Cyber Defense eMagazine January 2021 Edition
Cyber Defense eMagazine January Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine January Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3 Email Hacking Techniques to Watch In<br />
<strong>2021</strong><br />
5 AIOps Trends That Will Shape <strong>2021</strong><br />
Zero Trust Remote Access for Engineering<br />
Teams<br />
Communication Streaming Challenges<br />
…and much more…<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 1<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
CONTENTS<br />
Welcome to CDM’s <strong>January</strong> <strong>2021</strong> Issue -------------------------------------------------------------------------------------------- 7<br />
3 Email Hacking Techniques to Watch In <strong>2021</strong> ------------------------------------------------------------------------- 23<br />
By Adrien Gendre, Chief Product & Services Officer, Vade Secure<br />
5 AIOps Trends That Will Shape <strong>2021</strong> ------------------------------------------------------------------------------------- 26<br />
By Tej Redkar, Chief Product Officer at LogicMonitor<br />
Securing Digital Identities in A Predominantly Remote World ---------------------------------------------------- 30<br />
By Bob Eckel, President & CEO, Aware, Inc.<br />
Businesses Must Protect Their Most Critical Asset: Their Data ---------------------------------------------------- 33<br />
By Trevor J. Morgan, Ph.D., Product Manager at comforte AG<br />
Zero Trust Remote Access for Engineering Teams--------------------------------------------------------------------- 36<br />
By Colin Rand, VP of Engineering, Banyan Security<br />
Cryptocurrency Ransomware Is on The Rise During COVID-19 – Here’s What Businesses of All Sizes<br />
Need to Know About Dealing with Attacks ----------------------------------------------------------------------------- 41<br />
By Marc Grens, Co-Founder & President at DigitalMint<br />
E-Commerce and Lockdown: The Perfect Storm for <strong>Cyber</strong> Threats ----------------------------------------------- 44<br />
By Aman Johal, Lawyer and Director of Your Lawyers<br />
Communication Streaming Challenges ----------------------------------------------------------------------------------- 47<br />
By Milica D. Djekic<br />
Anatomy of a hack – Solar Winds Orion --------------------------------------------------------------------------------- 50<br />
By James Gorman, CISO, Authx<br />
<strong>Cyber</strong>security Maturity Model Certification (CMMC) ---------------------------------------------------------------- 53<br />
By Carter Schoenberg, CISSP & CMMC Registered Practitioner Vice President – <strong>Cyber</strong>security SoundWay<br />
Consulting, Inc.<br />
Businesses Should See Security as An Enabler of Digital Transformation, Not A Hindrance ------------- 57<br />
By Matt Gyde, CEO, Security Division at NTT Ltd.<br />
Asset Management, The Weakest Link in <strong>Cyber</strong>security Risk -------------------------------- 60<br />
By Gyan Prakash, Head of <strong>Cyber</strong> Security / Security Engineering, Altimetrik Corp<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 2<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Rising Tide of Security Threats in The Industrial Internet of Things ---------------------------------------- 70<br />
By Don Schleede, Information Security Officer at Digi International<br />
E-Merchants: Secure Your Online Sales from <strong>Cyber</strong>security Threats -------------------------------------------- 73<br />
By Anthony Webb, EMEA Vice President, A10 Networks<br />
The Privileged Credential Security Advantage ------------------------------------------------------------------------- 76<br />
By Tony Goulding, <strong>Cyber</strong>security Evangelist at Centrify<br />
How To Keep Your Children Safe In Remote Learning Situations ------------------------------------------------- 79<br />
By Nevin Markwart, Chief Information Security Officer at FutureVault<br />
More Internal Security Needed, Less Budget – 10 Tips to Help ---------------------------------------------------- 82<br />
By Jody Paterson - Founder and Executive Chairman. ERP Maestro<br />
Personal Data Breaches for GDPR Compliance: Everything You Need to Know ------------------------------ 86<br />
By Dan May, Commercial Director, ramsac<br />
Brave New World: Safari Content Blocking ----------------------------------------------------------------------------- 89<br />
By Andrey Meshkov, CEO and CTO at AdGuard<br />
When Businesses Get Hacked- Who Are the Victims? ---------------------------------------------------------------- 93<br />
By Nicole Allen, Marketing Executive, SaltDNA.<br />
Security and Remote Management: What Is the Market Looking Like as We Head Towards <strong>2021</strong>? -- 97<br />
By Gil Pekelamn, CEO, Atera<br />
Working from Home? You’re Not Alone ------------------------------------------------------------------------------- 100<br />
By Steve Hanna, Embedded Systems Work Group Co-Chair at Trusted Computing Group (TCG) and Jun Takei,<br />
Japan Regional Forum Co-Chair at Trusted Computing Group<br />
The Best Network Protection: Go Deep or Go Broad?-------------------------------------------------------------- 104<br />
By Albert Zhichun Li, Chief Scientist, Stellar <strong>Cyber</strong><br />
<strong>Cyber</strong>security Predictions For <strong>2021</strong> -------------------------------------------------------------------------------------- 106<br />
By Topher Tebow, <strong>Cyber</strong>security Analyst (Malware), Acronis<br />
Why 'Thinking Small' Is the Way to Stop Ransomware and Other <strong>Cyber</strong> Attacks ------------------------- 109<br />
By Yuval Baron, CEO at AlgoSec, explains why micro-segmentation is one of the most effective methods to<br />
limit the damage of attacks on a network<br />
Your Vulnerabilities are Making You Miss Your Misconfigurations -------------------------------------------- 112<br />
By Evan Anderson, Director of Offense, Randori<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 3<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Are Your Organization’s Critical Assets Five Steps or Fewer from A <strong>Cyber</strong> Attacker? -------------------- 117<br />
By Gus Evangelakos, Director Field Engineering, XM <strong>Cyber</strong><br />
Moving to Active <strong>Defense</strong>: What It Means, How It Works and What You Can Do Now ----------------- 120<br />
By Ofer Israeli, CEO and founder, Illusive Networks<br />
How Next-Gen Identity Governance and Administration (IGA) Fits in with Your Hybrid IT Strategy 123<br />
By Thomas Müller-Martin, Global Partner Technical Lead, Omada<br />
Analytics Security Insight On <strong>2021</strong> And Beyond --------------------------------------------------------------------- 126<br />
By Billy Spears, Chief Information Security Officer, Alteryx<br />
Innovation, Automation and Securing A “Work from Anywhere” Environment In The Middle East - 129<br />
By Mazen A. Dohaji, Vice President, India, Middle East, Turkey & Africa (iMETA), LogRhythm<br />
Peer-To-Peer <strong>Cyber</strong>security Insights For <strong>2021</strong> ------------------------------------------------------------------------ 133<br />
By Stuart Berman, IT Central Station Super User<br />
Transitioning to Remote Work: The Apps You’ll Need to Ensure A Productive Workforce -------------- 135<br />
By Ikechukwu Nnabeze, SEO Copywriter, Traqq<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 4<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
@MILIEFSKY<br />
From the<br />
Publisher…<br />
New <strong>Cyber</strong><strong>Defense</strong>Magazine.com website, plus updates at <strong>Cyber</strong><strong>Defense</strong>TV.com & <strong>Cyber</strong><strong>Defense</strong>Radio.com<br />
Dear Friends,<br />
It’s a given that we are all ready to put 2020 behind us; executing plans for a much<br />
better, brighter year in <strong>2021</strong>. For all your support, we humbly THANK YOU SO<br />
MUCH! We so much value our readers, our partners and our sponsors.<br />
To be sure, there will be new challenges to take the place of the ones we’ve been<br />
facing for the past year. Publication and distribution of valuable actionable<br />
information is for us the key to successfully navigating these troubled waters.<br />
As we’ve recently notched up to the 2 nd most popular cybersecurity publication and news source, we’re proud to<br />
be entering our 9 th year producing <strong>Cyber</strong> <strong>Defense</strong> Magazine as we continue to focus on providing valuable<br />
resources to our readers and sponsors, reaching the right kind of executives with our shared messages. Our<br />
readers include buyers, decision-makers, and influencers in the IT/InfoSec ecosystem.<br />
As we publish this <strong>January</strong> issue, we look ahead to the year <strong>2021</strong> with great anticipation for new and exciting<br />
challenges and responses in the industry. The articles in this month’s <strong>Cyber</strong> <strong>Defense</strong> Magazine, which are provided<br />
from a broad array of contributors, demonstrate that our community continues to pursue a new phase,<br />
emphasizing basics while we address broader issues as well.<br />
In addition to the important articles in the <strong>January</strong> issue, we are pleased to continue providing the powerful<br />
combination of monthly <strong>eMagazine</strong>s, daily updates, and features on the <strong>Cyber</strong> <strong>Defense</strong> Magazine home page, and<br />
webinars featuring national and international experts on topics of current interest.<br />
Finally, we’re answering the call to help fill so many infosec job openings, entering our second year of CDM Young<br />
Women in <strong>Cyber</strong>security Scholarships and with our new www.cyberdefenseprofessionals.com job portal – free to<br />
post a job opening or your resume, so please leverage it and let us know how to improve it in <strong>2021</strong> and beyond.<br />
Warmest regards,<br />
Gary S. Miliefsky<br />
Gary S.Miliefsky, CISSP®, fmDHS<br />
CEO, <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />
Publisher, <strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
P.S. When you share a story or an article or information about<br />
CDM, please use #CDM and @<strong>Cyber</strong><strong>Defense</strong>Mag and<br />
@Miliefsky – it helps spread the word about our free resources<br />
even more quickly<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 5<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
@CYBERDEFENSEMAG<br />
CYBER DEFENSE eMAGAZINE<br />
Published monthly by the team at <strong>Cyber</strong> <strong>Defense</strong> Media Group and<br />
distributed electronically via opt-in Email, HTML, PDF and Online<br />
Flipbook formats.<br />
PRESIDENT & CO-FOUNDER<br />
Stevin Miliefsky<br />
stevinv@cyberdefensemagazine.com<br />
InfoSec Knowledge is Power. We will<br />
always strive to provide the latest, most<br />
up to date FREE InfoSec information.<br />
From the International<br />
Editor-in-Chief…<br />
With a new year before us, the international perspective on cybersecurity<br />
matters brings renewed emphasis on competition, privacy, and regulatory<br />
compliance.<br />
We see antitrust actions against several of the big tech leaders, updates of<br />
privacy rules among various jurisdictions, and new challenges from<br />
regulators.<br />
INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER<br />
Pierluigi Paganini, CEH<br />
Pierluigi.paganini@cyberdefensemagazine.com<br />
US EDITOR-IN-CHIEF<br />
Yan Ross, JD<br />
Yan.Ross@cyberdefensemediagroup.com<br />
ADVERTISING<br />
Marketing Team<br />
marketing@cyberdefensemagazine.com<br />
CONTACT US:<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
Toll Free: 1-833-844-9468<br />
International: +1-603-280-4451<br />
SKYPE: cyber.defense<br />
http://www.cyberdefensemagazine.com<br />
On one hand, these trends are apparently intended to result in stronger<br />
cybersecurity overall. But in the usual manner, the law of unintended<br />
consequences often overrides good intentions.<br />
The natural tension between anti-monopoly actions on one side and<br />
regulated monopoly market behavior on the other is playing out in the<br />
cybersecurity arena. And that interplay is complicated by the crossjurisdictional<br />
nature of the industry.<br />
A final challenging factor is that the world we live in today is a stage for<br />
nation-states and other governmental entities to exhibit multiple<br />
personalities: both as cooperating authorities in regulation and as<br />
competitors in exercising control over digital assets.<br />
As always, we encourage cooperation and compatibility among nations and<br />
international organizations on cybersecurity, regulatory, and privacy<br />
matters.<br />
To our faithful readers, we thank you,<br />
Pierluigi Paganini<br />
International Editor-in-Chief<br />
P.S. Please visit our new consumer magazine for family and friends.<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of<br />
CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a)<br />
276 Fifth Avenue, Suite 704, New York, NY 10001<br />
EIN: 454-18-8465, DUNS# 078358935.<br />
All rights reserved worldwide.<br />
PUBLISHER<br />
Gary S. Miliefsky, CISSP®<br />
Learn more about our founder & publisher at:<br />
http://www.cyberdefensemagazine.com/about-our-founder/<br />
9 YEARS OF EXCELLENCE!<br />
Providing free information, best practices, tips and<br />
techniques on cybersecurity since 2012, <strong>Cyber</strong> <strong>Defense</strong><br />
magazine is your go-to-source for Information Security.<br />
We’re a proud division of <strong>Cyber</strong> <strong>Defense</strong> Media Group:<br />
MEDIAGROUP CONSUMER MAGAZINE<br />
B2B & B2G MAGAZINE TV RADIO AWARDS<br />
PROFESSIONALS WEBINARS<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 6<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Welcome to CDM’s <strong>January</strong> <strong>2021</strong> Issue<br />
From the U.S. Editor-in-Chief<br />
As we enter a new year, it is important to pause and reflect on both the challenges and highlights of the<br />
year just past – from a cybersecurity perspective.<br />
In 2020, <strong>Cyber</strong> <strong>Defense</strong> Magazine carried nearly 300 articles of paramount value in identifying and<br />
responding to cybersecurity threats and opportunities.<br />
Can our industry claim complete success (if that is even a fair question)? Perhaps not, but after all, we<br />
do operate in a theater of asymmetrical warfare: the defenders must bat 1000, while the attackers need<br />
only score the occasional base hit. Nonetheless, goals are worth setting and approaching as closely as<br />
possible.<br />
From a more sanguine point of view, on behalf of <strong>Cyber</strong> <strong>Defense</strong> Magazine, we can state this without<br />
fear of contradiction: If all our readers were allowed to and funded to implement all the actionable<br />
advice of our contributors and sponsors, our overall cyber experience in 2020 would have been much<br />
improved. Let’s keep the pressure on the Boards, CEOs and CFOs how important cyber hygiene has<br />
become. It’s not an insurance policy anymore, it’s a must implement, daily and even more vigorously.<br />
While we cannot change the past, we can surely learn from it. To that end, let me commend to our<br />
readers the contents of our <strong>January</strong> issue. The breadth and depth of this month’s articles cover various<br />
sources and topics, with a wealth of actionable information.<br />
With that introduction, we are pleased to present the <strong>January</strong> <strong>2021</strong> issue of <strong>Cyber</strong> <strong>Defense</strong> Magazine.<br />
Wishing you all success in your cyber security endeavors,<br />
Yan Ross<br />
US Editor-in-Chief<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
About the US Editor-in-Chief<br />
Yan Ross, J.D., is a <strong>Cyber</strong>security Journalist & US Editor-in-Chief for<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine. He is an accredited author and educator and<br />
has provided editorial services for award-winning best-selling books on<br />
a variety of topics. He also serves as ICFE's Director of Special Projects,<br />
and the author of the Certified Identity Theft Risk Management Specialist<br />
® XV CITRMS® course. As an accredited educator for over 20 years,<br />
Yan addresses risk management in the areas of identity theft, privacy,<br />
and cyber security for consumers and organizations holding sensitive personal information. You can<br />
reach him via his e-mail address at yan.ross@cyberdefensemediagroup.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 7<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 8<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 9<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 10<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 11<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 12<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 13<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 14<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 15<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 16<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 17<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 18<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 19<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 20<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 21<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 22<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
3 Email Hacking Techniques to Watch In <strong>2021</strong><br />
By Adrien Gendre, Chief Product & Services Officer, Vade Secure<br />
Ransomware hobbled businesses in 2020, while COVID-19 spawned an endless stream of cyberattacks.<br />
What both have in common is email. With 91 percent of cyberattacks beginning with an email, a single<br />
click can mean the difference between business as usual and operations standstill. Here are three<br />
hacking techniques to watch out for in <strong>2021</strong>.<br />
1. Leveraging images to bypass email filters<br />
Image quality might be critical to the authenticity of a phishing email, but it’s what’s going on behind the<br />
image that makes the difference between detection and delivery. Known phishing emails—or phishing<br />
emails that have been blacklisted—can find their way back into inboxes with a series of image<br />
manipulation techniques. Unfortunately, most email filters cannot detect them.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 23<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Invisible to the naked eye, images that have been even slightly manipulated cause a known phishing<br />
email to appear unique to an email filter. By distorting the color, tone, or geometry of an image, a hacker<br />
has the ability to update a blacklisted phishing email with a new image and bypass an email filter that<br />
can’t extract and analyze content from images.<br />
Recently, we’ve been seeing an increase in the number of malicious emails containing remote based that<br />
store malicious textual content. Embedded in the body of email but hosted on outside domains, remote<br />
images must be fetched over a network to be analyzed. The process can’t be done in real-time. In<br />
November alone, Vade Secure analyzed 26.2 million remote images and blocked 261.1 million emails<br />
containing remote images.<br />
Extracting and analyzing content from images requires Computer Vision, an expensive, resourceintensive<br />
field of artificial intelligence that has yet to become standard in email security. Until then, we<br />
expect to see manipulated images and remote-based images grow.<br />
2. Depositing malicious emails via IMAP connections<br />
In late November, Vade Secure detected a mass wave of spam emails being deposited into mailboxes<br />
without passing through transport layers. We suspect that the hacker or hackers used a new tool called<br />
Email Appender, which is available on the dark web, to deposit the spam.<br />
Email Appender allows hackers to validate compromised account credentials and connect directly to the<br />
accounts via IMAP. Once connected, hackers can configure proxies to avoid detection and deposit emails<br />
directly into accounts, even in bulk. Because the emails are sent from compromised accounts, it’s not<br />
necessary for hackers to spoof the email addresses. However, they can adjust the sender display names<br />
to fit the narrative of the spam campaign.<br />
We believe that hackers are using spam messages to test Email Appender and the IMAP method before<br />
moving on to phishing and malware attacks, which require more time, effort, and skill. Hackers tend to<br />
test new techniques on consumers before moving on to corporate targets. Business users are more savvy<br />
because of mandated security awareness training, and businesses tend to have more sophisticated<br />
security systems.<br />
When the IMAP method goes corporate, we expect platforms like Microsoft 365 to become targets. APIbased<br />
email security solutions that are natively integrated with Microsoft 365 offer post-remediation<br />
capabilities not found in secure email gateways. If and when email threats bypass security, businesses<br />
can reach in and remove them, often before users have the chance to click.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 24<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
3. Hijacking email threads<br />
When Emotet malware returned in July, it was made all the more difficult to detect due to thread hijacking.<br />
Leveraging user accounts already compromised by Emotet and other viruses, hackers injected<br />
themselves into legitimate email threads, spreading phishing links and malware-loaded Word documents<br />
as they posed as business colleagues and acquaintances.<br />
While many users might be trained to inspect email for signs of spoofing, the average user is unlikely to<br />
scrutinize an email that is part of a thread. This is what makes thread hijacking so dangerous. With the<br />
conversation already established, hackers are free to converse with other users in the thread. And<br />
because their guard is down, users are likely to take the bait.<br />
With a technique like thread hijacking, hackers can forgo border security and infiltrate a business from<br />
the inside. With the relative ease of getting inside, we expect thread hijacking to gain prominence in <strong>2021</strong>.<br />
Mitigating new threats<br />
The above techniques prove that hackers are not only keeping up with the advances in email security<br />
but also outpacing it in many respects. Innovations in artificial intelligence bring new detection and<br />
remediation capabilities that will only grow in the coming years. But when threats do bypass security,<br />
continuous user training, including at the moment of need, will be critical to neutralizing attacks.<br />
About the Author<br />
Adrien Gendre is Chief Product & Services Officer at Vade Secure. His<br />
product vision and cybersecurity experience has been instrumental in Vade<br />
Secure’s evolution from startup to world leader in predictive email defense.<br />
A speaker at M3AAWG (Messaging, Malware & Mobile Anti-Abuse Working<br />
Group), Adrien is a sought-after email security expert who shares his<br />
expertise to educate businesses about email threats and facilitate new<br />
approaches in the cybersecurity community. With unparalleled access to<br />
global email threat intelligence, Adrien brings his email security expertise<br />
and innovative product approach to the ongoing development and<br />
advancement of phishing, spear phishing, and malware protection<br />
technologies at Vade Secure.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 25<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
5 AIOps Trends That Will Shape <strong>2021</strong><br />
By Tej Redkar, Chief Product Officer at LogicMonitor<br />
If 2020 has taught us anything, it is that life is nothing if not unpredictable. Yet, the unforeseen possibilities<br />
of tomorrow are the very reasons why our society has fully embraced technology today. In the past<br />
decade, technology trends such as artificial intelligence (AI) and automation have improved us as a<br />
society by fostering faster collaboration and saving us a significant amount of time. At the forefront of<br />
modern-day trends is AIOps, or the practice of using AI in IT Operations (ITOps).<br />
AIOps platforms combine big data and machine learning to find patterns, identify problems, and predict<br />
and prevent future issues from occurring. More recently, AIOps has been a valuable tool in helping<br />
companies scale high volumes of data due to the unprecedented shift to a remote workforce. As AIOps<br />
continues to grow in popularity, it’s important to keep up with key trends in its progression. The following<br />
reflects a variety of trends that I have my eye on for next year.<br />
1. AIOps Is Moving from One Data Type to Multiple Data Type Algorithms<br />
AIOps traditionally uses big data platforms to aggregate siloed IT Operations data in one place. Looking<br />
ahead, data scientists will be designing AI algorithms to converge multiple data types, such as metrics,<br />
logs and transactions, to draw a correlation and identify differences in the combined data. The trend<br />
emerged after various probabilistic methods, such as AI, machine learning and statistical analysis were<br />
applied to metrics, logs and transactions. These actions allowed data scientists to draw a correlation<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 26<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
etween the data sets and filter out signal from noise so that organizations can troubleshoot issues<br />
faster.<br />
When it comes to investing in AIOps, the ultimate goal is to save people time -- either through early<br />
warnings, filtering signal from noise, or automation -- so they can focus on more important problems<br />
rather than doing repetitive routine work. Many technology companies have already started investing in<br />
that trend.<br />
2. Remote Work Is Driving More Technology Platforms to Deploy AI To Detecting Problems<br />
Remote work will be the legacy of 2020 and likely the new status quo moving forward. Prior to the<br />
coronavirus pandemic, data was typically concentrated in very specific areas due to collective working<br />
environments. Now that the pandemic has forced companies to support a remote workforce, every<br />
individual remote user is a data generator -- causing data volumes to skyrocket.<br />
Monitoring employee productivity and digital continuity is crucial during these times, yet remains<br />
challenging for ITOps teams to manage. More intelligent algorithms are needed to predict issues with<br />
employee productivity or customer experience using the product remotely. This is where AI helps.<br />
When it comes to AI, it doesn’t matter where users are working from. Once an algorithm is programmed,<br />
its only job is to ingest the data, extract intelligence, and then output the optimized value. The AI function<br />
can automate complex processing of disparate data sources and help IT teams predict problems before<br />
they occur by detecting patterns in large volumes of data.<br />
3. AIOps will become more embedded in observability platforms<br />
AIOps and observability will soon become counterparts to empower ITOps to do more in less time.<br />
Observability in IT refers to a system’s ability to gather actionable data and diagnose what’s happening,<br />
where it’s happening, and -- more importantly -- why an error or issue occurred within the system. This<br />
is done by combining monitoring, log analysis, and machine learning into an environment that can easily<br />
detect issues, proactively identify anomalies, and scale as necessary.<br />
Observability platforms examine metrics, dependencies and logs, and bring them together into a unified<br />
platform to detect patterns between the different data types. This data provides greater observability into<br />
the customer experience, employee productivity, as well as digital infrastructure to help teams better<br />
understand how the business is performing.<br />
After achieving observability, ITOps teams must answer the question of what to do with this information.<br />
That’s where AIOps comes in. By taking an algorithmic approach to ITOps combined with machine<br />
learning, IT teams can automate an influx of data to output actionable insights faster than ever before.<br />
AIOps platforms also enable their users to set dynamic thresholds, identify anomalies, and find the root<br />
cause of an issue. By embedding AIOps and observability into one unified platform, IT teams can predict<br />
problems faster and resolve them before it negatively impacts the business.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 27<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
4. Security and IT Operations Will Be Better Integrated<br />
As enterprise IT environments continue to mature, the need for advanced security platforms will inevitably<br />
follow. The fundamental data sets used in security platforms, including cybersecurity and product<br />
security, are almost the same as IT operation data sets. Security algorithms dissect metrics and logs that<br />
flow through infrastructures to model historical behavioral patterns and flag anomalies. Using AI, this<br />
process can be further automated towards blocking bad actors in real-time.<br />
For example, say a hacker is trying to penetrate a firewall that is detected by either a change in the<br />
volume of data, or a change in the location of the traditional user. Security features can be used to classify<br />
that particular access as either regular access, hacker access, or insecure access. Once the access data<br />
is detected, automation systems can block the IP address of the hacker’s particular region or that<br />
particular range.<br />
Regardless of the business problem, the underlying data required to gather this intelligence is still logs,<br />
metrics, and transactions within an infrastructure. The only difference is the problem that IT security<br />
teams are trying to solve. Security teams want to know whether a bad actor is trying to access the system,<br />
while ITOps teams are more interested in employing applications that will protect their users and provide<br />
a better customer experience. Next year, ITOps and Security teams will likely collaborate more closely<br />
to not only detect problems in the infrastructure performance, but also prevent cybersecurity threats in<br />
near real-time.<br />
5. AIOps Platforms Will Decrease Time-to-Value<br />
While AIOps platforms are meant to handle added complexity, humans are still required to configure and<br />
deploy them. Next year, AIOps capabilities will become more mainstream within products. SaaS<br />
products, in particular, will improve significantly with better actionable insights and new proactive<br />
capabilities within the product. This advancement will set the foundation for future integrated self-healing<br />
systems, which will further reduce the burden on human teams.<br />
Properly educating employees on AIOps platforms also affects time-to-value. AIOps platforms are most<br />
efficient when they are managed by the right team. Investing in AIOps just to say you have it doesn’t add<br />
value to the business if IT isn’t sure how to use AIOps. Build a team that is cross-functional between the<br />
business, data owners, and engineers. Together, these three pillars will be able to derive real value out<br />
of any AIOps initiative.<br />
I constantly see organizations driving initiatives tied to buzzwords instead of a real business problem.<br />
AIOps is about solving complex business problems, and, therefore, IT teams should identify the problems<br />
they want to overcome before diving in headfirst. Once that is understood across the board, solving<br />
problems using AI becomes easier. If organizations do not follow this basic advice, they will likely remain<br />
in a state of AI immaturity and will spend significant amounts of time on failed projects.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 28<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Bottom Line<br />
AIOps is a journey, not a quarterly goal or a yearly goal. From a business perspective, AIOps should be<br />
invested in for the long-term, but only after knowing where the business stands within its own maturity<br />
journey.<br />
About the Author<br />
Tej Redkar has been building enterprise software products for more than<br />
20 years. He has led engineering, product management, user<br />
experience, and data science teams in industry-leading organizations<br />
like Microsoft, VMWare, Cisco, and AppDynamics. Tej has consistently<br />
delivered highly successful products like Rational Rose, VMware Labs,<br />
Microsoft Azure Machine Learning, PowerBI, and AppDynamics that<br />
have fundamentally transformed people’s productivity in respective<br />
domains. As Chief Product Officer, Tej brings the right balance of<br />
business and deep technical expertise to the team to drive strategy and<br />
execution at LogicMonitor. You can learn more about Tej Redkar and<br />
LogicMonitor at www.logicmonitor.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 29<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Securing Digital Identities in A Predominantly Remote<br />
World<br />
COVID-19 and the subsequent uptick in targeted cyberattacks accelerate the need for biometricbased<br />
digital onboarding<br />
By Bob Eckel, President & CEO, Aware, Inc.<br />
As we entered 2020, organizations were beginning to undergo transformations to meet the growing<br />
demands of an increasingly digital marketplace. In adopting new technologies to streamline and<br />
accelerate business operations, banks and other consumer-focused businesses aimed to drive steady<br />
increases of biometric-based digital onboarding methods. These industries were striving to remove<br />
friction from onboarding processes at the same time they needed to address growing security threat<br />
concerns where biometrics were gaining trust as secure, passwordless option for a broad range of<br />
authentication practices.<br />
Then we witnessed the criticality of businesses reprioritizing their digital transformation processes as the<br />
impacts of the COVID-19 pandemic unfolded. As organizations across the world were forced to move<br />
their entire businesses online in the matter of weeks – some for the first time – they had to rapidly shift<br />
their business models to accommodate a predominantly remote workforce. With many unprepared to<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 30<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
handle the IT and security challenges, identities became more vulnerable and in turn protection more<br />
valuable than ever. As <strong>2021</strong> kicks off, it’s important that businesses understand the benefits behind<br />
biometric-based digital onboarding to ensure organizational integrity as they continue to secure the digital<br />
identities of employees and customers alike.<br />
Enhance remote authentication against increased cyber activity<br />
Since the beginning of 2020, there have been more than 445 million cyberattacks reported, which is<br />
double when compared to the entirety of 2019. When the pandemic forced millions of employees into<br />
remote work settings, it opened up huge opportunities for cybercriminals to take advantage of any security<br />
weak points to attacks aimed at stealing personally identifiable information (PII). In March alone, phishing<br />
attacks related to COVID-19 surged 667% as hackers aimed to separate consumers from their<br />
credentials, looking to leverage fraudulent pandemic-related information and many individuals initial entry<br />
to the all online world to gain access. Still today, as the large majority of the world remains remote and<br />
people do more shopping, learning and working at home, hackers are looking harder for ways to take<br />
advantage of weakened security.<br />
Biometrics make the identity proofing process more robust and secure. They can’t be stolen in the same<br />
