind. It is also one of the best and most powerful 

cloud storage and syncing apps around, beating out DropBox, iCloud and Google Drive thanks to its ease 

of use and simplicity. However, users should not rush to store all their data in OneDrive or any online 

platform without carefully considering the data safety risks of cloud storage. If you want to use OneDrive 

safely you should know the risks beforehand so you can make better decisions to reduce the probability 

of undesired scenarios. 

The three main safety and security concerns users should consider are data theft, data corruption and 

data loss. In this article, we discuss how to mitigate them. 



Not even Microsoft is fool proof 

While Microsoft maintains that files stored on OneDrive are secure because they are encrypted on 

Microsoft servers, this doesn’t mean you cannot be hacked. Aggressive hackers can access your drive 

through trivial but surprisingly common mistakes. Using simple passwords and storing them in obvious 

locations on your computer is a great example of a common error that could weaken your security. If it’s 

easy for you to find, then it’s easy to do so for a persistent hacker too. 

The risk is only further heightened by operating on public Wi-Fi networks, especially if you need to log in 

to your Office 365 account. If the firewall is configured improperly on a router, attackers can use open 

ports and vulnerabilities to infect computers. 

Another risk factor is providing more permissions than needed when sharing files on OneDrive, which 

gives other users the power to delete data, write unwanted changes to files and corrupt files if their 

computers are infected by viruses. Companies should avoid granting administrator privileges when they 

are not needed. Administrators should create regular user accounts for themselves for sending emails 

and working on routine tasks such as sharing files on OneDrive and editing Office 365 documents. 

Disaster can also strike when using an operating system without the latest security patches for software 

such as Windows or Flash Player. Browsers can also have hidden vulnerabilities that can lead to exploits 

as hackers manage to get control of a user’s machine. 

Of course, all these risks can be running in the background without the user’s knowledge for a prolonged 

period of time. A delayed response only makes matters worse and further compromises users, resulting 

in significant losses and making it difficult to restore any lost data. However, users may be able to prevent 

data loss by using the OneDrive security recommendations, which are rules to abide by for optimal use 

of cloud software. 

What are the security recommendations for using OneDrive? 

There are the obvious recommendations, such as using a strong password and making sure that your 

anti-virus software is up to scratch to make sure that it can detect malicious files on your computer and 

delete them to prevent infection and data loss. But there are also other official recommendations, such 

as deploying two-factor authentication with the Microsoft Authenticator mobile app. This will stop anyone 

from getting to your files even if they figure out your password. For example, if a thief accesses your 

device with a saved password, your phone acts as a second form of authentication. 

You can also protect more sensitive data with the OneDrive personal vault, as it requires another form of 

identification and automatically locks after a certain amount of time. This is especially useful if your device 

is compromised while your regular storage folder is unlocked. 

OneDrive also provides the Office 365 admin center for administrators of organizations to manage their 

security settings centrally. Its Security and Compliance Center and automation tools and security 

monitoring systems allow users to configure automated alerts that are triggered by suspicious activity. 

Exchange Online Protection is a feature that can protect Office 365 accounts in your organization against 

spam and malware. Microsoft Threat Intelligence and Advanced Threat protection also help protect Office 

365 users against malware. 



It’s the little things that count 

On any account, a user should not underestimate the importance of security or data protection. Avoiding 

the little errors, such as storing passwords, payment data and other critical files on OneDrive in a careless 

manner can make all the difference when it comes to creating a secure home office set up for employees. 

It’s the small changes that can make a big difference when it comes to data protection. 

This is because most of the security concerns for OneDrive stem from oversight and user error. To date, 

there is no evidence of data leaks caused by Microsoft errors from data centers used for OneDrive cloud 

storage. Microsoft uses modern technologies and standards for security and removes any found issues 

as soon as they are identified. Microsoft helps protect its users from potential threats by identifying and 

analyzing software and online content. When you download, install and run software, it checks the 

reputation of downloaded programs and ensures you’re protected against known threats. Users are also 

warned about software that is unidentifiable. On Microsoft’s end, encryption is performed when storing 

data on Microsoft servers and when transferring data over networks – and encryption is the king of data 

protection. 

Overall, just because Microsoft hasn’t experienced a OneDrive hack itself, doesn’t mean that users don’t 

have to worry about that. This is especially a risk when the virtual workforce is working from a variety of 

locations and accessing cloud storage via a number of devices. No antivirus or protection technology is 

perfect. So, as remote home and business users, it’s now more important than ever for them to be aware 

of and deploy OneDrive’s security recommendations, and that they work with network administrators to 

keep their networks safe in today’s accelerated threat landscape. If users can take a proactive approach 

and apply recommendations as they are communicated, OneDrive will continue to be a viable cloud 

service to support today’s remote working environment. End of article. 


My Name is Veniamin Simonov. I am Director of Product 

Management at Nakivo, and I am responsible for driving the 

execution of features and functionality for NAKIVO Backup & 

Replication. My background includes several positions in product 

management, with 10 years of experience working with 

virtualization and cloud technology. 

Veniamin can be reached online at @Naviko and at our company 

website https://www.nakivo.com/ 



Emerging Technologies Create A New Line of Defense in 

The Fight Against Fraud 

ARTIFICIAL INTELLIGENCE POWERS VOICE BIOMETRICS FOR A MORE SECURE, 

FRICTIONLESS CUSTOMER EXPERIENCE 

By Brett Beranek, Vice President and General Manager, Security and Biometrics, Nuance 

Communications 

A growing number of organizations are deploying biometrics for a simpler, more secure way for 

customers to validate their identities and do business with your organization. These emerging 

technologies, often powered by artificial intelligence, not only help to combat near-constant attacks by 

hackers, but they also provide your customers with high levels of security and convenience. 

Social disruptions, such as a global pandemic, produce new realities that create paradigms in myriad 

areas of life. That can mean accelerated transitions into new ways of living, from permanent work-fromhome 

arrangements and telehealth to remote schooling and virtual socializing. Simultaneously, these 

digital behaviors are opening new doors to hackers and fraudsters, who remain ready to capitalize on 

any vulnerabilities, chaos, and uncertainty. 

For example, Nuance has learned from its customers that the volume of fraud attacks is on the rise – 

ranging from 200% - 400% in the past few weeks, depending on the industry. Some of these relate 

directly to the pandemic, with recent reports 1 suggesting there have been at least 500 coronavirus-related 

scams and over 2,000 phishing attempts so far. This figure is only set to increase as time goes by. These 

crimes come with a hefty price tag, costing the global economy more than $5 trillion annually 2 . 

1 

The Guardian, April 2020 

2 Crowe Financial Cost of Fraud Report. 

3 

Choose.co.uk, March 2020 



Fraud is preventable 

Your first line of defense often means reminding your customers to use unique passwords not replicated 

on other sites, to enable multi-factor authentication, and to establish challenging questions to verify 

identities in the case of a forgotten password. As long as passwords are the first line of defense, then 

fraud losses will continue increasing year-after-year as it has for the past two decades. Fraudsters will 

leverage the tried-and-true methods of phishing for passwords, or leveraging the password reset process 

(e.g. OTP SMS or security questions) to perpetrate their fraud. I recently interviewed a fraud victim, Rob 

Ross, who lost over $1m because of this OTP SMS password reset mechanism alone. As an industry, 

we need to definitely put a big red X on passwords, password reset processes, and OTP SMS 

mechanisms if we ever stand a chance to start reversing the trend and see decreases in fraud losses. 

Server-Side biometric authentication and fraud prevention solutions offer a new line of defense 

Server-side biometrics modalities such as voice biometrics have proven hyper-effective at eliminating 

passwords, PINs, and security questions as authentication mechanisms in contact centers. You may 

have experienced yourself, maybe the last time you called your bank, that you were seamlessly 

authenticated this way. What you may not be aware of, is that regardless of if you authenticated this way 

or not, voice biometrics was also used to detect fraud on all incoming calls. This is the benefit of an 

integrated approach to using biometrics for both fraud prevention and authentication. Organizations have 

reported phenomenal results when this approach is taken; For example, HSBC reported over $500m in 

reduced fraud losses in 2019 due to this approach 3 . 

How is it that contact centers have become, in many cases, more innovative than digital channels such 

as mobile apps and websites when it comes to authentication and fraud prevention? One explanation is 

in the easy access to “free” device side biometric modalities, such as fingerprint readers and facial 

recognition on smartphones, which unfortunately by their very design, have had no impact on fraud 

prevention or the elimination of passwords. At the end of the day, because these biometrics modalities 

are device-based, they can’t be used to detect fraudsters (no ability to create a watchlist), and they require 

a reset process – which is often a PIN or a password. 

We have fallen into the trap of “free” and this has represented an immense gift to the fraud community. 

Device-side biometrics have created an illusion of increased security, which we are now paying a hefty 

price for. 

Server-side biometrics, deployed in an integrated fashion for both authentication and fraud prevention, 

are an essential tool to rid ourselves of passwords, security questions and OTP SMS. Let us learn from 

our peers in the contact center industry and apply these technologies to all of our customer engagement 

channels and finally put an end to the incessantly rampant fraud scourge. 

Consider a contact center environment with an integrated biometric authentication and fraud prevention 

solution in place. When a customer calls into the contact center, they can ditch the password and PIN 

and instead use the power of their voice, simply speaking the phrase “My voice is my password” to gain 

immediate access to their account. Biometric authentication analyzes more than 140 physical and 

behavioral characteristics, including the speaker’s accent and rhythm, to create a unique, individual 

voiceprint. In addition, the intelligence built into the authentication software can distinguish between live 

speakers and recordings by monitoring sound frequencies. As a result, these voiceprints are vastly more 

secure than conventional passwords; that is, hackers can steal a password, but they can’t steal a person’s 

voice or reverse-engineer it, even if they were to gain access to the voiceprint from the server. 



Beyond seamless, frictionless authentication to confirm a customer’s identity, an AI-powered fraud 

prevention platform can engage in real-time authentication to help ensure swift and accurate fraud 

prevention. If a criminal were to insert him- or herself into a conversation, for example, the intelligence 

can quickly identify it and help to prevent financial losses. Likewise, by automatically analyzing calls in 

real time, intelligent fraud prevention solutions can easily and quickly identify potential fraud cases before 

a crime is committed. 

These solutions can help to improve your security efforts across multiple channels (interactive voice 

response, SMS chat, virtual assistant, and live chat) to create an efficient, intelligent, more secure 

customer experience. And while these solutions can help shore up your boundaries and protocols now 

as you adapt to and cope with a time of social disruption, they also set the foundation for a more secure 

future. 


Brett Beranek is the Vice President and General Manager at Nuance 

Communications. He is responsible for overseeing every aspect of the 

security and biometric business at Nuance. Prior to joining Nuance, he 

has held over the past decade various business development & 

marketing positions within the enterprise B2B security software space. 

