Cyber Defense eMagazine January 2021 Edition

3 Email Hacking Techniques to Watch In 

2021 

5 AIOps Trends That Will Shape 2021 

Zero Trust Remote Access for Engineering 

Teams 

Communication Streaming Challenges 

…and much more… 

Cyber Defense eMagazine – January 2021 Edition 1 

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

CONTENTS 

Welcome to CDM’s January 2021 Issue -------------------------------------------------------------------------------------------- 7 

3 Email Hacking Techniques to Watch In 2021 ------------------------------------------------------------------------- 23 

By Adrien Gendre, Chief Product & Services Officer, Vade Secure 

5 AIOps Trends That Will Shape 2021 ------------------------------------------------------------------------------------- 26 

By Tej Redkar, Chief Product Officer at LogicMonitor 

Securing Digital Identities in A Predominantly Remote World ---------------------------------------------------- 30 

By Bob Eckel, President & CEO, Aware, Inc. 

Businesses Must Protect Their Most Critical Asset: Their Data ---------------------------------------------------- 33 

By Trevor J. Morgan, Ph.D., Product Manager at comforte AG 

Zero Trust Remote Access for Engineering Teams--------------------------------------------------------------------- 36 

By Colin Rand, VP of Engineering, Banyan Security 

Cryptocurrency Ransomware Is on The Rise During COVID-19 – Here’s What Businesses of All Sizes 

Need to Know About Dealing with Attacks ----------------------------------------------------------------------------- 41 

By Marc Grens, Co-Founder & President at DigitalMint 

E-Commerce and Lockdown: The Perfect Storm for Cyber Threats ----------------------------------------------- 44 

By Aman Johal, Lawyer and Director of Your Lawyers 

Communication Streaming Challenges ----------------------------------------------------------------------------------- 47 

By Milica D. Djekic 

Anatomy of a hack – Solar Winds Orion --------------------------------------------------------------------------------- 50 

By James Gorman, CISO, Authx 

Cybersecurity Maturity Model Certification (CMMC) ---------------------------------------------------------------- 53 

By Carter Schoenberg, CISSP & CMMC Registered Practitioner Vice President – Cybersecurity SoundWay 

Consulting, Inc. 

Businesses Should See Security as An Enabler of Digital Transformation, Not A Hindrance ------------- 57 

By Matt Gyde, CEO, Security Division at NTT Ltd. 

Asset Management, The Weakest Link in Cybersecurity Risk -------------------------------- 60 

By Gyan Prakash, Head of Cyber Security / Security Engineering, Altimetrik Corp 



The Rising Tide of Security Threats in The Industrial Internet of Things ---------------------------------------- 70 

By Don Schleede, Information Security Officer at Digi International 

E-Merchants: Secure Your Online Sales from Cybersecurity Threats -------------------------------------------- 73 

By Anthony Webb, EMEA Vice President, A10 Networks 

The Privileged Credential Security Advantage ------------------------------------------------------------------------- 76 

By Tony Goulding, Cybersecurity Evangelist at Centrify 

How To Keep Your Children Safe In Remote Learning Situations ------------------------------------------------- 79 

By Nevin Markwart, Chief Information Security Officer at FutureVault 

More Internal Security Needed, Less Budget – 10 Tips to Help ---------------------------------------------------- 82 

By Jody Paterson - Founder and Executive Chairman. ERP Maestro 

Personal Data Breaches for GDPR Compliance: Everything You Need to Know ------------------------------ 86 

By Dan May, Commercial Director, ramsac 

Brave New World: Safari Content Blocking ----------------------------------------------------------------------------- 89 

By Andrey Meshkov, CEO and CTO at AdGuard 

When Businesses Get Hacked- Who Are the Victims? ---------------------------------------------------------------- 93 

By Nicole Allen, Marketing Executive, SaltDNA. 

Security and Remote Management: What Is the Market Looking Like as We Head Towards 2021? -- 97 

By Gil Pekelamn, CEO, Atera 

Working from Home? You’re Not Alone ------------------------------------------------------------------------------- 100 

By Steve Hanna, Embedded Systems Work Group Co-Chair at Trusted Computing Group (TCG) and Jun Takei, 

Japan Regional Forum Co-Chair at Trusted Computing Group 

The Best Network Protection: Go Deep or Go Broad?-------------------------------------------------------------- 104 

By Albert Zhichun Li, Chief Scientist, Stellar Cyber 

Cybersecurity Predictions For 2021 -------------------------------------------------------------------------------------- 106 

By Topher Tebow, Cybersecurity Analyst (Malware), Acronis 

Why 'Thinking Small' Is the Way to Stop Ransomware and Other Cyber Attacks ------------------------- 109 

By Yuval Baron, CEO at AlgoSec, explains why micro-segmentation is one of the most effective methods to 

limit the damage of attacks on a network 

Your Vulnerabilities are Making You Miss Your Misconfigurations -------------------------------------------- 112 

By Evan Anderson, Director of Offense, Randori 



Are Your Organization’s Critical Assets Five Steps or Fewer from A Cyber Attacker? -------------------- 117 

By Gus Evangelakos, Director Field Engineering, XM Cyber 

Moving to Active Defense: What It Means, How It Works and What You Can Do Now ----------------- 120 

By Ofer Israeli, CEO and founder, Illusive Networks 

How Next-Gen Identity Governance and Administration (IGA) Fits in with Your Hybrid IT Strategy 123 

By Thomas Müller-Martin, Global Partner Technical Lead, Omada 

Analytics Security Insight On 2021 And Beyond --------------------------------------------------------------------- 126 

By Billy Spears, Chief Information Security Officer, Alteryx 

Innovation, Automation and Securing A “Work from Anywhere” Environment In The Middle East - 129 

By Mazen A. Dohaji, Vice President, India, Middle East, Turkey & Africa (iMETA), LogRhythm 

Peer-To-Peer Cybersecurity Insights For 2021 ------------------------------------------------------------------------ 133 

By Stuart Berman, IT Central Station Super User 

Transitioning to Remote Work: The Apps You’ll Need to Ensure A Productive Workforce -------------- 135 

By Ikechukwu Nnabeze, SEO Copywriter, Traqq 



@MILIEFSKY 

From the 

Publisher… 

New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com 

Dear Friends, 

It’s a given that we are all ready to put 2020 behind us; executing plans for a much 

better, brighter year in 2021. For all your support, we humbly THANK YOU SO 

MUCH! We so much value our readers, our partners and our sponsors. 

To be sure, there will be new challenges to take the place of the ones we’ve been 

facing for the past year. Publication and distribution of valuable actionable 

information is for us the key to successfully navigating these troubled waters. 