manner as your login credentials or lost like a password. They leverage unique personal data – such as<br />
face, voice, finger or iris prints – that people can store and then match later as a single or multi-factor<br />
authentication process. With facial recognition being 99.7% accurate and improving yearly, according to<br />
NIST, biometrics provides that extra layer of defense to ensure identities remain protected. Regardless<br />
of increased threats targeting users who don’t have the security training to help them to flag phishing<br />
emails and other related scams, their identities are more secure.<br />
Ensure your customer is who they say they are by keeping fraudsters out<br />
While facial recognition is a particularly useful biometric modality for mobile onboarding and<br />
authentication – with nearly all mobile devices having built-in cameras and microphones – the method is<br />
still vulnerable to so-called “presentation attacks” – otherwise known as “spoofs.” In short, a fraudster<br />
can try to spoof the biometric data on file by presenting a facsimile, such as a photo, video recording or<br />
mask. In mobile un-proctored onboarding, a fraudster can try to impersonate a victim using a false match<br />
presentation attack. In doing so, they can falsely use their victim’s identity to open a new account. By<br />
registering a false image – a picture of a random person, a smudged image that wouldn’t be biometrically<br />
searchable – a fraudster could work to open up new fake accounts.<br />
To protect against these ploys, it’s essential to apply robust liveness detection when using facial<br />
recognition for unattended or un-proctored mobile applications. There are a couple of ways in mitigating<br />
the risk of facial presentation attacks through liveness detection algorithms: by analyzing facial images<br />
to determine whether they are of a live human being or a reproduction or by adding a second biometric<br />
modality, such as voice or speaker recognition. “Passive” liveness detection addresses this issue by<br />
distinguishing between a live person and a spoof without forcing the user to participate in the matching<br />
process.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 31<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Provide a touchless onboarding process to meet social-distancing guidelines<br />
Part of the appeal of biometric authentication technologies during a pandemic or Flu season is the<br />
touchless access they provide. Voice biometrics and face recognition enable hands-free authentication<br />
and access, eliminating the need to use on-site PIN pads, card readers or kiosks. To limit the spread of<br />
the virus, businesses need to shift more of their onboarding functions online. By focusing on implementing<br />
frictionless authentication processes through the use of biometrics, organizations can ensure that<br />
customers remain safe, physically, at the same time that they verify that customers are who they claim<br />
they are when in-person verification is not an option.<br />
Additionally, providing a positive onboarding experience can be a critical business differentiator. This is<br />
especially true for banks, which are facing pressure from online competitors and seeing their services<br />
commoditized. If they get the onboarding right, they can secure a customer’s loyalty for a lifetime. Forcing<br />
a customer to provide physical identification multiple times or answer too many questions can sour a<br />
relationship from the start. Biometrics work better in onboarding settings when it doesn’t slow the user<br />
down.<br />
As the world continues to leverage technology to provide a more secure, seamless, and now touchless<br />
experience for users, we can anticipate biometrics will be a driving force. Growing at a faster rate than<br />
non-biometric technology, they will be instrumental in enterprises’ moves to make the onboarding process<br />
more efficient as organizations bring identity verification to the forefront of their business operations.<br />
About the Author<br />
Robert A. Eckel is the Chief Executive Officer & President of Aware,<br />
Inc. He also serves on the board of directors for the International<br />
Biometrics + Identity Association (IBIA), as a strategic advisory board<br />
member of Evolv Technology, and as a consultant for Digimarc<br />
Corporation. Over his distinguished career, he has held many positions<br />
of note within the biometric and identity space, including: Regional<br />
President and Chief Executive Officer of IDEMIA’s NORAM Identity &<br />
Security division from 2017 to 2018; President and Chief Executive<br />
Officer of MorphoTrust USA, LLC from 2011 to 2017; Executive Vice<br />
President and President of the Secure Credentialing Division of L-1<br />
Identity Solutions Company from 2008-2011; and President of the<br />
Identity Systems division of Digimarc Corporation from 2005 to 2008. Mr. Eckel has received his Master’s<br />
degree in Electrical Engineering from the University of California Los Angeles, and his Bachelor’s degree<br />
in Electrical Engineering from the University of Connecticut. Robert can be reached online on Twitter and<br />
LinkedIn and at our company website: https://www.aware.com/<br />
WHAT IS STOPPING YOU FROM TAKING THE FUNDAMENTAL STEP OF PROTECTING YOUR DATA?<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 32<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Businesses Must Protect Their Most Critical Asset: Their<br />
Data<br />
By Trevor J. Morgan, Ph.D., Product Manager at comforte AG<br />
Protecting sensitive data is a challenge facing every business and enterprise. The value of data is rising<br />
to the extent that it is often referred to as ‘the new gold’ and a fundamental business asset. This value<br />
naturally means that many criminals are turning their efforts to focus on procuring highly sensitive<br />
personally identifiable information (PII) handled and processed by companies. While data is very<br />
dynamic, it is essential to ensure that it is secured across all stages of its lifecycle. This is especially true<br />
as many companies prioritize network agility and digital transformation over data security in an effort to<br />
continue business operations through workforce enablement. In fact, according to the KPMG CIO Survey<br />
2020, this year has seen innovation taking greater priority alongside improving security, however<br />
“cybersecurity can sometimes become a secondary priority.” Yet, if enterprises wish to stay on the right<br />
side of data security regulations, then protecting the data itself is imperative. In fact, budgetary shifts<br />
across many industry verticals have resulted in more money being focused on securing the crown jewels<br />
of PII.<br />
One alarming trend is that data is increasingly shifting from secured corporate networks to private servers<br />
as the trend towards home working continues. This has resulted in a widespread distribution of data<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 33<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
within unsecured environments, ultimately meaning a loss of data control and security. If this data were<br />
to fall into the wrong hands by any means (unintentional leak or concentrated intentional attack), then the<br />
consequences would be massive. Not only would it negatively impact brand perception, but it could also<br />
result in compliance penalties from regulating bodies and severe loss of trust from savvy customers who<br />
are becoming more aware of just how valuable their data is. Regardless of how a breach happens, be it<br />
by a careless employee or malicious criminal intent, the consequences unfortunately remain the same.<br />
Therefore, business decision-makers should ensure that systems and mechanisms are in place that<br />
supersede traditional security measures. Instead of protecting siloed data at rest, or simply protecting<br />
corporate networks with a firewall, businesses should instead pivot to protect their most critical asset at<br />
the point of value: the data itself.<br />
Why do hackers want my data?<br />
The global pandemic has greatly altered the current state of data security. As workers migrate away from<br />
internal security processes within corporate networks (mostly access- and perimeter-based), the<br />
availability of data stolen and harvested on the dark web has increased exponentially in the past few<br />
months. In fact, the cost of data on the dark web has plummeted up to 60% as of October 2020, and as<br />
of December, PII is being sold on the dark web for as little as 50 cents (USD). This perceived<br />
commoditization poses several questions. Primarily, if data is the new gold, why is obtaining it so cheap?<br />
The biggest reason that so much of this data has not been taken advantage of is because of the relative<br />
low transaction volume as a result of pandemic restrictions.<br />
The biggest challenge that enterprises face is to understand where their data is held, who has access to<br />
it, and where it is stored. Organizations must seek out and discover their data, be it structured (in a<br />
database) or unstructured data. This will not only provide security teams with a holistic understanding of<br />
their current data security posture, but it will also assist with regulatory compliance and auditing. Only by<br />
undertaking this procedure will enterprises be able to properly secure data, as you cannot defend what<br />
you cannot see. This exercise of data discovery is a deliberate attempt to known the unknowns within<br />
the total data environment.<br />
Data is a highly mobile and dynamic asset that crosses traditional boundaries of on-premise and in the<br />
cloud. Often it’s a hybrid approach, existing somewhere in both environments. This situation requires a<br />
security strategy that prioritizes the data instead of access to it or the borders around it. The only solution<br />
is to protect the data itself and not just the perimeters around it. This data-centric approach to security<br />
focuses on the focal point that criminals are striving to attack, removing the incentive for cybercriminals<br />
if the data is protected and ultimately worthless to them because it cannot be leveraged.<br />
Protecting PII<br />
But how can businesses look to deploy data-centric security to their advantage? The most widely<br />
accepted solution when it comes to data-centric security is tokenization. In plain terms, tokenization<br />
replaces PII data with a substitute representational token. This means that protected tokenized data is<br />
still available for analytical purposes and other aspects of corporate workflows, but in the wrong hands it<br />
has no discernable meaning and thus no value, and as it cannot be transformed into plain text it means<br />
that even if this data were misplaced or mishandled then the pseudonymized data would not be<br />
considered punishable under CCPA. Regulatory compliance is still met.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 34<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Tokenization also allows businesses to protect data upstream, allowing downstream applications and<br />
systems to inherit protection and close security gaps across the enterprise. Referential integrity means<br />
the protected values can be used for analytics without the need to de-protect the data, passing all system<br />
and validity checks across the system. This condition helps to meet another best practice in data security,<br />
which is to avoid de-protecting data as much as possible.<br />
Currently, organizations spend considerable money in order to reduce risk, be it in the form of endpoint<br />
and mobile protection, cloud security, app security, or network defense. These traditional perimeterbased<br />
security methods only protect against known attack vectors, meaning that it is impossible to totally<br />
prevent data breaches and mitigate this threat with current piece-meal security approaches. In fact,<br />
further benefits of deploying data-centric security, and in particular tokenization, include the clear return<br />
on investment capabilities. This approach to security offers more comprehensive coordination when it<br />
comes to complying with industry regulations. Indeed, for PCI DSS, such an approach can save<br />
thousands or even millions in audit costs and time. Furthermore, where data protection is considered<br />
your responsibility (and this is always the case with data your process and store in the cloud), data-centric<br />
security offers peace of mind by protecting against data breach or loss of data.<br />
For security teams struggling to enact digital transformation, trying to ensure network agility, and laboring<br />
to prevent embarrassing data breaches, data-centric security is a promising solution. It’s also one that<br />
can be deployed in weeks rather than months or years, without modification to existing applications and<br />
workflows. So, what’s stopping you from taking the fundamental step of protecting your data with datacentric<br />
security?<br />
About the Author<br />
Trevor J. Morgan is responsible for product management at comforte AG<br />
(https://www.comforte.com/, where he is dedicated to developing and<br />
bringing to market enterprise data protection solutions. He has spent the<br />
majority of his career in technology organizations bringing to market<br />
software, hardware and services for enterprise and government<br />
customers. Trevor has held senior-level, lead positions in sales<br />
engineering, product management, software architecture and product<br />
marketing in companies like Cisco, Capital One and Ciena. He holds a<br />
Ph.D. from Texas Tech University and a bachelor’s and master’s from<br />
Baylor University.<br />
Trevor can be reached online at https://www.linkedin.com/in/trevor-jmorgan-ph-d-8b663515/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 35<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Zero Trust Remote Access for Engineering Teams<br />
By Colin Rand, VP of Engineering, Banyan Security<br />
Engineering organizations present numerous challenges for security programs when it comes to remote<br />
access. They need secure access to dynamic hosts, services, and applications to productively do their<br />
jobs. The infrastructure these teams require is varied, ranging from external SaaS to internally hosted<br />
web services for wikis, git and build servers, various TCP services such as SSH and RDP, as well as<br />
database access and recently a huge wave of Kubernetes. These services are complex and often<br />
undocumented, especially as projects are under active development before they reach production<br />
environments. Securing these critical R&D assets arguably makes an Engineering org the most<br />
challenging department that InfoSec teams have to manage.<br />
VPNs, falling short of today’s security requirements with their “one size fits all” strategy, are often at the<br />
core of serious usability, manageability, and security issues.<br />
Let’s look at an infrastructure example. Most organizations use a sequence of VPNs, Bastion hosts, and<br />
firewalls to manage network connectivity from user to server. Then, they use some combination of<br />
directory services and authentication managers to manage credentials so the user can authenticate into<br />
the server itself. Lot of moving parts, lots of available attack surface for the bad guys, and this is but a<br />
single use case.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 36<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Lately, Zero Trust is all the buzz, and for good reason. With a Zero Trust security posture, the user and<br />
device are explicitly authenticated and access is granted only for the specific server (without broad<br />
network access). By leveraging the organization’s IDP for authentication and issuing short-lived<br />
certificates with the user’s entitlements, connectivity is set up on-demand, eliminating the risk associated<br />
with static passwords and credential leakage. Real-time trust scoring enforcement allows for dynamic<br />
security policies that can be customized based on the sensitivity of server environments.<br />
Let’s discuss some remote access challenges felt by engineering teams that are beautifully solved with<br />
a Zero Trust solution.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 37<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
VPN Challenges<br />
While access challenges cause pain and suffering to all end users, they can and do present serious<br />
issues for development teams. And, engineers, being smart and loving a challenge, unfortunately often<br />
work around those issues. Take these two anecdotes from a veteran engineering leader that highlight<br />
what goes wrong in the pits of engineering when remote access fails us – I suspect you’ll recognize the<br />
themes.<br />
In one particularly locked-down engineering environment, developers had no access to production, no<br />
development environments were accessible without a VPN, etc. An enterprising developer who wanted<br />
to do some prototyping work from home decided that the VPN was too troublesome, so of course the dev<br />
just copied “his” source code, uploaded it to Google drive, downloaded it onto his personal workstation<br />
at home, and... you can see where this is going. The lesson – the desire to be productive was treated as<br />
more important than pesky security policy and a big security hole was created as a result.<br />
Another time an engineer, having heard about new policies coming he didn't want to deal with, set up his<br />
own private bastion host in production. Of course, he didn't tell anyone, and soon after ended up leaving<br />
the company’s employment. Later, over drinks with a former colleague, he reminisced about what he had<br />
done, laughing about how they could still get into production anytime they wanted.<br />
No More Excuses<br />
Different teams have different remote access needs. All security teams think through the process of what<br />
resources are being protected, their sensitivity, and what is at risk of misuse. They have sophisticated<br />
means for analyzing risk profiles, but suffer with a blunt tool for handling the needs of the modern “remotefirst”<br />
engineer. These design decisions become tradeoffs for what work needs to be done – criticality and<br />
time sensitivity of task vs. the risk that is introduced. Yesterday we were concerned about 'where' the<br />
work needed to be done. Today that is irrelevant, it's anywhere and everywhere.<br />
Engineers are Engineers, right?<br />
Go into a modern software engineering organization and you will see many teams and activities being<br />
performed. To name a few:<br />
• Site Reliability Engineer (SRE)<br />
• DevOps<br />
• Apps & Services<br />
• QA/Test<br />
• Data Engineering<br />
• Data Analytics<br />
Each team needs to be reviewed from a security perspective to determine what is the least privileged<br />
access that they need to perform their roles. Each needs their resources protected, their devices secured,<br />
and their identities validated. Once confirmed, they can perform their critical work. Safety first!<br />
If only it were that easy. Each team has many similarities at a high level, but get into the details and their<br />
needs begin to diverge, often widely.<br />
What is different about them?<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 38<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Let's look at what's the same. They all have a wide assortment of 'things' they need to access that require<br />
protection. These 'things' include various TCP services (SSH), web apps and APIs (internally hosted or<br />
in the public cloud), SaaS, and oh yeah, throw in Kubernetes too.<br />
The type of access each team needs is quite different. Perhaps your SRE needs access to production<br />
environments to see why a load balancer is misbehaving, but does the on-call developer supporting them<br />
also need this access? The DevOps team wants access to the build and development tools, such as the<br />
git and build servers, plus cloud environments, but should they have full access to production?<br />
Another team, QA, needs to replicate issues found in production in production-like environments. They<br />
may need access to the hosts the services run on, or perhaps the databases themselves. But do they<br />
get access to the build tooling? What if the QA team is a subcontractor?<br />
Each access decision requires discussion and design. What was previously one size fits all now works<br />
for none.<br />
When thinking about the design, fine grain controls need to be implemented for each team, considering<br />
the sensitivity of the activity. Is production access needed, or is production data needed but not the rest<br />
of the infrastructure? The traditional hard boundaries of physical networks are now messy.<br />
Let's look at a data engineering scenario. A production warehouse will have collection, aggregate, and<br />
analysis workloads. This might be implemented as a combination of cloud infrastructure, 3rd party SaaS<br />
tools, and internally-developed applications. When a new engineer is onboarded, security factors to<br />
consider with regard to access control include whether their device is compromised, or if their disk is<br />
encrypted or not. Do you want to allow the engineer do a pull of sensitive data onto such a device, not<br />
knowing the state of its security? Perhaps a better path is allowing them to access a reporting UI from a<br />
personal device, but no data-level queries can be run. That might be a good alignment of risk vs. task<br />
disruption.<br />
Each team has its own ecosystem of tools, each with its own quirks. (It's all software built on software<br />
after all.) Each time a different remote access strategy is involved, the engineer gets frustrated as more<br />
security workarounds are deployed, making for an increasing fragile system that is more cumbersome to<br />
use. Want to eliminate shared passwords on that internally-hosted service that doesn't have SAML<br />
support? Want to make sure a particular API is accessed only by devices that are deemed secure?<br />
Oh, and don't forget about handling contractor/third-party access. Or offshore teams. Or compliance…<br />
Is it easy?<br />
Is security easy? No. Is achieving “Zero Trust” easy? Certainly not at the boil-the-ocean level, but the<br />
good news is that a value-adding project with some sensible constraints is totally achievable. And doing<br />
so results in scalable identity-based access that factors in device health and security.<br />
Step one is coming to grips with the challenge and deciding now is the time to take it on. Secure remote<br />
access platforms, like Banyan Security’s Zero Trust Remote Access Platform, exist that allow you to<br />
easily introduce zero trust, least privilege access in a consistent way across differing resources and<br />
heterogeneous infrastructure. Security dramatically improves. Usability, now consistent, becomes easy<br />
to the point of transparent.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 39<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
My recommendation is to tackle a small project, perhaps just a few SSH hosts, maybe GitHub, or perhaps<br />
just getting better visibility into your devices. Understanding the challenge is the first step on the path and<br />
nothing beats a little hands-on prototyping.<br />
About the Author<br />
Colin Rand is the Vice President of Engineering at Banyan Security.<br />
He has extensive experience in engineering leadership and product<br />
development working at a wide range of enterprise startups to latestage<br />
and enterprise companies. Most recently Colin helped<br />
transform Delphix from an on-premise data management appliance<br />
to create their first SaaS offering with an integrated product strategy<br />
to create a hybrid platform. Before then, he led the platform initiative<br />
for Lookout, a BeyondCorp mobile security company, managing<br />
data, identity, and security services for ML-based mobile threat<br />
protection. Colin’s wide experience brought him through Salesforce,<br />
AKQA (creative agency) as well as his own startups in NYC. Colin<br />
began his career as a hands-on developer after studying computer<br />
engineering at the University of Michigan.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 40<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Cryptocurrency Ransomware Is on The Rise During<br />
COVID-19 – Here’s What Businesses of All Sizes Need to<br />
Know About Dealing with Attacks<br />
By Marc Grens, Co-Founder & President at DigitalMint<br />
Crypto-related ransomware attacks are on the rise, and the pandemic has only hastened its propagation.<br />
For example, from 2018 to 2020, ransomware attacks have increased by 200%. Yet during the COVID-<br />
19 pandemic alone, from <strong>January</strong> to May of 2020, ransomware attacks have grown by 900%. This is not<br />
surprising with the rise and vulnerabilities of remote work and individuals mixing their professional and<br />
personal lives online.<br />
Ransomware is a common cybersecurity threat facing a wide variety of industries, from public entities<br />
like government agencies and healthcare organizations, where confidential data storage is critical, to<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 41<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
financial services and even manufacturing. Worse yet, a federal cybersecurity advisory committee has<br />
warned of an increased cybersecurity threat to hospitals even while dealing with the pandemic.<br />
These types of attacks do not discriminate based on company size either. Small and mid-size businesses<br />
are at as much risk as large companies. And it is all only going to get worse in <strong>2021</strong> as technology<br />
continues to improve and advance. Hackers have become more emboldened and brazen, and<br />
unfortunately, some businesses continue to lag behind in cybersecurity precautions. Based on all this<br />
information, it is worth considering what steps leaders can take to deal with crypto-related ransomware<br />
attacks.<br />
Cryptocurrency Ransomware Attacks: What You Can—and Should—Do<br />
There are some steps you can take to either avoid a ransomware attack or, at the least, handle it with<br />
minimum damage to your company’s reputation, data, and fiscal health.<br />
1. Train and educate employees about ransomware and how to avoid it—If your IT Department<br />
does not already have a set of cybersecurity training modules in place, consider building out a<br />
comprehensive program to educate employees about ransomware. Be sure to update the program<br />
regularly, as new developments in cybersecurity are rapid. In addition, stress to all your employees how<br />
serious ransomware can be.<br />
2. Know that paying the ransom is a last-resort option—While there are plenty of ways to recover<br />
losses and deal with the ransom, such as employing companies like DigitalMint, who have used their<br />
cryptocurrency and financial networks to help them settle cases with ransoms as high as more than $10<br />
million in the past, you should know that in general, paying the actual ransom is the last resort. You<br />
should not immediately pay it without considering your other options and seeking professional technical<br />
advice to determine the damage that may have been done<br />
3. Hire a reputable cyber incident response firm with technical expertise —Once attacked by<br />
ransomware, remain calm and hire a reputable cyber incident response firm. They need to analyze the<br />
situation, assess the damage, understand how much data has been released, and advise you on how to<br />
proceed. This will not only include determining a strategy for handling the current ransomware issue, but<br />
it also will include remedying vulnerabilities in your system to prevent future attacks.<br />
4. Avoid conflicts of interest—This is very important, possibly the most important point: avoid<br />
conflicts of interest, especially when dealing with the cryptocurrency ransom itself. There should be a<br />
clear separation of the cyber incident response firm and cyber settlement financial services organization<br />
that acquires the cryptocurrency. It would be best if you chose a separate partner for each role in the<br />
process because a cyber incident response firm that also deals with the financial payment side of things<br />
might have a conflict of interest that prevents them from doing the best job for you possible under the<br />
circumstances.<br />
For instance, perhaps the cyber incident response firm knows how to get your data back without paying<br />
the ransom; if that consultant also handles your business's potential cyber settlement cryptocurrency<br />
purchase, why would they want to stop at the cybersecurity consultation step in the process if they are<br />
incentivized to purchase your settlement? Instead of solving the problem early in the process without a<br />
ransom payment, your consultant might be tempted to proceed with payment to receive an extra<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 42<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
commission from you. That is why companies like DigitalMint focus solely on cyber settlement financial<br />
services, removing any conflict of interest.<br />
5. Prevent financial red-flags in cryptocurrency transactions—In many cases, especially with<br />
small and mid-size businesses, fast and large cryptocurrency transactions can be seen as suspicious by<br />
regulatory authorities and financial institutions. For that reason, you must prevent red-flags with your<br />
transactions. Doing this includes:<br />
● Banking transparency with settlements—Make sure your cyber cryptocurrency settlement<br />
partner company is transparent about its transactions and has a history of always rigorously<br />
recording documentation of all cryptocurrency transactions.<br />
● Strong relationship with banks and firms who deal with cryptocurrency—Many smaller<br />
cryptocurrency settlement companies do not have partnerships with organizations that specialize<br />
or even deal in cryptocurrency. This is why your cyber settlement partner must already have those<br />
strong relationships with organizations that handle cryptocurrency transactions.<br />
● Strong AML (Anti-Money Laundering) and other stringent compliance programs—Your<br />
cyber cryptocurrency settlement partner must always comply with AML, OFAC, and other federal<br />
and state regulatory guidelines. Since you are dealing with hackers, it can be easy to avoid<br />
compliant transactions, but if your cyber settlement partner is in compliance with the Anti-Money<br />
Laundering Program and other compliance programs, you will not be prone to sink to the hackers’<br />
levels of unlawful behavior.<br />
The Takeaway: Ransomware Does Not Have to Be the End of Your Company<br />
While it is true that the growing threat of ransomware attacks continues to increase rapidly in the age of<br />
the COVID-19 pandemic—and has been spiking at an alarming rate even prior to the pandemic, there<br />
are still some relatively simple steps you can take to prevent or minimize the damage to your company.<br />
However, if you choose to hire a trusted independent cyber incident response firm, ensure any conflicts<br />
of interest are mitigated or fully disclosed.<br />
About the Author<br />
Marc Grens is the Co-Founder & President of DigitalMint, a trusted<br />
cryptocurrency ransomware resolution provider that enables clients<br />
to purchase Bitcoin and other cryptocurrencies to settle ransomware<br />
incidents. He is a serial entrepreneur with more than 15 years of<br />
experience in the investment industry. Prior to DigitalMint, Grens held<br />
senior positions at Charles Schwab, HighTower Advisors, and Alpha<br />
Strategies. He received his M.B.A. from the Kellstadt Graduate<br />
School of Business at DePaul University in 2010, and a B.A. from<br />
Illinois State University. Grens is an active angel investor and serves<br />
on multiple advisory boards of companies in the Chicago tech<br />
community.<br />
Marc Grens can be reached at www.digitalmint.io.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 43<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
E-Commerce and Lockdown: The Perfect Storm for<br />
<strong>Cyber</strong> Threats<br />
The impact of lockdowns on cybersecurity<br />
By Aman Johal, Lawyer and Director of Your Lawyers<br />
The UK’s National <strong>Cyber</strong> Security Centre (NCSC) reported that a quarter of all cyberattacks over the past<br />
year are linked to the pandemic. Action Fraud, the UK’s National Fraud and <strong>Cyber</strong>crime Reporting Centre,<br />
disclosed that there have been over 16,300 successful cyber scams with losses amounting to £16.6m<br />
during the first lockdown period alone.<br />
Research also revealed that 86% of consumers experienced some form of cybercrime during the<br />
pandemic as retailers turn to increased e-commerce out of necessity. Action Fraud found that people<br />
aged 18-26 were the most vulnerable to cybercrime on online shopping platforms, such as Depop and<br />
eBay, representing 24% of victims.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 44<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The second national lockdown in November pushed the nation back online for four more weeks, which<br />
served to increase cybersecurity risks once more. Black Friday, which took place on 27thNovember, was<br />
an additional factor, and phishing attacks reportedly increased by 336% when compared to previous<br />
years. In 2020, visits to e-retailers were up 35% year on year, inevitably correlating with a surge in<br />
cyberattacks and the risks that they pose.<br />
And that is not the end of it. With the Christmas shopping season in full swing, further data has revealed<br />
that less than half of UK retailers feel that they have adequate cybersecurity measures in place. 45%<br />
believe that their third-party partners are not prepared either, a matter that has been a point of contention<br />
in the Ticketmaster data breach which involved a third-party vulnerability and exposed the personal<br />
information of 1.5 million UK customers.<br />
The threat is so severe that the NCSC has launched its <strong>Cyber</strong> Aware campaign in December to educate<br />
consumers and businesses alike about the online threat posed during the festive season. These<br />
cumulative factors are indeed a significant cause for concern. The lack of urgency in retailers and<br />
consumers to protect themselves against cyber threats, in addition to the increasing sophistication of<br />
hackers already boasting a wealth of practice from the first lockdown, has created a ticking time bomb.<br />
Data breach: the straw that could break the camel’s back<br />
It is critical that e-retailers deliver on their responsibility to protect customer data. Failure to do so could<br />
result in significant legal and financial repercussions.<br />
The UK’s Information Commissioner’s Office (ICO) has the power to issue significant fines for data<br />
breaches in accordance with the GDPR. In October 2020, it issued its first two significant fines against<br />
British Airways (BA) and Marriott, at £20million and £18.4million respectively – although these figures do<br />
represent a disappointing climb-down from the original intention to fine in the sums of £183m and £99m.<br />
In addition to fines, businesses in breach of the GDPR may also face significant compensation pay-outs<br />
for damages. In the case of BA, they could be facing a total pay-out of as much as £3 billion based on<br />
an average possible claim of £6,000 for each of the estimated 500,000 victims.<br />
Customer loyalty is also likely to take a hit following a cyberattack; an additional blow that the retail sector<br />
cannot afford to suffer in 2020. For the UK retail sector as a whole, sales decreased by 19.1% year on<br />
year during the first lockdown, and it is still struggling to recover. <strong>Cyber</strong>security must always be a financial<br />
priority for e-commerce platforms, as data breaches can cost far more on average than investment in<br />
preventative measures.<br />