Beranek has extensive experience with biometric technologies, in 

particular in his role as a founding partner of Viion Systems, a startup 

focused on developing facial recognition software solutions for the 

enterprise market. Beranek also has in-depth experience with a wide 

range of other security technologies, including fingerprint biometrics, 

video analytics for the physical security space and license plate 

recognition technology. He has earned a Bachelor of Commerce, Information Systems Major, from McGill 

University as well as an Executive Marketing certificate from Massachusetts Institute of Technology’s 

Sloan School of Management. Brett can be reached on our company website https://www.nuance.com. 



How to Adapt Financial Services to The Online Space 

Securely – And Still Sleep at Night 

Financial institutions, like eCommerce industries, are leading today’s fast, pandemic-driven transition to 

the digital space. A change that will become a norm. 

By Robert Capps, VP of Marketplace, NuData, a Mastercard Company 

Branches have now reopened, but many customers will continue to transact online and enjoy the 

convenience of banking in pajamas. In a recent NuData webinar with Aite Group’s Julie Conroy, she 

shared that, “one bank’s public investor filing says that 75% of their servicing transactions are now digital 

in the wake of the pandemic.” In addition, for many financial service employees, the period of remote 

work that began in the spring is still ongoing, with no clear end in sight. 

Few would disagree that this digital transformation is a positive development that makes financial 

services more accessible to everyone, but it doesn’t come without risks. When evolution is rushed, the 

established technologies and processes may leave vulnerabilities that bad actors can take advantage of. 

To support a streamlined, consistent digital customer experience while also ensuring security, your 

organization may need to add additional layers of protection. 



Add a pandemic to fraud prevention 

One-third of finance login attempts within the NuData client network are high risk. This is not a negligible 

proportion of the average financial institution’s online traffic. 

As Robert Capps explains during the same webinar with the Aite Group, “even when those login attempts 

are unsuccessful, they hurt your bottom line by raising operational costs.” He also added, “You’re paying 

for more bandwidth, more servers, more licensing fees to run software on those servers, more space in 

a data center, more power — and so on — all to process transactions that have zero to negative value 

for your company.” For many companies, these expenses run into the double-digit millions or more. By 

getting top-of-funnel fraud attacks under control, you could reduce your fraud losses but also impact your 

bottom line. 

Fraud prevention was already a mind-bending challenge, but the pandemic has made it even worse for 

many financial institutions. With many offices closed and travel restricted, users log in from fewer 

locations on fewer different devices, making them, at first sight, easier to identify and differentiate from 

fraudsters. But financial customers have also changed their habits in sometimes unpredictable ways. 

They complete different types of transactions and transact more frequently, at different times of day, 

compared to before the pandemic. These behavioral changes thwart some financial institutions’ existing 

fraud risk models, increasing false positives, while still letting fraud through. 

It doesn’t help that cybercriminals are adopting ever more sophisticated tactics to bypass financial 

institutions’ defenses. According to NuData research, in the first half of 2020, 96% of attacks against 

financial institutions were sophisticated. These are attacks that tried to mimic human behavior in an 

attempt to blend in with legitimate traffic. Some attacks take it one step further and solve bot challenges 

such as CAPTCHAs by sending them to human farms — essentially call centers for fraudsters. Humanfarm 

workers are paid to process as many requests as possible, manually. Financial institutions need to 

understand how these attacks happen and how they behave, to tell them apart from legitimate users. 

WFH-ing safely 

Remote work poses another growing challenge for financial institutions, as it may increase some types 

of fraud risk. Many cyberthreats start at home — for example, a personal device on the home network 

infected with malware can be an entry point. Bad actors can use that back door to infect a corporate 

asset on the same network. It’s increasingly common for the initial attacker to sell such access to a third 

party, who then exploits the breach to compromise user data or perform any number of malicious actions. 

5 steps to lose the fear of cyberthreats 

When shoring up your cybersecurity protections, prioritize solutions — both internal and external — that 

enable an uninterrupted customer journey. As mentioned during the Aite Group webinar, 22% of 

consumers left their credit or debit card issuer because of a poor experience. Here are a few ways to 

tighten security without adding too much friction. 

1. Tighten permissions for administrative users. Lessen the risk of internal fraud or data leakage 

by reducing the amount of sensitive information that employees can access, for example, by 

anonymizing personally identifiable information (PII). Behavioral analytics tools (see #5 below) 



can also help identify anomalous behaviors, such as an employee accessing datasets that aren’t 

necessary for their work. 

2. Use a VPN to enable access to internal tools. This is a best practice when people are working 

from home networks that are generally less secure than networks at the operational center. 

3. Employ a bot detection tool to block automated attacks. While bot detection is often placed 

as a protection for customer accounts, during COVID-19, we’ve seen an increase in bots directed 

at employee services in the work-from-home environment. Protect both sides to minimize your 

risk. 

4. Use behavioral analytics and passive biometrics to validate identity. A worker at a human 

farm cutting and pasting stolen personal information from a spreadsheet doesn’t interact with an 

online form the same way as a “good” user who is inputting their own information they know by 

heart. And your trusted employee doesn’t use a mouse quite the same way as their roommate 

who’s borrowing their computer. Understanding baseline behavioral and passive biometric 

signatures for employees and customers lets you quickly flag anomalies that call into question 

who’s actually sitting in front of the screen, even if they had all the right credentials. 

5. Educate both employees and customers. In any system of cyber defenses, humans are usually 

the weakest link. Strengthen it by teaching both customers and employees to look out for threats 

in their everyday environment, especially social engineering attacks. On the employee side, it’s 

especially important to educate call center workers who may be focused on delivering great 

customer experience more than looking out for social engineering threats. 

The strongest cyber defenses are not one but many at once. If accelerating your digital transformation 

efforts during COVID-19 didn’t leave time to add the necessary protections, now is a good time to start 

catching up. By setting up the infrastructure to make remote work more secure, educating employees 

and customers about cyber threats and using advanced tools to continuously validate user identity, you 

can make your new normal more secure — without sacrificing customer experience. 




Robert Capps 

VP of Marketplace, NuData, a Mastercard Company 

Robert is NuData Security’s Vice President of Marketplace 

Innovation. He is an industry-recognized technologist, 

thought leader, and advisor with over twenty-five years of 

experience in retail, payments, financial services, and 

cybercrime investigation and prosecution. Robert brings his 

industry insight and vision to drive market-leading products 

and services for NuData Security, and is the public 

spokesperson for the organization. 

He is passionate about bringing safety to the digital world in 

the shape of cutting-edge technologies, so companies and end users don’t have to worry about risks 

from cybercrime. 

In previous roles, Robert served as the Global Head of Payments, Security and Fraud for StubHub, as 

the Head of Consumer Security for Wachovia and Golden West Financial, and continues to advise early 

stage startups. 

Robert Capps can be reached online Robert.capps@mastercard.com, nudatasecurity.com 



Cybersecurity Best Practices for End Users 

By Jay Ryerse, CISSP, Vice President of Cybersecurity Initiatives, ConnectWise 

When it comes to cybersecurity, there are a few misunderstandings. Many clients believe that they’re 

completely secure and risk-free after hiring a technology solution provider (TSP) to manage their security. 

However, the inaction of employees is the biggest risk to an organization’s information security. 

Human error is one of the main points of weakness. In fact, it is reported that 90% of cyberattacks are 

caused by human behavior. Knowing this, it’s crucial for businesses to undergo cybersecurity training. 

This will ensure that team members learn how to protect sensitive information, understand their 

responsibilities, and recognize signs of a malicious threat. 

As a TSP, you will mostly likely be responsible for providing security education, training, and guidance 

on policies for your clients. 



Security awareness training should focus on: 

• Phishing and social engineering 

• Access, passwords, and connection 

• Device security 

• Physical security 

Let’s dive into the tips and best practices that you can teach your clients and end users. 

Phishing and Social Engineering 

An attack that deceives a user or administrator into disclosing information is considered social 

engineering. Phishing, a common social engineering attack, is an attempt to gain control of sensitive 

information like credit cards and passwords through email or chat. 

Phishing and social engineering attacks are extremely successful because they appear to come from a 

credible source. Some giveaways of a phishing attack include links containing random numbers and 

letters, typos, an odd sense of urgency, or a general sense that something feels off about the request. 

Avoiding Phishing and Social Engineering Attacks 

What should clients do if they’ve been involved in a phishing attack? 

• Don’t click! If end users feel like something isn’t right, they shouldn’t click on a link or attachment or give 

out sensitive information. 

• Tell IT or your TSP. Alerting the right person or department in a timely manner is critical in preventing a 

phishing scam from spreading company-wide. Always encourage your clients to ask you to investigate or 

provide next steps. 

Access, Passwords, and Connection 

It’s important to go over the different elements of the network, such as access privileges, passwords, and 

the network connection itself during cybersecurity training. 

Your clients should be aware of which colleagues are general users versus privileged users. Typically, 

privileged access is given to users who carry out administrative-level functions or need access to 

sensitive data. Your client’s employees should know what user type they are in order to understand what 

applications, information, or functions are accessible to them. 

When it comes to passwords, especially those used to access IT environments, employees need to be 

using best practices. Passwords should be unique to each application or site, contain at least eight 

characters with a combination of letters and special characters, and exclude obvious information like 



names and birthdays. Generally, it’s best to change and/or update passwords about every six months. 

Password management applications, like 1Password, can help make this process easier. 

Employees should be cautious about using network connections outside of their home or work. Even 

encrypted data on a personal device can be exposed to vulnerabilities through a public network 

connection. It’s important to educate and encourage end users to only connect to trusted networks or 

secure the connection with proper VPN settings. 

Device Security 

Today, there is an increasing popularity to Bring Your Own Device (BYOD), meaning an increased 

number of mobile or personal devices in the workplace, connecting to the corporate network, and 

accessing company data. Introducing outside devices to the network increases the amount of entry points 

for threats. With this in mind, mobile devices need to be securely connected to the corporate network and 

remain in the employee’s possession. 

Personal mobile devices are vulnerable to the same threats that company desktops and laptops face. 

Without pre-installed endpoint protection, tablets and smartphones may be even less secure. It’s 

important for users to be aware of the applications they’re installing, websites they’re browsing, and links 

they’re clicking on. 

Physical Security 

Online threats aren’t the only risks that employees need to be aware of. Physical security is also a factor 

in keeping sensitive information protected. How many times have you accidentally left your computer or 

mobile device unattended? It happens to all of us. Unfortunately, an employee’s data would instantly be 

at risk if someone decided to steal their unattended phone or log in to their computer. 

Here are a few ways that clients can improve their physical security in and out of the office: 

• Keep devices locked. Get in the habit of doing this every time you leave your desk. For Windows users, 

press and hold the Windows key, then press the “L” key. For Mac users, press Control + Shift + Eject (or 

the Power key) at the same time. 