As we’ve recently notched up to the 2 nd most popular cybersecurity publication and news source, we’re proud to 

be entering our 9 th year producing Cyber Defense Magazine as we continue to focus on providing valuable 

resources to our readers and sponsors, reaching the right kind of executives with our shared messages. Our 

readers include buyers, decision-makers, and influencers in the IT/InfoSec ecosystem. 

As we publish this January issue, we look ahead to the year 2021 with great anticipation for new and exciting 

challenges and responses in the industry. The articles in this month’s Cyber Defense Magazine, which are provided 

from a broad array of contributors, demonstrate that our community continues to pursue a new phase, 

emphasizing basics while we address broader issues as well. 

In addition to the important articles in the January issue, we are pleased to continue providing the powerful 

combination of monthly eMagazines, daily updates, and features on the Cyber Defense Magazine home page, and 

webinars featuring national and international experts on topics of current interest. 

Finally, we’re answering the call to help fill so many infosec job openings, entering our second year of CDM Young 

Women in Cybersecurity Scholarships and with our new www.cyberdefenseprofessionals.com job portal – free to 

post a job opening or your resume, so please leverage it and let us know how to improve it in 2021 and beyond. 

Warmest regards, 

Gary S. Miliefsky 

Gary S.Miliefsky, CISSP®, fmDHS 

CEO, Cyber Defense Media Group 

Publisher, Cyber Defense Magazine 

P.S. When you share a story or an article or information about 

CDM, please use #CDM and @CyberDefenseMag and 

@Miliefsky – it helps spread the word about our free resources 

even more quickly 



@CYBERDEFENSEMAG 

CYBER DEFENSE eMAGAZINE 

Published monthly by the team at Cyber Defense Media Group and 

distributed electronically via opt-in Email, HTML, PDF and Online 

Flipbook formats. 

PRESIDENT & CO-FOUNDER 

Stevin Miliefsky 

stevinv@cyberdefensemagazine.com 

InfoSec Knowledge is Power. We will 

always strive to provide the latest, most 

up to date FREE InfoSec information. 

From the International 

Editor-in-Chief… 

With a new year before us, the international perspective on cybersecurity 

matters brings renewed emphasis on competition, privacy, and regulatory 

compliance. 

We see antitrust actions against several of the big tech leaders, updates of 

privacy rules among various jurisdictions, and new challenges from 

regulators. 

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER 

Pierluigi Paganini, CEH 

Pierluigi.paganini@cyberdefensemagazine.com 

US EDITOR-IN-CHIEF 

Yan Ross, JD 

Yan.Ross@cyberdefensemediagroup.com 

ADVERTISING 

Marketing Team 

marketing@cyberdefensemagazine.com 

CONTACT US: 

Cyber Defense Magazine 

Toll Free: 1-833-844-9468 

International: +1-603-280-4451 

SKYPE: cyber.defense 

http://www.cyberdefensemagazine.com 

On one hand, these trends are apparently intended to result in stronger 

cybersecurity overall. But in the usual manner, the law of unintended 

consequences often overrides good intentions. 

The natural tension between anti-monopoly actions on one side and 

regulated monopoly market behavior on the other is playing out in the 

cybersecurity arena. And that interplay is complicated by the crossjurisdictional 

nature of the industry. 

A final challenging factor is that the world we live in today is a stage for 

nation-states and other governmental entities to exhibit multiple 

personalities: both as cooperating authorities in regulation and as 

competitors in exercising control over digital assets. 

As always, we encourage cooperation and compatibility among nations and 

international organizations on cybersecurity, regulatory, and privacy 

matters. 

To our faithful readers, we thank you, 

Pierluigi Paganini 

International Editor-in-Chief 

P.S. Please visit our new consumer magazine for family and friends. 

Copyright © 2021, Cyber Defense Magazine, a division of 

CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a) 

276 Fifth Avenue, Suite 704, New York, NY 10001 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 

PUBLISHER 

Gary S. Miliefsky, CISSP® 

Learn more about our founder & publisher at: 

http://www.cyberdefensemagazine.com/about-our-founder/ 

9 YEARS OF EXCELLENCE! 

Providing free information, best practices, tips and 

techniques on cybersecurity since 2012, Cyber Defense 

magazine is your go-to-source for Information Security. 

We’re a proud division of Cyber Defense Media Group: 

MEDIAGROUP CONSUMER MAGAZINE 

B2B & B2G MAGAZINE TV RADIO AWARDS 

PROFESSIONALS WEBINARS 



Welcome to CDM’s January 2021 Issue 

From the U.S. Editor-in-Chief 

As we enter a new year, it is important to pause and reflect on both the challenges and highlights of the 

year just past – from a cybersecurity perspective. 

In 2020, Cyber Defense Magazine carried nearly 300 articles of paramount value in identifying and 

responding to cybersecurity threats and opportunities. 

Can our industry claim complete success (if that is even a fair question)? Perhaps not, but after all, we 

do operate in a theater of asymmetrical warfare: the defenders must bat 1000, while the attackers need 

only score the occasional base hit. Nonetheless, goals are worth setting and approaching as closely as 

possible. 

From a more sanguine point of view, on behalf of Cyber Defense Magazine, we can state this without 

fear of contradiction: If all our readers were allowed to and funded to implement all the actionable 

advice of our contributors and sponsors, our overall cyber experience in 2020 would have been much 

improved. Let’s keep the pressure on the Boards, CEOs and CFOs how important cyber hygiene has 

become. It’s not an insurance policy anymore, it’s a must implement, daily and even more vigorously. 

While we cannot change the past, we can surely learn from it. To that end, let me commend to our 

readers the contents of our January issue. The breadth and depth of this month’s articles cover various 

sources and topics, with a wealth of actionable information. 

With that introduction, we are pleased to present the January 2021 issue of Cyber Defense Magazine. 

Wishing you all success in your cyber security endeavors, 

Yan Ross 

US Editor-in-Chief 


About the US Editor-in-Chief 

Yan Ross, J.D., is a Cybersecurity Journalist & US Editor-in-Chief for 

Cyber Defense Magazine. He is an accredited author and educator and 

has provided editorial services for award-winning best-selling books on 

a variety of topics. He also serves as ICFE's Director of Special Projects, 

and the author of the Certified Identity Theft Risk Management Specialist 

® XV CITRMS® course. As an accredited educator for over 20 years, 

Yan addresses risk management in the areas of identity theft, privacy, 

and cyber security for consumers and organizations holding sensitive personal information. You can 

reach him via his e-mail address at yan.ross@cyberdefensemediagroup.com 

































3 Email Hacking Techniques to Watch In 2021 

By Adrien Gendre, Chief Product & Services Officer, Vade Secure 

Ransomware hobbled businesses in 2020, while COVID-19 spawned an endless stream of cyberattacks. 

What both have in common is email. With 91 percent of cyberattacks beginning with an email, a single 

click can mean the difference between business as usual and operations standstill. Here are three 

hacking techniques to watch out for in 2021. 