Despite a dismal outlook for the retail industry on the whole, consumers who are affected by a data<br />
breach this festive season should remember that they could be entitled to pursue compensation from the<br />
responsible party. The power of the law should act as an important deterrent for businesses adopting a<br />
complacent attitude towards their cybersecurity responsibilities, especially as we continue to see<br />
worryingly high numbers of cyberattacks with serious implications for millions of people in the UK.<br />
The surge in cybercrime is unlikely to relent in the near future. With a looming recession predicted for<br />
<strong>2021</strong>, businesses may be persuaded to cut their cybersecurity spending. It is essential that this does not<br />
happen: companies in the e-commerce sector, and beyond, must view cybersecurity as a non-negotiable<br />
asset.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 45<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Aman Johal, Lawyer and Director of Your Lawyers<br />
Aman founded consumer action law firm Your Lawyers in<br />
2006, and over the last decade he has grown Your Lawyers<br />
into a highly profitable litigation firm.<br />
Your Lawyers is a firm which is determined to fight on behalf<br />
of Claimants and to pursue cases until the best possible<br />
outcomes are reached. They have been appointed Steering<br />
Committee positions by the High Court of Justice against big<br />
corporations like British Airways - the first GDPR GLO - as<br />
well as the Volkswagen diesel emissions scandal, which is set to be the biggest consumer action ever<br />
seen in England and Wales.<br />
Aman has also has successfully recovered millions of pounds for a number of complex personal injury<br />
and clinical negligence claims through to settlement, including over £1.2m in damages for claimants in<br />
the PIP Breast Implant scandal. Aman has also been at the forefront of the new and developing area of<br />
law of compensation claims for breaches of the Data Protection Act, including the 56 Dean Street Clinic<br />
data leak and the Ticketmaster breach.<br />
Aman can be reached online at LinkedIn and at our company website: https://www.yourlawyers.co.uk/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 46<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Communication Streaming Challenges<br />
By Milica D. Djekic<br />
As it’s well-known, there are a lot of ways of tracking someone’s e-mail, chat or social media accounts.<br />
The defense professionals are quite familiar with such methods and those hotspots could be used in<br />
order to discover the new suspicious activities in cyberspace. So many transnational and terrorist groups<br />
use account tracking to stay updated about someone’s actions in the virtual domain. The main trick with<br />
the network traffic is that the data are put into packets keeping so sensitive information about the payload<br />
and routing information. In other words, those packets can travel from device to device relying on so<br />
critical communications infrastructure. If computer breach and account tracking are well-known ways of<br />
obtaining the sensitive content, it’s quite clear there are more critical points in the data exchange and<br />
storage. For instance, if anyone would want to avoid the challenges of servers, datacenters and endpoints<br />
breaches that person could try to do some communications tracking in order to catch the information on<br />
their way on. In so many cases those contents are under the key and there must be invested some effort<br />
in order to decrypt the message and make it being readable to everyone. In the modern time, so many<br />
communications channels have begun their life path as defense products and today they are fully under<br />
the commercial usage. Anything being widely accessible has the counter-system in order to remain under<br />
the control of its creators. Apparently, no one will develop the solution that works on its own and without<br />
being controllable by human beings. Next, the final product can do only what its developers defined it to<br />
do and it cannot cope without its secret counter-weapon. So, if the e-mail accounts, browsers and social<br />
media profiles deal with some kind of protection and they are so appealingly commercialized, it’s quite<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 47<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
obvious those advancements have the reversible systems that make them being manageable. The<br />
similar situation is with the communications routes that can be tracked using the widespread monitoring<br />
tools. Even if the packets of their information are well secured they can be transformed into the plaintext<br />
as there are a plenty of options on the marketplace for such a purpose.<br />
The devices in network communicate with each other coping with the certain set of rules. First, it’s<br />
important to understand why communication protocols matter as they are from the crucial significance<br />
for the traffic enabling and information exchange. In other words, if two devices follow such rules and if<br />
their talk is accurate or as defined they will get a permission to make a connection with one another and<br />
do some data transfer. Logically, those information are the part of the communication channel and in both<br />
– policing and military – there can be an advisory who can listen to the traffic and re-direct its samples to<br />
the other machines. We call that operation tapping or streaming. Further, the exchanged information are<br />
secured with some sort of cryptography and the streamer cannot be confident what all that is about. The<br />
point is someone can make a breach into the network traffic as it’s possible making a breach into some<br />
device. On the other hand, when the traffic is streamed there can be a lot of job for cryptanalyst that<br />
needs to decrypt and analyze once sent content. From a security point of view, this matters for a reason<br />
communication tracking can be used by the illegal organizations in order to monitor someone’s activities<br />
on the web. As the consequence of such a campaign we can realize that so many community members<br />
as well as their infrastructure can be under the risk because the bad guys can come into the possession<br />
of the confidential information. Across the globe, there are so many network monitoring applications that<br />
can be applied to do some streaming and with the support of some cryptanalysis efforts reading once<br />
decrypted messages. Basically, the cryptanalyst is a person who is capable to transform the packets of<br />
the information into their plaintext form and make them being accessible to the rest of the team members.<br />
The fact is the cybercrime underworld has always been in position to do such a sort of the operations<br />
and undoubtedly is the threat to communities, businesses and government assets. It appears the hightech<br />
syndicates are the real global threat especially if we have in mind, they can be a very dangerous<br />
weapon in the hands of the rest of criminal and terrorist groups.<br />
The packet of the information is so complex set of the bits that depending on the 0s and 1s position in<br />
the array can mean a lot in the machine language sense. The two basic parts of the data packet are the<br />
payload and routing information that respectively cope with the message itself and the tracking path the<br />
packet must pass in order to be delivered from the starting point unless the final destination. The common<br />
type of the cryptography is end-to-end encryption or E2EE, so far. That kind of encryption means that the<br />
main message is ciphered at one device, then packed into the payload bits and finally sent to the<br />
destinating location. The entire communication network is so huge and very complicated, so in order to<br />
make the data transmission it’s necessary to get along with some path and prevent the encrypted payload<br />
getting streamed and read from its traffic route. The routing information or the path bits serve for the<br />
better packets distribution across the network. The E2EE is one of the best practice approaches in so<br />
many competitive armies and policing units as it serves for the quite reliable delivery of the messages.<br />
That sort of cryptography as anything else has its strong and weak sides and as it’s well-known the<br />
message is encrypted at the initial device and decrypted at the final destination, which means if those<br />
two devices are under the exposure the enemy can come in the possession of the accurate plaintext.<br />
Also, if anyone is doing the channeling of the communication asset that person can figure out the accurate<br />
interpretation of the payload itself. In other words, for the purposes of the good cryptanalysis it’s important<br />
to deal with the advanced knowledge of computer science and engineering and whatever goes through<br />
the channel deals with the array of the packet’s bits. If we know the position of each bit in that array we<br />
can make a choice between the 0 and 1, so – in other words, our chances to make the true guessing are<br />
half-half. In addition, it’s significant to take into consideration the meaning of ASCII characters that can<br />
give an opportunity to figure out how the open message could look like. For instance, any sentence within<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 48<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
the plaintext ends up with some sign of interpunction, so there can be the entire variations of the possible<br />
decrypted information. In other words, as the E2EE is critical at its endpoints it can be quite concerning<br />
on its way through from the source to destination as the channel can be tapped and potentially broken<br />
in.<br />
In order to illustrate the link encryption, we can use an example of the highway with its entire infrastructure<br />
that serves in directing the traffic on. The driver on that road must know where he goes and he has the<br />
permission to rely on the traffic signalization. In other words, the usage of the maps and GPS navigation<br />
is allowed, but what those all if the driver does not know the pathway. It seems that the link encryption is<br />
more like sending the packet of the information through the well-protected channel which routing<br />
information bits are carefully encrypted. The only fining being available at that moment is the information<br />
about the next stop. So, if it is needed to apply some GPS navigation it’s necessary to go step-by-step.<br />
In other words, stop linkage information is included as the plaintext and reading so it’s possible to figure<br />
out where the next station to such a packet is. In so general terms, those stops can be considered as<br />
hops where the entire packet is decrypted and re-encrypted in order to obtain the information about where<br />
further the packet should be delivered. The best practice has suggested that the most useful solution is<br />
the combination of the E2EE and link encryption for a reason the both – payload and routing information<br />
– are well-protected. That sort of cryptography is known as the super-encryption. The hop is any device<br />
in the network where once directed traffic can go and it can be the router, modem or server. The hop is<br />
also so sensitive point in the network because the hackers can identify that part of the IT infrastructure<br />
and try to attack the place where decryption of the packet itself takes place. That is especially the huge<br />
risk in case of the network monitoring for a reason the bad guys can find and exploit the places where<br />
the plaintext is widely accessible. In other words, the ongoing cyber criminals are extremely skillful<br />
individuals with the exceptional technical brightness that are capable to discover any weakness in the<br />
system and take advantage over so. The mix of the E2EE and link encryption gives the safer environment<br />
for data transport, but it’s still vulnerable to the high-tech attacks and campaigns.<br />
About the Author<br />
Milica D. Djekic is an Independent Researcher from Subotica, the<br />
Republic of Serbia. She received her engineering background from<br />
the Faculty of Mechanical Engineering, University of Belgrade. She<br />
writes for some domestic and overseas presses and she is also the<br />
author of the book “The Internet of Things: Concept, Applications<br />
and Security” being published in 2017 with the Lambert Academic<br />
Publishing. Milica is also a speaker with the BrightTALK expert’s<br />
channel. She is the member of an ASIS International since 2017<br />
and contributor to the Australian <strong>Cyber</strong> Security Magazine since<br />
2018. Milica's research efforts are recognized with Computer<br />
Emergency Response Team for the European Union (CERT-EU),<br />
Censys Press, BU-CERT UK and EASA European Centre for<br />
<strong>Cyber</strong>security in Aviation (ECCSA). Her fields of interests are cyber<br />
defense, technology and business. Milica is a person with disability.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 49<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Anatomy of a hack – Solar Winds Orion<br />
Nation State hacks major IS Software vender<br />
By James Gorman, CISO, Authx<br />
What happened when one of the leading IT support venders in the world, leading government agencies<br />
the world over and up 18,000-33,000 1 companies running the affected version (2019.4 HF<br />
5 and 2020.2 with no hotfix or 2020.2 HF 1) 2 of SolarWinds Orion software.<br />
What happened.<br />
1) The threat actor – indicated to be a nation state in Microsoft’s Threat Intelligence Center’s<br />
release 3 - was able to compromise the update process for Solar Winds and imbed a trojan horse<br />
that allowed the attacker to gain administrative access to the network.<br />
2) Using the acquired administrative access the intruder used a lateral attack to gain access to the<br />
certificate signing credentials of the organization. This allows the attacker to generate “reallooking”<br />
credentials to continue to move throughout the organization.<br />
3) Using the now trusted yet hacked credentials, the attacker then takes stock of what else they<br />
have access to in the organization, on-premise and cloud based. This is because they have<br />
access to seemingly valid credentials and are not flagging most alerts looking for unusual login<br />
failures.<br />
4) Once the attacker has access to a Global Administrator’s account or its trusted certificate, they<br />
use that to impersonate the admin, they essentially have the keys to the kingdom and can<br />
1<br />
https://www.sec.gov/ix?doc=/Archives/edgar/data/1739942/000162828020017451/swi-20201214.htm<br />
2<br />
https://www.solarwinds.com/securityadvisory<br />
3<br />
https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 50<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
create new global admins, add them to existing services and or create new services and then<br />
go after API access to the organization.<br />
What has been reported is that once this particular hacker gets access to the global administrator they<br />
keep the malicious programs – Malware - to a minimum and used remote access to move through the<br />
enterprises and take over code repositories, trade secrets, MS Office 360, Azure Active Directory,<br />
essentially every system that relies on federated access and authentication. The list keeps growing of<br />
who was hacked and it is a veritable who’s who of what a Nation State actor would want – US State<br />
Department, Pentagon, Department of Homeland Security, National institute of Health and others, as<br />
well as many private firms 4 . While many of the known targets are the “big guys” if you use Solar Winds<br />
Orion assume you are compromised.<br />
If you use Solar winds Orion assume you are compromised, take it off line, upgrade and contact<br />
SolarWinds. https://www.solarwinds.com/securityadvisory<br />
If you are a CISO or security professional, you should know that in this hack you could do everything<br />
right and still have been vulnerable. You could have anti-malware tools running, login restrictions on<br />
sensitive systems, monitoring of the failures, all the things you would do in a traditional defense in<br />
depth environment. Because you trusted your supply chain and one of the largest and most trusted<br />
names in network monitoring and management was breached and you are now vulnerable and<br />
probably compromised.<br />
You could have done everything right and still been compromised! This is the lesson to learn<br />
here all you can do is mitigate and minimize the damage done. Some hackers are very, very good<br />
and your security is only as good as your weakest link in your supply chain. It could be one of your<br />
largest and most trusted IT suppliers that are the avenue of attack. You have to trust and verify<br />
everyone.<br />
So what is a person to do if they are or are not compromised? There are some things that had they<br />
been in place cold have mitigated or limited the damage due to the internal spread of this particular<br />
hack. We still do not know how the development/release system at SolarWinds was compromised – I<br />
for one am looking forward to seeing how that happened.<br />
What to do now that we know what we know –<br />
1) Update your software frequently – this is still the best way to keep known vulnerabilities at bay.<br />
Don’t let this supply chain hack scare you into not keeping your systems up to date. It is one of<br />
the most basic principals in <strong>Cyber</strong>security – path your systems<br />
2) Use updated antivirus systems that are quickly updated to mitigate this attack.<br />
4<br />
https://news.yahoo.com/solarwinds-orion-more-us-government-131005599.html<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 51<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
3) Monitor your network and systems for anomalous behavior – Look for multiple power shell<br />
access to Active Directory from the same machine. Especially privileged sign ins. 5<br />
4) Look for adds to your federated services, use best practices for securing your AD FS services. 6<br />
5) Use whitelists for access to your sensitive network segments – block outbound traffic except<br />
what is needed for vital business processes on your trust segments. This blocks the trojans<br />
access to its home Command and Control (C2) servers where the hackers then get access to<br />
your environment.<br />
6) Use hardware based tokens (HSMs) for SAML signatures.<br />
7) Alert and verify as authorized new access credentials on OAuth applications and<br />
8) Reduce attack surface by removing applications and service principals that are not needed on<br />
your systems. Make sure you are logging the service principal access and look for anomalies.<br />
9) Use multifactor authentication with Biometric factors for all log ins.<br />
Authx https://authx.com is a prime example of how to verify who actually has access to your<br />
systems. It is a multifactor authentication mechanism that uses biometrics – face, finger, palm or<br />
one-time pad to give additional validity to the user access experience. Authx or another would have<br />
limited the ability for lateral movement and the persistence of this or most imposter credential<br />
attacks.<br />
About the Author<br />
James Gorman CISO, Authx<br />
James is a solutions-driven, results-focused technologist and<br />
entrepreneur with experience securing, designing, building, deploying<br />
and maintaining large-scale, mission-critical applications and<br />
networks. Over the last 15 years he has lead teams through multiple<br />
NIST, ISO, PCI, and HITRUST compliance audits. As a consultant, he<br />
has helped multiple companies formulate their strategy for compliance<br />
and infrastructure scalability. His previous leadership roles include<br />
CISO, VP of Network Operations & Engineering, CTO, VP of<br />
Operations, Founder & Principal Consultant, Vice President and CEO<br />
at companies such as GE, Epoch Internet, NETtel, Cable and<br />
Wireless, SecureNet, and Transaction Network Services.<br />
James can be reached online at (james@authx.com, https://www.linkedin.com/in/jamesgorman/ , etc..)<br />
and at our company website https://authx.com<br />
5<br />
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-all-sign-ins<br />
6<br />
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 52<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong>security Maturity Model Certification (CMMC)<br />
It is not about compliance, or is it?<br />
By Carter Schoenberg, CISSP & CMMC Registered Practitioner Vice President –<br />
<strong>Cyber</strong>security SoundWay Consulting, Inc.<br />
As of the date of this publication, new requirements for U.S. <strong>Defense</strong> Contractors are in play. The days<br />
of taking an approach addressing cybersecurity requirements in the form of, “it doesn’t apply to me” are<br />
officially over. In case you missed it, there are four letters that should have you standing up and taking<br />
notice (CMMC). To start with, what exactly is CMMC? The <strong>Cyber</strong>security Maturity Model Certification<br />
(aka CMMC) is a new and comprehensive framework that will dictate future awards made by the U.S.<br />
Department of <strong>Defense</strong>. This framework is managed by a non-government entity known as the CMMC<br />
Accreditation Body (AB) and fully supported by the highest levels of the U.S Department of <strong>Defense</strong><br />
(DOD) Leadership.<br />
Starting back in 2017, requirements to meet 110 security controls described in the National Institute of<br />
Standards and Technology Special Publication 800-171 “Protecting Controlled Unclassified Information<br />
in Non-Federal Systems and Organizations” were included in formal solicitations under the <strong>Defense</strong><br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 53<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Federal Acquisition Regulation (DFAR). Unfortunately, procurement officials generally highlighted this<br />
requirement with a single sentence in solicitations and relied upon self-attestation. Since that time, the<br />
F35 Strike Fighter technical designs, Naval defensive electronics on sea vessels, and arguably the<br />
largest release of malware created for offensive operations by the National Security Agency have all<br />
been compromised due to poor cyber hygiene by U.S. Government Contractors (GovCons).<br />
Regardless if we like it or not, the U.S. Government is justified in taking the position “enough is enough”<br />
and now forcing all, let me say that again,…”ALL” GovCons seeking work with the DOD to demonstrate<br />
adequate cyber hygiene. These efforts are spearheaded by Ms. Katie Arrington. As described by Ms.<br />
Arrington, the Government is taking a crawl, walk, run approach towards formal implementation of<br />
CMMC. CMMC has five levels of maturity starting with Maturity Level 1 equating to being able to<br />
demonstrate 17 practices (security safeguards) are implemented. Starting around June <strong>2021</strong>, it is<br />
estimated 15 contracts will be issued impacting 1500 GovCons and this will ramp up to all engagements<br />
no later than FY2026. This is all contingent upon formal adoption within the DFAR.<br />
To make matters even more interesting is that the interim DFAR ruling explicitly states as of December<br />
1, 2020, a large number of GovCons have to immediately report their current status towards conforming<br />
with NIST SP:800-171 to the Government. If the level of accuracy for self-attestations seen previously<br />
is any indicator, there is a likelihood that GovCons may be inclined to fudge the results because who at<br />
the <strong>Defense</strong> Department is really going to police the results, right? WRONG! Misrepresenting the results<br />
has two significant consequences. One adverse consequence is defined by industry stakeholders and<br />
one is being overlooked. The first is what is known as a False Claims Act. This is actually a criminal<br />
investigation under the direction of the Justice Department and targets individuals (CEOs, Boards of<br />
Directors). The second is under the Federal Trade Commission (FTC) as a TITLE 15 violation for an<br />
unfair and deceptive business practice and can result in heavy financial sanctions.<br />
The Government is socializing their goal is not to make a compliance mandate but rather to foster the<br />
adoption of actual cybersecurity best practices in a way that enhances the GovCon. Regardless if you<br />
are Maturity Level 1 or even Level 5, two forms of objective evidence will be required for proof of adoption<br />
of the practices and processes defined within CMMC. Sounds a lot like a compliance initiative. Instead<br />
of using the term “audit” the term “assessment” is the CMMC nomenclature.<br />
If you have been through a FISMA, CMMI, ISO, PCI or other audit where objective evidence is required<br />
for proof of meeting the standard, this exercise is academically no different. There is one caveat to that.<br />
Once Maturity Level 3 is applicable (GovCon receives or creates CUI), then simply having safeguarding<br />
controls and appropriate policies & procedures is not enough. It is incumbent on the GovCon to<br />
demonstrate they are all “managed”. What does that mean though? Think of it as “operationalizing” these<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 54<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
est practices into your core business daily operations. From here, you advance to Maturity Level 4,<br />
requiring everything from Levels 1-3 plus being able to demonstrate everything is “Reviewed” at least<br />
annually. Then at Maturity Level 5, you must be able to demonstrate your organization is optimizing the<br />
aforementioned practices and processes.<br />
If you are already ISO 27001 certified, congratulations – it is no longer enough. If you are CMMI Level 3<br />
Certified, congratulations – it too is no longer enough. What about FedRAMP? That too is no longer<br />
enough.<br />
To date, the DOD is stating that having your formal certification is not required to bid, just required at time<br />
of award. The Government and the CMMC-AB estimate you should allow yourself a 6-month window to<br />
prepare for Maturity Level 3 and higher. Having performed almost 40 of these types of assessments for<br />
Government and Industry, GovCons would be wise to project an 8 to 10-month runway. These<br />
presumptions are also problematic because the average award timeline is approximately 120 calendar<br />
days. Even if the 6-month preparation estimate is correct, that still leaves a delta of two months. This<br />
essentially means a failure to have certification prior to submitting your proposal for Maturity Level 3 and<br />
higher will likely result in somebody else receiving the award.<br />
For GovCons that are micro-size entities with home-based offices, you should consider the strong<br />
likelihood that your home will actually be inspected even at Maturity Level 1. For more details on what<br />
assessors will look for, please click here.<br />
It is important to note that if you are a GovCon you should:<br />
• Take immediate steps towards CMMC preparation at Maturity Level 1 with an understanding you<br />
may likely be required for Level 3 rating within a year or so.<br />
• Carefully review the specifications of the requirements in CMMC.<br />
• Do not take the position of believing you are in good shape because your IT guy told you so.<br />
• Do not take the position this framework will go away with the new administration.<br />
• Do seek out Registered Provider Organizations that have licensed Registered Practitioners<br />
authorized by the CMMC Accreditation Body.<br />
• Understand this framework is a work in progress and will continue to evolve as the cyber threat<br />
landscape evolves.<br />
One last noteworthy point is that there are a number of industry stakeholders continuously trying to find<br />
fault with the CMMC-AB and Ms. Arrington. Taking this approach is like waving at the train when it has<br />
already left the station. ALL ABOARD!<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 55<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Carter Schoenberg is the Vice President of <strong>Cyber</strong>security at SoundWay<br />
Consulting. Carter has over 20 years’ experience supporting Government<br />
and Industry stakeholders and is a subject matter expert on the<br />
<strong>Cyber</strong>security Maturity Model Certification (CMMC), cyber investment<br />
strategies, reducing organizational exposure to harm by cyber liabilities.<br />
His work products have been used by DHS, DOD, NIST, and the ISAC<br />
communities.<br />
Carter can be reached online at<br />
c.schoenberg@soundwayconsulting.com and through<br />
www.soundwayconsulting.com or the CMMC Marketplace<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 56<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Businesses Should See Security as An Enabler of Digital<br />
Transformation, Not A Hindrance<br />
A distributed workforce has renewed the importance of security for all aspects of organizations’ technology estates<br />
By Matt Gyde, CEO, Security Division at NTT Ltd.<br />
The pandemic has put a spotlight on cybersecurity issues as businesses have moved to a distributed<br />
workforce model. Many businesses found it difficult to move with agility to provide employees with the<br />
devices and network infrastructure needed to operate and communicate seamlessly when COVID-19 first<br />
hit.<br />
In fact, according to NTT’s 2020 Intelligent Workplace Report ‘Shaping Employee Experiences for a<br />
World Transformed’, in many cases, employees have been left to use their personal devices and<br />
applications, increasing the risk of security vulnerabilities. Additionally, only 46.4% of global businesses<br />
surveyed for the same report claimed they increased their IT security capabilities to keep their<br />
organization and employees secure.<br />
The rise in nefarious threats during the pandemic is clearly outlined in NTT’s Global Threat Intelligence<br />
report as hackers seek to exploit the coronavirus-related panic. Attacks have included informationstealing<br />
malware built into a fake World Health Organization (WHO) information app, while phishing<br />
emails have offered in-demand items including face masks, hand sanitizer and Coronavirus tests. These<br />
were so bad that the World Health Organization (WHO) called it an “infodemic.”<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 57<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Secure by design approach crucial for businesses to protect themselves<br />
Unfortunately, just like the COVID-19 virus itself, cybercriminals and spies aren’t becoming fatigued by<br />
its impact on our personal and professional freedoms and prospects, as many of us are. Threat actors<br />
and organizations are opportunistic and both well-organized and funded enough to ramp up their<br />
nefarious activities despite the current worldwide crisis.<br />
This has, in turn, spawned renewed acknowledgment of the importance of security being embedded in<br />
all aspects of organizations’ technology estates. Whether applications and workloads are running onpremises<br />
or in a public or private cloud and, irrespective of whether people are working from home, the<br />
office, or remotely, infrastructure needs to be inherently secure by design and entrenched into every<br />
aspect of a business’s environment. Security cannot be ‘bolted on’ as an afterthought because it impacts<br />
both the customer and employee experience.<br />
Perhaps many organizations have not embedded security in their organization because they see security<br />
as a hindrance and not a driver of digital enablement. A cultural mind-set shift needs to happen. Security<br />
helps businesses to deliver transformational technology that enables the best user experience. And it is<br />
intrinsically linked to the protection of employee data.<br />
Digital transformation with SASE<br />
At NTT, we predict in our ‘Future Disrupted: <strong>2021</strong>’ report that the concept of ‘secure access service edge’<br />
(SASE), a term coined by Gartner, is going to be a mainstream trend in the next 12 months. SASE<br />
focuses on achieving the best end-user experience in an increasingly SaaS and software-defined network<br />
paradigm, securing APIs and capitalizing on ‘as-a-service’ scenarios such as firewall-as-a-service or<br />
CASB-as-a-service.<br />
In order to start with SASE, businesses will need to truly assess what, and which assets, they need to<br />
protect, where distributed workloads are running, how their business consumes applications and ensure<br />
infrastructure is fit for purpose:<br />
• Assess what, and which assets businesses need to protect: To start, businesses should look<br />
at data protection. They’ll need to pinpoint exactly what they absolutely have to protect and<br />
decipher what is ‘crown jewels’ data and information versus what’s not. Then they can return to<br />
the basics: good operations hygiene and due diligence<br />
• Understand where various workloads are running: This will mean businesses should look at<br />
implementing appropriate firewalls and micro-segmentation<br />
• Consider applications and how they’re being consumed: Importantly, businesses should ask<br />
themselves how these consumption trends tie back to the platform strategy and related enduser/customer<br />
and end-point protocols and how are they interacting with various workloads and<br />
applications<br />
• ‘Dust-off’ existing network and application security strategies: Businesses should ensure<br />
that their security strategies are still fit-for-purpose. This will likely include making decisions about<br />
their path to SD-WAN adoption<br />
Ultimately, businesses must ensure that cybersecurity protects internal operations and employee data,<br />
as well as its customers. Today, this means that simply buying ‘point’ security is no longer a viable<br />
approach – it needs to be baked into system design.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 58<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Businesses must increasingly focus on ensuring that cybersecurity is an enabler, not a hindrance, to<br />
digital transformation and use the right frameworks and partnerships within the ecosystem to do so. There<br />
is no more important time than now for the industry to come together to mount a powerful defence against<br />
an ever-mounting and ever-evolving cyber threat.<br />
About the Author<br />
Matt Gyde is the President and Chief Executive Officer, Security Division at<br />
NTT Ltd. He is leading the security strategy, services and go-to-market<br />
execution to build the world’s most recognized security business. Matt can be<br />
reached via his LinkedIn profile at: https://www.linkedin.com/in/matt-gyde/ and<br />
at https://hello.global.ntt.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 59<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Asset Management, The Weakest Link in <strong>Cyber</strong>security<br />
Risk<br />
By Gyan Prakash, Head of <strong>Cyber</strong> Security / Security Engineering, Altimetrik Corp<br />
Summary<br />
This paper shares the details on limitations of existing asset management solutions for <strong>Cyber</strong>security<br />
needs and how to enhance the capability of existing asset management solutions that would meet<br />
enterprise cybersecurity risk needs. Uncover high risk and vulnerable assets to CISOs and senior<br />
management with data driven automation on near real time basis.<br />
Highlights the gap in the current asset management solutions and the critical role of Asset management<br />
solution provides in secure enterprise from advance threats and cyber security risk management.<br />
Importance of asset management in identifying asset criticality rating or static risk, inherent risk and<br />
residual risk.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 60<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong>security risk not only help uncover the critical risky assets but also helps drive the enterprise<br />