• Secure your docs. Keep all of your documents in a locked cabinet, rather than leaving sensitive information 

out and about. Before leaving for the day, store important documents in a safe or locked cabinet. 

• Properly discard info. When throwing away or getting rid of documents and files, make sure you’re 

shredding them and discarding them appropriately. 




Jay Ryerse, CISSP, is the Vice President of Cybersecurity 

Initiatives for ConnectWise. He brings more than 25 years 

of experience providing information technology and 

security solutions to businesses of all sizes. He’s the 

previous owner of a successful Atlanta-based MSP and 

was the CEO of CARVIR, the cybersecurity company 

acquired by Continuum in 2018. Jay is the author of 

“Technology 101 For Business Owners”, was named to 

“The World’s TOP MSP Executives, Entrepreneurs & 

Experts” in 2014 by MSPmentor.net, and was the “2015 

Better Your Best” winner from Technology Marketing Toolkit. Today he works closely with IT service 

providers and MSPs to provide insight and best practices for securing business networks. 



The One-Stop Spear Phishing Defense Guide You Will 

Ever Need 

By Jeff Penner, Senior Manager at ActiveCo Technology Management. 

Is your business ready to combat spear phishing attacks? 

It’s a question that gives many seasoned CTOs bad jitters. 

The truth is that you can shore up your technical systems with the latest IDS systems, firewalls and all 

manners of monitoring, but with each new report of unprecedented data and security breach coming in 

now, the threat of security vulnerabilities always seems to loom only a stone’s throw away. The problem 

does not lie only with the detection and flagging capabilities of your safety systems. It is likely that your 

IT systems are doing a sophisticated job of that already. But that doesn’t guarantee your safety from 

phishing attacks. 



IT Outsourcing firm has considerable experience in both planning and executing pre-emptive safety 

tactics to protect businesses from spear phishing. In this article, we will lay out exactly why and how your 

business needs to be covered beyond standard IT double checks. 

Not a computer problem, but a very human one 

The scope of building systemic responses against phishing attacks is always limited as it’s mostly limited 

to a purely technical response. This is simply not enough. There can be no systemic defense against 

phishing as the threats/ vulnerabilities can literally come from anywhere in the system. 

Phishing attacks almost always catch businesses unawares simply because beyond a small coterie of 

technical experts, the rest of people involved simply cannot grasp the scope of how a few apparently 

insignificant human errors/ breach of protocols can have such a devastating impact on the business. 

No matter how many horrifying security breaches pop up in the news every day, the average office-goer 

(which may include even high-ranking executives and managers) is trained to think of security 

vulnerabilities as ‘someone else’s (most likely IT’s) problem’. 

In my view, this mindset problem causes more vulnerability in the system than any technical loophole 

you may encounter. 

Recognize that clever social engineering can always beat the best-designed firewalls 

As far as security systems are concerned, a business can only be as strong as the human links holding 

it together. This means enabling everyone from the busboy and interns to the executives running on 

attention bias by default to learn how close and personal security problems can get. Their imaginations 

need to extend more than the obvious Nigerian prince scams to understand just how sophisticated 

targeted phishing attacks can get just by using information in the public domain to be able to dupe 

everyone from high-ranking political officers, bureaucrats, company leaders and entire boards and 

trustees of organizations. 

Whether your system is targeted with phishing, spear fishing or vishing attacks, your staff needs to be 

made aware enough about each to detect anomalies a mile way. They also need to be empowered 

enough to be able to be proactive when an emergency arises and resourceful enough to follow protocols 

without fearing a backlash when they report an incident or admit an error. A toxic or emotionally charged 

office atmosphere can be as or even more harmful to your business’ security than a long-running 

undetected systemic vulnerability. 

Most businesses will benefit tremendously from setting up transparent incident management and security 

breach reporting systems that train key personnel in how to respond and protocols to follow in case of a 

breach. 

Drive the vulnerabilities home and make the problems ‘real’ 

One of the problems in preparing for security breaches is that few people outside the IT department have 

a notion of what to expect in the case of a breach. 

Many businesses are starting to realize just how important employee awareness and proactivity is in 

traversing fraught scenarios in the case of a threat/ attack. But traditional modes of top-down employee 



communications, such as pamphlets, fliers and organization-wide communiqués mostly prove ineffective 

in driving the desired levels of security awareness and engagement. 

We advise most clients to walk the opposite route. Instead of routine server downtime notifications and 

multiple security checkpoint clearances that naturally tend to get associated with a ‘punishment’ neural 

association with security protocols, we encourage clients to do fairly informal, small group meetings or 

roadshows that discuss potential vulnerabilities in a manner that makes the problems appear closer and 

more ‘real’. Discuss latest breaches by all means, but also brainstorm or maybe even create roleplaying 

games around how to detect deceptions if someone sends emails to group members while posing to be 

a key team member, a vendor/ supplier or even top leaders in the organization. 

Divide and stay safe 

When it comes to systemic checks to ensure security, your best line of defense can come from separation 

of responsibilities, flatter hierarchies and procedures that require at least dual or multiple authorizations 

to initiate transactions. Whatever security structure you may come up with, please remember that its 

usability is always limited to a few weeks or months. Every system is vulnerable to insider threats and it’s 

in your company’s best interest to review and refresh the protocols every few days/ weeks/ months 

depending on sensitivity of data. Systemic reviews and risk analysis should be mandatory both 

periodically and after key exits/ inductions to ensure every team member remains up to date with the 

latest processes. For sensitive data and key financial transactions – extra controls should be 

implemented. 

Conduct penetration tests at regular intervals 

Regular fire drills and hazard awareness are a pain for everyone involved – including drill conductors. 

They involve downtime, slow productivity for minutes/ hours, and do cost a pretty penny in annual 

budgets. But in real usage scenario, they do save lives – the value of which can scarcely be calculated. 

With heightened data risks, we hope security penetration tests should become a regular feature in most 

workplaces. Simply put, these tests deploy security experts in the role of hackers who tap into the length 

and breadth of a business looking for potential security issues and vulnerabilities. Many businesses do 

not have the requisite resources and expertise to conduct these tests in-house. IT support Vancouver 

can help you be prepared for and execute security penetration tests efficiently to cover the scope of all 

major and minor vulnerabilities at your workplace. 

Recognize that spear phishing attacks cannot be isolated 

Unlike conventional security products such as antivirus or anti-malware software that most people are 

familiar with shoring up your system against phishing attacks cannot be an endpoint approach. Spear 

phishing works on the basis of having enough internal knowledge of your business, technical systems 

and key human resources in advance to be able to extort confidence in fraudulent activities despite being 

on alert. 

Building up defense against spear phishing tactics requires developing systemic resilience against a 

multitude of attack vectors. This involves keeping a tab on potential sources of attack, their short and 

long-term goals, understanding how they choose and build rapport with their intended victims and 



ecognizing parts of your system most likely to be under threat. Your system needs to be in shape to be 

able to fight off spear phishing attempts before, during and after an attempted breach. You also need to 

consult with experts with direct knowledge of dealing with rapidly evolving threats from unknown sources 

in businesses of like size and magnitude as your organization. IT security Vancouver can be a good place 

to start your research into strengthening your business’ defenses against targeted spear phishing attacks. 


Jeff Penner is a senior manager at ActiveCo Technology 

Management, an IT Outsourcing Vancouver company. Jeff has 

been in the managed services industry since 2015, understanding 

what business owners are looking for from technology, and 

helping them find it. The most important element for a business 

owner taking on a new technology partner is peace of mind and 

thus Jeff directs his efforts on finding practical information that any 

leader can apply to their business. Jeff lives in Vancouver, BC, 

sharing his love for learning and “the great indoors” with his 2 

daughters. Stay connected on Twitter. 



The Serverless Security Machine 

By Art Sturdevant, Director of Operations, Censys 

Servers are BS. They require constant maintenance, monitoring and tweaking. As a security practitioner, regardless 

of where your team lands on the org chart, you’re being charged with securing an ever-evolving landscape against 

all internal and external threats. The time required just to keep basic services functioning is daunting and now, 

you’re probably working even harder to secure and protect your remote workforce, all while working from home. 

While the amount of time required to evaluate and respond to threats is constantly increasing, security budgets, 

personnel, and tooling are not being adjusted at the same rate or are only adjusted in response to a particular threat 

or incident. 

Given that time is at such a premium, why is your team still deploying infrastructure that requires constant 

supervision? With all these demands on your team, now is the time to move to a serverless infrastructure. 

Traditional servers are great in that they can be provisioned and run forever, but unless the server is under constant 

load, you’re likely wasting money and resources managing it. Teams are using all kinds of complex tools to deploy 

new servers, apply configurations, update users, and apply security patches and still, there are servers that live 

outside of these tools or silently lose connectivity, never to be managed again. Every time a new server is deployed, 

you’re really managing three different problems -- server updates, software updates, and code updates. 



Server updates can be risky, which is why large organizations employ a CAB to approve changes and security 

updates. Teams schedule downtime or work to deploy across zones without interruption, but because these 

changes apply to the entire operating system and are likely not authored by your team, it can be difficult to anticipate 

how the change will affect the service you’re trying to manage and even tougher to debug. 

Software updates are easier to manage and are likely better understood since the code was written by a team you 

know. If you’re already familiar with CI/CD models, then you might already be well suited to the serverless lifestyle. 

Code changes go in, peers review the changes, and the code is deployed in a seamless fashion. It may not always 

be that flawless, but debugging code you wrote is almost always easier than debugging operating system changes 

or behaviors. 

By moving to a serverless architecture, you’re removing all the issues around software and security updates, system 

breaches, user provisioning, system health monitoring and more. These issues are no longer your team’s problem 

because you’re only responsible for deploying code that runs. All of the system updates and application updates 

used to run the code are maintained behind the scenes. 

Moving to a serverless architecture doesn’t have to be “all or nothing” in order to maximize your time investment. 

For example, a good first step might be to evaluate the servers in your environment that only perform one task or 

those that are heavily underutilized. A good sign that you’ve identified a solid candidate is when you find a 

service/server that is performing a very event-driven task such as a server that collects and ships logs from various 

SaaS services or systems. If the service operates on a schedule or cron job - you’ve got a perfect first candidate! 

Most users start by moving to a containerized version of their code. Docker is a popular tool and is available on 

nearly all platforms. Once you’ve containerized your code, simply deploy it to a docker host, or a cloud service 

capable of running containers. Every major cloud provider has support for running containers in production 

environments. 

If you’re looking for something that is truly serverless, consider evaluating a cloud provider’s “Function as a Service” 

(FaaS) offering. These come with a slight learning curve but also a lot of great features including a deployment 

model that is easier than containers. FaaS is a model to deploy code (think a python script) and to run it over and 

over in response to an event. A common scenario might be to fire a chat notification if a storage bucket becomes 

public, or to update TLS certificates on specific hosts as they near expiration. A serverless architecture can allow 

your team to quickly deploy proof of concept applications, or full blown applications to manage all corners of your 

security program. 