1. Leveraging images to bypass email filters 

Image quality might be critical to the authenticity of a phishing email, but it’s what’s going on behind the 

image that makes the difference between detection and delivery. Known phishing emails—or phishing 

emails that have been blacklisted—can find their way back into inboxes with a series of image 

manipulation techniques. Unfortunately, most email filters cannot detect them. 



Invisible to the naked eye, images that have been even slightly manipulated cause a known phishing 

email to appear unique to an email filter. By distorting the color, tone, or geometry of an image, a hacker 

has the ability to update a blacklisted phishing email with a new image and bypass an email filter that 

can’t extract and analyze content from images. 

Recently, we’ve been seeing an increase in the number of malicious emails containing remote based that 

store malicious textual content. Embedded in the body of email but hosted on outside domains, remote 

images must be fetched over a network to be analyzed. The process can’t be done in real-time. In 

November alone, Vade Secure analyzed 26.2 million remote images and blocked 261.1 million emails 

containing remote images. 

Extracting and analyzing content from images requires Computer Vision, an expensive, resourceintensive 

field of artificial intelligence that has yet to become standard in email security. Until then, we 

expect to see manipulated images and remote-based images grow. 

2. Depositing malicious emails via IMAP connections 

In late November, Vade Secure detected a mass wave of spam emails being deposited into mailboxes 

without passing through transport layers. We suspect that the hacker or hackers used a new tool called 

Email Appender, which is available on the dark web, to deposit the spam. 

Email Appender allows hackers to validate compromised account credentials and connect directly to the 

accounts via IMAP. Once connected, hackers can configure proxies to avoid detection and deposit emails 

directly into accounts, even in bulk. Because the emails are sent from compromised accounts, it’s not 

necessary for hackers to spoof the email addresses. However, they can adjust the sender display names 

to fit the narrative of the spam campaign. 

We believe that hackers are using spam messages to test Email Appender and the IMAP method before 

moving on to phishing and malware attacks, which require more time, effort, and skill. Hackers tend to 

test new techniques on consumers before moving on to corporate targets. Business users are more savvy 

because of mandated security awareness training, and businesses tend to have more sophisticated 

security systems. 

When the IMAP method goes corporate, we expect platforms like Microsoft 365 to become targets. APIbased 

email security solutions that are natively integrated with Microsoft 365 offer post-remediation 

capabilities not found in secure email gateways. If and when email threats bypass security, businesses 

can reach in and remove them, often before users have the chance to click. 



3. Hijacking email threads 

When Emotet malware returned in July, it was made all the more difficult to detect due to thread hijacking. 

Leveraging user accounts already compromised by Emotet and other viruses, hackers injected 

themselves into legitimate email threads, spreading phishing links and malware-loaded Word documents 

as they posed as business colleagues and acquaintances. 

While many users might be trained to inspect email for signs of spoofing, the average user is unlikely to 

scrutinize an email that is part of a thread. This is what makes thread hijacking so dangerous. With the 

conversation already established, hackers are free to converse with other users in the thread. And 

because their guard is down, users are likely to take the bait. 

With a technique like thread hijacking, hackers can forgo border security and infiltrate a business from 

the inside. With the relative ease of getting inside, we expect thread hijacking to gain prominence in 2021. 

Mitigating new threats 

The above techniques prove that hackers are not only keeping up with the advances in email security 

but also outpacing it in many respects. Innovations in artificial intelligence bring new detection and 

remediation capabilities that will only grow in the coming years. But when threats do bypass security, 

continuous user training, including at the moment of need, will be critical to neutralizing attacks. 

About the Author 

Adrien Gendre is Chief Product & Services Officer at Vade Secure. His 

product vision and cybersecurity experience has been instrumental in Vade 

Secure’s evolution from startup to world leader in predictive email defense. 

A speaker at M3AAWG (Messaging, Malware & Mobile Anti-Abuse Working 

Group), Adrien is a sought-after email security expert who shares his 

expertise to educate businesses about email threats and facilitate new 

approaches in the cybersecurity community. With unparalleled access to 

global email threat intelligence, Adrien brings his email security expertise 

and innovative product approach to the ongoing development and 

advancement of phishing, spear phishing, and malware protection 

technologies at Vade Secure. 



5 AIOps Trends That Will Shape 2021 

By Tej Redkar, Chief Product Officer at LogicMonitor 

If 2020 has taught us anything, it is that life is nothing if not unpredictable. Yet, the unforeseen possibilities 

of tomorrow are the very reasons why our society has fully embraced technology today. In the past 

decade, technology trends such as artificial intelligence (AI) and automation have improved us as a 

society by fostering faster collaboration and saving us a significant amount of time. At the forefront of 

modern-day trends is AIOps, or the practice of using AI in IT Operations (ITOps). 

AIOps platforms combine big data and machine learning to find patterns, identify problems, and predict 

and prevent future issues from occurring. More recently, AIOps has been a valuable tool in helping 

companies scale high volumes of data due to the unprecedented shift to a remote workforce. As AIOps 

continues to grow in popularity, it’s important to keep up with key trends in its progression. The following 

reflects a variety of trends that I have my eye on for next year. 

1. AIOps Is Moving from One Data Type to Multiple Data Type Algorithms 

AIOps traditionally uses big data platforms to aggregate siloed IT Operations data in one place. Looking 

ahead, data scientists will be designing AI algorithms to converge multiple data types, such as metrics, 

logs and transactions, to draw a correlation and identify differences in the combined data. The trend 

emerged after various probabilistic methods, such as AI, machine learning and statistical analysis were 

applied to metrics, logs and transactions. These actions allowed data scientists to draw a correlation 



etween the data sets and filter out signal from noise so that organizations can troubleshoot issues 

faster. 

When it comes to investing in AIOps, the ultimate goal is to save people time -- either through early 

warnings, filtering signal from noise, or automation -- so they can focus on more important problems 

rather than doing repetitive routine work. Many technology companies have already started investing in 

that trend. 

2. Remote Work Is Driving More Technology Platforms to Deploy AI To Detecting Problems 

Remote work will be the legacy of 2020 and likely the new status quo moving forward. Prior to the 

coronavirus pandemic, data was typically concentrated in very specific areas due to collective working 

environments. Now that the pandemic has forced companies to support a remote workforce, every 

individual remote user is a data generator -- causing data volumes to skyrocket. 

Monitoring employee productivity and digital continuity is crucial during these times, yet remains 

challenging for ITOps teams to manage. More intelligent algorithms are needed to predict issues with 

employee productivity or customer experience using the product remotely. This is where AI helps. 

When it comes to AI, it doesn’t matter where users are working from. Once an algorithm is programmed, 

its only job is to ingest the data, extract intelligence, and then output the optimized value. The AI function 

can automate complex processing of disparate data sources and help IT teams predict problems before 

they occur by detecting patterns in large volumes of data. 