priorities and future enhancements & investment on security technologies<br />
Introduction<br />
IT Asset management solutions helps discovers and provide visibility into the assets with regards to every<br />
IP connected device in enterprise environment. Accurate asset discovery and visibility is one of the critical<br />
needs to secure the asset. What you see is what you protect.<br />
Leading research shows that on average companies are blind to 40% of the devices in their environment.<br />
As a result, businesses do not have a real-time, comprehensive view of all the assets in their<br />
environment—or know the risks associated with them.<br />
Assets can be broadly divided into following categories:<br />
- Endpoint User Devices (Managed Assets & Unmanaged Assets)<br />
- Production and Non-Production Network Infrastructure devices<br />
- Enterprise IoT devices (Camera, Printers, Smart TVs, HVAC Systems, Industrial Robots, Medical<br />
Devices, Physical Security Access etc.)<br />
ISO 27001 - Information Security Management System (ISMS) certifications requires enterprise to<br />
identify information assets in scope for the management system and define appropriate protection<br />
responsibilities. NIST and CIS Critical Security Controls also include asset inventory management as part<br />
of critical infrastructure security.<br />
IT Asset inventory management is the basic need of an enterprise and urgency of discovery and visibility<br />
is not critical, whereas enterprise security primarily rely on accurate and detailed assets visibility on nearreal<br />
time basis.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 61<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Majority of the enterprise assets are distributed across many different geos, networks such as private<br />
network, public cloud. With remote work universally acceptable, the near-real time asset visibility and<br />
management becomes even more critical.<br />
Traditional Asset Management<br />
Usually, there Asset management solutions in the market. Agent based on Network scan based and both<br />
of them plays a critical role in providing Assets visibility.<br />
Network Scan based Asset Discovery: Network Scan based solutions helps identify / discovery<br />
devices on the network, the limitations are that network scan must be reachable to all networks, VLANs,<br />
subnets in the entire enterprise.<br />
Network based scans are limited to the details discovered over the network.<br />
Agent based Asset discovery: Agent based solution provides info about the OS and core OS services,<br />
versions, Middleware services, patches etc.<br />
Traditional asset management solutions also referred as CMDB (Configuration Management Database)<br />
are required to meet the IT inventory & asset management need such as asset ownership, cost center,<br />
supporting patch management needs. These solutions were not designed to keep cybersecurity threats<br />
and cybersecurity risk management in focus.<br />
<strong>Cyber</strong>security Dependency on Asset Management<br />
Before we get into the details on <strong>Cyber</strong>security dependency, it is important to understand definition of an<br />
asset. Generally, asset is defined as an IP connected device, this usually works fine but has challenging<br />
in managing serverless assets. An application consists of group an assets.<br />
The exponential increase in the number of assets be it a mobile device or microservices based light<br />
weight servers, self-mutating server and serverless assets has made the near real-time asset<br />
management even more critical. The assets distributed over many networks and geos and private and<br />
public networks. The next generation asset management will be supporting the following capabilities:<br />
- Provides asset context with regards to network placement & external visibility<br />
- Binding between assets and applications or micro-services running on the assets<br />
- Provides asset criticality risk rating<br />
- Status of security agents on the assets<br />
- Status of SIEM integration for OS level and application-level logs<br />
- Correlating each asset with all the known security vulnerabilities either related to OS or application<br />
or identity & access management or firewall<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 62<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
- Mapping sensitive data assets (such as PII, PAI or PHR) with each of the servers<br />
- Continuously track assets against enterprise security compliance<br />
Since 2019, OWASP has been also reporting Improper Assets Management as one of the top ten API<br />
Security vulnerabilities across the industry.<br />
Automate Asset Criticality Risk Rating<br />
Asset Criticality is the most important factor in understanding the risk of an asset being compromised.<br />
The asset criticality rating provides the view on the asset risk without any known security vulnerability.<br />
Any asset in production and non-production environment introduces risk and the risk is related to the type<br />
of data asset that assets process or handles, exposure of an asset to outside world and how an<br />
unavailability of assets impacts the business and enterprise services. We can also call this static risk<br />
that means minimum risk that this asset introduces to the enterprise.<br />
None of the traditional asset management solutions offers Asset Criticality Risk Rating, hence many<br />
enterprises rely on generating this asset criticality rating using non-standard and adhoc techniques.<br />
Asset Criticality Risk Rating What would be impact on enterprise if an asset is unavailable, tampered or<br />
breached.<br />
Critical assets are those that are essential for supporting the critical enterprise business needs. These<br />
assets will have a high consequence of failure, and it must be ensured that such assets of failure are<br />
avoided. These assets should be identified on urgent basis and more focus should be paid to these<br />
assets.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 63<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Every organization has a way to identify which applications are critical, which is fairly easy but the<br />
challenges are mapping each and every asset to these critical applications and doing it consistently on<br />
real time basis.<br />
Building an Asset Criticality Rating<br />
Asset Criticality Risk Rating (ACRR) is foundation of determining Asset Risk. Some of the important<br />
aspect of building ACRR are following:<br />
- It must be fully automated and not dependent on user input<br />
- Provides consistent ACRR and in near real time<br />
- Provides options for Risk analyst to update the weightage of ACRR<br />
ACRR Calculation Approach<br />
In the proposed section, we share details on how CVSS (Common Vulnerability Scoring System) can be<br />
used for build ACRR. CVSS is an open framework providing characteristics and severity of software<br />
vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental.<br />
Our interest is in the Base CVSS. The Base CVSS represents the intrinsic qualities of a vulnerability that<br />
are constant over time and across user environments and composed of two sets of metrics: Exploitability<br />
metrics and Impact metrics.<br />
Exploitability Metrics<br />
Attack Vector<br />
Attack Complexity<br />
Privileges Required<br />
User Interaction<br />
Impact Metrics<br />
Confidentiality Impact<br />
Integrity Impact<br />
Availability Impact<br />
Scope<br />
For ACRR, we only need Impact Metrics, and we will then find an average Impact for Confidentiality,<br />
Integrity and Availability across all the key attributes required for generating ACRR.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 64<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
ACRR Formula<br />
The ACRR is based on the CVSS standard used for security vulnerability rating. We extend the same<br />
the same model to measure the criticality of an application. We will be using the following formula<br />
ACRR= f(Confidentiality, Integrity, Availability)<br />
Ci = Average weight of all the Confidentiality Impact for the asset<br />
Ii = Average weight of all the Integrity Impact for the asset<br />
Ai = Average weight of all the Availability Impact for the asset<br />
ISS = Impact Sub-Score<br />
ISS = (1 -((1-Ci)*(1-Ii)*(1-Ai)))<br />
ACRR = roundup (min (ISS * 8, 10))<br />
The min() function returns the item with the lowest value of the items<br />
The roundup roundup to zero decimal<br />
We derived the constant 8 based on iterating with number assets that provide the acceptable risk rating<br />
score and following Delphi method.<br />
Mathematical Ranges<br />
Ci = [0,1] ,<br />
Ii = [0,1] ,<br />
Ai = [0,1]<br />
ACRR = [0 , 10.0]<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 65<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
ACRR Rating Scale<br />
All the ACRR scores will be mapped to a qualitative rating and we will be in line with the industry standard<br />
CVSS rating scale;<br />
Rating<br />
ACRR Score<br />
None 0.0<br />
Low 0.1 to 3.9<br />
Medium 4.0 to 6.9<br />
High 7.0 to 8.9<br />
Critical 9.0 to 10.0<br />
ACRR Worksheet<br />
We are going to use the following key indicators for our worksheet to demonstrate generate ACRR for a<br />
given asset.<br />
Key Indicator Descriptions Possible options<br />
Sensitive Data Handling The type of data asset This could Personally<br />
applications or server is Identifiable Information (PII),<br />
processing.<br />
PCI Card Data (PCD),<br />
Personal Health Information<br />
Application Exposure<br />
Service Tier<br />
This represents application<br />
exposure to type of users and<br />
network.<br />
A service tier is indicating how<br />
critical a service is to the<br />
operation of your business<br />
from availability point of view.<br />
(PHI) etc<br />
Public Internet, Partner<br />
Network, Internet Network<br />
It could be Tier-0, Tier-1, Tier-<br />
2 and Tier-3. Whereas T0 –<br />
which is critical service to T3-<br />
Which is non-essential<br />
Sensitive Data Volume<br />
Number of External users<br />
Volume of data processed by<br />
the application or the servers<br />
involved in that applications.<br />
Number of active external<br />
users of the applications and<br />
will also apply to all the<br />
servers involved.<br />
It could be block of 100K or<br />
10K based on business risk.<br />
1million – 10million<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 66<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Development Model This indicated if the<br />
Application was developed by<br />
internal development team or<br />
developed using out souring<br />
model or mixed<br />
Hosting Environment This indicates the asset<br />
hosting environment.<br />
Internally Developed,<br />
Externally Developed, Hybrid,<br />
3 rd Party Product<br />
Public IaaS, PaaS or<br />
Kubernetes, SaaS, Private<br />
Data Center<br />
Additional key indicators could be used based on risks and threats related to Hosting Environment,<br />
Number of Admin users etc.<br />
In next section, we will generate ACRR for a given asset, we are going to use following key indicators<br />
that helps identify the impact. For each of these key indicators, we are going to assign weightage for<br />
Confidentiality, Integrity and Availability. The weightage is assigned based on the risk / impact that will<br />
caused if the asset involved gets compromised. The weightage must be assigned between 0 and 1. The<br />
lower weight is for low impact and higher weight is for high impact.<br />
Key Indicator Indicator Value Confidentiality<br />
Impact<br />
Integrity<br />
Impact<br />
Availability<br />
Impact<br />
Sensitive Data PCD & PII 0.7 0.7 Not applicable<br />
Handling<br />
Application Exposure Public Internet Not applicable Not<br />
0.9<br />
applicable<br />
Service Tier Tier-0 Not applicable Not<br />
0.9<br />
applicable<br />
Sensitive Data Volume 1million – 5million 0.8 0.8 Not applicable<br />
Number of external 100k-1m Not applicable Not<br />
0.7<br />
users<br />
applicable<br />
Development Model Internally 0.2 0.2 Not applicable<br />
Developed<br />
Hosting Model Public IaaS 0.6 0.6 Not applicable<br />
In essence, ACRR determines the impact the business is going to suffer if the asset in question were to<br />
be compromised.<br />
Ci = (0.7+0.8+0.2+0.6)/4 = 2.3/4 = 0.6<br />
Ii = (0.7+0.8+0.2+0.6)/4 = 2.3/4 = 0.6<br />
Ai = (0.9+0.9+0.7)/3 = 2.3/3 = 0.8<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 67<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Ci, Li, Ai are rounded off to 1 decimal.<br />
ISS = 1 -((1-0.6)*(1-0.6)*(1-0.8))<br />
ACRR = roundup(min(ISS * 8 , 10))<br />
The Asset Criticality Risk Rating is High.<br />
Enhance <strong>Cyber</strong>Security Risk<br />
The goal of the asset management solution is to provide the asset attributes or key indicators collected<br />
using agent and or network-based scans and on consistent basis. The ACRR data does not change often<br />
but is critical for providing cybersecurity risk.<br />
Inherent Risk: As we know there are no perfect assets or applications. Any applications or servers on<br />
an average will have 40-75 known issues that includes vulnerabilities from Network & Infrastructure,<br />
open-source library, application security vulnerabilities from SAST, DAST etc.<br />
The inherent risk hugely depends on static risk i.e., ACRR, so it is very important to get the ACRR right<br />
on consistent basis and through automation.<br />
Inherent risk can be derived using CVSS methodologies as well and the challenge will be average out<br />
the exploit and impact across all the known vulnerabilities. Inherent must be done on daily basis and only<br />
a good automation mechanism with asset management and vulnerability correlation can provide this<br />
data.<br />
Residual Risk: Residual risk is what the CISOs are looking for to get an idea on how effective<br />
<strong>Cyber</strong>security investment has been and how are they protecting the known issues that cannot be fixed<br />
due to number of limitations. Residual Risk is the risk score after taking consideration of all the security<br />
counter measure and exploit prevention solution in place. Residual risk are the real threat and risk to the<br />
enterprise.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 68<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Gyan Prakash is a Head of Information Security at Altimetrik.<br />
Before joining Altimetrik, Gyan was Global Head of Application<br />
Security & Security Engineering at Visa from 2016-2020. He<br />
managed Product Security Architecture and Engineering,<br />
Application Security & vulnerability management. Gyan also led<br />
Future of Payment and Blockchain / Crypto Currency research at<br />
Visa from 2014-2016.<br />
Gyan has 20+ years of experience in security technologies. He<br />
has implemented mature DevSecOps at Visa and has been<br />
consulting with Fortune 500 organizations working to implement<br />
DevSecOps at scale. Gyan is a technologist and innovator at<br />
heart, with 250 global patents including 152 granted in the areas of system security, mobile security,<br />
tokenization, and blockchain.<br />
LinkedIn: https://www.linkedin.com/in/gyan-prakash-747a8a2/<br />
Altimetrik Corp: https://www.altimetrik.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 69<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Rising Tide of Security Threats in The Industrial<br />
Internet of Things<br />
By Don Schleede, Information Security Officer at Digi International<br />
Throughout <strong>Cyber</strong> Security Awareness Month in October, many organizations shared their thoughts on<br />
the state of cybersecurity and reflected on the processes and steps that can improve it. However, the<br />
discussion largely focused on protecting end users rather than building security into networks and devices<br />
from a systemic perspective. In addition, through its theme of “If You Connect It, Protect It,” however,<br />
<strong>Cyber</strong>security Awareness Month has also opened the door to conversations about IoT cybersecurity.<br />
Most IoT discussions focus on consumer IoT – the smart trend-of-the-moment. That’s not surprising since<br />
consumer-centric applications and devices are increasingly visible in everyday life and provide that “living<br />
in the future” feeling that grabs attention. However, industrial and enterprise IoT applications have just<br />
as many implications – though perhaps slightly less visibly, which means they receive far less attention<br />
and are less understood. It’s easier to assume that industrial IoT is more secure than its consumer<br />
counterparts, since those applications are backed by large organizations facing greater security risks.<br />
However, that’s a mistaken notion: The industrial IoT’s struggle with security remains a challenge that is<br />
largely unaddressed.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 70<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Understanding the Industrial IoT<br />
When we talk about IoT, we tend to think of devices and connected “things” – smart TVs, home security<br />
systems, self-driving cars, to name a few. We rarely consider the resources these “things” rely on or the<br />
networks that connect them. Yet these systems are underpinned by hundreds – perhaps thousands – of<br />
connected devices that, when compromised, can have far-reaching consequences.<br />
To talk about industrial IoT security, we must first understand the types of disruptive security threats:<br />
• Confidentiality threats – These intrusions expose sensitive or confidential information, including<br />
the viewing of data in the actual device or the theft/cloning of device firmware itself.<br />
• Theft of service – Authentication weaknesses or failures create critical vulnerabilities. Upgrade<br />
features, unlocked without authorization, are also an important threat.<br />
• Data integrity threats – Unauthorized messages are introduced into a network, or an unauthorized<br />
party takes control of a device.<br />
• Availability threats – Denial-of-service (DOS) attacks prevent the device from sending messages<br />
by flooding it with hostile traffic.<br />
All of these disruptions can arise through different methods, from reverse engineering, micro-probing a<br />
chip, or exploiting unintentional security vulnerabilities within a code to exploiting weaknesses in internet<br />
protocols or crypto or key handling. No matter the source, one thing is clear: We need to know where to<br />
improve security and how to close those gaps.<br />
Building security from the ground up<br />
Our analysis of active devices found that 43% of IIoT devices communicate insecurely. That’s certainly<br />
far better than consumer IoT devices (98% of which are unsecured), but the reality is that the number is<br />
still far too high, and the potential repercussions of these lax protocols are serious. From manufacturing,<br />
transportation, and utilities to healthcare and other industries, organizations must adopt key strategies to<br />
prevent and mitigate security issues:<br />
• Security-by-Design: Vendors and customers repeatedly choose lower costs and faster go-tomarket<br />
options instead of investing the necessary time and effort to design and build top-level<br />
security into their devices and applications. As vulnerabilities and attacks continue, organizations<br />
are – at last – beginning to factor in the risks (think: liabilities and compliance issues) caused by<br />
faulty security settings and inadequate encryption/privacy protection. Security is also gaining<br />
importance over the long run because it reduces the costs of potential breaches.<br />
• Device Authentication and Identity: Passwords remain one of the most common forms of<br />
authentication – and one of the most common ways threat actors penetrate systems. Many<br />
organizations are opting for multi-factor authentication (MFA) that adds a second layer of access<br />
protection by requiring additional forms of authentication. From location-based options such as<br />
an IP address to something the user physically possesses like a phone or a key fob, MFA offers<br />
flexible controls for easier management and a smoother and faster user experience, while<br />
improving overall security even for physically dispersed devices.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 71<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
• Updates and Upgrades: IIoT devices have much longer longevity than consumer IoT devices –<br />
as much as 10-15 years. Updating and upgrading the firmware and software for each device<br />
becomes increasingly challenging as the volume of devices in the field rises. An organization<br />
cannot just deploy thousands of devices. It must manage them throughout that lengthy lifecycle.<br />
IIoT leaders can offer centralized device management solutions to help administrators manage<br />
updates and patches, troubleshoot through out-of-band-management, reconfigure devices, and<br />
monitor the health of the entire network. This holistic approach provides insight when a specific<br />
device is at risk and helps them mitigate issues before they worsen.<br />
• Risk Assessments and IoT Regulations: As we move into <strong>2021</strong>, the number of IIoT devices<br />
will continue to grow, requiring organizations to assess both devices and networks. For security<br />
professionals, this is already a best practice for all deployments. However, soon it will be the<br />
standard thanks to guidelines within the NIST’s IoT security framework, legislative and industry<br />
regulations, and other mandates. This is a move in the right direction and a long-overdue step<br />
since large swaths of the IoT remain vulnerable today.<br />
Awareness, Understanding, and Action<br />
Embedded security is a critical requirement for a growing number of connected IoT applications and<br />
devices, especially as threats continue to rise. Although, we continue to play catch-up with threat actors,<br />
we are seeing a gradual shift in the right direction. More leaders understand the need to improve security,<br />
and new regulations have identified and highlighted a problem that has been lurking for years. It is time<br />
for IoT vendors, developers, admins, and engineers to make security a top priority.<br />
About the Author<br />
Don Schleede is the Information Security Officer for Digi International,<br />
a Minnesota-based manufacturer of embedded systems, as well as<br />
routers, gateways, and other communications devices for the Industrial<br />
IoT. He has 27 years of experience in high-tech security and has been<br />
with Digi for more than seven years. Earlier, Don held positions as a<br />
developer, IT Operations Director, and IT Architect. Don can be<br />
reached online at (EMAIL, TWITTER, etc..) and at our company<br />
website http://www.mycompany.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 72<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
E-Merchants: Secure Your Online Sales from<br />
<strong>Cyber</strong>security Threats<br />
By Anthony Webb, EMEA Vice President, A10 Networks<br />
This year, online retailers pushed the boundaries with “Black Friday” deals in the hopes of improving their<br />
online sales, thanks to the uncertainty around in-store shopping due to COVID-19, leading many<br />
customers to make their purchases from the safety of their own homes. As a result, e-commerce<br />
merchants have witnessed a significant uptick in users and devices connecting to websites than in recent<br />
years.<br />
Good <strong>Cyber</strong>security is Crucial<br />
The good news for e-tailers is that overall sales are expected to grow in the new year. This has added<br />
importance in a year when many e-commerce businesses have faced unprecedented disruption.<br />
However, one thing is clear. Online sales will take centre stage.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 73<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
However, just as online sales are at the forefront, so should cybersecurity. Retailers aren’t the only ones<br />
looking to capitalise on the increase in online spending. Shopping seasons offer hackers an opportunity<br />
to profit as well. We’ve already seen a huge uptick in cyber-threats due to COVID-19. Now, online<br />
shopping provides cyber-criminals with additional motivation to launch their attacks using some of the<br />
below tactics:<br />
Phishing – Phishing and its variants, including spear-fishing and whaling, are email-based attacks that<br />
leverage social engineering techniques to fool recipients into providing sensitive information to the<br />
attacker. While spear-fishing and whaling attacks are more targeted than phishing, all three forms attempt<br />
to get the victim to read the email, click on a link, possibly open an attachment, and ultimately disclose<br />
valuable personal or corporate information.<br />
Ransomware – Ransomware attacks seek to extort money from victims by encrypting access to files or<br />
entire systems until they pay the attacker a ransom, have become increasingly popular in recent years.<br />
Much of this has to do with the potential to make large sums of money from the ransoms. Another reason<br />
for the rise in ransomware attacks is the availability of ransomware-as-a-service (RaaS) kits, which are<br />
inexpensive to purchase on the black market, making it easy for novice hackers to launch their own<br />
attacks. Phishing emails are the top threat vector to distribute ransomware.<br />
Distributed Denial of Service (DDoS) – DDoS attacks are designed to stop a computer, server, website,<br />
or service from operating by flooding it with internet traffic generated by an army of bots called a botnet.<br />
The tremendous growth in Internet of Things (IoT) devices, many of which are not properly secured, has<br />
made it easier for attackers to take control of more devices and create botnets. DDoS attacks can be<br />
especially damaging to e-commerce businesses if customers can’t access their websites to make<br />
purchases.<br />
Malware – Malware attacks take many forms including viruses, worms, spam, spyware, and more. Some<br />
malware threats such as spam are more of an annoyance, while others such as viruses and worms can<br />
spread across a network infecting systems and negatively impacting their performance and user<br />
productivity. Similarly, spyware can slow down systems. However, it can also be used to report sensitive<br />
information such as passwords back to the hacker.<br />
Injections – Injection attacks such as cross-site scripting and SQL injections are used to exploit<br />
vulnerabilities in web applications by injecting malicious code into a program, which then interprets the<br />
code and changes the program’s execution. In other words, it gets the application to do something<br />
unintended such as alter the behavior of a website or expose confidential data like login credentials to<br />
the attacker. E-commerce businesses hit with an injection attack could find their customers redirected to<br />
a fake site which illegally harvests customer information.<br />
The Consequences of Poor <strong>Cyber</strong>security<br />
If e-commerce merchants are not prepared to stop malware, DDoS attacks, and other threats, the<br />
consequences of a successful attack could be the difference between surviving and ceasing trading.<br />
Here’s what businesses could be facing:<br />
Lost Revenue – Any downtime to a web server that prevents customers from making a purchase is<br />
damaging to online sales and can potentially have a severe impact, especially for smaller organisations.<br />
Data Theft – The increase in online shopping during sales periods is a lure for cybercriminals to launch<br />
attacks aimed at stealing corporate and customer data. Phishing emails claiming to have information on<br />
fake shopping receipts, shipping status, and customer surveys are very popular in the run-up to<br />
Christmas.<br />
Disruption of Services – DDoS and ransomware attacks can target services that we deem essential.<br />
E-commerce sites, public utilities, and schools are just a few examples of their victims. Shutting down<br />
access to a service, even for a short period time, can have major financial and social impacts.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 74<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Damaged Reputation – Damage can extend beyond short-term financial losses and data theft.<br />
Consumer confidence and brand reputation can quickly erode when consumers have a poor online<br />
experience. Customers aren’t shy about using social media to express their displeasure.<br />
Reduced Productivity – It’s not just customers who feel the impact of a successful attack. If employees<br />
can’t access the applications they need to do their jobs, expect to see a drop in productivity with an<br />
accompanying rise in undesirable workarounds.<br />
Steps to Take<br />
<strong>Cyber</strong>security is an everyday concern. Fortunately, there are some things that organisations can do to<br />
keep applications, networks, and the business safe from threats, especially during peak online shopping<br />
periods.<br />
First, look for a solution that provides DDoS detection and mitigation to ensure services are continually<br />
available to legitimate users. Hackers have learned how to weaponise IoT devices to launch complex<br />
multi-vector and volumetric attacks, capable of bringing down application servers and entire networks.<br />
Second, protect web-based applications with web application firewall (WAF) technology. Outdated<br />
applications are especially vulnerable to attacks. A WAF will secure them from hackers looking to exploit<br />
HTTP and web application-based flaws.<br />
Third, find solutions that meet current and future platform needs. Organisations may not have transitioned<br />
to the cloud yet, but they’ll likely have some cloud-based apps. They must be sure their solution is ready<br />
when the company is ready, whether it is moving to a hybrid cloud or multi-cloud infrastructure. And<br />
finally, continue to educate employees on the need for good cyber hygiene. According to a 2019 IBM<br />
study, 95% of cybersecurity breaches are caused by human error.<br />
With this shift to online a potentially permanent one, e-commerce merchants should expect these<br />
sustained levels of activity going forward. Therefore, it’s imperative that e-commerce businesses secure<br />
applications, servers, and networks from cyber threats at all times.<br />
About the Author<br />
As VP EMEA, Anthony Webb is responsible for managing and growing<br />
A10’s sales operations, as well as leading the company’s sales and channel<br />
strategy across the region. Before joining A10, he served as vice president<br />
EMEA of Ixia Technologies, focusing on maintaining Ixia’s position as the<br />
leading provider in network testing while driving their leadership status in<br />
network visibility. Prior to joining Ixia, he held positions at the vice president<br />
and managing director level for Juniper Networks, running sales<br />
organizations across EMEA and in the UK. In 2000, he joined Cisco as sales<br />
manager for service provider and enterprise verticals in the UK, before<br />
serving as enterprise sales director emerging markets with Cisco in MEA,<br />
then collaboration sales director emerging markets. He left Cisco in 2011 to return to the UK.<br />
Anthony can be reached online at (awebb@a10networks.com) and at our company website<br />
https://www.a10networks.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 75<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Privileged Credential Security Advantage<br />
By Tony Goulding, <strong>Cyber</strong>security Evangelist at Centrify<br />
Over time, a causality has emerged that accounts for the majority of security risks for enterprises:<br />
privileged accounts lead to data breaches. So much so that the majority of breaches (over 67 percent) in<br />
2020 were caused by credential theft.<br />
Organizations that prioritize privileged credential security have an advantage over their peers by ensuring<br />
their operations are more resilient to data breaches. However, there’s a gap that continues to widen<br />
between those guarded against a breach and the numerous others that aren’t.<br />
Many have paid attention and embraced the warnings and guidance from analysts, press, and vendors<br />
that called for implementing privileged access management (PAM) security controls to mitigate the risk.<br />
The question is, did you go far enough?<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 76<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
IT Automation Software and the Attack Surface<br />
As it relates to privileged accounts, the attack surface can be enormous and very diverse. Reducing this<br />
attack surface is a primary objective. However, for many organizations, the first – and often, only – focus<br />
is on the human administrator and their privileged activities.<br />
Let’s visit another slice of this attack surface that often flies under the radar. Your mileage may vary, but<br />
this risk can be just as significant, if not more so. It’s the use of privileged accounts by IT automation<br />
software; tools commonly found in IT service management (ITSM), IT operations management (ITOM),<br />
and continuous configuration and automation (CCA) platforms, such as asset discovery, vulnerability<br />
scanning, and software orchestration.<br />
For example, you may use one tool to scan the network for systems and analyze each one looking for<br />
exploits, vulnerabilities, and misconfigurations. And another tool may help you maintain a single system<br />
of record for your IT assets by conducting an inventory of each system, feeding results into different tools<br />
to show applications, infrastructure, as well as service relationships and dependencies. On top of these,<br />
a different tool from a different vendor may be helping you control your IT infrastructure, job scheduling,<br />
and inventory management. Like the others, it needs administrative access to IT infrastructure.<br />
In common, they all need to log into IT systems via SSH or WinRM to run commands and scripts with<br />
privileges and obtain system-level intelligence.<br />
Therein lies the risk.<br />
Externalizing Credential Management<br />
By default, IT configures these privileged account IDs and passwords statically within the tool. Let’s be<br />
clear about what this means. You’re entrusting the keys to every IT system, on-premises and perhaps in<br />
the cloud as well, to an application whose core strength is not identity and credential management. Not<br />
only that, IT must manually configure dozens or even hundreds of credentials in the tool. Multiply that by<br />
the number of tools requiring privileged accounts, and the lights never go off for IT. We haven’t even got<br />
to password rotation.<br />
Thankfully, several leading vendors in the space have recognized this. As an alternative, most allow IT<br />
to externalize identity and credential management to a third-party solution designed for the job.<br />
Relocating credentials to a hardened password vault is the best practice to mitigate this risk. Instead of<br />
IT configuring passwords within the tool, the tool fetches them from the vault at scan time. If an attacker<br />
compromises the tool, they won’t find any privileged account passwords in its configuration settings,<br />
preventing lateral movement to the IT servers and limiting what could amount to a complete compromise<br />
of every server in your IT infrastructure, including domain controllers.<br />
Reducing Risk and Adding Value<br />
The value doesn’t end there, however. By now, it’s evident that passwords are inherently weak and<br />
introduce risk. IT can use the vault to strengthen passwords and help prevent login denials. Frequent<br />
rotation helps mitigate the risk, along with setting long, cryptic passwords. Unfortunately, this falls below<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 77<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
the line of high priorities for many IT shops, resulting in a “set it and forget it” mentality. With the vault,<br />
you get automatic account password rotation coupled with password quality of service policies. You avoid<br />