Although serverless assets can and often do reduce the administrative burden of managing servers, there are some 

limitations to be aware of as you adopt this new model. 

- Potential Learning Curve: Containerization and FaaS both require a new skillset. If for no other reason than 

to get deployment working in a seamless fashion from your Continuous Integration/Continuous Deployment 

tool. Once your team understands the requirements to deploy a service, this is a very repeatable process. 

Deploying your first serverless project is likely an afternoon project for you or your team. 

- Additional Expense: Misconfigurations can result in higher costs than a traditional virtual appliance in the 

cloud. However, even at the increased expense, consider that your team doesn’t need to manage updates, 

security patches, or worry about attackers compromising the server. It is a good idea to understand cloud 

pricing models before automating these tasks to avoid a surprise at the end of the month. Functions should 

be designed to read each word in the book, not each letter and not the whole book either. 



- Increased Latency: Depending on the cloud provider, FaaS and containerized services could result in 

increased latency because of the “cold start time”. However, once the service is started up, running a 

second or hundredth service should be fairly quick. 

- Task Timeouts: Most cloud providers limit the amount of time a FaaS task can run before it is terminated. 

A common timeout is between 30 seconds and 15 minutes. If you have a long-running task, you might want 

to consider breaking it into smaller tasks or moving to containerization since container deployments do not 

have the same timeout limitations. 

- Updates Require Redeployments: To update containers with new code or new software packages, you’ll 

need to redeploy the container to the cloud. If you’re updating a FaaS function, you’ll just need to redeploy 

the code. While this might seem like a headache, if you update and deploy using CI/CD tools, this is actually 

pretty straightforward. Most clouds allow you to deploy with a canary model - meaning you can direct some 

traffic to your new code and some to your old code and keep adjusting until you’re confident that you haven’t 

introduced any unexpected problems. 

Help your security team alleviate the administrative burdens of managing servers by moving to a fully serverless 

infrastructure. It may seem daunting at first, but once you have a couple of services or workflows moved over, you’ll 

wonder why you didn’t make the move sooner. 


Art Sturdevant is the Director of Operations at Censys. An Information 

Security professional with over 15 years experience, Art maintains a passion 

for open-source projects, entrepreneurship, and the outdoors. Before joining 

Censys in 2019, he was a Sr. Security Engineer for Duo Security and is also 

a graduate of Central Michigan University where he graduated with honors 

with a Bachelor of Science in Business Administration. To learn more about 

Censys, visit censys.io or email Art at art@censys.io. 



Unlocking the Promise of Packet Capture 

By Kathryn Ash, President, IPCopper, Inc. 

It turns out that IT people do get plenty of exercise. From the job description it sounds like a desk job, but 

that promise of getting all the answers without leaving the desk hasn’t panned out. Take the example of 

a small 50 Mbps network – it produces around 10 TB of data per month, given 1/3 utilization over 24/7. 

That’s only about one hard drive’s worth, so why doesn’t everybody just capture their data in full and reap 

the benefits of packet capture by solving technical problems, finding security flaws and, well, getting all 

the answers? Why does all troubleshooting still start with a ping, just like it did decades ago? The answer 

is glaringly simple: capturing the packets is easy. Making sense of the data is the hard part. 

Take a mundane yet essential security task such as making sure all computers on the corporate campus 

are using up-to-date SSL. You could check every computer on the network. Or, you could check every 

packet on the network. The first takes your time and effort. The second is done by a machine: tell the 

machine to examine every packet to answer two questions: Is it SSL, and, if so, which version? 

Making sense of packet capture data unlocks numerous possibilities for managing, monitoring, controlling 

and securing computer networks, from detecting and keeping tabs on a new device the second it sends 

out its first ARP to ferreting out zombie computers and alerting when a client computer’s bandwidth 

utilization suddenly looks more like a server’s. Likewise with identifying servers, tracking which computers 

checked in with the antivirus update server or even finding out who is sucking up all the bandwidth. This 



is all in addition to figuring out who is downloading or uploading files to China and what those files contain. 

It’s all in the packets. 

While those terabytes of data may prove to be worth their virtual weight in gold, without the processing 

power and a system to unlock the value from the packets, they don’t amount to the cost of a hard drive. 

A single packet capture appliance lacks the oomph needed to extract value from the data – it bottlenecks 

at either the hard drives or the processor, resulting in long waits for queries, packet loss or both. 

Distributed packet capture systems, however, aggregate and orchestrate the processing power of 

multiple machines to blast through hundreds and thousands of terabytes of full packet capture, while 

capturing new packets at the same time. 

In today’s computing environment a distributed system of four to eight machines, even with low-cost 

processors (yes, even down to yesterday’s desktops), has ample capacity and responsiveness to crunch 

the load from a 50 Mbps network. To get a one-minute response to a query spanning one month of data, 

you are looking at a ratio of 43,000:1, that is, one minute to process what took over 43,000 minutes to 

capture. A low-cost chassis with one regular HDD would deliver about 1 Gbps processing, while an SSD 

would deliver 5-7 Gbps. A system of eight machines translates to 8 to 56 Gbps raw processing 

throughput, maybe even, on a really good day, 100 Gbps. That brings the ratio down to around 1000:1. 

Cutting out the payload would make it possible to take care of that one month of data in 1-2 minutes (and 

if your software doesn’t do reports on the payload, what’s the use of having them anyway?). The power 

to process the payload and software to generate reports on the payload, however, gives you that very 

magical ability to get the answers and solve problems with the data to back it up – without having to hoof 

it around campus, checking individual computers one by one. Rather than cutting out the payload to 

speed up queries, software for a good distributed packet capture system multiplies the processing 

throughput of the hardware 10 to 100 times, making it possible to both capture the payload and get 

reports spanning one month of full packet data in less than one minute, even with a small set up of only 

four to eight machines. This is a game changer when it comes to packet capture and managing and 

monitoring networks, not the least because reports and aggregates take far less storage space than raw 

packet capture, meaning the sky’s the limit when it comes to the depth and breadth of the reports 

possible. 

Once you get a taste of what a distributed system offers, you can expand it further by adding more 

hardware to increase the lookback period. This in turn makes it possible to trace problems from the 

beginning, rather than investigating them mid-stream and attempting to extrapolate – seeing how a 

problem started brings you a lot closer to seeing how it was triggered, than seeing how it ended. 

Incidentally, adding more hardware also adds to the available raw processing power, making it possible 

to do even more in less time – one of the beauties of a distributed system is its affordable scalability. 

In addition to getting results and relegating marathons to your free time, you can also add in feeling good 

about doing your part to combat e-waste. Recycling is always good and saving money by reincarnating 

old, slow desktops that everyone hates into supercomputers for networking makes you a “green” 

champion, in more ways than one. 




Kathryn Ash is the President of IPCopper, Inc., a manufacturer of 

network appliances based in Portland, Oregon. She has been 

with the company for over the past decade, guiding the 

development and marketing of its cutting edge technology for 

packet capture and analysis, most recently presiding over the 

debut of its newest product, Lateral Data Processing for 

Distributed Packet Capture. Email Kathryn at 

kathryn.ash@ipcopper.com or visit http://www.ipcopper.com/. 



Intelligent Protection Against DNS DDoS Attacks is 

Critical Part of Cybersecurity Architecture 

By Ashraf Sheet, Regional Director, Middle East & Africa at Infoblox 

In 2020 DDoS attacks continue to increase both in volume and in frequency. Nexusguard Research 3 just 

reported a 542% increase in DDoS attacks in the first quarter of 2020 when compared with the last quarter 

of 2019. The NexusGuard research team also detected unusual traffic patterns from ISPs which included 

traffic generated from infected devices. 

In rare harmony, Kaspersky also reported that DDoS attacks have doubled in the first quarter of 202 

when compared to the last quarter of 2019 4 . Kaspersky also found that DDoS cyberattacks are increasing 

in duration – the average attack duration increased by 24% in the first quarter of 2020 compared with the 

same quarter one year ago. 

3 

https://www.businesswire.com/news/home/20200630005295/en/DDoS-Attacks-Increase-542-Quarter-over- 

Quarter-Pandemic-Nexusguard/ 

4 

https://securityintelligence.com/articles/avoid-ddos-attacks/ 



DNS and DDoS attack vectors have emerged as one of the critical weapons of choice to support fraud, 

extortion, and malicious attack. Threat actors may be politically motivated, part of organized crime, or 

even nation-state cyberwarfare operatives. 

The COVID-19 pandemic was the genesis of this new opportunity as the disease continues to impact 

businesses and economies worldwide. The net result is that 2020 has become the year of the teleworker. 

The use of online services from home and other remote locations became more critical than ever. 

Students are online. Employees are serving customers online. Many of us are working from home and 

highly dependent on internet connectivity. The mix of devices we use often includes our laptops and 

mobile devices. Threat actors have moved with lightspeed to leverage this opportunity. 

But just when you thought it could not get worse, it does. DDoS for hire (otherwise known as “booter” 

services) allows threat actors to access thousands of pre-configured servers that can be used to launch 

DDoS assaults against any organization. Booters are web-based services that provide criminal DDoS 

services for hire. These tools are often referred to in polite conversation as IP stressors, which are 

legitimately used to test your networks and servers for resiliency. Certainly, stress testing your own 

network is normal. But deploying such technology to create a DDoS attack against external parties is 

illegal and malicious criminal activity. The great majority of these servers are hijacked, and malicious 

activity is usually completely unknown to their owners. 

As you would expect, booters are sold on the dark web using untraceable currencies such as Bitcoin. An 

informal survey showed that you could “purchase” the use of a compromised server for between $10 to 

$150 or more. You get the passwords and access to the server. Some criminal enterprises sell access 

to the use of booters “as a service” and vary pricing by the number of attacks you wish to launch, the 

duration of the attacks, and even price out the addition of customer support! 

As quickly as law enforcement agencies can find them and shut them down, new ones still seem to spring 

up. The number of these servers for sale at times looks quite large, with many tens of thousands of 

hijacked servers accessible at meagre cost for a motivated attacker. 

The DDoS attacks launched by these threat actor booter sites take us back to basics. As always, the mix 

of readily usable attack techniques includes DNS amplification and DNS reflection. They may be used 

alone and in combination. An amplification attack is a technique used by threat actors where a small 

query can trigger a massive response. In this scenario, threat actors flood the server with short requests 

that require long responses, allowing a small compute resource to overload the targeted DNS server. 

The DNS server is so busy attempting to respond to all these malicious requests that it doesn’t have time 

to respond to legitimate ones, and network activity grinds to a halt. 

The reflection attack vector sends queries that appear to come from the target of the attack. The huge 

volume of responses, which are amplified, are then sent to the target effectively overwhelming the target. 