3. AIOps will become more embedded in observability platforms 

AIOps and observability will soon become counterparts to empower ITOps to do more in less time. 

Observability in IT refers to a system’s ability to gather actionable data and diagnose what’s happening, 

where it’s happening, and -- more importantly -- why an error or issue occurred within the system. This 

is done by combining monitoring, log analysis, and machine learning into an environment that can easily 

detect issues, proactively identify anomalies, and scale as necessary. 

Observability platforms examine metrics, dependencies and logs, and bring them together into a unified 

platform to detect patterns between the different data types. This data provides greater observability into 

the customer experience, employee productivity, as well as digital infrastructure to help teams better 

understand how the business is performing. 

After achieving observability, ITOps teams must answer the question of what to do with this information. 

That’s where AIOps comes in. By taking an algorithmic approach to ITOps combined with machine 

learning, IT teams can automate an influx of data to output actionable insights faster than ever before. 

AIOps platforms also enable their users to set dynamic thresholds, identify anomalies, and find the root 

cause of an issue. By embedding AIOps and observability into one unified platform, IT teams can predict 

problems faster and resolve them before it negatively impacts the business. 



4. Security and IT Operations Will Be Better Integrated 

As enterprise IT environments continue to mature, the need for advanced security platforms will inevitably 

follow. The fundamental data sets used in security platforms, including cybersecurity and product 

security, are almost the same as IT operation data sets. Security algorithms dissect metrics and logs that 

flow through infrastructures to model historical behavioral patterns and flag anomalies. Using AI, this 

process can be further automated towards blocking bad actors in real-time. 

For example, say a hacker is trying to penetrate a firewall that is detected by either a change in the 

volume of data, or a change in the location of the traditional user. Security features can be used to classify 

that particular access as either regular access, hacker access, or insecure access. Once the access data 

is detected, automation systems can block the IP address of the hacker’s particular region or that 

particular range. 

Regardless of the business problem, the underlying data required to gather this intelligence is still logs, 

metrics, and transactions within an infrastructure. The only difference is the problem that IT security 

teams are trying to solve. Security teams want to know whether a bad actor is trying to access the system, 

while ITOps teams are more interested in employing applications that will protect their users and provide 

a better customer experience. Next year, ITOps and Security teams will likely collaborate more closely 

to not only detect problems in the infrastructure performance, but also prevent cybersecurity threats in 

near real-time. 

5. AIOps Platforms Will Decrease Time-to-Value 

While AIOps platforms are meant to handle added complexity, humans are still required to configure and 

deploy them. Next year, AIOps capabilities will become more mainstream within products. SaaS 

products, in particular, will improve significantly with better actionable insights and new proactive 

capabilities within the product. This advancement will set the foundation for future integrated self-healing 

systems, which will further reduce the burden on human teams. 

Properly educating employees on AIOps platforms also affects time-to-value. AIOps platforms are most 

efficient when they are managed by the right team. Investing in AIOps just to say you have it doesn’t add 

value to the business if IT isn’t sure how to use AIOps. Build a team that is cross-functional between the 

business, data owners, and engineers. Together, these three pillars will be able to derive real value out 

of any AIOps initiative. 

I constantly see organizations driving initiatives tied to buzzwords instead of a real business problem. 

AIOps is about solving complex business problems, and, therefore, IT teams should identify the problems 

they want to overcome before diving in headfirst. Once that is understood across the board, solving 

problems using AI becomes easier. If organizations do not follow this basic advice, they will likely remain 

in a state of AI immaturity and will spend significant amounts of time on failed projects. 



The Bottom Line 

AIOps is a journey, not a quarterly goal or a yearly goal. From a business perspective, AIOps should be 

invested in for the long-term, but only after knowing where the business stands within its own maturity 

journey. 


Tej Redkar has been building enterprise software products for more than 

20 years. He has led engineering, product management, user 

experience, and data science teams in industry-leading organizations 

like Microsoft, VMWare, Cisco, and AppDynamics. Tej has consistently 

delivered highly successful products like Rational Rose, VMware Labs, 

Microsoft Azure Machine Learning, PowerBI, and AppDynamics that 

have fundamentally transformed people’s productivity in respective 

domains. As Chief Product Officer, Tej brings the right balance of 

business and deep technical expertise to the team to drive strategy and 

execution at LogicMonitor. You can learn more about Tej Redkar and 

LogicMonitor at www.logicmonitor.com. 



Securing Digital Identities in A Predominantly Remote 

World 

COVID-19 and the subsequent uptick in targeted cyberattacks accelerate the need for biometricbased 

digital onboarding 

By Bob Eckel, President & CEO, Aware, Inc. 

As we entered 2020, organizations were beginning to undergo transformations to meet the growing 

demands of an increasingly digital marketplace. In adopting new technologies to streamline and 

accelerate business operations, banks and other consumer-focused businesses aimed to drive steady 

increases of biometric-based digital onboarding methods. These industries were striving to remove 

friction from onboarding processes at the same time they needed to address growing security threat 

concerns where biometrics were gaining trust as secure, passwordless option for a broad range of 

authentication practices. 

Then we witnessed the criticality of businesses reprioritizing their digital transformation processes as the 

impacts of the COVID-19 pandemic unfolded. As organizations across the world were forced to move 

their entire businesses online in the matter of weeks – some for the first time – they had to rapidly shift 

their business models to accommodate a predominantly remote workforce. With many unprepared to 



handle the IT and security challenges, identities became more vulnerable and in turn protection more 

valuable than ever. As 2021 kicks off, it’s important that businesses understand the benefits behind 

biometric-based digital onboarding to ensure organizational integrity as they continue to secure the digital 

identities of employees and customers alike. 

Enhance remote authentication against increased cyber activity 

Since the beginning of 2020, there have been more than 445 million cyberattacks reported, which is 

double when compared to the entirety of 2019. When the pandemic forced millions of employees into 

remote work settings, it opened up huge opportunities for cybercriminals to take advantage of any security 

weak points to attacks aimed at stealing personally identifiable information (PII). In March alone, phishing 

attacks related to COVID-19 surged 667% as hackers aimed to separate consumers from their 

credentials, looking to leverage fraudulent pandemic-related information and many individuals initial entry 

to the all online world to gain access. Still today, as the large majority of the world remains remote and 

people do more shopping, learning and working at home, hackers are looking harder for ways to take 

advantage of weakened security. 

Biometrics make the identity proofing process more robust and secure. They can’t be stolen in the same 

manner as your login credentials or lost like a password. They leverage unique personal data – such as 

face, voice, finger or iris prints – that people can store and then match later as a single or multi-factor 

authentication process. With facial recognition being 99.7% accurate and improving yearly, according to 

NIST, biometrics provides that extra layer of defense to ensure identities remain protected. Regardless 

of increased threats targeting users who don’t have the security training to help them to flag phishing 

emails and other related scams, their identities are more secure. 