the risk of stale passwords with low entropy. No longer must IT manually log into each system to change<br />
the local account password, then manually update them in each tool to ensure consistency.<br />
The vault can also help prevent scan failures that occur in-between the scheduled password rotation<br />
jobs. Let’s say someone (a well-meaning internal admin or a threat actor) changes a local system<br />
password, but an ITOM tool is still using the old one. Subsequently, the login would fail, and you now<br />
have gaps in system coverage requiring manual intervention. Some password vaults can automatically<br />
reconcile out-of-sync passwords in real-time during password check out to ensure the local system<br />
account password and the vaulted password are the same. This client-based password reconciliation<br />
feature ensures that your tool will always fetch a valid password from the vault with which to log in at<br />
scan time.<br />
Because unauthorized access is a high-reward, low-risk endeavor, hackers will continue to seek out and<br />
find new ways of gaining access to high-value and sensitive resources. But embracing a defense in depth<br />
strategy by externalizing credential management and gaining insight into incremental risk can go a long<br />
way toward mitigating or preventing data breaches -- even if the specific attack vectors are not yet known.<br />
About the Author<br />
Tony is a <strong>Cyber</strong>security Evangelist at Centrify. He has over 30 years<br />
of security software experience and more than 15 decades of<br />
experience in identity and access management & privileged access<br />
management.<br />
Tony can be reached online on Twitter at @Tony_Centrify and at our<br />
company website www.centrify.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 78<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How To Keep Your Children Safe In Remote Learning<br />
Situations<br />
By Nevin Markwart, Chief Information Security Officer at FutureVault<br />
As parents, we have conflicting feelings on remote learning. One on hand, we want our children to stay<br />
healthy, especially in the midst of a public health crisis. On the other hand, online education opens the<br />
door to new threats—including opportunities for hackers, risks to our children’s privacy, and increased<br />
online harassment.<br />
Fortunately, we as parents can play a proactive role in ensuring that our children’s online education is a<br />
safe and fulfilling experience. Here are several easy steps that you can take to protect your children in<br />
remote learning situations:<br />
Classroom Learning<br />
Creating an open dialogue with your children’s educators is a simple yet effective way to ensure that<br />
everyone is on the same page when it comes to safety and privacy. You should discuss safety protocols<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 79<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
with the school and flag anything that concerns you. Confirm the school has privacy policies in place and<br />
learn what they are.<br />
Speak with your children’s teachers and meeting administrators about which screenshare tool they use<br />
and confirm that only the school can control screenshare. Learn that program and security features as<br />
much as possible.<br />
Make sure the teacher allows students to turn off their cameras after confirming attendance if they’re<br />
uncomfortable “going live.” Many adults feel uncomfortable on camera, so imagine how children must<br />
feel.<br />
Privacy<br />
Parents should have ultimate control over what their children use and see online. Know what platforms<br />
your children are using, whether for learning or social media. Maintain direct oversight on whom your<br />
children engage with online and limit that circle to known friends, family, and acquaintances. Use<br />
Screentime or Parental Controls to restrict the types of online activities your children can do.<br />
You should set up secure passwords for your children to prevent their accounts from getting hacked.<br />
Secure passwords are at least twelve characters long, do not include dictionary words, and mix numbers,<br />
symbols, and letters (lowercase and uppercase). Turn on your firewall and make sure your children only<br />
download files from people or sites you know and trust.<br />
Remember that anything posted online is public, not private information. So, talk to your children about<br />
what they’re not allowed to post online. They should never post any sensitive personal information (e.g.<br />
social security number, passwords, etc.) on their internet profiles: changing a profile does not delete old<br />
copies of it.<br />
<strong>Cyber</strong>bullying<br />
Communication is a key step to prevent cyberbullying. Explain to your children that what happens on the<br />
Internet can be permanent and damaging. You should treat people the same way online as you would in<br />
person: with respect. This includes not saying anything mean or untrue about someone online. Ask your<br />
children’s school what disciplinary measures are in place for online misbehavior.<br />
Report online harassment, including any message that makes your children feel uncomfortable. If the<br />
harassment occurred through your children’s remote learning platform, notify their school. You can also<br />
report harassment to local law enforcement. Make sure to save and print any records of threatening<br />
messages—including screenshots, emails, and texts—for evidence.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 80<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Nevin Markwart, Chief Information Security Officer at FutureVault.<br />
Nevin Markwart is the incoming Chief Information Security Office<br />
(CISO) for FutureVault Inc., an innovative internet cloud-based<br />
personal document storage, access and distribution company.<br />
Initiating his third professional career, Nevin graduated in 2019 with a<br />
Master of Science degree in <strong>Cyber</strong>security from Brown University, the<br />
Ivey League school located in Providence, Rhode Island. Nevin is an<br />
online information privacy expert, having written his graduate thesis<br />
paper, “Restricting the Adverse Effects of Internet Terms of Service<br />
Agreements,” with the support of his non-faculty academic advisor<br />
Tom Ridge, former Governor of Pennsylvania and first US Secretary<br />
of the Department of Homeland Security.<br />
Previously, Nevin was the Boston Bruins’ first pick in the 1983 NHL Entry Draft and turned pro<br />
immediately after the draft at age 18. He went on to play nine seasons in the NHL, retiring due to the<br />
cumulative effects of three shoulder surgeries. After retiring from hockey, Nevin completed his MBA in<br />
finance from Northeastern University in Boston in 1994 and began another career in the investment<br />
management industry.<br />
Nevin’s investment industry experience includes senior and executive roles in Boston as an equity analyst<br />
and portfolio manager, director of research, product manager, and head of Canadian equities for firms<br />
including Wellington Management and Fidelity Investments.<br />
Later in his investment management career, Nevin led two Canadian mutual fund companies as CEO:<br />
Calgary-based Canoe Financial and Toronto-based Front Street Capital.<br />
Nevin is a member of the Board of Directors of the Business of Hockey Institute (BHI), the Saskatchewan<br />
CFA Society, Prairie Green Renewable Energy Inc and Evolution Potash. He is also a business<br />
management mentor for the Canadian Consulate’s Canadian Technology Accelerator (CTA) in Boston.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 81<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
More Internal Security Needed, Less Budget – 10 Tips to<br />
Help<br />
By Jody Paterson - Founder and Executive Chairman. ERP Maestro<br />
As if internal risks of fraud and data breaches were not high enough, enter in a year of new work<br />
environments and economic uncertainty that has also ushered in an even more risk-prone era. Before<br />
we even knew the word “COVID,” the frequency of fraud had tripled in the last four years, according to<br />
the Ponemon Institute’s 2020 Cost of Insider Threats report. By August of this year, a survey conducted<br />
by the Association of Certified Fraud Examiners (ACFE) revealed that 77 percent of responders said they<br />
had observed an increase in the overall level of fraud since the pandemic began, with one-third noting<br />
that the increase had been significant.<br />
The near-term future doesn’t look better. In the same ACFE report, 92 percent expected fraud to increase<br />
in <strong>2021</strong>. However, fraud isn’t the only concern. Data theft by employees also has risen and research firm<br />
Forrester expects to see data breaches caused by insiders to increase by 33 percent in the year ahead.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 82<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The cause? More remote work, fear of unemployment and easier ways to access and remove data are<br />
the reasons cited.<br />
At the same time, companies are reluctant to allocate more money for safeguards, even though the need<br />
for improved security is apparent. Yet, we know that leaving risks undetected can end up costing much<br />
more than the security solutions designed to prevent them. How, then, can companies get greater<br />
protection for business systems while also keeping costs down. The following 10 tips can help.<br />
Establish a Security Control Baseline<br />
When developing a strategy and cost-saving budget, start by establishing a security control baseline. A<br />
company’s security baseline is the minimum internal security controls needed to keep a system protected<br />
and the base objectives that must be met to achieve security goals.<br />
Perform a Risk Assessment<br />
Along with creating a security control baseline, determine your current risk level with an analysis of access<br />
risks by user, role and business process. This review will provide a deeper comprehension of key areas<br />
of risk and how to tackle them as cost-effectively as possible.<br />
Calculate Your Risk Tolerance<br />
Along with a risk assessment, a company should know exactly what its risk tolerance is – how much risk<br />
it can afford to have. While risk threshold determines how much risk is acceptable before action must be<br />
taken, risk tolerance gets into the dollars and cents of what a company can afford if an incident occurs.<br />
A company needs to weigh the potential cost of fraud, data breaches and mishaps by employees to<br />
determine if it can tolerate that amount of risk and loss.<br />
Decrease Audit Deficiencies<br />
Companies meeting audit compliance requirements for Sarbanes-Oxley have to think through the risks<br />
and costs of audit deficiencies and material weaknesses and add those to their probability of risks.<br />
Reducing risk – even audit risks – to begin with can be the more cost-effective posture to take.<br />
Reduce Risk Remediation<br />
Cutting the cost of access risk remediation is another budget-saving strategy. By running a risk analysis<br />
more frequently, risks can be found promptly and remediation work can be performed as risks arise rather<br />
than accumulating a massive number of risks and creating an overwhelming amount of remediation work<br />
all at one time. Such a scenario may slow remediation processes and even let some remediation slide,<br />
thereby leaving a company open to a greater risk of damaging incidents.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 83<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Eliminate Complexity<br />
Manual processes or risk analyses are more complex and harder to perform. Simplify processes as much<br />
as possible to reduce errors, time and cost. But also think about more simplicity in whatever technology<br />
you use to help control risks. Bear in mind that an intuitive user interface and risk reporting can drive<br />
greater adoption and use while reducing training, costs and risk in general.<br />
Leverage Automation<br />
Lowering risks, cutting audit deficiencies and reducing remediation work are easier to achieve with<br />
automated tools. Organizations can not only save hours and hours of time spent on manual work but also<br />
improve accuracy and remediate any risks faster.<br />
Cloud Technology<br />
Most companies today realize the value of automation, which can be achieved in both on-premise and<br />
cloud technology, but cloud technology can add advantages and savings not possible with on-premise<br />
solutions. Cloud technology can come with some significant cost-savings, from no-cost deployments, to<br />
an end to continual upgrades and maintenance, to extreme flexibility and long-term agility.<br />
Rank Your Solution Needs<br />
One way to be more cost-conscious in security spending is to rank the importance of features in internal<br />
security and access control tools. One way to break this down is to think about not only what you need<br />
today but also what you might need tomorrow and what features are nice-to-haves versus must-haves.<br />
An important caveat here, however, is to not buy any unnecessary bells and whistles. Spending more<br />
doesn’t indicate that you have better cybersecurity readiness. Throwing more money at a problem isn’t<br />
the best approach. Research firm Gartner points out that a company may spend more money but invest<br />
in less-suitable solutions, therefore, inadvertently bloating budgets and making the business more<br />
susceptible to risk.<br />
Employee Training<br />
It may not be so obvious to include employee training when thinking about maximizing your budget. The<br />
truth is, however, that even with taking all of the measures you can with best practices and technology,<br />
insider attacks are attributed to employees of every rank. An all-inclusive security program should make<br />
training on internal risks, as well as external cyber threats, a priority.<br />
In conclusion, cutting costs for internal security shouldn’t mean cutting necessary security solutions or<br />
not investing in new or better tools. There are ways using the tips above, however, to keep costs at a<br />
minimum while getting better risk protection.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 84<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Jody Paterson is a trusted governance, risk and compliance<br />
advisor and thought leader who is a Certified Information Security<br />
Specialist (CISSP), a Certified Information Security Auditor (CISA),<br />
a former KPMG director, and Chairman and Founder of ERP<br />
Maestro.<br />
Jody can be reached online at j.paterson@erpmaestro.com, on<br />
LinkedIn at https://www.linkedin.com/in/jodypaterson/ and via our<br />
company website http://www.erpmaestro.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 85<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Personal Data Breaches for GDPR Compliance:<br />
Everything You Need to Know<br />
By Dan May, Commercial Director, ramsac<br />
In the new era of cybercrime, identifying the proper sanctions and reactions for any business can seem<br />
challenging, if not confusing. When it comes to data protection and operational compliance in the digital<br />
world, authorities like the Information Commissioners Office, or ICO, have identified a sense of confusion<br />
surrounding incident management, which includes the whole process itself.<br />
The Information Commissioners Office recently revealed that nearly a third of the 500 reports of data<br />
breaches it receives weekly are unnecessary or fail to meet the minimum threshold of a GDPR personal<br />
data breach. As many operations attempt to anticipate GDPR (or compliance with the General Data<br />
Protection Regulation), there remains an unfortunate atmosphere of confusion, or misunderstanding,<br />
when it comes to appropriate incident management under data protection regulation. Operations seem<br />
to struggle with the types of incidents or breaches that should be officially reported under GDPR.<br />
It is understood that ‘over-reporting’ is the most common reaction to perceived breaches. Whilst this is<br />
largely motivated by a desire for operational transparency and good compliance practice, clearing up<br />
misconceptions surrounding GDPR and data breaches can help businesses remain competitive by<br />
avoiding risky or costly penalties.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 86<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Identifying personal data breaches<br />
Over reporting is not a strategy as much as it is a scattered reaction to a data breach. Under GDPR<br />
compliance, which is far-reaching across European territories and beyond, there is a new urgency to<br />
officially report compromises that might upset data protection within your organisation. It is also<br />
considerably more important than a mere courtesy to your employees, but an attempt to strictly regulate<br />
the collection, movement, and storage of personal information, which is why it is most often a challenge<br />
to companies with access to larger amounts of data.<br />
Defined under the General Data Protection Regulation, a personal breach can be understood as a<br />
“breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised<br />
disclosure of, or access to, personal data transmitted, stored or otherwise processed” (captured in Article<br />
4, definition 12).<br />
Importantly, not all ‘breaches’ are equal in severity and, therefore, not every incident needs to be officially<br />
captured and reported. Any compromise that falls outside of the definition, according to GDPR<br />
compliance, or where the severity is limited, then action isn’t necessarily required. The goal for<br />
businesses should be clarifying whether action is officially required or not. But how does this look in<br />
everyday practice?<br />
It is always advisable to evaluate incidents and cases individually, determining the next actions based on<br />
the severity of each breach. Some breaches may affect or inconvenience the role of a single employee,<br />
whereas other, larger compromises can impact the emotional, physical, or financial lives of many.<br />
Any business that suffers a breach should plan to formally document what happened and any next<br />
actions, including whether it was reported or if it failed to meet the criteria. This can help businesses in<br />
the scenario that a decision is challenged.<br />
How soon should a breach be reported?<br />
All businesses are responsible for identifying, and responding to, breaches under data protection. Not<br />
only should businesses aim to have the right controls in place to promptly detect a breach, but they should<br />
report any compromises within 72 hours to the supervisory authority (which is summarised in Article 33).<br />
One of the most common misconceptions about compliance with GDPR is that this mandatory reporting<br />
period accounts for 72 “working” hours – whereas, a breach should be captured within 72 hours from the<br />
moment of discovery.<br />
Where employees or the public might be involved by unauthorised data breaches, those affected should<br />
be appropriately notified. In certain scenarios, a business may even need to release a press statement.<br />
This will allow those affected parties an opportunity to take precautions and guard themselves from any<br />
fallout.<br />
What needs to be officially reported?<br />
Compliance requires expertise. And failures, delays, or inaccuracies when businesses respond to the<br />
ICO’s request for information is increasingly common. Preparing for incident management within your<br />
organisation means understanding your responsibilities when a breach is detected and how it needs to<br />
be managed – including documenting actions.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 87<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Refer to the ICO’s data breach reporting assessment for the kinds of information required following a<br />
breach and the depth expected from your investigation. The ICO expects every business to demonstrate<br />
the depth and breadth of their investigation by responding to everything from breach discovery to<br />
management of its effects.<br />
Failure to respond properly to data breaches, under the GDPR, can result in heavy fines and penalties.<br />
The role of data protection cannot be underestimated, both in how your company plans to prevent<br />
breaches and how it will manage any future ones. Compliance with GDPR, even though commonly<br />
misunderstood, can define how your operation does business in the markets under data protection<br />
governance.<br />
About the Author<br />
Dan May is the Commercial Director at ramsac, providing secure, resilient<br />
IT management, cybersecurity, 24-hour support, and IT strategy to<br />
growing businesses in London and the South East.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 88<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Brave New World: Safari Content Blocking<br />
By Andrey Meshkov, CEO and CTO at AdGuard<br />
● Content blocking is not a priority for Apple and WebKit.<br />
● Content blocking in Safari is possible despite all its issues and limitations.<br />
● If we want to improve it, we need to contribute to WebKit ourselves.<br />
This article is about content blocking on Apple platforms, mainly iOS. Why is it important to talk<br />
about Apple? First of all, it's Apple, and it enjoys a large enough market share that many users<br />
will be affected by its content blocking capabilities (or lack thereof). Secondly, Manifest v3 is<br />
coming to Chromium, and half of the tech problems in Chromium have been solved, unlike Safari.<br />
There are a lot of similarities between the two, so we’ve been able to draw some conclusions<br />
about where Safari is falling behind. In this article, we’ll go over the content blocking methods<br />
available on iOS, and see how to get around the limitations when possible.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 89<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Content blocking in general: System-wide filtering<br />
There are only two options for content blocking: System-wide filtering and Safari Content Blocking.<br />
System-wide filtering is not as widespread as Safari Content Blocking for a number of reasons. However,<br />
it’s the only way you can go beyond Safari and do content blocking in other apps and browsers.<br />
Furthermore, System-wide filtering actually was possible even before Safari Content Blocking was<br />
introduced in 2015. One of the first content blockers on the App Store, in fact, was quite a popular app<br />
called WeBlock, which did system-wide filtering.<br />
All System-wide filtering methods are based on NEVPNManager API. Using a local tunnel, the app can<br />
filter DNS, use a PAC file to block requests, scan SNI, or even intercept TLS. You can have all these in<br />
your app, but unfortunately nothing comes without downsides. There are techniques to bypass DNS<br />
filtering and PAC files, and there are also some technical limitations. For example, there’s a strict memory<br />
limit that iOS imposes on VPN tunnel processes, and it will kill any process that uses over 15MB RAM.<br />
The App Store may not be consistent with Apple’s rules<br />
The App Store Guidelines, Section 5.4, VPN Apps, states: “Parental control, content blocking, and<br />
security apps, among others, from approved providers may also use the NEVPNManager API.” Вut still,<br />
there are no guarantees that your app will be allowed on the App Store.<br />
We at AdGuard have a sad history with the App Store. Everything was great back in 2015 when we<br />
launched the app, but then in 2018, Apple suddenly decided to ban all apps that did system-wide filtering.<br />
We even had to discontinue our AdGuard Pro app after that. Then after a year or so, they changed their<br />
decision again and the guidelines now contain an exemption specifically for parental control, content<br />
blocking and security apps. So we were back in business, the app was approved, and we started working<br />
on a major update, new features, and other cool stuff. In the beginning of 2020, we uploaded a major<br />
update and it was rejected again with pretty much the same wording as they had used two years before.<br />
The reviewer told me over the phone that it wasn’t his decision; they had gathered a committee that<br />
decided that they didn’t want to have a system-wide filtering app on the App Store. So in order to pass<br />
the review, we had to make some rather drastic changes to the app, go through the App Store appeal<br />
process and review board, and only then was it approved. At the same time, I see multiple apps that do<br />
very similar things to the ones that we weren’t allowed to, and nothing happens to them. This shows that<br />
an app may pass the review process, but some time later, another committee may kick the app out of the<br />
App Store—or it might never happen.<br />
The Safari Content Blocking API has issues and limitations...<br />
In contrast to system-wide filtering, there’s no controversy about Safari Content Blocking: it’s definitely<br />
allowed, and it’s safe to make an app that does it—but nothing good comes without complications, so<br />
let's see the issues and limitations of this API. Fortunately some of them can be solved; maybe not fully,<br />
but to an extent.<br />
Safari Content Blocking comes with no debugging tools for debugging content blocking. The only tool<br />
that’s available is the browser Console, where you can see which requests were blocked, but from the<br />
Console output it’s impossible to understand what rule is blocking those requests. Figuring it out can be<br />
an annoying, time-consuming process.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 90<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
AdGuard, EasyList and uBlock filters are based on the original Adblock Plus “core” syntax. It has since<br />
been extended, but the “core” part of it is the same among all popular content blockers. Safari Content<br />
Blocking rules have nothing in common with this syntax, which is a problem because we don't want to<br />
create special Safari-only filter lists. Also, Safari just doesn’t provide tools for that. What we want is to<br />
use the good old traditional filter lists like AdGuard and EasyList. For now, we’re using a real-time<br />
approach right on the device to automatically convert our rules into Safari Content Blocking rules for the<br />
AdGuard apps. This way we can convert about 90% of all Easylist & AdGuard filters so they’ll work on<br />
iOS.<br />
...And slow compiling...<br />
This point is actually pretty massive, because it’s the reason for some other limitations. Safari compiles<br />
every content blocker’s JSON file into a “prefix tree,” and the process is quite slow. For example, it takes<br />
over two seconds on a new MacBook Pro to compile a JSON with just a little over 30K rules.<br />
Compared to content blockers on other platforms, it takes less than a second for the AdGuard Android<br />
app to parse and compile a list with over 100K rules. The obvious difference, though, is that our Android<br />
app uses a different syntax which is not as complicated as regular expressions; perhaps it’s not that<br />
flexible, but it’s specifically optimized for matching URLs.<br />
It’s easy to explain the next limitation. A single content blocker cannot contain more than 50K rules, and<br />
that’s a hard-coded limit. We contacted the developers of WebKit (the browser engine behind Safari),<br />
and they told us that the main reason for this limitation is how slow the compiling process is. They may<br />
increase it a little bit because new devices are faster, but that won’t magically solve all our problems.<br />
There’s no room for a substantial improvement as long as the rules are based on using regular<br />
expressions. This limitation itself is a major problem. AdGuard Base filters + EasyList have 100K rules in<br />
total and simply do not fit within the limit.<br />
There are a couple of things to do in order to solve this issue. We can convert our rules to Safari Content<br />
Blocking rules now, but we also need some more modifications to make the resulting list as short as<br />
possible. One of the things we do is combine similar element-hiding rules into a single rule. This helps a<br />
lot, but it’s still not enough. Another thing that we do is remove obsolete or rarely used rules from the filter<br />
lists that we use in Safari. So in order to solve this sort of issue, filter list maintainers can use special<br />
“hints” to exempt rules from the “optimization” process.<br />
But that’s not all. Now, we come to the issue of multiple content blockers.<br />
AdGuard registers SIX content blockers for Safari, and the user is supposed to enable them all. So,<br />
does six content blockers actually mean that the limit is now 6 x 50K = 300K rules? Yes and no; it’s just<br />
not that simple. The problem is that these content blockers are completely independent, and the rules<br />
in them can’t influence each other. If one content blocker decides that a URL should be blocked, the<br />
other ones can’t undo that decision. Or, if one content blocker decides that some page element should<br />
be blocked, it will be blocked; the others can do nothing about it. But that’s not how it works in real life<br />
on other platforms. Different filter lists are supposed to interact with each other; a good example is<br />
EasyList supplementary language-specific lists: they may fix issues on some local websites.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 91<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
...And slow development<br />
This is basically the full list of changes implemented in Safari Content Blocking:<br />
● 2015 - Safari Content Blocking is implemented<br />
● 2016 - Added one new feature (make-https) and a couple of major bugs were fixed<br />
● 2017 - Added one more new feature (if-top-url) which is pretty useless, if you ask me, added<br />
content blockers to WKWebView, and fixed a couple of bugs<br />
Then it drastically slows down…<br />
● 2018 - fixed a couple of bugs, refactoring<br />
● 2019 - fixed a couple of bugs<br />
● 2020 - no significant changes so far<br />
This year, we and Cliqz, Brave, Adblock Plus and some other developers wrote an open letter and<br />
compiled a list of the most pressing issues. Regardless of the severity of those issues, it doesn’t mean<br />
that the WebKit developers are undermining content blockers. To us, it just seems like it’s not a priority<br />
for them, or maybe they have limited resources, or both.<br />
Do it yourself!<br />
Regardless of the reasons behind WebKit’s laxness, it seems the only option we have is to do it ourselves,<br />
since content blocking remains a priority to us. WebKit is open source and they are open to contributions,<br />
so that seems like a good way forward. We may want to start with a proposal or a detailed specification<br />
of the changes we would like to implement in WebKit and see if it gets approved. I hope it does, and then<br />
we can implement it ourselves.<br />
About the Author<br />
Andrey Meshkov is a co-founder and CTO of AdGuard ad blocker. He's<br />
been working in IT for over 15 years and has accumulated tons of<br />
experience not just in his primary work area, but also in related ones, such<br />
as online privacy concerns. Sometimes the urge to share his thoughts<br />
becomes too unbearable and he takes a break from coding to write an<br />
article or two.<br />
First Name can be reached online at (https://twitter.com/ay_meshkov/)<br />
and at our company website http://www.mycompany.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 92<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
When Businesses Get Hacked- Who Are the Victims?<br />
This article looks into who the victims are when an organisation comes under attack.<br />
By Nicole Allen, Marketing Executive, SaltDNA.<br />
<strong>Cyber</strong>-attacks occur every two and a half minutes, according to Government statistics, which is why<br />
ensuring that your company is protected and secure is critical. Threats can come in several different<br />
forms that vary depending on their severity. Hackers are deliberately trying to inflict damage in order to<br />
persuade employees to make one mistake which could allow them access into everything they need.<br />
The question is not "Which sectors are targeted the most?", as much as,”which sectors are the most<br />
likely to suffer the greatest loss as a result of a cyber attack?"<br />
Today's cyber criminals are not a homogeneous group. There are hackers who spend months at a time<br />
attempting to extract data and funds from a single company, and there are others who threaten hundreds<br />
of companies with phishing emails and other techniques, hoping to get a handful of curious workers to<br />
click on a mass email attachment and then extort money with a DDOS attack. These strategies result in<br />
their attack continually moving onto a new fresh batch of victims.<br />
So who are the victims of these attacks and how are they affected?<br />
Employees:<br />
The repercussions of cyber attacks are felt by companies across the globe. The global economy has lost<br />
5.2 trillion dollars over the past five years. <strong>Cyber</strong> attacks, however, go way beyond financial losses.<br />
A Kaspersky survey confirms that 31% of cyber attacks lead to job losses due to employees being<br />
involved with exposed customer data. According to the Data Security Breaches Report, 32% of all<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 93<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
organisations have reported cybersecurity breaches over the last 12 months. The method of attack<br />
varies, but well known examples are as follows:<br />
80% of attacks are phishing attacks<br />
28% is hackers impersonating an individual via emails or online<br />
27% are ransomware attacks when businesses come under threat.<br />
These attacks all take advantage of employees and pose major threats to companies.<br />
A strong security plan must include sufficient controls to maintain a basic level of security and a tracking<br />
system to investigate attempts to breach the policy, which should be accompanied by training for all<br />
employees. When it comes to defending themselves from cyber attacks, many businesses fail to<br />
recognise that their people are as important as the cyber tools which they deploy. There are a variety of<br />
low-tech tactics used by hackers to take advantage of employees. Such tactics include: baiting,<br />
unsubscribe buttons, social engineering, keylogger and internal threats.<br />
It is in the best interests of all companies to guarantee that their workers have all the expertise, knowledge<br />
and skills they need to help protect the company and themselves from catastrophic cyber attacks and<br />
data breaches. This means ongoing education and training, with the active participation of the IT<br />
department of the organisation. All employees in the workforce should receive training to understand data<br />
processing, security, secure communications and disposal best practises from the moment they start with<br />
the organisation. It is not appropriate to underestimate the danger of cybersecurity threats, and it is up to<br />
employers to ensure that their workers have the resources required to ensure their business data is<br />
secure at all times.<br />
Business Owners:<br />
A successful cyber attack will cause your organisation to suffer significant harm. It can impact your bottom<br />
line, as well as the customer confidence of your brand. It is possible to narrowly divide the effect of a<br />
security breach into three different categories: financial, reputational and legal.<br />
<strong>Cyber</strong> attacks can cause devastating consequences to a company, almost to the point where it could<br />
shut a business down. A 2018 IBM study looked at 477 companies from 15 countries that had suffered<br />
some form of data breach and asked them how the organisation was impacted by these cyber-incidents.<br />