In this scenario, the attacker sends a query to a recursive name server with a spoofed source IP address. 

Instead of the real IP address, the threat actor places the target (victim) IP address as the source IP 

address. The recursive name server retrieves the answer to the query from the authoritative name server 

and sends it to the target. 



A sophisticated threat actor can combine the two techniques by spoofing the targets’ IP address and 

sending a carefully crafted query that will result in a large payload. This double punch can be an 

overwhelming DNS DDoS attack scenario. This allows the threat actor to attack two different targets at 

the same time easily. 

Comprehensive and intelligent protection against DNS DDoS attacks should be an essential part of your 

cybersecurity architecture. 


Ashraf Sheet is Regional Director, Middle East & Africa at Infoblox. He is 

a network and security expert in the region and has held various 

progressive roles including senior security consultant, leader for 

Managed Security services and head of Security Business Unit for local 

and multinational companies. 

Ashraf can be reached online at (asheet@infoblox.com) and at our 

company website https://www.infoblox.com/ 



NCSAM Provided an Opportunity to Reset Our Approach 

to Cybersecurity 

October marked National Cyber Security Awareness Month, but experts warn that cybersecurity 

requires attention 24/7/365 

By Sam Humphries, Security Strategist, Exabeam 

Earlier this year in the rapid transition to a remote workforce, we saw security leaders looking to quickly 

find the right balance between ensuring the organization’s productivity needs are met, and keeping the 

organization secure. Finding this equilibrium continues. As we maintain a working-from-home structure, 

we cannot afford to be complacent when it comes to cybersecurity. 

This National Cybersecurity Awareness Month (NCSAM) provided organizations with an opportunity to 

hit the reset button. A combination of training, organizational alignment and technology is the right 

approach to detecting and stopping security threats. Effective training should help employees understand 

and buy-in to the importance of cybersecurity, and in the BYOH (bring your own home) world, 

organizations should broaden awareness efforts to include helping users secure their home 

environments. 

As the cyber-threat landscape becomes increasingly sophisticated, we must continue to arm our security 

teams with the knowledge and tools required to succeed in building a better cyber defense. Below, eight 

industry experts discuss the importance of NCSAM and encourage organizations to secure their 

businesses every day of the year. 



Torsten George, cybersecurity evangelist, Centrify 

"National Cyber Security Awareness Month is an excellent opportunity to remind businesses and 

consumers alike to never let their guard down when it comes to protecting access to data. All data has 

some kind of value, whether it’s a PIN code, digital medical records, social security numbers, social media 

posts, or even blood oxygen levels from your fancy new watch. This year's theme, ‘Do Your Part: Be 

#CyberSmart,’ takes on increased significance, as our work and personal lives continue to blur, more 

devices are connected to the internet than ever, and a historic amount of critical personal and business 

data is shared digitally. 

If there's one takeaway for businesses, it's that cyber-attackers no longer ‘hack’ in – they log in using 

weak, stolen, or phished credentials. This is especially damaging when it comes to privileged credentials, 

such as those used by IT administrators to access critical infrastructure, which are estimated to be 

involved in 80% of data breaches. So how can we reduce this number as we move into the holiday season 

and 2021? 

Granting 'least privilege' is essential to preventing unauthorized access to business-critical systems and 

sensitive data by both insiders and external threat actors. Striving towards zero-standing privileges and 

only granting just-enough, just-in-time access to target systems and infrastructure limits lateral 

movement. As organizations continue their digital transformation journeys, they should look to cloudready 

solutions that can scale with modern business needs. By embedding these key principles into the 

security stack, the risk of employees' credentials being compromised and/or abused can be dramatically 

reduced, compliance can be strengthened, and the organization can be more secure." 

Gijsbert Janssen van Doorn, director technical marketing, Zerto 

“As organizations transitioned into remote working almost overnight, security teams were left to quickly 

ensure their businesses were secure, while trying to fill in the cracks left behind by the introduction of 

new networks, new devices, and new cyber attacks. 

It isn’t a surprise that cybercriminals started taking advantage of this almost immediately, carrying out 

ransomware attacks throughout the pandemic as businesses did everything they could to remain 

operational. However, away from the private sector, where healthcare and public sector organisations 

have been facing huge pressures to manage and control the COVID-19 outbreak, bad actors have posed 

a significant threat. Keeping healthcare operations running in normal circumstances is absolutely critical, 

but in the middle of a pandemic, that significance is only magnified. 

This year, National Cybersecurity Awareness Month emphasized personal accountability as well as the 

importance of taking proactive steps to enhance cybersecurity. Employees, now more than ever, need to 

remain vigilant in protecting their organization. Ransomware attacks can and will still occur, so cyber 

resilience is imperative. With a 72% increase in ransomware attacks during COVID-19, organizations 

need to be prepared for the inevitable. 

Once compromised, it’s too late to take any preventative measures. Organizations need to be able to 

recover data and get back to operating swiftly and painlessly without paying a ransom. Key to this is 



leveraging IT resilience solutions that can quickly and effectively provide recovery after an attack. With 

the right continuous data protection tools in place, businesses need not worry about paying ransoms and 

can instead simply recover pre-attack data files within seconds.” 

Carl D’Halluin, CTO, Datadobi 

"The COVID-19 pandemic and remote work economy has served to exacerbate existing cyberthreats 

such as inside threat actors, ransomware, or a storage platform-specific bug or hack. Downtime caused 

by these attacks can come at a very high cost for organizations — both financially and reputationally. 

Unstructured data business continuity planning and protection — whether on-premises or in the cloud — 

is still lagging dangerously far behind other cybersecurity efforts. Even worse, hackers are increasingly 

viewing NAS (network-attached storage) as a highly-profitable target. It’s important for IT and security 

leaders to consider this data when building out security strategies. 

“No IT professional wants to imagine the worst-case scenario happening to them: a situation where their 

NAS or object storage has been locked up by hackers. As organizations increasingly rely on unstructured 

data to perform day-to-day business-critical functions, they need to maintain instantaneous access to this 

core data. The best practice would be for organizations to maintain a secure ‘golden copy’ of businesscritical 

data in an air-gapped location of their choosing (a physical bunker site, data center, or public 

cloud). The golden copy complements the traditional data protection strategy by providing an extra layer 

of insurance so that in the event of a cyberattack, business operations can continue.” 

Jay Ryserse, CISSP, VP of Cybersecurity Initiatives at ConnectWise 

“Cybersecurity is a journey, not a destination. The need to reinforce policy and best practices around 

cyber hygiene requires continuing education. Whether it's education for your team or conversations about 

culture with your customers, you have to consider it’s an ongoing process that requires maintenance. 

While National Cyber Security Awareness Month is a great opportunity to discuss the current issues we’re 

facing and make plans to address them, cybersecurity is critical 365 days a year. Cyber crime doesn’t 

rest and neither should organizations. 

The month also presented a good opportunity to discuss the growing importance of cybersecurity within 

the managed service provider (MSP) community. When we review the results of a recent survey we 

conducted with Vanson Bourne, the importance of investing in ongoing cybersecurity education is evident 

in the data. Ninety-one percent of SMBs say they would consider using or moving to a new IT service 

provider if it offered the ‘right’ cybersecurity solution. For most, that means having confidence that their 

provider will be able to respond to cyber attacks and minimize any damage. If I’m an MSP, I’m going to 

focus on educating my team on how to deliver the ‘right’ cybersecurity solutions. MSPs owe it to 

themselves to keep up with trends and knowledge in cybersecurity in order to increase their service 

offerings and provide their customers with the protection they’re seeking.” 



Surya Varanasi, CTO, StorCentric 

“As cyber threats continue to raise concerns across virtually all industries, particularly healthcare and 

financial, it is important that organizations remain compliant and find solutions that implement the latest 

encrypted technology to protect their data and the data of their customers. 

To support business continuity, as well as ensure data protection and security, IT professionals should 

look for policy-based solutions with the ability to fingerprint and encrypt data to fortify businesses against 

viruses, ransomware, and other bad actors. Solutions that are able to restore from virtual shortcuts can 

decrease the amount of time spent retrieving data and help users bring their businesses back up quickly. 

Implementing self-healing technology can help the system to automatically ensure it is in order and 

ensure your last line of defense is continuously updated and ready to go. This is an immutable copy that 

can’t be altered and it is replicated to a remote location using an encrypted transfer. While you can’t 

eliminate cybercrime, you can take steps to help organizations be prepared to evade and/or recover from 

it.” 

Jeff Hussey, CEO, Tempered 

“National Cyber Security Awareness Month is the perfect time to bring awareness to the work that needs 

to be done to secure our critical infrastructure. Critical infrastructure — from electrical grids, and smart 

city applications to water treatment plants — have vulnerabilities that pose enormous cyber risk and in 

turn, risks to communities. Traditionally, these networks have been physically managed and air-gapped. 

Managing and securing these networks and remote sites today is difficult, as new technologies are added 

to legacy systems. 

Fortunately, state-of-the-art secure networking solutions are now available that extend secure 

connectivity across physical, virtual, and cloud platforms and secure every endpoint in your network, with 

true micro-segmentation and secure remote access. These solutions not only eliminate network-based 

attacks, but they also reduce the cost and complexity required to effectively manage critical infrastructure 

for governments, utilities, and IoT applications.” 

Trevor Bidle, VP of Information Security and Compliance Officer, US Signal 

“When we celebrated National Cyber Security Awareness Month in 2019, no one could have predicted 

that at that time the following year, the world would be in the midst of a pandemic -- and that many 

companies would be faced with the technological challenges of a newly distributed workforce. 

Compounding this issue, 64,000 IT professionals are expected to have lost their jobs by the end of 2020, 

while cybercrime has quadrupled -- leaving organizations short-staffed yet increasingly targeted by 

hackers. The solution for some may be to turn to a third-party SOC that can offload some of the security 

posture decisions and monitoring. 

For years, vulnerability management tools have been reactive rather than proactive -- only spotting weak 

points on the network after they’ve been compromised by a hacker. But the most effective, modern 

solutions use threat intelligence to proactively identify, classify and prioritize vulnerabilities based on 

criticality -- allowing organizations to catch them before the bad guys do. 



Many businesses struggle to set up, scan and effectively analyze vulnerability scan results in a way that 

drives meaningful action to remedy the issues, however. IT and security departments who want to expand 

their teams through a third-party SOC can turn to these highly-trained experts to manage vulnerability 

scanning, report analysis and remediation recommendations. In addition to vulnerability management, 

organizations can use third-party providers for backup and disaster recovery to help restore data in the 

face of ransomware attacks, and to help build and test effective incident response plans. 

While there are additional considerations, these steps are a strong start toward a more secure future, 

even in these unpredictable times. And it’s important to remember, there’s no shame in asking for help.” 