Ensure your customer is who they say they are by keeping fraudsters out 

While facial recognition is a particularly useful biometric modality for mobile onboarding and 

authentication – with nearly all mobile devices having built-in cameras and microphones – the method is 

still vulnerable to so-called “presentation attacks” – otherwise known as “spoofs.” In short, a fraudster 

can try to spoof the biometric data on file by presenting a facsimile, such as a photo, video recording or 

mask. In mobile un-proctored onboarding, a fraudster can try to impersonate a victim using a false match 

presentation attack. In doing so, they can falsely use their victim’s identity to open a new account. By 

registering a false image – a picture of a random person, a smudged image that wouldn’t be biometrically 

searchable – a fraudster could work to open up new fake accounts. 

To protect against these ploys, it’s essential to apply robust liveness detection when using facial 

recognition for unattended or un-proctored mobile applications. There are a couple of ways in mitigating 

the risk of facial presentation attacks through liveness detection algorithms: by analyzing facial images 

to determine whether they are of a live human being or a reproduction or by adding a second biometric 

modality, such as voice or speaker recognition. “Passive” liveness detection addresses this issue by 

distinguishing between a live person and a spoof without forcing the user to participate in the matching 

process. 



Provide a touchless onboarding process to meet social-distancing guidelines 

Part of the appeal of biometric authentication technologies during a pandemic or Flu season is the 

touchless access they provide. Voice biometrics and face recognition enable hands-free authentication 

and access, eliminating the need to use on-site PIN pads, card readers or kiosks. To limit the spread of 

the virus, businesses need to shift more of their onboarding functions online. By focusing on implementing 

frictionless authentication processes through the use of biometrics, organizations can ensure that 

customers remain safe, physically, at the same time that they verify that customers are who they claim 

they are when in-person verification is not an option. 

Additionally, providing a positive onboarding experience can be a critical business differentiator. This is 

especially true for banks, which are facing pressure from online competitors and seeing their services 

commoditized. If they get the onboarding right, they can secure a customer’s loyalty for a lifetime. Forcing 

a customer to provide physical identification multiple times or answer too many questions can sour a 

relationship from the start. Biometrics work better in onboarding settings when it doesn’t slow the user 

down. 

As the world continues to leverage technology to provide a more secure, seamless, and now touchless 

experience for users, we can anticipate biometrics will be a driving force. Growing at a faster rate than 

non-biometric technology, they will be instrumental in enterprises’ moves to make the onboarding process 

more efficient as organizations bring identity verification to the forefront of their business operations. 


Robert A. Eckel is the Chief Executive Officer & President of Aware, 

Inc. He also serves on the board of directors for the International 

Biometrics + Identity Association (IBIA), as a strategic advisory board 

member of Evolv Technology, and as a consultant for Digimarc 

Corporation. Over his distinguished career, he has held many positions 

of note within the biometric and identity space, including: Regional 

President and Chief Executive Officer of IDEMIA’s NORAM Identity & 

Security division from 2017 to 2018; President and Chief Executive 

Officer of MorphoTrust USA, LLC from 2011 to 2017; Executive Vice 

President and President of the Secure Credentialing Division of L-1 

Identity Solutions Company from 2008-2011; and President of the 

Identity Systems division of Digimarc Corporation from 2005 to 2008. Mr. Eckel has received his Master’s 

degree in Electrical Engineering from the University of California Los Angeles, and his Bachelor’s degree 

in Electrical Engineering from the University of Connecticut. Robert can be reached online on Twitter and 

LinkedIn and at our company website: https://www.aware.com/ 

WHAT IS STOPPING YOU FROM TAKING THE FUNDAMENTAL STEP OF PROTECTING YOUR DATA? 



Businesses Must Protect Their Most Critical Asset: Their 

Data 

By Trevor J. Morgan, Ph.D., Product Manager at comforte AG 

Protecting sensitive data is a challenge facing every business and enterprise. The value of data is rising 

to the extent that it is often referred to as ‘the new gold’ and a fundamental business asset. This value 

naturally means that many criminals are turning their efforts to focus on procuring highly sensitive 

personally identifiable information (PII) handled and processed by companies. While data is very 

dynamic, it is essential to ensure that it is secured across all stages of its lifecycle. This is especially true 

as many companies prioritize network agility and digital transformation over data security in an effort to 

continue business operations through workforce enablement. In fact, according to the KPMG CIO Survey 

2020, this year has seen innovation taking greater priority alongside improving security, however 

“cybersecurity can sometimes become a secondary priority.” Yet, if enterprises wish to stay on the right 

side of data security regulations, then protecting the data itself is imperative. In fact, budgetary shifts 

across many industry verticals have resulted in more money being focused on securing the crown jewels 

of PII. 

One alarming trend is that data is increasingly shifting from secured corporate networks to private servers 

as the trend towards home working continues. This has resulted in a widespread distribution of data 



within unsecured environments, ultimately meaning a loss of data control and security. If this data were 

to fall into the wrong hands by any means (unintentional leak or concentrated intentional attack), then the 

consequences would be massive. Not only would it negatively impact brand perception, but it could also 

result in compliance penalties from regulating bodies and severe loss of trust from savvy customers who 

are becoming more aware of just how valuable their data is. Regardless of how a breach happens, be it 

by a careless employee or malicious criminal intent, the consequences unfortunately remain the same. 

Therefore, business decision-makers should ensure that systems and mechanisms are in place that 

supersede traditional security measures. Instead of protecting siloed data at rest, or simply protecting 

corporate networks with a firewall, businesses should instead pivot to protect their most critical asset at 

the point of value: the data itself. 

Why do hackers want my data? 

The global pandemic has greatly altered the current state of data security. As workers migrate away from 

internal security processes within corporate networks (mostly access- and perimeter-based), the 

availability of data stolen and harvested on the dark web has increased exponentially in the past few 

months. In fact, the cost of data on the dark web has plummeted up to 60% as of October 2020, and as 

of December, PII is being sold on the dark web for as little as 50 cents (USD). This perceived 

commoditization poses several questions. Primarily, if data is the new gold, why is obtaining it so cheap? 

The biggest reason that so much of this data has not been taken advantage of is because of the relative 

low transaction volume as a result of pandemic restrictions. 

The biggest challenge that enterprises face is to understand where their data is held, who has access to 

it, and where it is stored. Organizations must seek out and discover their data, be it structured (in a 

database) or unstructured data. This will not only provide security teams with a holistic understanding of 

their current data security posture, but it will also assist with regulatory compliance and auditing. Only by 

undertaking this procedure will enterprises be able to properly secure data, as you cannot defend what 

you cannot see. This exercise of data discovery is a deliberate attempt to known the unknowns within 

the total data environment. 