From this study, the healthcare sector was by far the most vulnerable in terms of overall damages from<br />
a hack. In fact, this sector registered average costs of more than $400 per compromised customer record.<br />
Financial services, at just over $200 a record, was a distant second. The financial loss usually is caused<br />
by corporate identity theft, financial information theft (e.g. bank data or credit card data), money theft,<br />
trade interruption (e.g. failure to carry out online transactions) or loss of trade or contract.<br />
Trust is an integral element of the relationship between customers and businesses. <strong>Cyber</strong> attacks can<br />
harm the credibility of your organisation and erode the trust your clients have in you. In turn, this could<br />
potentially lead to: customer loss, loss of sales and a drop in earnings. The effect of reputational harm<br />
may also affect your suppliers, or affect the relationships you might have with your company's partners,<br />
investors and other third parties.<br />
From a legal standpoint, data protection and privacy laws expect you to manage the security of all<br />
personal data owned by you, whether it be your employees or your clients. You can face fines and<br />
regulatory penalties if this information is unintentionally or purposely breached as a result of the company<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 94<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
failing to enforce adequate security measures. British Airways is a prime example of this having been<br />
fined £20 million for a data breach which affected more than 400,000 of their customers.<br />
Customers:<br />
<strong>Cyber</strong> attacks are more likely to occur as cybercrime becomes more profitable. The short-term and longterm<br />
impact that cyber attacks could have on your organisation are important to understand.<br />
Similarly to the business owners having their reputation negatively affected, customers' perception of the<br />
company will change for the worst. According to Forbes Insight report, 46% of organisations were found<br />
to have suffered damage to their reputations and brand value as a result of a data breach. In other words,<br />
once the public sees an organisation in a bad light, its reputation is almost impossible to fix. Just ask<br />
Toyota, or any of the other brands that have suffered a data breach Tesla, or Hancock Health, are just<br />
about the worst light to be in.<br />
Lawsuits and fines are other long-term consequences that affect business’, there has been a huge<br />
increase in class action lawsuits in both the US and UK as victims seek monetary compensation for the<br />
loss of customers data. When cyber attacks leak large quantities of personal information, civil lawsuits<br />
are common. Sometimes, these cases take years and are costly to resolve. According to a report by<br />
security firm Norton, 978 million people in 20 countries lost money to cybercrime in 2017.<br />
How can you prevent your business from falling victim to a cyber attack?<br />
Even the most robust of organisations can be affected by data breaches. Managing the risks accordingly<br />
is very important. An efficient cybersecurity incident response plan and secure communications platform<br />
will assist you in preventing an attack from occurring in the first place, but also elevate pain when having<br />
to manage potential incidents when they do arise. If you're still reading, you will be very aware you're<br />
vulnerable to cyber crime. It is the new normal for all sizes of businesses, big or small. Media reports<br />
concentrate on corporate mega attacks and breaches, but small businesses are the new frontier for cyber<br />
criminals, as discussed earlier.<br />
At SaltDNA we work with organisations across the world of all sizes to enable them to have secure,<br />
confidential conversations wherever they are, at any time. Your best bet to ensure that the possibility of<br />
a cyber attack never becomes your reality is to enforce a secure communications platform alongside a<br />
comprehensive and ongoing employee education on cyber security.<br />
For more information on this article, sign up for a free trial or to talk to a member of the SaltDNA team,<br />
please contact us on info@saltdna.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 95<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About SaltDNA<br />
SaltDNA is a multi-award winning cyber security company providing a fully enterprise-managed software<br />
solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered<br />
encryption techniques to meet the highest of security standards. SaltDNA offers ‘Peace of Mind’ for<br />
Organisations who value their privacy, by giving them complete control and secure communications, to<br />
protect their trusted relationships and stay safe. SaltDNA is headquartered in Belfast, N. Ireland, for more<br />
information visit SaltDNA.<br />
About the Author<br />
Nicole Allen, Marketing Executive at SaltDNA. Nicole completed her<br />
university placement year with SaltDNA, as part of her degree<br />
studying Communication, Advertising and Marketing at University of<br />
Ulster. Nicole worked alongside her degree part time during her final<br />
year and recently started full time with the company having<br />
completed her placement year with SaltDNA in 2018/19.<br />
Nicole can be reached online at (LINKEDIN, TWITTER or by<br />
emailing nicole.allen@saltdna.com) and at our company website<br />
https://saltdna.com/.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 96<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Security and Remote Management: What Is the Market<br />
Looking Like as We Head Towards <strong>2021</strong>?<br />
By Gil Pekelamn, CEO, Atera<br />
For many IT professionals and managed service providers (MSPs), remote management has always<br />
been part of the deal. Especially in this generation’s global economy, service providers are not always<br />
local to their clients, and it is much more efficient and effective to be able to support customers from afar.<br />
The big difference since the COVID-19 pandemic hit the headlines, is that employees are now working<br />
from home, which is a whole different ball game to managing anyone working from an office environment.<br />
Instead of managing a centralized location, there are now multiple remote offices - all with different needs<br />
and security set-ups.<br />
When working from home, employees are much more likely to be using personal devices, or shared<br />
computers, and yet they are still accessing sensitive customer information, much of which is governed<br />
by compliance regulations. Home networks are less secure than office networks, with weaker protocols<br />
in place. A single vulnerability could bring a whole network down, compromising an entire company.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 97<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
A Checklist for Remote Management of Home Workers<br />
With many companies already extending WFH policies to continue through to Q2 of <strong>2021</strong>, and maybe<br />
even longer, and the FBI reporting a 400% increase in cybercrime since the start of the pandemic,<br />
security procedures are still more important than ever.<br />
It’s therefore essential that security teams up their game. Here are 5 top tips for IT professionals looking<br />
to secure their employee or client remote environments, and better educate end-users about working<br />
from home:<br />
1. Educate Against Phishing Threats: Nearly all cyberattacks come from a malicious link or<br />
attachment, which can only be effective if an employee falls for the scam. Keep your employees<br />
up to date on the latest threats, which sadly, at the moment, are leveraging fear around COVID-<br />
19, such as promising a vaccine or suggesting you have been in contact with someone that has<br />
tested positive.<br />
2. Don’t Forget Patch Management: Patched software is secure software, so whatever your<br />
process, make sure that no employees are running old versions or even end of life software at<br />
home. The best technology partners will allow you to automate the install and update of your<br />
software via vendors such as Chocolatey or Homebrew, so that you’re never behind the times.<br />
3. Think Home Network Vulnerabilities: You may need to think a little out of the box when it comes<br />
to protecting home networks. For example, how secure are your employee’s router settings, and<br />
what smart devices do they have which are connected to the home network? Take a thorough<br />
inventory of all connected devices, and start from there.<br />
4. Multi-Layered is the New Secure: There’s no such thing as a silver bullet for enterprise security<br />
anymore, so your best bet is a layered approach to cybersecurity. This might start with user<br />
education for example, followed by URL or script blocking, and then file scanning and integrity<br />
monitoring, and so on. Even if an attacker gets through one line of defense, the next is ready and<br />
waiting.<br />
5. Have a Disaster Recovery Plan: If all else fails, a robust disaster recovery plan will mean you<br />
can get back up and running as quickly as possible. Include a plan for business continuity,<br />
protecting sensitive information, minimizing financial loss and disruption to end-users, and an<br />
incident response plan to remain compliant with any relevant regulations.Make sure that your<br />
technology and service providers recognize the importance of securing this kind of unknown<br />
environment.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 98<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Looking Ahead to <strong>2021</strong>, and Beyond<br />
At the moment, none of us know what ‘the new normal’ is going to look like. For some, working from<br />
home will become commonplace, while others might move to a more hybrid way of working, some days<br />
from the office, some from home. We do know that organizations won’t want to risk being caught short<br />
again, struggling to securely manage at the same time as ensuring business continuity.<br />
This signals a real change in mindset for today’s IT professionals. Many companies historically saw IT<br />
as a cost, rather than an investment. They couldn’t see the value in having IT support managing<br />
operations proactively, preferring to hope for the best and call in an expert if and when something needed<br />
attention, on a break-fix model. The pandemic has changed that, showing business stakeholders that<br />
they can’t afford to be unprepared, and that they need a proactive approach to managing both IT and<br />
security.<br />
The important thing when targeting this investment, will be to ensure that security plays well with the rest<br />
of an organization’s IT ecosystem, whether that’s integrated in their professional services automation<br />
such as helpdesk software, or their remote management and maintenance, like remote access<br />
technology for example. If security is reliant on employee behavior or on multiple additional steps or<br />
vendor solutions, you’re going to struggle to ensure that you don’t have gaps.<br />
If, on the other hand, security comes as part of a package deal, you don’t need to rely on employee or<br />
customer education alone. Think about software updates and patching that happen automatically without<br />
any impact on your business operations. Consider a backup solution that is working silently and<br />
effectively in the background. Onboard 2FA as part of the deal for employees from day one. Altogether,<br />
you’re creating a much more resilient and robust environment in which to work.<br />
About the Author<br />
Gil Pekelman is the CEO and Founder of Atera. Under Gil’s<br />
leadership, Atera has grown into the most innovative, industry leading<br />
platform for MSPs both large and small. Prior to founding Atera, Gil<br />
held senior positions at Indigo NV, (now a division of HP) and Exanet<br />
(acquired by DELL). He has a degree in Economics and Management<br />
from Tel-Aviv University and is the sole inventor of three patents.<br />
https://www.atera.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 99<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Working from Home? You’re Not Alone<br />
The rise of cyber hacks in an age of remote working – and how to prevent them<br />
By Steve Hanna, Embedded Systems Work Group Co-Chair at Trusted Computing Group<br />
(TCG) and Jun Takei, Japan Regional Forum Co-Chair at Trusted Computing Group<br />
Technology is replacing a number of real-life activities, helping to maintain a level of normalcy and<br />
connection with familiar faces amid unprecedented times. As remote working continues to prove an everessential<br />
trend in light of our current global climate, organizational networks have expanded from single<br />
offices to cross-country residential spaces, from kitchens to spare rooms.<br />
In fact, according to global tech market advisory firm ABI Research, Connected Home devices are<br />
expected to become more popular in the coming months, with a 30% year-on-year sales increase<br />
projected, with more than 21 billion Internet of Things (IoT) devices expected by 2025. Cloud services<br />
have also been adopted at an increasing rate by organizations to deliver remote services and, with 84<br />
percent of enterprises now running on a multi-cloud strategy, is expected to account for 70 percent of<br />
tech spending this year. As a result, collaboration tools, including various video conferencing platforms,<br />
are being used far more frequently as companies adjust to the new normal of telework. Meanwhile, social<br />
media and video calling services such as FaceTime are allowing families and friends to stay connected<br />
and streaming services are providing entertainment on a more personal level.<br />
This new normal brings with it changed user habits and, with inadequate security protection on these<br />
devices, an increased level of risk in the form of new unknowns such as hacked devices and distributed<br />
denial of service attacks. Connected Home and other IoT disrupts our traditional methods of business,<br />
acting as a bridge between the virtual and physical world and offering new, almost limitless benefit for<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 100<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
workforces and education. However, at the same time, it also increases the number of opportunities<br />
available to hackers that have never been possible before; remote work is a game changer for society,<br />
bringing huge benefit, but it is crucial that we also understand the risks. Faced with a more integrated<br />
and widespread network, security protection against business email compromise, data thefts and scams<br />
is something that all organizations and users must implement. As a result, it is critical that organizations<br />
invest in collaborative tools to enable remote workers to do their jobs securely whilst adhering to<br />
protective stay-at-home initiatives worldwide.<br />
It Starts at Home<br />
Working from home presents a communication barrier between employees, preventing instant, in-person<br />
discussions about suspicious digital activity that they may observe, for example an unusual email. The<br />
only current replacement of these face-to-face discussions is virtual conference calls – another popular<br />
security oversight and target for attackers. However, while this face-to-face communication is important,<br />
it is not essential to security protection measures, given that the correct automated detection and<br />
prevention security mechanisms are put in place. To successfully protect these avenues of online<br />
correspondence, it is vital that organizations work to become more security-conscious, starting with the<br />
user and their awareness of attacker behavior.<br />
Such measures can be difficult due to the added distractions faced by workers at home, including<br />
childcare and deadline pressures, among other things. From a technical perspective, the home network<br />
should not be trusted as it brings new vulnerabilities and is unable to support devices in the same way a<br />
corporate business network would, making a Virtual Private Network (VPN) essential. In some cases, a<br />
home PC may be used for other purposes by other members of the family, or an employee may want to<br />
use their personal device to access corporate information, for example with a work USB. This misuse not<br />
only provides opportunities for information hacking within the network, but also physically exposes<br />
devices to threats. Such technical risks, combined with the rushed and unpredictable nature of home<br />
working, presents a wide range of vulnerabilities that hackers can take advantage of as they get ever<br />
smarter. However, it is not enough to advise employees as to the correct device and data conduct at<br />
home; organizations need to go beyond this to accept the given risks and implement the appropriate<br />
protection mechanisms.<br />
To prevent device protection from being overlooked amid the irregularity of working from home,<br />
organizations should consider investing in training for remote workers to increase user awareness or<br />
more thorough backup systems. These can be crucial for safe, efficient and secure business operations,<br />
as well as helpful for maintaining normalcy. Preventative measures can also be taken on an<br />
administrative level, especially during video conferencing over collaboration platforms. For example,<br />
using unique access codes for each meeting, enabling a waiting room to keep track of meeting<br />
participants and limiting shared screen options within the meeting, privacy can be protected. By having<br />
the knowledge to put basic security measures in place, question browser pop ups and access a backup<br />
system if things become corrupted, organizational breaches – and breakages – can be prevented.<br />
Securing Devices from the Inside, Out<br />
With many countries having passed the peak of the COVID-19 pandemic, it is expected that this ‘new<br />
normal’ will continue far into our future, meaning that the demand for remote device security is not likely<br />
to wane. In answer to this search for long-term, full-coverage protection, Trusted Computing Group (TCG)<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 101<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
has been working to develop device security which protects against these new-found risks that have<br />
come with our “new normal” from the inside. Offering agility and fast deployment, Trusted Computing<br />
ensures multi-layered security to safeguard corporate confidential information and personal data against<br />
the growing sophistication of interception and threats in the realm of remote working, not only within PCs<br />
but also among IoT and cloud-connected devices and networks.<br />
Such solutions come in the form of hardware-based, embedded security subsystems, such as the Trusted<br />
Platform Module (TPM). When implemented, these chips create a reliable trust relationship between<br />
interconnected devices, protecting against cyberthreats. Their cost-effective nature enables<br />
organizations to affordably protect entire networks of devices, securing systems thoroughly and<br />
efficiently. TCG specifications are needed to collaborate with government guidelines for a saferconnected<br />
future. This includes not only internal components such as the TPM, but also the use of<br />
security reinforcing authentication mechanisms, such as multi-factor authentication or longer passwords.<br />
Within a network, it is also encouraged to use device provisioning, ensure strong user authentication<br />
mechanisms, employ PKI based certification and conceal the whole system via a hardware-based rootof-trust.<br />
Many of these measures are already available for use in commercial entities and government<br />
digital infrastructures and are recommended for full-coverage data protection.<br />
COVID-19 has significantly impacted society, having pushed Digital Transformation (DX) in many places<br />
all over the world. Where working from home was not previously standard practice before the pandemic,<br />
many organizations now see it as the future of business, education and collaboration. However, while<br />
DX has been long-awaited among society, we must simultaneously implement the appropriate security<br />
protection measures in order to realise its full benefit, and more must be done to create this safe and<br />
secure digital ecosystem. The nature of technology, and therefore cybersecurity, is that it is everchanging;<br />
as devices advance, so do threats. Organizations, having implemented the current<br />
recommended measures, must ensure they remain vigilant and keep systems, software and backups<br />
updated for the ultimate protection. To do so, the integrity of the network endpoints needs to be measured<br />
and constantly monitored to avoid endpoint compromises. In adapting to our new normal and changing<br />
environment, it is vital that we adjust to the new technology challenges rapidly and proactively. By<br />
employing this security-first approach and building on these essential principals of updating, protection<br />
and resilience, billions of IoT and cloud systems will benefit, providing a safe, secure future despite a<br />
growing cybersecurity risk in our increasingly connected world.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 102<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Authors<br />
Steve Hanna is the co-chair of the Embedded Systems Work Group in the<br />
Trusted Computing Group (TCG) and Senior Principal at Infineon<br />
Technologies. Hanna is a member of the Security Area Directorate in the<br />
Internet Engineering Task Force, also serving as the liaison from the TCG<br />
to the Industrial Internet Consortium. He is the author of several IETF and<br />
TCG standards and published papers, an inventor or co-inventor on 47<br />
issued U.S. patents, and a regular speaker at industry events. He holds a<br />
Bachelor’s degree in Computer Science from Harvard University. Steve<br />
Hanna can be reached online at tcg@proactive-pr.com and at our company<br />
website: https://trustedcomputinggroup.org/.<br />
Jun Takei is the co-chair of the Japan Regional Forum in the Trusted<br />
Computing Group and is a Principle Engineer in Intel. Since joining Intel,<br />
he has been responsible for technology policy and standards, and has<br />
a wealth of experience in the Internet and wireless communications from<br />
both a technology and policy point of view. From 2004 to 2015, he was<br />
a board member of the one of the most successful Internet research<br />
consortiums, the WIDE project, and has also spent time lecturing at Keio<br />
University. Now, he is working as the director of Security and Trust<br />
Policy in Intel. Jun can be reached online at tcg@proactive-pr.com and<br />
at our company website: https://trustedcomputinggroup.org/.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 103<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Best Network Protection: Go Deep or Go Broad?<br />
Combining Breadth and Depth Brings Full Protection<br />
By Albert Zhichun Li, Chief Scientist, Stellar <strong>Cyber</strong><br />
Almost since the beginning of network security, vendors and practitioners have wrestled with choices<br />
between going deep and going broad for their security solutions. Mostly, the choice varies between<br />
predominantly one or the other. Going deep typically means careful monitoring and analysis of certain<br />
types of threats or behaviors at the cost of not examining a much broader range of activity. Solutions that<br />
are broader may lack the clarity and fidelity to make fast, accurate alerting. They also may miss important<br />
indicators.<br />
The battle to protect data, systems, users and networks has been far from easy. Today, a more interesting<br />
headline might announce when a data breach has not occurred. The odds are heavily in favor of<br />
attackers to penetrate a network and have free rein to engage in theft or damage. These high-value<br />
attacks are human-run and employ multiple approaches over a period of time. The now commonly<br />
acknowledged north, south, east and west type of activities work for an attacker to systematically, and<br />
sometimes serendipitously, accomplish their mission. One step, such as reconnaissance through some<br />
kind of scanning, will lead to a next and a next. This reality means that both depth and breadth are<br />
important if an organization has any hope of curtailing an attack.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 104<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
As solutions for eXtended Detection and Response (XDR)—and perhaps other categories of solutions—<br />
emerge, one of the more important questions they will have to face is this ongoing one between depth<br />
and breadth. Depth and breadth can work together to ensure higher fidelity alerts with a low number of<br />
false positives. The ability to understand potential attacker activity with detail as well as context can make<br />
all the difference in flagging something that is truly important. To be productive, activities must be<br />
identified that are both abnormal and malicious.<br />
Breadth is important since attackers use multiple tactics, largely sequentially. The ability to see the<br />
connectedness between events gives security groups a substantial advantage. This “seeing the forest<br />
for the trees” can identify something that might otherwise be missed or provide the fidelity to prevent<br />
“crying wolf” too many times. Breadth can also unify the strength of individual security solutions, each<br />
with its own area of expertise and specialization.<br />
Depth brings important details and may answer a number of the “who, what, where, when, how”<br />
questions. EDR systems, for instance, are best at understanding endpoint activity, CASB solutions are<br />
primed to make sense of certain cloud activities. UEBA tools help examine who did what on the network.<br />
Of course, it is simply not possible that one tool or system can do everything with full expertise and<br />
precision. This is why the idea of not only integrating but also aggregating key findings from a myriad of<br />
tools is so powerful. Sharing “the best of” from each system ensures that the whole is more valuable than<br />
sum of the parts. In this way, breadth and depth can combine and work together to minimize any tradeoffs<br />
of design to produce better results.<br />
Breadth should also work to fill any gaps between detections provided by various systems that might<br />
exist. Usually this means gaps in scope, but sometimes it might mean limitations or delays in what data<br />
is provided by a security system and when. Sensors can help fill this gap that inevitably exists. Logs may<br />
also provide supplemental information, but they generally cannot be depended on for timely insights and<br />
may be limited in what is captured. They can also be manipulated.<br />
Depth and breadth are good things, and vendors and practitioners should continue to build expertise in<br />
both areas. Still, to gain an upper hand against attackers, organizations cannot afford to choose between<br />
the two. Uniting these two dimensions will help even the odds.<br />
About the Author<br />
Albert Zhichun Li is the Chief Scientist at Stellar <strong>Cyber</strong>. He is a worldrenowned<br />
expert in cyber security, machine learning (ML), systems,<br />
networking and IoT. He is one of the few scientists known to heavily<br />
apply ML to security detection/investigation. Albert has 20 years of<br />
experience in security, and has been applying machine learning to<br />
security for 15 years. Previously, he was the head of NEC Labs’<br />
computer security department, where he initiated, architected and<br />
commercialized NEC’s own AI-driven security platform. He has filed<br />
48 US patents and has published nearly 50 seminal research papers.<br />
Dr. Li has a Ph.D. in system and network security from Northwestern<br />
University and a B.Sc. from Tsinghua University.<br />
Albert can be reached online at Zli@stellarcyber.ai and at our<br />
company website http://stellarcyber.ai<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 105<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong>security Predictions For <strong>2021</strong><br />
Preparing for the “next normal”<br />
By Topher Tebow, <strong>Cyber</strong>security Analyst (Malware), Acronis<br />
For cybersecurity professionals, this year began more or less like any other. Fast forward to April, and<br />
nearly half of the American workforce was working from home — relying on remote access tools and<br />
cloud services for everyday business needs. It’s been a time of great challenges and opportunities.<br />
We’ve finally settled into the “new normal,” but cyberthreats continue to evolve and respond to the new<br />
environment. As we look forward to <strong>2021</strong>, here are a few of our cybersecurity predictions:<br />
1. Attackers will continue targeting remote workers<br />
It goes without saying that the COVID-19 pandemic has fundamentally changed how business is done<br />
these days. Ninety-two percent of global organizations adopted new IT technologies this year, driven by<br />
the need to enable or expand their remote operations. Work-from-anywhere is the new normal, and with<br />
that comes a new IT infrastructure — and myriad associated security and privacy risks.<br />
Companies have rushed to integrate new tools and services for collaboration and remote access, but<br />
often lack the time to thoroughly vet these solutions — or the budget to work with tested vendors, and to<br />
properly train IT staff. Countless organizations are currently using misconfigured solutions (or ones that<br />
are simply of dubious quality), and are at elevated risk as a result.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 106<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
2. Threats against MSPs, cloud services, and businesses will rise<br />
With data accessibility at the center of everyday business operations — and remote access and<br />
collaborative features more necessary than ever — IT services are a requirement for every organization.<br />
Small and medium businesses are particularly reliant on managed service providers (MSPs) to fulfill this<br />
need.<br />
We’re already seeing an increase in attacks against MSPs and cloud service providers — no surprise,<br />
given their status as a prime attack target. Successfully compromising a service provider is a far more<br />
efficient prospect than targeting individual businesses, as it allows cybercriminals access to the provider’s<br />
entire customer base in one fell swoop. Expect to see this trend continue.<br />
3. Data exfiltration will become a bigger threat than encryption<br />
While we expect ransomware to hold its position as the number-one cyberthreat to businesses in <strong>2021</strong>,<br />
the structure of these threats is shifting. In the near future, we expect that stealing sensitive data — rather<br />
than simply encrypting it on infected systems — will be the primary form that ransomware strikes take.<br />
<strong>Cyber</strong>criminals seek to monetize every attack, and recent trends have demonstrated that exfiltrating data<br />
greatly increases the odds of successfully negotiating a ransom demand. The prospect of having<br />
sensitive data — like trade secrets or personally-identifiable customer and employee information — sold<br />
or publicly released adds tremendous pressure to companies and government entities. Data protection<br />
and data loss prevention solutions will be particularly important in the coming year.<br />
4. Automation and personalization will cause malware samples to skyrocket<br />
Advances in computing power and artificial intelligence are kicking the malware development cycle into<br />
overdrive. <strong>Cyber</strong>criminals can build and iterate new cyberthreats with dizzying speed, sending out waves<br />
of attacks and using the results to shape their next variants.<br />
In addition, these threats are increasingly personalized — purpose-built for their targets using information<br />
mined from corporate websites and social media profiles. As spear-phishing campaigns have shown time<br />
and again, those who make the effort to tailor attacks in this way are often rewarded with an increased<br />
success rate.<br />
The industrialization of malware and social engineering campaigns poses a significant threat to modern<br />
businesses. The average lifetime of a malware sample is now down to a mere 3.4 days, severely<br />
hampering the effectiveness of signature-based detection. Now more than ever, it’s critical for<br />
organizations to invest in complete cyber protection solutions that can effectively detect and block both<br />
known and unknown cyberthreats.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 107<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
5. Malware will explore new targets<br />
Ransomware threats are expanding beyond their traditional purview of Windows and macOS desktops.<br />
Within organizations, increasingly-exposed industrial control systems (ICS) make a tempting target for<br />
takeover and extortion.<br />
Both at home and in the office, the growing adoption of the internet of things (IoT) — especially in<br />
connection with 5G — will continue to present new areas for infection in the form of smart devices. While<br />
internet-enabled appliances themselves don’t tend to store large quantities of data (nor particularly<br />
sensitive information), they present a potential attack vector towards their manufacturers — and may be<br />
incorporated into DDoS-fueling botnets.<br />
6. Preparing for the next wave of cyberthreats<br />
This has been a challenging year for businesses, to be sure. And we face a slew of new challenges in<br />
<strong>2021</strong>. Expect new tactics, never-before-seen malware, relentless automation, and attacks against<br />
surfaces that may not be well protected.<br />
Now more than ever, an intelligent and integrated approach is necessary to stay safe in the digital space.<br />
Businesses must invest in solutions that can stand toe-to-toe with the latest cyberthreats and provide<br />
complete cyber protection.<br />
About the Author<br />
Topher Tebow is a cybersecurity analyst, with a focus on malware tracking and<br />
analysis, at Acronis. Topher spent nearly a decade combating web-based<br />
malware before moving into endpoint protection. Topher has written technical<br />
content for several companies, covering topics from security trends and best<br />
practices, to analysis of malware and vulnerabilities. In addition to being published<br />
in leading cybersecurity publications, Topher has spoken at InfoSec conferences,<br />
and is an active part of the Arizona cybersecurity community. Topher can be<br />
reached online at @TopherTebow on Twitter, and at our company website<br />
https://www.acronis.com/.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 108<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Why 'Thinking Small' Is the Way to Stop Ransomware<br />
and Other <strong>Cyber</strong> Attacks<br />
By Yuval Baron, CEO at AlgoSec, explains why micro-segmentation is one of the most<br />
effective methods to limit the damage of attacks on a network<br />
On August 15, 2020, the cruise line Carnival Corporation fell victim to a cyber-attack that may have<br />
resulted in the loss of personal data of millions of passengers and crew members.<br />
Carnival is the world's largest travel and leisure company with approximately 13 million passengers per<br />
year. The company has not revealed how many customers or which of their individual brands were<br />
affected but what we do know is that law enforcement agencies were been notified because one of the<br />
brands reported a ransomware attack that broke through an encrypted part of their network.<br />
This is not the first time that Carnival's security measures have been circumvented by hackers. In 2019,<br />
a cyber attack on Princess Cruises and Holland America Line resulted in the loss of the personal data of<br />