JG Heithcock, General Manager of Retrospect, Inc., a StorCentric Company 

“National Cybersecurity Awareness Month served as a reminder that cyber criminals continue to exploit 

the pandemic and remote workforce by targeting organizations through phishing, malware distribution, 

false domain names, and other attacks on teleworking infrastructure. 

Preparing for cybercrime attacks through the use of proven techniques will protect your data and critical 

systems, helping your organization to minimize risks, rapidly recover if necessary, and maintain 

operations. This includes updating your system and investing in anti-malware software; protecting your 

endpoints and not just servers or file sharing systems; implementing a 3-2-1 backup strategy consisting 

of: 3 copies of data, 2 different formats and 1 offsite location; routinely monitoring backups to help detect 

ransomware; and no matter how uncomfortable it might seem, do not pay the ransom in the event of a 

ransomware attack as this doesn’t guarantee your data will be restored.” 


Sam Humphries, security strategist, Exabeam 

Samantha has 20 years of experience in cyber security, and during 

this time has held a plethora of roles, one of her favourite titles 

being Global Threat Response Manager, which definitely sounds 

more glamorous than it was in reality. She has defined strategy for 

multiple security products and technologies, helped hundreds of 

organisations of all shapes, sizes, and geographies recover and 

learn from cyberattacks, and trained many people on security 

concepts and solutions. 

In her current role as global product marketing team at Exabeam, 

she has responsibility for EMEA, Data Lake, compliance, and all 

things related to cloud. Samantha authors articles for various 

security publications, and is a regular speaker and volunteer at industry events, including BSides, IPExpo, 

CyberSecurityX, The Diana Initiative, and Blue Team Village (DEFCON). Samantha can be reached at 

our company website http://www.exabeam.com. 



How Blockchain Is Helping Stop the Spread of COVID-19 

By Robert Galarza, CEO, TruTrace Technologies 

By now, we all know the cost of COVID-19. Many countries have struggled to contain the virus, forcing 

people to practice social distancing, wear masks and take extra precautions to minimize exposure. 

Frontline workers are unable to secure the PPE needed to keep them safe. News outlets and social 

media are pushing information on the public, right and wrong, causing rifts amongst communities. 

The pandemic has ignited a crisis of trust that affects people, governments, products and processes. 

What has become clear in the quest to contain and combat the virus is the need for timely data from 

reliable sources. 

Crypto technology can verify, secure and share data, making it ideal for managing some of the biggest 

issues surrounding the spread of coronavirus — the lack of data security, outdated surveillance systems 

and poor supply chain management. 

Blockchain can build new paradigms of trust by providing transparency for managing and sharing 

information. Using decentralization and blockchain technologies, organizations around the world are able 

to connect like never before, uniting humanity in a collective front to fight COVID-19 and future viruses. 

Let’s examine three ways blockchain is helping stop the spread of COVID-19. 

How Blockchain Manages Data Sharing 

In March 2020, the World Health Organization (WHO) partnered with several major tech companies 

(including Microsoft, IBM and Oracle), along with international health organizations and government 

agencies to launch an open data hub called MiPasa. 

Created by HACERA, the platform aims to detect COVID-19 carriers and infection hotspots quickly and 

precisely. MiPasa will securely share information among individuals, hospitals and authorities, which will 

aid in public health analysis and create a single source of verified and up-to-date information. 

Governments around the world are introducing contact tracing apps — smartphone apps which use 

phone tracking technology to oversee the population’s movement in an effort to monitor and control 

outbreaks. One of the main challenges associated with the adoption of these apps is the need to ensure 



data protection and privacy for users. That’s where blockchain comes in as a means to store data in 

ledgers, protecting it from unauthorized access. 

Governments that implement crypto techniques can tackle the pandemic while ensuring patient privacy 

is uncompromised. Facilitating the sharing of essential COVID-19 related data will help in diagnosis, 

treatment and research for developing a vaccine. 

How Blockchain Helps Track Donations 

Blockchain ensures donations — monetary or medical equipment — are transparent and traceable. 

Previous handling of public donations and the distribution of aid has caused distrust in the perception of 

some charity organizations, which has given rise to donation tracking platforms like Shenzong. 

Blockchain’s transparency provides donors with full traceability of donations, from the point of being 

received, to how donations have been matched to areas most in need, to when donations are delivered. 

By ensuring donations are reaching the correct destinations, those most in need will receive the medical 

equipment needed to help stop the spread of the coronavirus. 

How Blockchain Protects Supply Chains 

One of the biggest issues that has emerged from the pandemic is the inability to authenticate healthcare 

products, leading to a breakdown of trust in supply chains. The unprecedented demand for quality 

disinfectants around the world has created an opportunity for counterfeit and defective products to flood 

the market. Unfortunately, thousands of defective products are reaching the market because people are 

trying to cut corners. This is the biggest dark spot for a lot of PPE orders; they don’t know where the 

products are coming from. The FDA’s recent warnings about deficient and even dangerous products in 

the market reinforces the need for reliable products. 

Blockchain allows consumers and healthcare practitioners to track the origin and providence of medical 

supplies, ensuring products are trustworthy, transparent and traceable. Utilizing digital ledgers, 

blockchain records supply chain data on a granular level, connecting information in a way that can be 

quickly and rapidly accessed. 

Dynamic recall systems are designed to recall a batch lot, so if a product is discovered to be faulty, 

blockchain facilitates the ability to connect all the data points back to the original source. This provides 

data security to manufacturers on the materials used that can be tracked from origin. Subsequently, 

purchasers are reassured they are buying safe, quality products. 

A positive note to take away from the tragedy of the pandemic is the acceleration of innovative systems 

to help stop the virus from spreading. We might yet see personalized wellness as the next step for 

blockchain in the fight against the coronavirus. Blockchain has the capability to manage lifestyle on an 

individual level — sleep patterns, fitness levels, nutrition — and how you can best maximize your health 

to build the T cells and create the antibodies in your system to stay healthy. 




Robert Galarza is Chief Executive Officer of TruTrace Technologies, 

developer of the first integrated blockchain platform that registers and 

tracks intellectual property from Genome to Sale for the cannabis 

industry. 



Patched Minimizes Risk - But Opens the Door for 

Compatibility Problems 

How to Remediate Federal Systems with Zerologon Vulnerability 

By Egon Rinderer, Global Vice President of Technology & Federal CTO, Tanium 

In September, the Cybersecurity and Infrastructure Security Agency (CISA) released a notice stating the 

Zerologon vulnerability poses an “unacceptable risk” to the federal civilian executive branch, and required 

that all federal agencies “immediately apply the Windows Server August 2020 security update” or 

disconnect from federal networks. Zerologon is perhaps one of the most significant vulnerabilities to hit 

in a long time. 

Back in August, Microsoft released the software update Netlogon EoP – or zerologon – to mitigate a 

critical vulnerability in the Windows Netlogon Remote Protocol server interface. Netlogon allows devices 

to authenticate to the domain controller (DC) and update their password in the Active Directory (AD). 

Netlogon is designed for specific tasks like maintaining relationships between members of domains and 

the DC, or between many DCs across one or many domains, and replicating the DC database. At the 

time of the update, this was only the first update in a phased rollout expected to conclude February 2021. 

Federal systems go through routine patches and software updates. These fix and improve security 

vulnerabilities and other bugs cybercriminals might use to gain unauthorized access to a user’s device 

and sensitive data. Software vendors release critical patches with the intent of protecting the 

organizations and users leveraging the software. But, sometimes while the patch may safeguard against 



the latest threat, it can also unintentionally create other issues across the network. Ideally, organizations 

have a test environment where they can first deploy the patch and measure the effectiveness as well as 

any issues it might cause (e.g., if a mission critical tool or function is unavailable). But, test environments 

aren’t always identical to the production environment, and some organizations may not have one at all. 

While not identical, the impact of this latest patch is reminiscent of the fallout from the Microsoft patch for 

Meltdown (CVE-2017-5754). Distribution of the patch was altogether halted at one point due to the issues 

it caused for some machines (e.g., failure to boot). What’s unique about the patch for zerologon, however, 

is that Microsoft knew prior to release that there would be compatibility issues, which explains the 

complexity in the response and guidance—phased implementation, partial enforcement now and more 

coming later, an option to go to full enforcement sooner, new logged events to tell you when those 

compatibility issues are happening, and a GPO to exempt specific systems from the new restriction. 

These patch complexities can leave some networks and users in a precarious position. With the patch 

comes certain compatibility issues, but without the patch, hackers can use this vulnerability to create 

easy-to-use exploits. This vulnerability allows attackers to impersonate any computer to the DC in the 

agency network and change their password – all while going unnoticed by IT teams. Hackers can also 

execute remote procedure calls on their behalf to gain access to corporate networks. 

In the case of zerologon, since an agency’s active directory rarely, if ever, gets completely rebuilt or 

replaced over time, a skilled cybercriminal could quietly establish long-term, full administrative 

persistence inside the entire network and remain unnoticed. Further, agencies underestimate its impact 

because it 'only affects DCs.’ But the problem is agencies often have far more DCs than they think – and 

those DCs are spread all over the globe. Control of any DC grants the ability to do anything they want on 

any member machine in the AD forest, including hide persistence on them. 

Roadblocks to Closing the Vulnerability 

Zerologon isn’t something you can just patch and forget. Remediation requires several steps and 

repeated validation. Further, tactics by bad actors are evolving daily – so it is more critical than ever to 

routinely update systems to prevent breaches. 

The solution is not as simple as shutting the insecure channels of communications, as this can potentially 

break other applications and platforms. It is very difficult to determine the impact without rigorous testing. 

The exploit depends on signing and encryption being optional. When the protocol’s less-secure option is 

unavailable, the exploit no longer works. The patch brings a subtle change to the Netlogon protocol that 

breaks the “all-zeroes” exploit technique. This means that even when you can’t require 

signing/encryption, successful exploitation of the protocol’s weakness is now mathematically many orders 

of magnitude more difficult than it was (That’s good news!). 

After patching DCs, you should determine whether any authorized computers are being blocked or will 

be blocked in full-enforcement mode (what MS refers to as “Phase II”), so that they can be updated, 

retired, or exempted with the new group policy setting. 



Further, DCs often receive patches later than other systems in the agency network because of a “don’t 

rock the boat” mentality. Having the DCs updated and stable is critical – and this means patches and 

security updates are approached with hesitation. The bottom line? This vulnerability exposes the keys to 

the kingdom – and it is absolutely critical that agencies understand it and take it seriously. 