Data is a highly mobile and dynamic asset that crosses traditional boundaries of on-premise and in the 

cloud. Often it’s a hybrid approach, existing somewhere in both environments. This situation requires a 

security strategy that prioritizes the data instead of access to it or the borders around it. The only solution 

is to protect the data itself and not just the perimeters around it. This data-centric approach to security 

focuses on the focal point that criminals are striving to attack, removing the incentive for cybercriminals 

if the data is protected and ultimately worthless to them because it cannot be leveraged. 

Protecting PII 

But how can businesses look to deploy data-centric security to their advantage? The most widely 

accepted solution when it comes to data-centric security is tokenization. In plain terms, tokenization 

replaces PII data with a substitute representational token. This means that protected tokenized data is 

still available for analytical purposes and other aspects of corporate workflows, but in the wrong hands it 

has no discernable meaning and thus no value, and as it cannot be transformed into plain text it means 

that even if this data were misplaced or mishandled then the pseudonymized data would not be 

considered punishable under CCPA. Regulatory compliance is still met. 



Tokenization also allows businesses to protect data upstream, allowing downstream applications and 

systems to inherit protection and close security gaps across the enterprise. Referential integrity means 

the protected values can be used for analytics without the need to de-protect the data, passing all system 

and validity checks across the system. This condition helps to meet another best practice in data security, 

which is to avoid de-protecting data as much as possible. 

Currently, organizations spend considerable money in order to reduce risk, be it in the form of endpoint 

and mobile protection, cloud security, app security, or network defense. These traditional perimeterbased 

security methods only protect against known attack vectors, meaning that it is impossible to totally 

prevent data breaches and mitigate this threat with current piece-meal security approaches. In fact, 

further benefits of deploying data-centric security, and in particular tokenization, include the clear return 

on investment capabilities. This approach to security offers more comprehensive coordination when it 

comes to complying with industry regulations. Indeed, for PCI DSS, such an approach can save 

thousands or even millions in audit costs and time. Furthermore, where data protection is considered 

your responsibility (and this is always the case with data your process and store in the cloud), data-centric 

security offers peace of mind by protecting against data breach or loss of data. 

For security teams struggling to enact digital transformation, trying to ensure network agility, and laboring 

to prevent embarrassing data breaches, data-centric security is a promising solution. It’s also one that 

can be deployed in weeks rather than months or years, without modification to existing applications and 

workflows. So, what’s stopping you from taking the fundamental step of protecting your data with datacentric 

security? 


Trevor J. Morgan is responsible for product management at comforte AG 

(https://www.comforte.com/, where he is dedicated to developing and 

bringing to market enterprise data protection solutions. He has spent the 

majority of his career in technology organizations bringing to market 

software, hardware and services for enterprise and government 

customers. Trevor has held senior-level, lead positions in sales 

engineering, product management, software architecture and product 

marketing in companies like Cisco, Capital One and Ciena. He holds a 

Ph.D. from Texas Tech University and a bachelor’s and master’s from 

Baylor University. 

Trevor can be reached online at https://www.linkedin.com/in/trevor-jmorgan-ph-d-8b663515/ 



Zero Trust Remote Access for Engineering Teams 

By Colin Rand, VP of Engineering, Banyan Security 

Engineering organizations present numerous challenges for security programs when it comes to remote 

access. They need secure access to dynamic hosts, services, and applications to productively do their 

jobs. The infrastructure these teams require is varied, ranging from external SaaS to internally hosted 

web services for wikis, git and build servers, various TCP services such as SSH and RDP, as well as 

database access and recently a huge wave of Kubernetes. These services are complex and often 

undocumented, especially as projects are under active development before they reach production 

environments. Securing these critical R&D assets arguably makes an Engineering org the most 

challenging department that InfoSec teams have to manage. 

VPNs, falling short of today’s security requirements with their “one size fits all” strategy, are often at the 

core of serious usability, manageability, and security issues. 

Let’s look at an infrastructure example. Most organizations use a sequence of VPNs, Bastion hosts, and 

firewalls to manage network connectivity from user to server. Then, they use some combination of 

directory services and authentication managers to manage credentials so the user can authenticate into 

the server itself. Lot of moving parts, lots of available attack surface for the bad guys, and this is but a 

single use case. 



Lately, Zero Trust is all the buzz, and for good reason. With a Zero Trust security posture, the user and 

device are explicitly authenticated and access is granted only for the specific server (without broad 

network access). By leveraging the organization’s IDP for authentication and issuing short-lived 

certificates with the user’s entitlements, connectivity is set up on-demand, eliminating the risk associated 

with static passwords and credential leakage. Real-time trust scoring enforcement allows for dynamic 

security policies that can be customized based on the sensitivity of server environments. 

Let’s discuss some remote access challenges felt by engineering teams that are beautifully solved with 

a Zero Trust solution. 



VPN Challenges 

While access challenges cause pain and suffering to all end users, they can and do present serious 

issues for development teams. And, engineers, being smart and loving a challenge, unfortunately often 

work around those issues. Take these two anecdotes from a veteran engineering leader that highlight 

what goes wrong in the pits of engineering when remote access fails us – I suspect you’ll recognize the 

themes. 

In one particularly locked-down engineering environment, developers had no access to production, no 

development environments were accessible without a VPN, etc. An enterprising developer who wanted 

to do some prototyping work from home decided that the VPN was too troublesome, so of course the dev 

just copied “his” source code, uploaded it to Google drive, downloaded it onto his personal workstation 

at home, and... you can see where this is going. The lesson – the desire to be productive was treated as 

more important than pesky security policy and a big security hole was created as a result. 

Another time an engineer, having heard about new policies coming he didn't want to deal with, set up his 

own private bastion host in production. Of course, he didn't tell anyone, and soon after ended up leaving 

the company’s employment. Later, over drinks with a former colleague, he reminisced about what he had 

done, laughing about how they could still get into production anytime they wanted. 

No More Excuses 

Different teams have different remote access needs. All security teams think through the process of what 

resources are being protected, their sensitivity, and what is at risk of misuse. They have sophisticated 

means for analyzing risk profiles, but suffer with a blunt tool for handling the needs of the modern “remotefirst” 

engineer. These design decisions become tradeoffs for what work needs to be done – criticality and 

time sensitivity of task vs. the risk that is introduced. Yesterday we were concerned about 'where' the 

work needed to be done. Today that is irrelevant, it's anywhere and everywhere. 

Engineers are Engineers, right? 

Go into a modern software engineering organization and you will see many teams and activities being 

performed. To name a few: 

• Site Reliability Engineer (SRE) 

• DevOps 

• Apps & Services 

• QA/Test 

• Data Engineering 

• Data Analytics 

Each team needs to be reviewed from a security perspective to determine what is the least privileged 

access that they need to perform their roles. Each needs their resources protected, their devices secured, 

and their identities validated. Once confirmed, they can perform their critical work. Safety first! 