hundreds of passengers and crew members. The criminals stole names, social security numbers,<br />
passport numbers and credit card information.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 109<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Carnival’s experience will feel all too familar to some businesses. In fact, we recently started working with<br />
two organizations who fell victim to high-profile ransomware attacks earlier this year, and reached out to<br />
us after the event to help prevent and mitigate such attacks in the future by tightning their security posture<br />
and limiting attack surface.<br />
While many believe that looking at the big picture is the best way to find solutions to protect large<br />
corporations, the answer actually lies in something much smaller - the micro-segmentation of the network.<br />
Damage limitation through micro-segmentation<br />
Hackers are never going to give up targeting large corporations, and ransomware attacks like that on<br />
Carnival will never disappear. Moreover, as criminals become increasingly sophisticated, it has become<br />
difficult to fully protect your network. What companies can do, however, is limit the potential damage<br />
hackers can cause if they do gain access to sensitive company or customer data.<br />
One way to do this is through network micro-segmentation, which is regarded as one of the most effective<br />
methods to reduce an organization’s attack surface. A lack of it has often been cited as a contributing<br />
factor in some of the largest data losses in ransomware attacks.<br />
Micro-segmentation minimizes the damage that hackers can do if they gain access, by stopping lateral<br />
movement across your networks. Just as the watertight compartments in a ship should contain flooding<br />
if the hull is breached, segmentation isolates servers and systems into separate zones to contain<br />
intruders or malware as well as insider threats, limiting the potential security risks and damage.<br />
Controlling the borders<br />
Although micro-segmentation is recognized as an effective method to enhance security, some<br />
businesses have been slow to adopt it because it can be complex and costly to implement, especially in<br />
traditional on-premise data centers.<br />
Moving to virtualized data centers with Software-Defined Networking (SDN) and cloud connectivity<br />
removes some of these barriers. The flexibility of the SDN enables more advanced, granular zoning,<br />
allowing networks to be divided into hundreds of micro-segments. To achieve this level of security in a<br />
traditional data center would be prohibitively expensive and too complicated to implement.<br />
But virtualized data centers do not eliminate all the stumbling blocks. Enforcing security policies and<br />
firewall configurations on all systems and across different IT environments would still have to be done<br />
manually. But this is an enormous task for the IT security department. This time is then lacking for large<br />
projects. The use of a filtering policy enforced by the micro-segmented structure is therefore still<br />
necessary and writing this policy is the first and biggest hurdle to be overcome.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 110<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Simplification of micro-segmentation through security automation<br />
Automated network management makes it much easier for companies to define and enforce their microsegmentation<br />
strategy. It also ensures that critical business services are not blocked due to<br />
misconfiguration and that compliance requirements are met. It autonomously performs application<br />
discovery based on Netflow information and identifies unprotected data streams on the network that<br />
neither pass through a firewall nor are filtered for an application. It automatically detects changes in the<br />
network that collide with the current micro-segmentation setting, immediately suggests policy changes<br />
based on this information and, if desired, automatically and validated enforces them.<br />
So although micro-segmentation can be a costly and time-consuming process, solutions are now<br />
available to significantly speed up, improve and reduce the cost of setup and maintenance. An SDN data<br />
center and cloud combined with security automation puts companies on the road to effective protection<br />
against ransomware attacks of all kinds.<br />
About the Author<br />
Yuval Baron the CEO of AlgoSec. Prior to founding AlgoSec,<br />
Yuval Baron co-founded Actelis Networks Inc. in 1998 where<br />
he served as its CEO until 2002. Actelis Networks is the<br />
leading provider of high performance, scalable broadband over<br />
copper solutions. During his tenure, Actelis Networks raised<br />
$75 million in three separate funding up-rounds from investors<br />
including USVP, NEA, Walden, Carlyle, Salomon Smith<br />
Barney, France Telecom, Sumitomo, and Vertex. Prior to<br />
Actelis, Mr. Baron was vice president of sales and marketing<br />
at RIT Technologies (Nasdaq: RITT), a provider of network<br />
infrastructure solutions for data centers and communication networks. At RIT, he built a distribution<br />
network across 55 countries and drove revenue growth which led to a successful IPO. Prior to RIT, Mr.<br />
Baron spent a decade with Comverse Technology (Nasdaq: CMVT), a leading global provider of telecom<br />
business solutions. Mr. Baron has a B.Sc. in Mathematics, Computer Science, and Economics (Cum<br />
Laude) and an MBA in Finance. Yuval can be reached online at https://twitter.com/AlgoSec and at our<br />
company website https://www.algosec.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 111<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Your Vulnerabilities are Making You Miss Your<br />
Misconfigurations<br />
IT organizations regularly configure asset discovery tools in ways that leave them open to abuse by<br />
attackers; Vendor configuration documentation lacks details on the risk.<br />
By Evan Anderson, Director of Offense, Randori<br />
The security industry pays lots of attention to vulnerabilities and the need for patching. While there is a<br />
need for this, the industry has over-indexed on vulnerability management in the past couple decades.<br />
What doesn’t get as much attention, and is often more important to an attacker, are things like common<br />
misconfigurations or an improper implementation that introduces unintended risk. I can say with<br />
confidence that some vendor-recommended implementation strategies are widely abused by redteamers<br />
and attackers to achieve their objectives. I’ve been taking advantage of these types of flaws<br />
since the early 2000s, and it’s so common that red-teamers developed tooling to take advantage of faulty<br />
configurations.<br />
At Randori, we regularly see improper implementations,suggesting many blue-teamers are unaware of<br />
the risks of certain configuration methods. Vendor documented implementation methods -- that are<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 112<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
commonly used by IT orgs -- can introduce unintended risk into your environment. And the challenge is<br />
that improper implementations can be near impossible to spot, and even more problematic to fix.<br />
Let’s take a closer look at this problem, using asset discovery tools as an example -- specifically<br />
ServiceNow Discovery. Organizations have rightfully started using auto discovery tools in order to find<br />
services, applications, and devices to mitigate the exposure of misconfigs before attackers can take<br />
advantage of them. These tools give companies a better understanding of what systems are on their<br />
network, their patch level, and how the systems are configured. Discovery tools programmatically log into<br />
systems and run commands to check their configuration.<br />
Unfortunately, asset discovery tools can themselves be improperly configured. This will increase risk to<br />
an organization rather than reducing it.<br />
Before I go on, a note: ServiceNow Discovery is not vulnerable or bad, nor is Virima or BMC Helix<br />
Discovery (other asset discovery tools that suggest similar implementations), it's simply a concrete<br />
example recently used by my team. The problem: When ServiceNow Discovery, BMC Helix Discovery or<br />
Virmia are configured with password credentials rather than a private key, they can easily be taken<br />
advantage of by an attacker.<br />
It’s low risk to use this weakness to for a multitude of reasons:<br />
1. I don’t have to make an exploit (which is expensive and takes time)<br />
2. I can just sit on the network and it will give me credentials - I don’t have to do any discovery or<br />
port scanning.<br />
3. I won’t trigger an alert. In many cases alerts associated with discovery tools are ignored or disable<br />
because they are considered benign (and with good reason).<br />
4. I don’t have to brute force entry (which could trigger alerts).<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 113<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
“Discovery” explores UNIX and Linux devices utilizing SSH to execute commands on the system in<br />
question. In order to run the exploratory commands, “Discovery” must have some sort of credential in<br />
order to access the system. ServiceNow’s documentation has two ways to configure these credentials.<br />
One is username and password -- the other is via an SSH key. It is more secure to use SSH private key<br />
credentials rather than an SSH password, but password credentials are often preferred because they are<br />
easier to configure. In fact, the ServiceNow Discovery documentation does explicitly state: “SSH private<br />
key credentials are recommended over SSH password credentials for security reasons.” However, it<br />
doesn’t go into detail.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 114<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
ServiceNow Discovery Documentation<br />
People use passwords more than private keys because of the ease of deployment. Simply add an<br />
account to the system with a password and you’re in. Private key authentication has the extra steps<br />
generating the key pair, protecting the private key and copying the public key into place on the server<br />
systems.<br />
Capability in Action<br />
Let’s assume then as the attacker, I have gained access to a network by compromising a Linux system<br />
and am looking to move laterally to other systems. I begin by quietly observing or sniffing the network<br />
traffic with the goal of gaining situational awareness attempting to figure out what I can see and what I<br />
have access to.<br />
While watching network traffic, I notice an IP address attempting to connect to my compromised system<br />
on TCP port 22 (the default port for SSH servers.) So I know somebody or something is attempting to<br />
login via SSH. I quickly spin up an SSH server I control, and wait.<br />
Often the username for these types of asset discovery tools reference the product in some way. For<br />
instance `ServiceNowUser`. Just armed with that information, I know those credentials likely work on<br />
other *nix systems (UNIX, MacOS, FreeBSD, linux) and users are trained to ignore logins from that<br />
user.<br />
Now I’m off to the races -- I can steal leaked credentials and move laterally to other systems on the<br />
network, with little operational risk. And credentials are often used to verify patch states and system<br />
configurations, thus I have access to that data on each system, giving me a lot more information to do<br />
my job easily and stealthily.<br />
For anyone implementing a new technology consider taking the extra time to configure using a private<br />
key vs. a password (more on the advantages here). Review documentation thoroughly and pay special<br />
attention to best practices. Ask your vendor to give more details on security best practices if they aren’t<br />
included in the documentation. Some configurations may be quick wins for a project, but be careful you<br />
aren’t inadvertently giving away the keys to the kingdom.The details are important to understanding<br />
what risk you are accepting.<br />
Any software that is used on a network should be viewed as part of the attack surface, and thus must<br />
be considered when calculating risk. Purchasing a tool is not the solution to the problem, and may in<br />
fact cause more harm than good. You must allow teams the time to understand the ramifications of a<br />
product, how to properly implement and how to utilize tools properly in your environment. Recognize<br />
the risk you’re taking if you’re asking your team to implement something on a shorter timeframe -- that<br />
often means not as secure.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 115<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Evan Anderson is the Director of Offense at Randori – where he leads<br />
the company’s Hacker Operations Center. In this role, Evan leads a<br />
team developing new and novel offensive capabilities for Randori’s<br />
automated attack platform.<br />
Evan can be reached online at linkedin.com/in/attack/ and at<br />
www.randori.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 116<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Are Your Organization’s Critical Assets Five Steps or<br />
Fewer from A <strong>Cyber</strong> Attacker?<br />
By Gus Evangelakos, Director Field Engineering, XM <strong>Cyber</strong><br />
<strong>Cyber</strong>security is an asymmetric battle -- and one in which attackers hold an unfair advantage. Adversaries<br />
maintain the initiative and can attack from novel and unexpected angles, while defenders are forced into<br />
a reactive role.<br />
The asymmetric nature of cybersecurity isn't the sole reason data breaches continue to rise every year,<br />
of course. The popularity of cloud computing and constant expansion of the attack surface also present<br />
substantial ongoing challenges for today's organizations.<br />
This raises an interesting question: Just how quickly can critical assets be exfiltrated by cyber attackers?<br />
The 2020 Verizon Data Breach Investigations Report (DBIR) sheds some light on how attacks are<br />
unfolding -- and why adversaries often need only a handful of steps to expose the most valuable "crown<br />
jewel" assets.<br />
The Landscape Has Never Been More Favorable for Adversaries<br />
Understanding just how vulnerable your systems are is key to assessing risk. This applies to the specifics<br />
of our security environments and the larger conditions that affect how and why breaches occur.<br />
Misconfiguration errors -- which remain at epidemic levels -- are one reason why attack paths are often<br />
so short and direct. Cloud migration mandates, building remote workforce capabilities, managing access<br />
on the fly -- all of the demands placed on IT professionals create conditions that are highly conducive to<br />
misconfigurations. If you look at the highest-profile data breaches of the last five years, misconfigurations<br />
pop up as the culprit again and again.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 117<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Launching successful attacks has also never been easier or more accessible, particularly for adversaries<br />
with low to moderate skill and limited resources.<br />
● Deloitte estimates a low-end cyber-attack costing just $34 a month could generate $25,000..<br />
● A phishing campaign for $30 a month can return $500 a month.<br />
● Keylogging can return $723 a month for as little as a $183 investment.<br />
● More sophisticated attacks costing a few thousand dollars could return as much as $1 million per<br />
month<br />
Yet whether you're dealing with an amateur equipped with cheap darknet malware or a sophisticated<br />
Advanced Persistent Threat, one thing doesn't change: Nobody wants to waste time on hard targets. The<br />
shortest path is always the most attractive.<br />
Five Steps -- Or Less -- From Danger<br />
Attackers have many paths they can choose to target specific assets. Defenders, meanwhile, must try to<br />
visualize and map all the variables related to those paths and manage any vulnerabilities -- certainly no<br />
small task. Hardening the environment by reducing the number of obvious pathways is vitally important,<br />
as many attackers will simply move on to the next target when faced with a resilient security posture.<br />
Attackers are just as concerned about efficiency and ROI as any conventional business.<br />
This means that organizations that can develop security robust enough to require a long procession of<br />
steps are best positioned to deter attacks. Verizon's 2020 DBIR shows that the average breach requires<br />
fewer than five steps. Beyond 20 steps, attacks begin occurring with vastly less frequency. Interestingly,<br />
hacking and malware-based attacks tend to be highly overrepresented among attacks requiring more<br />
than 10 steps, while attacks based on errors, misuse or social paths are highly clustered within the fewerthan-five-steps<br />
category.<br />
Adversaries prefer short paths and rarely attempt longer or more complex attacks -- the numbers attest<br />
to this. This means that any action taken to increase the number of steps adversaries must take also<br />
increases the odds of a successful breach.<br />
What Organizations Can Learn From This<br />
Deterring attackers often comes down to one thing: Being a harder target than the next guy. Adversaries<br />
will typically take the path of least resistance. In practical terms, this means focusing on a few key areas:<br />
●<br />
●<br />
●<br />
Creating a true security culture within your organization. It's essential to create buy-in from the C<br />
suite on down. Every strategic decision should be viewed, in part, through the lens of<br />
cybersecurity.<br />
Human error -- the kind that can compromise critical assets in a few short steps -- is inevitable.<br />
Raising awareness of best security practices through routine training will only do so much before<br />
returns begin diminishing. One way to manage this risk is to commit to a security posture focused<br />
on continuous improvement.<br />
Automated penetration testing (using tools such as breach and attack simulation software) can<br />
help develop a harder and more resilient security environment. By continuously probing your own<br />
defenses for vulnerabilities, you can uncover gaps before they are exploited and wrest the<br />
initiative from attackers -- making the battle of cybersecurity less asymmetrical.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 118<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
●<br />
Gaining insight into how attackers can move laterally to compromise your assets is a core<br />
challenge. Determine how many steps would it take and what remediation steps will close the<br />
attack path. Again, automated penetration testing tools that provide prioritized remediation<br />
recommendations can be helpful in this regard.<br />
In Conclusion<br />
Given that critical assets are often just a handful of steps from danger, it's imperative to harden your<br />
security environments and work toward continuous improvement. For more information on this topic, I<br />
heartily recommend a recent webinar hosted by Security Scorecard that delves into these issues in<br />
greater detail.<br />
About the Author<br />
Gus Evangelakos is the Director of North American Field Engineering at<br />
XM <strong>Cyber</strong>. He has extensive experience in cybersecurity, having<br />
managed implementations and customer success for many major global<br />
brands such as Varonis, Bromium and Comodo. Gus has spent a<br />
decade also working on the client-side, supporting IT infrastructure and<br />
cybersecurity projects. He has a strong background in micro<br />
virtualization, machine learning, deep learning (AI), sandboxing,<br />
containment, HIPS, AV, behavioral analysis, IOCs, and threat<br />
intelligence. Gus can be reached online via LinkedIn and at our<br />
company website http://xmcyber.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 119<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Moving to Active <strong>Defense</strong>: What It Means, How It Works<br />
and What You Can Do Now<br />
By Ofer Israeli, CEO and founder, Illusive Networks<br />
Despite the myriad cybersecurity solutions out there, breaches, attacks and exploitations continue. The<br />
old approach isn’t working; cybersecurity teams need to move from a passive approach to one that’s<br />
more active. And MITRE’s introduction of Shield addresses this directly. MITRE, the federally funded notfor-profit,<br />
has made it clear that active defense, rather than the standard whack-a-mole responsive<br />
defense, is paramount in the fight against cybercrime.<br />
With the release of their Shield framework, MITRE has shifted the cybersecurity focus to active defense<br />
techniques. Government IT teams that know the latest strategies and recommendations put their<br />
agencies in a strong position to remain secure.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 120<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
MITRE Shield introduces active defense<br />
The MITRE Corporation’s goal is to “solve problems for a safer world.” Shield is an active defense<br />
knowledge base constructed from over a decade of enemy engagement. With it, MITRE is trying to gather<br />
and organize what it has been learning with respect to active defense and adversary engagement. This<br />
information ranges from “high-level, CISO-ready considerations of opportunities and objectives to<br />
practitioner-friendly discussions of the TTPs available to defenders.” MITRE hopes that Shield will<br />
encourage discussion about active defense and how defenders can use this information to get the upper<br />
hand.<br />
But what exactly does active defense mean? And what do organizations need to know?<br />
Understanding active defense<br />
Active defense entails the use of limited offensive action and counterattacks to prevent an adversary from<br />
taking digital territory or assets. Active defense covers a swathe of activities, including engaging the<br />
adversary, basic cyber defensive capabilities and cyber deception. Taken together, these activities<br />
enable IT teams to stop current attacks as well as get more insight into the attacker. Then they can<br />
prepare more thoroughly for future attacks.<br />
MITRE makes it clear in its discussion of Shield that deception capabilities are a necessity in the modern<br />
security stack to truly deter and manage adversaries. In Shield’s new tactic and technique mapping,<br />
deception is prominent across eight active defense tactics—channel, collect, contain, detect, disrupt,<br />
facilitate, legitimize and test—along with 33 defensive techniques.<br />
What agencies need to know<br />
Government organizations are continuous targets for bad actors, whether it’s nation-state attackers<br />
seeing proprietary information or more run-of-the-mill criminals looking to cause chaos and obtain some<br />
PII they can exploit.<br />
There is a huge amount of intellectual property within government agencies. A lot of the intellectual<br />
property that’s created in the U.S. that is of interest to adversaries is in the DoD supply chain or is being<br />
submitted to the U.S. Patent and Trademark office. Government agencies are holding some of the most<br />
valuable and sensitive data sets, including lawsuits being handled by the Department of Justice and<br />
counterterrorism tracking in the Department of Homeland Security.<br />
Bad actors attempt to sneak into these environments and then gain access to even more impactful<br />
information – like stealing the security clearance forms for 20 million people from the Office of Personnel<br />
Management. Analysts estimate that critical breaches of government networks have increased by a factor<br />
of three to six, depending on the targets.<br />
Agencies also need to know and avoid the misconceptions about deception. A prevailing misconception<br />
is that deception is synonymous with honeypots, which have been around for a long time and are no<br />
longer effective. And to make them as realistic as possible requires a lot of management so that if<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 121<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
attackers engage with a honeypot, they won't be able to detect that it is not a real system and therefore<br />
know they're in the middle of getting caught.<br />
A second misconception is that deception is overly complicated and complex, with comparatively little<br />
ROI. Security organizations could enjoy the benefit of using deception technology – which is lightweight<br />
and has a low cost of maintenance – but are not engaging because they think it’s an overwhelming,<br />
complex approach that they won’t get enough value from.<br />
The reality is that deception technology is not the same as honeypots. That’s how deception began, but<br />
it has evolved significantly since then. Today’s deception takes the breadcrumb/deceptive artifact<br />
approach that leads attackers on a false trail, which triggers alerts so that defenders can find and stop<br />
the attackers in real time. Only unauthorized users know the deceptions exist, as they don’t have any<br />
effect on every day systems, so false positives are dramatically reduced. These aspects of deception<br />
technology add tremendous security and financial value to the IT security organization.<br />
Raise your Shield<br />
The attack surface that security teams must secure continues to expand rapidly as attacker tactics evolve<br />
– whether through nation-states attack teams, insider threats, for-hire groups or others. The forced digital<br />
transformation during the pandemic, and long-term ramifications that have resulted from it, points to the<br />
need for a more robust approach to protecting critical assets. And this is where active defense is key. It<br />
is likely that the MITRE Shield will become a standard to measure security proficiency by. Government<br />
agencies need to expand that proficiency by including the best practice of deception to their security mix.<br />
About the Author<br />
Having pioneered deception-based cybersecurity, founder and CEO of<br />
Illusive Networks Ofer Israeli leads the company at the forefront of the<br />
next evolution of cyber defense. Prior to establishing Illusive Networks,<br />
Ofer managed development teams based around the globe at Israel’s<br />
seminal cybersecurity company Check Point Software Technologies and<br />
was a research assistant in the Atom Chip Lab focusing on theoretical<br />
Quantum Mechanics. Ofer holds B.Sc. degrees in Computer Science<br />
and Physics from Ben-Gurion University of the Negev.<br />
Ofer can be reached on Twitter @ofer_israeli and at<br />
https://www.illusivenetworks.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 122<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How Next-Gen Identity Governance and Administration<br />
(IGA) Fits in with Your Hybrid IT Strategy<br />
By Thomas Müller-Martin, Global Partner Technical Lead, Omada<br />
More and more organizations are using a hybrid IT environment that combines both on-premises and<br />
cloud-based applications. The rise of remote work, driven by the pandemic, has only increased the speed<br />
of this transformation. In fact, Gartner predicts that more than 75% of midsize and large organizations<br />
will have adopted some kind of multi-cloud or hybrid IT strategy by <strong>2021</strong>.<br />
While this approach brings many advantages, it can also make it harder to get a transparent view of who<br />
has access to which IT systems and applications within the organization. As organizations continuously<br />
move more workloads to digital services, they will need a more solid approach to identity management.<br />
Identity Governance and Administration (IGA) has become a cornerstone of solid IT security, allowing<br />
organizations to implement processes for controlling, managing and auditing access to data, which is an<br />
important prerequisite to reduce the security risk.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 123<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The growth of hybrid IT<br />
Cloud adoption shows no signs of slowing down – in fact, IT spending overall continues to shift to public<br />
cloud computing. Gartner analysts believe that more than 45% of IT spending on system infrastructure,<br />
infrastructure software, application software and business process outsourcing will shift from traditional<br />
solutions to cloud by 2024.<br />
The cloud has been integral for many companies’ capability to stay productive during the shift to remote<br />
work, and it also comes with plenty of other advantages – like the cost savings of not having to house an<br />
on-premises data center. That said, not every business can or should shift entirely to the cloud. Some<br />
things have to remain on-premises and as a result, hybrid IT is growing.<br />
However, these new solutions must still maintain regulatory compliance and secure collaboration across<br />
the organization and with partners and customers. They must support the rapid adoption of new digital<br />
services while respecting security and compliance. The solutions need to protect the brand and IP while<br />
acting in a complex ecosystem. The organization must therefore manage the risk while maintaining<br />
business agility and increasing efficiency.<br />
The role of identity governance and access management<br />
Ensuring security and staying compliant means that identity access management and identity<br />
governance are key. Migrating to the cloud creates potential exposed openings for attackers and different<br />
vulnerabilities, so organizations must revise their risk and security management.<br />
Therefore, they need to have a vision for secure cloud adoption and then establish appropriate<br />
governance. It is important to ensure that a well-functioning, future-proof architecture for identity<br />
management and access governance is implemented. This architecture should secure the organization<br />
long-term and ensure correct data flows across disparate systems and directories.<br />
An organization must know its identities and related accounts before enabling users to access and use<br />
cloud services. Companies must make sure that federated identities from suppliers, partners or<br />
customers are governed in a proper manner. Ideally, this should happen before collaboration begins, and<br />
the correct processes must be established and implemented. Organizations should also establish “local”<br />
security mechanisms, such as access request and certification, and they must also establish policies for<br />
cloud services.<br />
What organizations need to know<br />
When an organization uses an IGA solution, it allows the IT department to manage and govern all user<br />
access rights across a hybrid IT environment. Among the elements IGA processes oversee are:<br />
• audit and compliance reporting to ensure continuous risk overview<br />
• managing access to resources across an organization’s hybrid IT environments (on-premises and<br />
cloud-based applications)<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 124<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
• performing access reviews and certifications across all cloud and on-premises applications<br />
• onboarding of new employees and offboarding leavers<br />
• a structured approach to onboarding applications<br />
• managing access to applications on a granular level in compliance with company policies,<br />
handling of access assignment policies and provisioning<br />
The ability to process these elements effectively lets companies ensure compliance, save money and<br />
minimize the risk of data theft by insiders and hackers. A key factor in doing this well is ensuring that<br />
business systems are only accessible to those who need to use them to do their job – the “least privilege”<br />
approach.<br />
Take control<br />
As cloud adoption soars, hybrid IT shows no sign of slowing down. Market forces have converged to<br />
make this standard operating procedure. But that means, for regulatory and security reasons,<br />
organizations must get control of who has access to which parts of their distributed business systems.<br />
To ensure security, compliance and efficiency, businesses need IGA processes in place. These<br />
processes protect organizations from incidents that could damage their reputation or, in the worst case,<br />
cause them to go out of business. In the era of the cloud, with skyrocketing cyber threats and stringent<br />
legislation such as GDPR, having best practice IGA processes in place has become a license to operate.<br />
Implementing an IGA solution should be seen as a strategic investment, empowering organizations to<br />
realize significant business value.<br />
About the Author<br />
Thomas Müller-Martin is Global Partner Technical Lead at<br />
Omada. He has spent more than 15 years in identity and<br />
access management. As the implementation of identity-centric<br />
cyber-security strategies become more and more relevant for<br />
enterprises around the globe, he helps Omada partners to<br />
make their Identity Governance and Administration journey a<br />
success.<br />
Thomas can be reached online via LinkedIn and omada.net.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 125<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Analytics & Security Insight On <strong>2021</strong> And Beyond<br />
Predictions for the Future of the Security Space<br />
By Billy Spears, Chief Information Security Officer, Alteryx<br />
2020 has been a year unlike any other, with unforeseen challenges creating hurdles for businesses in<br />
every sector of the economy. As companies look for ways to insulate themselves from future shocks<br />
while preparing for the year ahead, insider insights can help companies to understand how societal and<br />
economic trends have and will impact their industries and what to expect in <strong>2021</strong>. Below, I share a few<br />
predictions that will help leaders stay ahead of the curve and tackle anything that <strong>2021</strong> throws at them.<br />
First, I believe that in <strong>2021</strong>, zero-trust security will become the new normal. The work-from-anywhere<br />
concept has created an interesting opportunity for CISOs to consider strategic approaches for managing<br />
non-traditional security risks. To accommodate this shift, we’ll see corporate security departments<br />
expanding the perimeter into associates’ homes to ensure that cyber risks are not unknowingly introduced<br />
into the corporate network. <strong>2021</strong> will see CISOs working with HR, further pushing to increase each<br />
associate’s cyber awareness to proactively recognize and report related risks, meaning that “zero-trust<br />
security” will be the new standard methodology for supporting associates working remotely. CISOs must<br />
adopt this model as it improves secure access to corporate resources through continuous assessment<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 126<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
and intent-based authentication policies. Furthermore, Virtual Private Network (VPN) connections must<br />
become a default setting to increase protections for associates requiring remote access.<br />
Additionally, citizen data scientists will play a bigger role in preventing cyber attacks in <strong>2021</strong>. As workers<br />
everywhere become more comfortable working with data, the ability of a business to deliver value in data<br />
processing and analysis increases exponentially. Their ever-expanding skillset increases value by<br />
delivering actionable insights from terabytes of otherwise impenetrable data to help the company<br />
forecast, mitigate risk and fraud, deliver relevant products to their customers and improve cybersecurity<br />
defensiveness. Effective cybersecurity threat hunting has always been built around the constant pursuit,<br />
near capture and repeated escapes of adversaries attempting to infiltrate a corporate network. Using a<br />