Next Steps 

Zerologon patches are only available for versions of Windows that are still supported and receive security 

updates. But in practice, many networks have legacy Windows devices or non-Windows devices that 

communicate with DCs using the protocol. Federal IT teams who have the patch should utilize the 

Microsoft guidance: 

• Deploy the August 11, 2020 updates to all applicable DCs in the forest including read-only DCs 

• Collect events in DC event logs to determine which devices in the environment are using 

vulnerable Netlogon secure channel connections 

• Address Netlogon event IDs 5827 and 5828, indicating non-compliant machines that are being 

blocked now, and event ID 5829 indicating noncompliant machines that will be blocked when full 

enforcement is applied 

• Move to enforcement mode in advance of the February 9, 2021 enforcement phase 

• Deploy February 9, 2021 updates 

Agencies that use Microsoft Windows are better served by taking a holistic risk management approach, 

using complete, accurate, and real-time data from a single source to reduce risk and improve security. In 

doing so, they can also reduce the number of point products, reallocate budget and scarce resources, 

and justify future budget requests for critical security activities – all while providing a more comprehensive 

view of the security landscape that enables more strategic business decisions. 

Leveraging a single platform that integrates endpoint management and security unifies teams, effectively 

breaking down the data silos and closing the accountability, visibility, and resilience gaps that often exist 

between IT operations and security teams. 

A platform approach also gives agencies end-to-end visibility across end users, DCs, servers, and cloud 

endpoints, and the ability to identify assets, protect systems, detect threats, respond to attacks, and 

recover at scale. When agencies achieve complete visibility and control, the risk from cyberattacks is 

significantly reduced and their ability to make good business decisions is improved. 

At this stage, agencies that use the Netlogon server are aware of the vulnerability and the risk it brings. 

IT teams must prioritize standard checks for patches and routinely complete vulnerability assessments 

to analyze and determine the current level of risk. 




Egon Rinderer is the Global Vice President of Technology and 

Federal CTO at Tanium. With 30 years of Federal and private 

sector industry experience, Egon currently leads the global 

Enterprise Services Organization as well as leading Tanium 

Federal as Chief Technology Officer. Joining Tanium at a time 

when the company was made up of less than 20 employees, 

he has held roles ranging from Technical Account Manager to 

Federal Pod Lead to global Vice President of the TAM 

organization. Prior to joining Tanium, Egon was with Intel 

Corporation and served throughout the US military and 

intelligence community in the United States and abroad in an 

operational capacity. Egon can be reached at 

egon.rinderer@tanium.com, online at 

https://www.linkedin.com/in/egon-rinderer/, or at our company website at 

https://www.tanium.com/solutions/federal-government/ 



For Federal Agencies, Securing Internet of Things 

Devices Is A Growing Challenge 

By Katherine Gronberg, Vice President of Government Affairs, Forescout 

In June, the cybersecurity company JSOF, with help from Forescout, released some eye-opening 

research about a set of 19 vulnerabilities, collectively known as Ripple20. The Ripple20 vulnerabilities 

are found within the TCP-IP protocol code sold by Ohio-based software company, Treck, and are used 

by a wide range of Internet of Things (IoT) and Operational Technology (OT) devices. An OT device 

refers to a specific type of computing device that manages, monitors or controls operations that are more 

physical or industrial in nature, such as an environmental control or security system. The Ripple20 

vulnerabilities make these devices susceptible to remote code execution exploits, which is a type of 

exploit that allows an attacker to take full control of a device. This can allow attackers to disrupt the 

operations of an organization or to leverage that device as an entry point onto the network to attack other 

sensitive assets or information. 

A TCP-IP stack is an embedded library of code that allows a device to communicate over the internet. 

Treck’s code was built to handle the TCP-IP protocol that connects devices to networks and the internet 

and as previously mentioned, is incorporated into a range of IoT and OT devices. Unfortunately, 

organizations rarely know the component makeup of their IoT devices, as there is currently no 

requirement for manufacturers to provide customers a bill of materials that describes the specific 

hardware and software components contained in IoT and OT devices. Common types of devices running 



Treck include office printers, medical infusion pumps, security cameras, video conferencing tools and 

building automation systems, to cite a few examples. 

Federal agencies are heavily affected by the Ripple20 vulnerabilities as they increasingly rely on 

networked IoT and OT to perform their missions. Forescout sees hundreds, and in some cases 

thousands, of smart devices and IoT devices, as well as OT devices, on government networks. We have 

seen examples of federal agencies that purchase smart appliances for use in kitchens or labs, but which 

the manufacturer will not warranty unless the appliance is granted an internet connection, which may 

violate an agency’s policies. Out of a sample of 90,000 devices found running Treck, nearly 6,000 were 

in use within the government sector. According to Forescout research, devices and equipment for 

heating/ventilation/air conditioning (HVAC), emergency communications and IP camera systems (like 

those used for physical building security monitoring) have emerged as riskiest for government agencies. 

The pervasiveness of IoT and OT on government networks, with a significant number of those containing 

the Ripple20 vulnerability, should signal how important it is that federal agencies have a way to identify 

and manage the cyber risks of these kinds of devices. Yet, federal agencies have struggled mightily with 

this problem. This is partially because agencies’ IT security functions haven’t really wanted to address 

the security of these operational systems and left them largely to the system owners to figure out (e.g. 

the facilities management people). Further, until now, none of these parties had adequate tools to 

address the security of these devices. IoT and OT devices are not like traditional computers; they are 

difficult to detect and can be difficult to identify correctly. They cannot run traditional security software the 

way a computer can. In our experiences with new federal customers, we have found that most are 

unaware of how much IoT and OT is actually present on their networks. 

At the policy level, government leaders have focused their attention on creating conditions and standards 

for the manufacturers of IoT and OT to meet, including potentially requiring them to build certain security 

features into products. But the IoT attack environment is, frankly, too explosive for static feature 

requirements or point-in-time product or vendor certifications to suffice. Examples of such constructs 

include IoT product or manufacturer certification processes, the requirement for manufacturers to provide 

software or hardware bills of materials, and certification-based “device tagging” mechanisms. While these 

ideas will provide agencies more information about the IoT running on their networks, the overall federal 

strategy being implemented has to balance these methods with an equal or greater emphasis on 

augmenting behavior-based, continuous monitoring approaches. These refer to methods that allow 

agencies to monitor, in real time, the network access, posture and behavior of all devices and associated 

users, and to continuously enforce controls and compliance on these devices. 

These methods are currently being implemented within the Department of Defense (DoD) through the 

Comply-to-Connect (C2C) program. The overarching goal of C2C is to improve the authentication, 

authorization, compliance assessment and automated remediation of all devices and systems connecting 

to a network. Within the C2C framework, IT, IoT and OT devices and systems are detected 

instantaneously upon presenting themselves to the network. They are identified, assessed for signs of 

compromise and other anomalous configurations and behaviors, and finally assessed for their 

compliance with DoD security policies. Compliant devices and systems gain the desired level access to 

the network, while unauthorized ones are held in quarantine until they successfully meet requirements. 



C2C allows the DoD to inspect every single device for malicious code, prohibited software, 

noncompliance and other risks. In responding to challenges of today, C2C applies to IoT devices as well 

as systems for industrial control, weapons, medical gear, commercial smart devices and embedded 

controls. The program has in its scope all devices and systems within a “single pane of glass,” under a 

singular security architecture, as opposed to the security of different device types and systems being 

managed by disparate teams within DoD. 

The capabilities of C2C will form the foundation of the DoD’s efforts to implement an enterprise Zero 

Trust architecture, most importantly, by restricting any device’s network access until it has proven itself 

trustworthy. Once approved, C2C requires the continuous monitoring of an endpoint, enforcing its access 

to data resources via network segmentation and limited penetration to other networked resources. The 

National Institute of Standards and Technology (NIST) has published some especially important guidance 

on both Zero Trust and Continuous Monitoring. 

There is no turning back to a pre-IoT/OT world. Agencies are now far too reliant on the devices for 

mission-critical tasks. IoT must be embraced for its ability to create efficiencies and improve safety in 

federal missions, but government IT leaders must simultaneously employ frameworks that can secure 

these devices, the data on them and the critical functions they perform. C2C is this framework within the 

DoD and it will enable the Department to incorporate IoT innovation into its critical missions while ensuring 

they don’t introduce mission-impacting risk. 


Katherine Gronberg is Vice President of Government Affairs at Forescout 

Technologies, Inc., the leader in Enterprise of Things security. Prior to 

Forescout, she taught at Georgetown University’s Edmund A. Walsh 

School of Foreign Service and ran her own government affairs consulting 

firm. Prior to this, Katherine served as a Staff Director on the Senate 

Appropriations Committee, handling billions in annual appropriations for 

federal agencies such as the Departments of State and Commerce. 



Nations—Not Individuals—Are After Your IP 

By Ryan Benner, Anexinet 

A recent Wall Street Journal article titled, Russian Hackers Have Targeted 200 Groups Tied to U.S. 

Election, has Microsoft stating that “Russian government hackers have targeted at least 200 

organizations tied to the 2020 U.S. election in recent weeks, including national and state political parties 

and political consultants working for both Republicans and Democrats.” The article goes on to point out 

that other bad actor nations such as China and Iran have also been identified by Microsoft as engaging 

in cyberattacks against “high-profile individuals” and “targeting personal accounts of people associated 

with President Trump’s campaign,” respectively. There is an understated cybersecurity progression to 

this piece: Ten to twenty years ago, bad actors were typically individuals or even small groups, often tied 

to organized crime, that were just looking for financial gain. Today we have the skills of a nation seeking 

to influence global politics. 

The phenomenon of nation-states as bad actors has significantly risen over the last decade. These 

nations are not just seeking to steal data for financial gain, they are also looking at acquiring information 

to be used for economic espionage such as tapping into power grids or monetary gain from copying 

proprietary products and systems such as IT device codes. It’s a wake-up call for any organization to 

carefully review its downstream business relationships and contracts. Are they linked in any way to 

government entities? Is your company manufacturing proprietary parts for a military vehicle that can be 

copied and reproduced cheaper in other parts of the world? If the answer is “yes,” you may be a target 

for very well-trained, deep-pocketed bad actors that are extremely persistent in their pursuit of your 

intellectual property. 



The following are documented cyberattacks performed by bad actor nations: 

Unpatched Systems 

One of the biggest issues constantly exploited by bad actors is an unpatched system. Over the last few 

years, we've seen a plethora of new attacks that leverage exploits that have not been published to the 

world yet. According to Security Boulevard, “cyberattacks increased 17% over the past year [2019] and 

their severity rose 27% compared to 2018.” The most notable result from the polling was that “60% of 

breaches were linked to a vulnerability where a patch was available, but not applied.” 

Organizations must realize that bad actor nations have the funding and the manpower to methodically 

dig into software and firmware and find these exploits before they would traditionally be found by the 

manufacturers themselves. And they leverage these exploits in ways that make it very difficult to find 

them because the attacker doesn’t want to just exploit a single system, they want to use the entry system 

as a jump-off point to exploit many areas of the network. While in stealth mode, many security tools are 

not capable of identifying their presence, because they don’t trip any wires or alarms. It’s their mission to 

stay hidden in the network and to take over as many parts of the infrastructure as possible. 