If only it were that easy. Each team has many similarities at a high level, but get into the details and their 

needs begin to diverge, often widely. 

What is different about them? 



Let's look at what's the same. They all have a wide assortment of 'things' they need to access that require 

protection. These 'things' include various TCP services (SSH), web apps and APIs (internally hosted or 

in the public cloud), SaaS, and oh yeah, throw in Kubernetes too. 

The type of access each team needs is quite different. Perhaps your SRE needs access to production 

environments to see why a load balancer is misbehaving, but does the on-call developer supporting them 

also need this access? The DevOps team wants access to the build and development tools, such as the 

git and build servers, plus cloud environments, but should they have full access to production? 

Another team, QA, needs to replicate issues found in production in production-like environments. They 

may need access to the hosts the services run on, or perhaps the databases themselves. But do they 

get access to the build tooling? What if the QA team is a subcontractor? 

Each access decision requires discussion and design. What was previously one size fits all now works 

for none. 

When thinking about the design, fine grain controls need to be implemented for each team, considering 

the sensitivity of the activity. Is production access needed, or is production data needed but not the rest 

of the infrastructure? The traditional hard boundaries of physical networks are now messy. 

Let's look at a data engineering scenario. A production warehouse will have collection, aggregate, and 

analysis workloads. This might be implemented as a combination of cloud infrastructure, 3rd party SaaS 

tools, and internally-developed applications. When a new engineer is onboarded, security factors to 

consider with regard to access control include whether their device is compromised, or if their disk is 

encrypted or not. Do you want to allow the engineer do a pull of sensitive data onto such a device, not 

knowing the state of its security? Perhaps a better path is allowing them to access a reporting UI from a 

personal device, but no data-level queries can be run. That might be a good alignment of risk vs. task 

disruption. 

Each team has its own ecosystem of tools, each with its own quirks. (It's all software built on software 

after all.) Each time a different remote access strategy is involved, the engineer gets frustrated as more 

security workarounds are deployed, making for an increasing fragile system that is more cumbersome to 

use. Want to eliminate shared passwords on that internally-hosted service that doesn't have SAML 

support? Want to make sure a particular API is accessed only by devices that are deemed secure? 

Oh, and don't forget about handling contractor/third-party access. Or offshore teams. Or compliance… 

Is it easy? 

Is security easy? No. Is achieving “Zero Trust” easy? Certainly not at the boil-the-ocean level, but the 

good news is that a value-adding project with some sensible constraints is totally achievable. And doing 

so results in scalable identity-based access that factors in device health and security. 

Step one is coming to grips with the challenge and deciding now is the time to take it on. Secure remote 

access platforms, like Banyan Security’s Zero Trust Remote Access Platform, exist that allow you to 

easily introduce zero trust, least privilege access in a consistent way across differing resources and 

heterogeneous infrastructure. Security dramatically improves. Usability, now consistent, becomes easy 

to the point of transparent. 



My recommendation is to tackle a small project, perhaps just a few SSH hosts, maybe GitHub, or perhaps 

just getting better visibility into your devices. Understanding the challenge is the first step on the path and 

nothing beats a little hands-on prototyping. 


Colin Rand is the Vice President of Engineering at Banyan Security. 

He has extensive experience in engineering leadership and product 

development working at a wide range of enterprise startups to latestage 

and enterprise companies. Most recently Colin helped 

transform Delphix from an on-premise data management appliance 

to create their first SaaS offering with an integrated product strategy 

to create a hybrid platform. Before then, he led the platform initiative 

for Lookout, a BeyondCorp mobile security company, managing 

data, identity, and security services for ML-based mobile threat 

protection. Colin’s wide experience brought him through Salesforce, 

AKQA (creative agency) as well as his own startups in NYC. Colin 

began his career as a hands-on developer after studying computer 

engineering at the University of Michigan. 



Cryptocurrency Ransomware Is on The Rise During 

COVID-19 – Here’s What Businesses of All Sizes Need to 

Know About Dealing with Attacks 

By Marc Grens, Co-Founder & President at DigitalMint 

Crypto-related ransomware attacks are on the rise, and the pandemic has only hastened its propagation. 

For example, from 2018 to 2020, ransomware attacks have increased by 200%. Yet during the COVID- 

19 pandemic alone, from January to May of 2020, ransomware attacks have grown by 900%. This is not 

surprising with the rise and vulnerabilities of remote work and individuals mixing their professional and 

personal lives online. 

Ransomware is a common cybersecurity threat facing a wide variety of industries, from public entities 

like government agencies and healthcare organizations, where confidential data storage is critical, to 



financial services and even manufacturing. Worse yet, a federal cybersecurity advisory committee has 

warned of an increased cybersecurity threat to hospitals even while dealing with the pandemic. 

These types of attacks do not discriminate based on company size either. Small and mid-size businesses 

are at as much risk as large companies. And it is all only going to get worse in 2021 as technology 

continues to improve and advance. Hackers have become more emboldened and brazen, and 

unfortunately, some businesses continue to lag behind in cybersecurity precautions. Based on all this 

information, it is worth considering what steps leaders can take to deal with crypto-related ransomware 

attacks. 

Cryptocurrency Ransomware Attacks: What You Can—and Should—Do 

There are some steps you can take to either avoid a ransomware attack or, at the least, handle it with 

minimum damage to your company’s reputation, data, and fiscal health. 

1. Train and educate employees about ransomware and how to avoid it—If your IT Department 

does not already have a set of cybersecurity training modules in place, consider building out a 

comprehensive program to educate employees about ransomware. Be sure to update the program 

regularly, as new developments in cybersecurity are rapid. In addition, stress to all your employees how 

serious ransomware can be. 

2. Know that paying the ransom is a last-resort option—While there are plenty of ways to recover 

losses and deal with the ransom, such as employing companies like DigitalMint, who have used their 

cryptocurrency and financial networks to help them settle cases with ransoms as high as more than $10 

million in the past, you should know that in general, paying the actual ransom is the last resort. You 

should not immediately pay it without considering your other options and seeking professional technical 

advice to determine the damage that may have been done 

3. Hire a reputable cyber incident response firm with technical expertise —Once attacked by 

ransomware, remain calm and hire a reputable cyber incident response firm. They need to analyze the 

situation, assess the damage, understand how much data has been released, and advise you on how to 

proceed. This will not only include determining a strategy for handling the current ransomware issue, but 

it also will include remedying vulnerabilities in your system to prevent future attacks. 