powerful analytics platform that enables machine learning capabilities is crucial to detect and address<br />
cybersecurity threats more rapidly by providing security departments with the ability to examine large<br />
volumes of data to uncover trends, identify patterns and deliver actionable intelligence.<br />
With the further democratization of data, <strong>2021</strong> will see citizen data scientists more and more playing a<br />
key role in helping security teams enhance and simplify their cyber defense technologies by precisely<br />
detecting future attacks, proactively identifying security blind spots across the network and protecting<br />
valuable company information.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 127<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
processes across the organization.<br />
Billy Spears, Chief Information Security Alteryx. He<br />
is responsible for overseeing enterprise cybersecurity<br />
and associated risk management practices. With a<br />
strong focus in both internal and external security, Billy<br />
ensures that Alteryx associates, customers, partners<br />
and vendors are thoroughly protected via state-of-theart<br />
policies, processes and technologies. His passion<br />
for architecting and implementing strategic solutions<br />
that build trust, enable resilience and incorporate core<br />
principles are driving transformation and simplifying<br />
Billy brings more than 20 years of experience leading and building teams in the information and security<br />
space across both the corporate world and the federal government. His strong background in information<br />
and security across different industries and verticals is critical in enforcing best practices within all areas<br />
of the business. Billy’s informed guidance and strategic approach to risk management and security efforts<br />
is instrumental in improving protections as Alteryx and the larger self-service analytics market continues<br />
to grow and expand across the globe.<br />
Prior to joining Alteryx, Billy served as executive vice president and chief information security officer at<br />
loanDepot, a market leader and online mortgage lender for consumers. While in this role, Billy helped<br />
create the first security enabled digital home loan experience for consumers – a game-changing<br />
advancement in the mortgage business. Billy has held similar positions at companies like Hyundai Capital<br />
America, General Electric and Dell, as well as the U.S. Department of Homeland Security. He is also a<br />
veteran of the U.S. Marine Corps.<br />
Billy is an adjunct cybersecurity professor for Webster University and a member of the company advisory<br />
board for Cymatic, a web application defense platform. Billy holds a bachelor’s degree in information<br />
technology from National University and received his MBA from University of Phoenix.<br />
Billy can be reached online on Twitter at his handle @BillyJSpears and at our company website<br />
https://www.alteryx.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 128<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Innovation, Automation and Securing A “Work from<br />
Anywhere” Environment In The Middle East<br />
By Mazen A. Dohaji, Vice President, India, Middle East, Turkey & Africa (iMETA),<br />
LogRhythm.<br />
Throughout 2020, enterprises and public sector organizations across the Middle East have been<br />
managing disruption and finding new ways to work. The challenge as we begin <strong>2021</strong> is to not just survive<br />
but thrive in this new business environment. That requires adopting new tools and creating a secure<br />
foundation that keeps users connected and moving forward.<br />
While many organizations have experienced lockdowns and quarantines throughout 2020, security and<br />
infrastructure teams are looking at how to provide flexible working while maintaining their cybersecurity<br />
posture. Users have shifted to a diverse and changeable working environment while cyberattacks in the<br />
Middle East have surged.<br />
The UAE saw cyberattacks increase from 43,000 in April 2020 to peaks of 120,000 in July and 123,000<br />
in August, according to the UAE’s Telecommunications Regulatory Authority (TRA). Between April and<br />
August, there was a 186% increase in cyberattacks in the country, which tracks closely with lockdown<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 129<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
estrictions. Organizations have to be prepared for further uncertainty in <strong>2021</strong> and take action to manage<br />
their risk in the long term. What they can be certain of is that cyberattacks will continue to be a pain point<br />
and have the potential to spike again in <strong>2021</strong>.<br />
‘Work from Anywhere’<br />
Security Operations Center (SOC) teams should be reviewing and reflecting on 2020 and thinking about<br />
how they will support dynamic working environments that aren’t just working from home or in the office<br />
but look more like “work from anywhere” scenarios. Most organizations have evolved tremendously over<br />
the last 12 months and SOC teams need to stay in-tune with current operational norms and expectations<br />
of both users and business managers. SOC teams should question the state-of-play for their organization<br />
in <strong>2021</strong> and ask if their business is prepared for a new dynamic and fluid working environment. They<br />
should ask themselves:<br />
1. What did we learn about our systems and processes throughout 2020?<br />
2. What changes do I need to make to optimize our approach to security in the new year?<br />
3. How do we secure a workforce that is fluid and moving between remote and on-premises?<br />
4. Are my security controls and infrastructure built for this, or am I taking additional risk?<br />
5. What is the state of play for security visibility in this flexible environment?<br />
6. How prepared are we to change and adapt in case we are ready to come back to a fully officebased<br />
operation by the summer?<br />
7. What do our users want? How can we enable their success?<br />
8. Where do we start with so much uncertainty?<br />
Based on their responses, they should take action to ensure that their security posture matches the<br />
organization’s requirements and ensure it is ready to flex and adapt as needed. There are a few basic<br />
steps all organizations in the Middle East should be evaluating and prioritizing.<br />
User Vulnerability<br />
The first step for SOC teams across the Middle East should be to re-enforce best practice within their<br />
organizations and spend time educating users about policies, guidelines and best practices. Internal<br />
communications to users drive awareness and understanding of security risks. This should be increased<br />
and combined with more training. If training took place at the beginning of the pandemic, then<br />
organizations should be revisiting this in <strong>2021</strong>.<br />
Whether it is in the private or public sector, user-based threats, like compromised accounts, increase risk<br />
and exposure across organizations. Human nature is still a primary vulnerability in an already complex<br />
threat landscape.<br />
Endpoint is the Bottomline<br />
SOC teams need new levels of visibility that are built to serve both remote and office-based working.<br />
They should be focused on the collection and correlation of endpoint, VPN and other pertinent<br />
infrastructure data like employees connecting back into the corporate network, identity and access<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 130<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
management, as well as monitoring collaboration technologies like Office 365, Teams, Zoom, and Slack.<br />
It is about gaining visibility and control over the users’ ICT ecosystem and understanding where to, from,<br />
and how employees are authenticating and accessing data and applications.<br />
When an intrusion is suspected, they need to be able to qualify the threat and assess its potential impact.<br />
They can only do that if they have captured a wide variety of activity occurring on their endpoints and<br />
servers in real-time. Every organization should be able to search rich forensic data to understand when<br />
and how the incident occurred, and then contain the compromise with an endpoint lockdown.<br />
Automate Everything<br />
While automating everything might not be possible today, SOC teams should be exploring automating<br />
as many processes as possible. They are capturing massive amounts of data, which has made<br />
automating security processes a necessity. Not only does it eliminate human error, it ensures that precise<br />
decisions can be made at speed. SOC automation tools reduce an organization’s time to qualify (TTQ)<br />
and mean time to respond (MTTR) to a security threat. TTQ refers to the average time it takes to<br />
determine whether an incident is benign or should be considered a threat that requires<br />
investigation. Research by the Ponemon Institute found that it took organizations an average of 280 days<br />
to identify and contain a data breach in 2020.<br />
For most private and public sector organizations, that “wait time” is way too long. In a risky and uncertain<br />
time, they can’t wait for a human to perform an action that could be executed by a Security Information<br />
and Event Management (SIEM) solution with Security Orchestration, Automation and Response (SOAR)<br />
capabilities.<br />
Reinventing the Wheel<br />
When it comes to visibility and automation, there’s no reason to reinvent the wheel. SOC teams don’t<br />
have to develop all of this themselves. Instead, they should look for one-click, out-of-the box automation<br />
solutions that help them meet local compliance requirements and quickly deliver for their organizations.<br />
In markets like the Kingdom of Saudi Arabia, predefined reports and use cases can be made immediately<br />
available to organizations so they can meet local cybersecurity controls. This can be a way to quickly<br />
enhance an organization’s security posture while being able to demonstrate compliance.<br />
It also increases cost-efficiencies and enables local organizations to bridge skills gaps in the Middle East<br />
and benefit from both local and global expertise. Pre-defined use cases and reports can make it simpler<br />
and easier to deploy and enhance security in <strong>2021</strong>.<br />
<strong>2021</strong> and Beyond<br />
Rapid digitalization across the private and public sector in the Middle East is only going to continue in<br />
<strong>2021</strong>. The digital transformation and flexible working boom that started in 2020 will accelerate. This<br />
means that cybersecurity has to continually evolve to match the needs of rapidly changing ICT<br />
ecosystems. Adaptability and agility are critical and that starts with a secure foundation. Throughout<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 131<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>2021</strong>, SOC teams should review, reflect and adapt as their operational environment continues to change<br />
and unexpected events influence the threat landscape.<br />
About the Author<br />
Mazen A. Dohaji has worked for LogRhythm for more than 6 years, where he<br />
started as a Senior Regional Director for India, Middle East, Turkey & Africa<br />
(IMETA) and is now Vice President for IMETA. He has 26 years of IT industry<br />
wealth in the Middle East region and more than 3 years in the SIEM<br />
space. Mazen is driven by market challenges and has extensive knowledge<br />
of the Middle Eastern Security market. This has led him to be the trusted<br />
advisor for major government entities and large enterprises across the region.<br />
He has also won “Top Performer” awards in multiple multinational<br />
organizations including IBM (formerly Informix), HP, and McAfee.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 132<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Peer-To-Peer <strong>Cyber</strong>security Insights For <strong>2021</strong><br />
Based on real practitioners’ experiences<br />
By Stuart Berman, IT Central Station Super User<br />
December is typically a month when people who work in the IT field offer predictions for the coming year.<br />
2020 has been a highly atypical year, however, so it’s a bit daunting to think about what’s coming over<br />
the horizon. Yet, my company is in a unique position to engage in prognostication. We source user data<br />
directly from users in the trenches. In a year when travel has not been possible, IT professionals could<br />
not rely on the traditional get-togethers and in-person discussions to get advice and feedback from other<br />
industry experts. Online review sites such as our have boomed as a result. With that in mind, here are<br />
five predictions for cybersecurity, based on what are learning from real practitioners.<br />
Countermeasures and security operations catch up with containerization and microservices—<br />
While neither containerization nor microservices are new, they have reached a level of adoption that calls<br />
for a revised approach to cloud security. I say revised, versus new, because it’s easy to get pulled into<br />
“It’s all different, trash everything you’re doing” discussions. These are traps to avoid, as are the seductive<br />
but in my view false ideas like “Firewalls are dead in the cloud. You just need good code.” No, principles<br />
like <strong>Defense</strong> in Depth don’t go away just because you’re running virtualized services in the cloud. Rather,<br />
securing containers and microservices calls for new, virtualized versions of familiar technologies like<br />
firewalls.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 133<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Automation of security processes and SecOps becomes the norm—This has also been a long time<br />
coming, but the security field has reached a point where manual processes will no longer suffice. There<br />
is just too much going on, too many threats to mitigate, too many alerts to handle. Instead, solutions like<br />
Security Orchestration, Automation and Response (SOAR) will become “must haves” in the Security<br />
Operations Center (SOC). SOAR solutions use automated “playbooks” to handle threats at a speed that<br />
people cannot possibly match by hand.<br />
Multiple security and related systems become more deeply integrated—The need to integrate the<br />
different elements of a security program will become more pressing in <strong>2021</strong>. This goes along with<br />
automation. As security incident response becomes automated, it will make sense to eliminate manual<br />
handoffs between the systems that power the response, e.g., the SOAR solution will connect with the IT<br />
ticketing system via Application Programming Interfaces (APIs) for generating and assigning tasks.<br />
Security moves a lot faster—Security processes, along with the systems that support them, will start to<br />
move a lot faster in <strong>2021</strong>. This might take the form of increased automated system updates versus<br />
manual re-installs, to name just one possible example. Automation also naturally moves processes along<br />
at a far faster clip than was previously possible.<br />
Security partners more closely with other corporate groups—Security, as well as its close cousin,<br />
compliance, will require more collaboration between multiple groups inside an organization. With privacy,<br />
for example, there will likely be much closer coordination between legal teams and engineering. For<br />
example, to ensure the “right to be forgotten” under GDPR and CCPA, the legal team has to have a<br />
thorough understanding of how the consumer’s rights will be honored through technology. To get it right,<br />
everyone is going to have to learn to speak across organizational boundaries.<br />
In general, I think <strong>2021</strong> is going to be a year when the dialogue between vendors and buyers starts to<br />
become more holistic and productive. The cloud computing trend, as well as the growth of DevSecOps<br />
and SOAR, are leading to a situation where the old “My solution is better than their solution” argument<br />
just really falls flat. We are hearing this in so many ways on the site. Buyers no longer care so much if a<br />
solution is 99% effective versus a competitor that is 98%. Good security managers want to understand<br />
how a solution will work in context, for a particular business use case.<br />
One thing is for sure: It’s going to be an interesting year. Let’s all stay safe.<br />
About the Author<br />
Stuart Berman, IT Central Station Super User<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 134<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Transitioning to Remote Work: The Apps You’ll Need to<br />
Ensure A Productive Workforce<br />
By Ikechukwu Nnabeze, SEO Copywriter, Traqq<br />
The world is changing at a swift pace. A couple of years ago, remote work was an unheard term in the<br />
business world; it was a privilege enjoyed by a select few. However, this is no longer the case as more<br />
organizations are embracing working from home and its associated benefits. Even workers and team<br />
leaders are now quick to sing about the many positives that it brings.<br />
Before the pandemic, working outside the office wasn’t an accepted idea among employers. However,<br />
current health risks have changed many minds. Everyone has been forced to adapt and become flexible<br />
about how things should be done. Employees who have tasted the work-from-home setup would prefer<br />
to continue if given the option.<br />
It’s true that there’s no one-size-fits-all when it comes to deciding the sustainability of remote work for<br />
your business. Even so, it helps to know the best apps that will help your team transition in this permanent<br />
setup. After all, there are several business risks in remote work. Fortunately, there are tech solutions that<br />
can mitigate these common problems. These modern digital apps help you to coordinate and monitor<br />
your staff, no matter their location. From time tracking software to free collaboration tools for remote<br />
teams, there are several ways to ensure productivity among your employees.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 135<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Tool to Prevent Miscommunication: Slack<br />
It’s easy to lose proper communication while transitioning to a remote working structure. It’s one of the<br />
common issues companies face, which can lead to a massive dip in productivity. For starters, workers<br />
can no longer talk to each other face to face as they used to. The ease of walking over to a teammate’s<br />
desk to ask questions and come up with solutions to a problem is no longer there. This can lead to a<br />
messy communications network where vital information can get lost.<br />
While emails will work in a scenario where all employees commute to a physical workplace, it’s less<br />
feasible with remote work. It’s difficult to hold continuous conversations over emails, especially when you<br />
need to talk to many people on small issues at the same time.<br />
To create an effective workflow and boost productivity, you need a tool like Slack. This is an instant<br />
communication tool that comes with two primary modes of communication:<br />
• Channels message<br />
• Direct message<br />
Using these two modes, employees can exchange solutions, creative ideas, and information seamlessly.<br />
In addition, it comes with add-ons that give it an added efficiency that you can’t get with email<br />
communication.<br />
Slack also features a video call tool that you can use when you want to have face-to-face conversations.<br />
This gives a feeling that’s close to what you get from talking to a colleague or employee in a physical<br />
office. It’s also useful for holding quick meetings. Everyone can simply sign in and enjoy the pleasure of<br />
seeing each other’s faces, smiles, and gestures.<br />
The app allows for file sharing, which makes it the perfect communication tool. Moreover, it can be<br />
integrated with other third-party team management software such as Jira and Google Calendar.<br />
1. Tool to Prevent Time Theft: Traqq<br />
Working from home is great. However, it can come with a problem of distraction. In an office, it’s easy to<br />
keep an eye on your employees, caution them, or help them do their tasks without procrastinating.<br />
However, when it comes to telecommuting, the story is different. You need to find a way to monitor staff<br />
without being the overbearing boss that everybody hates. This is where time management apps come<br />
in.<br />
Traqq is a time tracking software that allows you to keep tabs on employee activity, no matter where they<br />
are in the world. Research shows that individuals tend to work faster when they realize their activity is<br />
being monitored. This means that you can ensure an increase in productivity even without having your<br />
workers under one roof.<br />
For example, managers use Traqq to keep track of their staff’s on-screen activity. They can see which<br />
websites and apps an employee visits during work hours. In addition, they get reports on how much time<br />
a worker spent on those sites and what they were doing on the pages they opened.<br />
This time tracking tool helps you figure out how many minutes or hours each worker spends on particular<br />
tasks. At the end of every week or month, you get a detailed report that’ll help you give feedback and<br />
coaching to your employees. If a staff member is wasting time surfing through Instagram or playing games<br />
during their work time, you’ll know from the activity report that the time management app will generate.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 136<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Traqq also performs automatic tracking, which means that it quietly records user activity in the<br />
background without creating distractions or interfering with their daily work. It achieves this by taking<br />
screenshots or video recordings at intervals. The manager can then review this visual data and see an<br />
accurate calculation of the number of hours worked.<br />
This app has many features that help to keep employees focused. For instance, this tool measures each<br />
worker’s activity level based on keyboard movements and mouse clicks. Your staff will stay focused on<br />
tasks, knowing there’s a tool monitoring their activity during work hours.<br />
At the end of the workweek or month, the data is collated, and the app automatically gives you an<br />
extensive report. It shows the productivity level of each worker and provides accurate data for invoicing,<br />
salary payment, and client billing.<br />
2. Tool to Prevent Data Leaks: LastPass<br />
As an organization moves its business online, it has to incorporate a lot of digital tools into daily<br />
operations. Using various apps and services means having several accounts – this, in turn, means<br />
creating many passwords.<br />
It can get tedious trying to keep up with remembering and protecting all company passwords, especially<br />
when you have several employees under your wing. Writing them down somewhere can be risky as well<br />
– they can fall into the wrong hands. To operate an efficient and safe business, you need a way to keep<br />
these passwords secure while ensuring workers don’t get locked out of their accounts.<br />
LastPass protects your company data by giving every team member a single master login password. As<br />
for the passwords to the other numerous accounts, they’re securely stored in the LastPass tool and are<br />
loaded automatically whenever a login page requests them.<br />
The app is available on several platforms and is compatible with numerous devices. It was designed<br />
specifically for remote business purposes and to simplify the process of handling multiple work-fromhome<br />
employees.<br />
3. Tool to Prevent File Loss: Google Drive<br />
We cannot overemphasize the importance of having a secure system for sharing files and collaborating<br />
on digital data. Transitioning your business to a remote working structure means you have to find an<br />
efficient platform to protect business-related sensitive information.<br />
Employees need to exchange lots of information to facilitate the work process and ensure that crucial<br />
documents are stored safely. Since they can no longer do this physically, the amount of digital data that<br />
needs to be exchanged online will significantly increase. A secure file-exchanging and projectcollaboration<br />
network is necessary to avoid miscommunication and safeguard sensitive material from<br />
getting lost in transit.<br />
Sending large files through email can get messy because there’s no way to organize and collaborate with<br />
other team members in your inbox. Besides, it’s easy to mistakenly miss an important message when<br />
they pour in from several sources simultaneously. Large organizations can easily invest in customized<br />
file sharing and collaboration tools. However, small businesses might not have the resources to pull it off.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 137<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Fortunately, Google came to the rescue with an app, which small to medium-sized companies can use<br />
to share and store data. Google Drive a cloud-based tool that your employees and teammates can use<br />
to collaborate on projects while keeping your data secure. No matter the worker’s location, they can<br />
share, download, edit, and leave comments on documents. The platform gives you 15GB of storage for<br />
free, which you can use to share any type of files—from documents and images to videos and links and<br />
videos and spreadsheets.<br />
Since many people are already familiar with Google-based products, it’ll be easy to transition your<br />
workforce towards using other Google-based tools.<br />
4. Tool to Prevent Mental Blocks: Mural<br />
When in a physical office space, it’s easy to get creative ideas from interacting with other employees,<br />
having meeting sessions, and engaging in playful banters. Even that chance meeting in an elevator can<br />
create bursts of fresh ideas coursing through you. This is not so when working from home – you’re alone,<br />
and it can get stale and mentally dull pretty quickly. There are no brainstorming sessions or cooperative<br />
working events in your home office to get the inspiration flowing.<br />
In these situations, digital communication tools might not be so helpful – creativity and inspiration<br />
sometimes need spontaneity, which these apps don’t give. It can get monotonous scheduling calls and<br />
video conferences just to bounce ideas off each other.<br />
Mural is a digital tool designed specifically for this purpose – the app is like a canvas for ideas and<br />
spontaneous creative thoughts. Unlike most project sharing platforms, it gives you the freedom to share<br />
ideas in any form you want.<br />
Teammates and colleagues can put their thoughts on digital sticky notes, which they can arrange into<br />
diagrams, flow charts, and even drawings. Mural adds a new fun way of staying organized and creative.<br />
It’s a great alternative to other more traditional project management tools and is an amazing tool for<br />
boosting creativity among your workforce.<br />
5. Tool to Prevent Feelings of Isolation: Yammer<br />
Remote work can get lonely sometimes, especially when you’re living alone. We are social creatures,<br />
and we crave human-to-human communication. When making changes to take your business online, this<br />
is something to keep in mind.<br />
While there are many professional collaboration and communication tools with all the right features, these<br />
apps fail to cover the social aspects of cooperating on projects. To achieve team bonding, consistent<br />
communication and feedback between teammates are essential. One way to accomplish this in a<br />
traditional office space is through team-building outings and social events. However, this might not be<br />
possible when you have several employees in different and faraway locations.<br />
Yammer helps you with this. Commonly known as the “Facebook for business,” the app has the makings<br />
of a social media network. However, instead of focusing on random personal updates and gossip news<br />
sharing, the tool focuses on work-related project updates. Teammates can like, share, and comment on<br />
posts/updates made by colleagues on projects that they’re working on, just as they’d on do on social<br />
media.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 138<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
6. Tool to Prevent Inefficient Task Delegation: Every Time Zone<br />
Running a remote business means dealing with employees in different time zones. This presents the<br />
challenge of not knowing who’s available at any given time, which can make handing over and task<br />
delegations difficult. Unfortunately, keeping track of everyone’s time zones can be exhausting, and<br />
colleagues may end up messaging or calling each other at odd hours. This can create more barriers to<br />
productive communication.<br />
Every Time Zone is an app that takes away the issue of performing calculations whenever you need to<br />
check who’s available for a task. It shows you the current time in every time zone that your employees<br />
or colleagues are working from. This makes it easier to know whom you can call or chat with when<br />
necessary.<br />
It may seem like a relatively small issue, but knowing who is available and what time they’re reachable<br />
can help teammates delegate tasks more efficiently. Productive communication is necessary for building<br />
a successful remote business team.<br />
Conclusion<br />
Transitioning to a remote business structure doesn’t mean you have to sacrifice productivity and security.<br />
With the tools listed in this article, you can protect yourself and employees from miscommunication, data<br />
hacking, and time theft. As a manager, solving these issues will give you time to focus on other crucial<br />
aspects of your business that require your attention, such as improving your products and services.<br />
About the Author<br />
Ikechukwu Nnabeze is a tech expert and content writer at Traqq whose<br />
goal is to improve people's lives with the help of modern technology. His<br />
interest in providing practical solutions to real-life tech problems has led<br />
him to a successful career in content creation. His passion is to help<br />
individuals and organizations from all over the world to embrace the lifechanging<br />
beauty of modern technology. He enjoys poetry and stargazing<br />
when he’s not spending time with family.<br />
Ikechukwu can be reached online at support@traqq.com and at our<br />
company website https://traqq.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 139<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 140<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 141<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS<br />
“Amazing Keynote”<br />
“Best Speaker on the Hacking Stage”<br />
“Most Entertaining and Engaging”<br />
Gary has been keynoting cyber security events throughout the year. He’s also been a<br />
moderator, a panelist and has numerous upcoming events throughout the year.<br />
If you are looking for a cybersecurity expert who can make the difference from a nice event to<br />
a stellar conference, look no further email marketing@cyberdefensemagazine.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 142<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
You asked, and it’s finally here…we’ve launched <strong>Cyber</strong><strong>Defense</strong>.TV<br />
At least a dozen exceptional interviews rolling out each month starting this summer…<br />
Market leaders, innovators, CEO hot seat interviews and much more.<br />
A new division of <strong>Cyber</strong> <strong>Defense</strong> Media Group and sister to <strong>Cyber</strong> <strong>Defense</strong> Magazine.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 143<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL<br />
ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR MAGAZINES FOR FREE.<br />
This magazine is by and for ethical information security professionals with a twist on innovative consumer<br />
products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our<br />
mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best<br />
ideas, products and services in the information technology industry. Our monthly <strong>Cyber</strong> <strong>Defense</strong> e-<br />
Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare<br />
arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of<br />
sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here<br />
to sign up today and within moments, you’ll receive your first email from us with an archive of our<br />
newsletters along with this month’s newsletter.<br />
By signing up, you’ll always be in the loop with CDM.<br />
Copyright (C) <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.<br />
SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a<br />
<strong>Cyber</strong><strong>Defense</strong>Awards.com, <strong>Cyber</strong><strong>Defense</strong>Magazine.com, <strong>Cyber</strong><strong>Defense</strong>Newswire.com,<br />
<strong>Cyber</strong><strong>Defense</strong>Professionals.com, <strong>Cyber</strong><strong>Defense</strong>Radio.com and <strong>Cyber</strong><strong>Defense</strong>TV.com, is a Limited Liability<br />
Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465,<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine® is a registered trademark of <strong>Cyber</strong> <strong>Defense</strong> Media Group. EIN: 454-18-8465, DUNS#<br />
078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com<br />
All rights reserved worldwide. Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved. No part of this<br />
newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,<br />
recording, taping or by any information storage retrieval system without the written permission of the publisher<br />
except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of<br />
the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may<br />
no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect<br />
the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content<br />
and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at<br />
marketing@cyberdefensemagazine.com<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
276 Fifth Avenue, Suite 704, New York, NY 1000<br />
EIN: 454-18-8465, DUNS# 078358935.<br />
All rights reserved worldwide.<br />
marketing@cyberdefensemagazine.com<br />
www.cyberdefensemagazine.com<br />
NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine - <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> rev. date: 01/04/<strong>2021</strong><br />
Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guysebook/dp/B07KPNS9NH<br />
(with others coming soon...)<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 144<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
9 Years in The Making…<br />
Thank You to our Loyal Subscribers!<br />
We've Completely Rebuilt <strong>Cyber</strong><strong>Defense</strong>Magazine.com - Please Let Us Know<br />
What You Think. It's mobile and tablet friendly and superfast. We hope you<br />
like it. In addition, we're shooting for 7x24x365 uptime as we continue to<br />
scale with improved Web App Firewalls, Content Deliver Networks (CDNs)<br />
around the Globe, Faster and More Secure DNS<br />
and <strong>Cyber</strong><strong>Defense</strong>Magazine.com up and running as an array of live mirror<br />
sites.<br />
Millions of monthly readers and new platforms coming…starting with<br />
https://www.cyberdefenseprofessionals.com this month…<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 145<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 146<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 147<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 148<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 149<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>January</strong> <strong>2021</strong> <strong>Edition</strong> 150<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.