Spear-Phishing 

CSOonline states that phishing attacks account for more than 80% of reported security incidents and 

RiskIQ estimates that $17,700 is lost every minute due to phishing attacks. Why are these figures so 

high? Because the end-user is always the weakest link in the chain and by nature, most people are 

trusting individuals. That’s why when an email looks official, perhaps from their bank, or their company’s 

IT Help Desk, the target willingly hands over their credentials. 

Over the years, there has been considerable advancement with email security tools to help recognize 

spear-phishing and block it from getting to end-users. This protection includes web and DNS tools that 

block end-users’ attempts at clicking fraudulent email links. Ultimately, the responsibility resides with the 

end-user to look for oddities in the email such as misspellings or signs in the nomenclature that it’s not 

written by a native English speaker. When these emails are identified, end-users must be trained to report 

the incident to the IT security department immediately. 

Brute Force Attacks and Password Sprays 

Brute force leverages a computer system to break an encryption protocol or a password. With the everincreasing 

processing power, millions of password attempts can be performed per second. From a 

network policy perspective, it's all about ensuring the appropriate, complex passwords are being used 

and password lockout policies, such as after 5 bad attempts, are in place. Although brute force attacks 

are less successful, the attackers will often come back to test a company’s security policies to see if the 

latest protocols have been put into place. 

Similar to brute force attacks, password spraying is going after the end-users’ accounts. However, instead 

of focusing on one account and trying hundreds of thousands of password combinations, a password 

spray attempt will focus on going after a large number of accounts with a handful of commonly used 

passwords. This type of attack is effective because many individuals set the security credentials as their 

email address and “password 1-2-3,” or similar, simplistic easy-to-remember permutations. Over the last 



few years, newer recommendations call for “phrase passwords” to be used, where the end-user selects 

a line from their favorite song, wedding vow, or quote; much easier to remember than a ten-character 

string. 

A Much Bigger Attack Surface 

Exacerbating the cyberattack problem is the fact that we now have an immense, remote workforce that 

has increased the attack surface exponentially. Now that a much larger percentage of workers and 

students are remote and using a lot of new collaboration style software, these bad actors have a much 

larger target to hit. 

Preventing a cyberattack is extremely difficult, but there are many ways to mitigate the risk. The first step 

is to become intimately familiar with every aspect of the network, including hardware, software, end 

devices as well as anything connected that could be considered an entry point e.g IoT devices, card 

readers, and even printers. From there it goes to ensuring the right policies are in place and building the 

right programs around these policies such as the aforementioned methods discussed in the documented 

attacks. Once those areas are taken care of, the right tools and software need to be utilized to ensure 

the adequate layers of defense are in place to detect and defend critical intellectual property (IP) assets. 

With all these checkpoints taken care of, the final step is to layer monitoring on top to ensure credible 

alerts are being escalated for proper attention. 

You Don’t Have to Go It Alone 

A Managed Security Provider (MSP) can help an organization create a customized security program 

leveraging premise and cloud-based security tools to protect users and IP assets. Layered on top of the 

security program is 24/7 monitoring from trained staff within a Security Operations Center (SOC). MSPs 

were created because it's very difficult and expensive for companies to have all the in-house talent— 

across all the various cybersecurity disciplines. 

From a hacker’s point-of-view, monetary gain seems like table stakes compared to effectively influencing 

a nation; and yet, this too may be a stepping stone to even more diabolical efforts. Mitigating risks with 

solid security policies, layering security tools, and cutting-edge monitoring systems that prompt 

immediate action is the best course of action to protect your organization’s private information and IP. 




Ryan Benner is Vice President of Presales at Anexinet – a 20-year 

digital business solutions provider offering customers a complete 

digital experience from engaging front-end interactions to 

dependable back-end solutions, all informed by data-driven 

insights. Ryan has expertise in building new revenue streams and 

significant growth in technology consulting companies. Prior to 

Anexinet, Ryan was VP Solutions & Services / VP Enterprise 

Infrastructure at Arraya Solutions, where he was instrumental in 

enabling the company to achieve 4X revenue growth and transform 

from a small VAR to a provider of strategic solutions. Ryan holds a 

Bachelor of Science degree in Information Systems from Penn 

State University. Anexinet can be found on LinkedIn and Twitter. 



Video Intercom Systems Reinvent Building Security 

By Melvin Braide, Content Writer 

Intercom systems have been around for decades, but recently access control solutions have started to 

incorporate video functionality, surveillance, and two-way calling. In this piece, we discuss how video 

intercom is reinventing residential and commercial building security. 

An intercom system is an autonomous, internal communication system within a building or a collection of 

buildings that is not part of the public telephone network. It is a familiar presence in offices, multi-tenant 

buildings, and some homes. In its most primitive stage, it was nicknamed the "buzzer" – because of the 

sound it made when a guest pushed the button at the front door of a multi-tenant building – and letting a 

visitor into the building was "buzzing them in." Those systems linger in older facilities. 

The buzzer system offered adequate, if not clear, audio. Over time, the frailties of this technology became 

apparent. You could hear the guest's voice, but you couldn’t completely verify identification. Simply put, 

you couldn't visually assess who you are allowing onto your premises. That changed with video 

intercoms. 

What Is a Video Intercom System? 

Holistic safety and security in today's post-COVID society includes cybersecurity, physical security, and 

environmental health and safety. An ideal system would address security on all three fronts. Video 

intercom is one such tool. So what is it? 

A video intercom is an advanced intercom system with a video component that supports two-way 

video calls. The video component allows you to assess anyone at the front door before granting 

access. High-end video intercoms combine with cloud-based systems to connect mobile devices 

for remote visitor management and access control. 



How Is Video Intercom Being Used in Commercial and Residential Buildings?? 

Video intercom systems are increasingly employed to strengthen security and improve visitor 

management. The versatility of video intercom systems makes them suitable for both residential and 

commercial facilities. But there are subtle differences in how they are used in different situations. 

● 

● 

● 

Office intercom systems: Intercom systems for businesses are used for more extensive 

purposes than just granting access to visitors. Office video intercom systems serve as an internal 

communication system between offices in the same building and different locations. 

Video intercom systems for multi-tenant commercial buildings: High-rise multi-tenant 

buildings use video intercom primarily to verify a visitor's identity. In this sense, a visitor also 

includes couriers, maintenance personnel, and employees missing their access credentials. 

Residential video intercom: For apartment complexes and condominium communities, the 

primary concern is to protect against theft, break-ins, and vandalism and monitor access to the 

building when you’re not home. 

Regardless of the utility, it’s important to choose the right video intercom system. Video intercom systems 

come with a variety of features that serve various purposes. You can opt for a wireless video intercom 

and connect via WIFI, or you can choose a wired system that connects with ethernet. 

Benefits of Video Intercom Solutions 

Visitor identification via video increases security 

Video intercom adds an extra layer of protection to your residential or office security system. Its standout 

feature is the two-way video call that allows you to verify who you are talking to and whether they are 

alone. Some video intercoms use up to a 7MP high-resolution camera capable of capturing the tiny 

inscriptions on an ID card for verification. 

Touchless/hands-free solutions 

A video intercom with access control capabilities increases physical health in this COVID world. 

Integrated system capabilities can be connected to any electronic door unlock system preinstalled in your 

building. With that in place, after confirming the identity of the person at the front door, you can grant 

access remotely to align with current social distancing guidelines. It’s completely contactless; hence, no 

health fears. 

Cloud-based solutions 

We come in contact with cloud-based solutions every day. Cloud capabilities have long surpassed 

networks for many reasons. The benefits of cloud-based access control mirror the secure and resilient 

nature that make the solution so attractive. COVID-19 has exacerbated the utility of on-premise systems, 

so the security industry is shifting to put systems management back into the hands of the experts. 



Remote access control and visitor management 

With remote visitor management, it’s possible to remain a healthy distance away from others while 

granting or denying access from anywhere. Many times, especially in today’s environment, it’s not 

possible to physically welcome a visitor. So, remote capabilities are now becoming an essential feature 

when it comes to building a sound facility operation. 

Accountability 

Accountability has been a security component, but never has it been so pronounced as it is today. 

Advanced visitor management systems have the ability to capture data that hasn’t been possible before. 

With the help of video intercom, it’s possible to review who is in the building, for what reason, and for 

whom. This is incredibly useful in the event of an emergency or should an incident occur within the facility, 

where the facility manager is the one held accountable. 


Melvin Braide, Content Writer 

Melvin Braide is a professional content writer and copywriter at Swiftlane, with 

a degree in Mechanical Engineering and years of experience writing across 

various niches. Melvin focuses on providing valuable and educational content 

for Swiftlane’s growing audience in the areas of access control, visitor 

management, and security. 



















Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS 

“Amazing Keynote” 

“Best Speaker on the Hacking Stage” 

“Most Entertaining and Engaging” 

Gary has been keynoting cyber security events throughout the year. He’s also been a 

moderator, a panelist and has numerous upcoming events throughout the year. 

If you are looking for a cybersecurity expert who can make the difference from a nice event to 

a stellar conference, look no further email marketing@cyberdefensemagazine.com 



You asked, and it’s finally here…we’ve launched CyberDefense.TV 

At least a dozen exceptional interviews rolling out each month starting this summer… 

Market leaders, innovators, CEO hot seat interviews and much more. 

A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine. 



FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL 

ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR MAGAZINES FOR FREE. 

This magazine is by and for ethical information security professionals with a twist on innovative consumer 

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our 

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best 

ideas, products and services in the information technology industry. Our monthly Cyber Defense e- 

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare 

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of 

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here 

to sign up today and within moments, you’ll receive your first email from us with an archive of our 

newsletters along with this month’s newsletter. 

By signing up, you’ll always be in the loop with CDM. 

Copyright (C) 2020, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. 

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a 

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com, 

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability 

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465, 

Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS# 

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com 

All rights reserved worldwide. Copyright © 2020, Cyber Defense Magazine. All rights reserved. No part of this 

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, 

recording, taping or by any information storage retrieval system without the written permission of the publisher 

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of 

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may 

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect 

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content 

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at 



276 Fifth Avenue, Suite 704, New York, NY 1000 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 


www.cyberdefensemagazine.com 

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA) 

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 11/02/2020 



TRILLIONS ARE AT STAKE 

No 1 INTERNATIONAL BESTSELLER IN FOUR CATEGORIES 

Released: 

https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH 

In Development: 



Nearly 9 Years in The Making… 

Thank You to our Loyal Subscribers! 

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know 

What You Think. It's mobile and tablet friendly and superfast. We hope you 

like it. In addition, we're shooting for 7x24x365 uptime as we continue to 

scale with improved Web App Firewalls, Content Deliver Networks (CDNs) 

around the Globe, Faster and More Secure DNS 

and CyberDefenseMagazine.com up and running as an array of live mirror 

sites. Millions of monthly readers and new platforms coming…

Cyber Defense eMagazine November 2020 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?