4. Avoid conflicts of interest—This is very important, possibly the most important point: avoid 

conflicts of interest, especially when dealing with the cryptocurrency ransom itself. There should be a 

clear separation of the cyber incident response firm and cyber settlement financial services organization 

that acquires the cryptocurrency. It would be best if you chose a separate partner for each role in the 

process because a cyber incident response firm that also deals with the financial payment side of things 

might have a conflict of interest that prevents them from doing the best job for you possible under the 

circumstances. 

For instance, perhaps the cyber incident response firm knows how to get your data back without paying 

the ransom; if that consultant also handles your business's potential cyber settlement cryptocurrency 

purchase, why would they want to stop at the cybersecurity consultation step in the process if they are 

incentivized to purchase your settlement? Instead of solving the problem early in the process without a 

ransom payment, your consultant might be tempted to proceed with payment to receive an extra 



commission from you. That is why companies like DigitalMint focus solely on cyber settlement financial 

services, removing any conflict of interest. 

5. Prevent financial red-flags in cryptocurrency transactions—In many cases, especially with 

small and mid-size businesses, fast and large cryptocurrency transactions can be seen as suspicious by 

regulatory authorities and financial institutions. For that reason, you must prevent red-flags with your 

transactions. Doing this includes: 

● Banking transparency with settlements—Make sure your cyber cryptocurrency settlement 

partner company is transparent about its transactions and has a history of always rigorously 

recording documentation of all cryptocurrency transactions. 

● Strong relationship with banks and firms who deal with cryptocurrency—Many smaller 

cryptocurrency settlement companies do not have partnerships with organizations that specialize 

or even deal in cryptocurrency. This is why your cyber settlement partner must already have those 

strong relationships with organizations that handle cryptocurrency transactions. 

● Strong AML (Anti-Money Laundering) and other stringent compliance programs—Your 

cyber cryptocurrency settlement partner must always comply with AML, OFAC, and other federal 

and state regulatory guidelines. Since you are dealing with hackers, it can be easy to avoid 

compliant transactions, but if your cyber settlement partner is in compliance with the Anti-Money 

Laundering Program and other compliance programs, you will not be prone to sink to the hackers’ 

levels of unlawful behavior. 

The Takeaway: Ransomware Does Not Have to Be the End of Your Company 

While it is true that the growing threat of ransomware attacks continues to increase rapidly in the age of 

the COVID-19 pandemic—and has been spiking at an alarming rate even prior to the pandemic, there 

are still some relatively simple steps you can take to prevent or minimize the damage to your company. 

However, if you choose to hire a trusted independent cyber incident response firm, ensure any conflicts 

of interest are mitigated or fully disclosed. 


Marc Grens is the Co-Founder & President of DigitalMint, a trusted 

cryptocurrency ransomware resolution provider that enables clients 

to purchase Bitcoin and other cryptocurrencies to settle ransomware 

incidents. He is a serial entrepreneur with more than 15 years of 

experience in the investment industry. Prior to DigitalMint, Grens held 

senior positions at Charles Schwab, HighTower Advisors, and Alpha 

Strategies. He received his M.B.A. from the Kellstadt Graduate 

School of Business at DePaul University in 2010, and a B.A. from 

Illinois State University. Grens is an active angel investor and serves 

on multiple advisory boards of companies in the Chicago tech 

community. 

Marc Grens can be reached at www.digitalmint.io. 



E-Commerce and Lockdown: The Perfect Storm for 

Cyber Threats 

The impact of lockdowns on cybersecurity 

By Aman Johal, Lawyer and Director of Your Lawyers 

The UK’s National Cyber Security Centre (NCSC) reported that a quarter of all cyberattacks over the past 

year are linked to the pandemic. Action Fraud, the UK’s National Fraud and Cybercrime Reporting Centre, 

disclosed that there have been over 16,300 successful cyber scams with losses amounting to £16.6m 

during the first lockdown period alone. 

Research also revealed that 86% of consumers experienced some form of cybercrime during the 

pandemic as retailers turn to increased e-commerce out of necessity. Action Fraud found that people 

aged 18-26 were the most vulnerable to cybercrime on online shopping platforms, such as Depop and 

eBay, representing 24% of victims. 



The second national lockdown in November pushed the nation back online for four more weeks, which 

served to increase cybersecurity risks once more. Black Friday, which took place on 27thNovember, was 

an additional factor, and phishing attacks reportedly increased by 336% when compared to previous 

years. In 2020, visits to e-retailers were up 35% year on year, inevitably correlating with a surge in 

cyberattacks and the risks that they pose. 

And that is not the end of it. With the Christmas shopping season in full swing, further data has revealed 

that less than half of UK retailers feel that they have adequate cybersecurity measures in place. 45% 

believe that their third-party partners are not prepared either, a matter that has been a point of contention 

in the Ticketmaster data breach which involved a third-party vulnerability and exposed the personal 

information of 1.5 million UK customers. 

The threat is so severe that the NCSC has launched its Cyber Aware campaign in December to educate 

consumers and businesses alike about the online threat posed during the festive season. These 

cumulative factors are indeed a significant cause for concern. The lack of urgency in retailers and 

consumers to protect themselves against cyber threats, in addition to the increasing sophistication of 

hackers already boasting a wealth of practice from the first lockdown, has created a ticking time bomb. 

Data breach: the straw that could break the camel’s back 

It is critical that e-retailers deliver on their responsibility to protect customer data. Failure to do so could 

result in significant legal and financial repercussions. 

The UK’s Information Commissioner’s Office (ICO) has the power to issue significant fines for data 

breaches in accordance with the GDPR. In October 2020, it issued its first two significant fines against 

British Airways (BA) and Marriott, at £20million and £18.4million respectively – although these figures do 

represent a disappointing climb-down from the original intention to fine in the sums of £183m and £99m. 

In addition to fines, businesses in breach of the GDPR may also face significant compensation pay-outs 

for damages. In the case of BA, they could be facing a total pay-out of as much as £3 billion based on 

an average possible claim of £6,000 for each of the estimated 500,000 victims. 

Customer loyalty is also likely to take a hit following a cyberattack; an additional blow that the retail sector 

cannot afford to suffer in 2020. For the UK retail sector as a whole, sales decreased by 19.1% year on 

year during the first lockdown, and it is still struggling to recover. Cybersecurity must always be a financial 

priority for e-commerce platforms, as data breaches can cost far more on average than investment in 

preventative measures. 

Despite a dismal outlook for the retail industry on the whole, consumers who are affected by a data 

breach this festive season should remember that they could be entitled to pursue compensation from the 

responsible party. The power of the law should act as an important deterrent for businesses adopting a 

complacent attitude towards their cybersecurity responsibilities, especially as we continue to see 

worryingly high numbers of cyberattacks with serious implications for millions of people in the UK. 

The surge in cybercrime is unlikely to relent in the near future. With a looming recession predicted for 

2021, businesses may be persuaded to cut their cybersecurity spending. It is essential that this does not 

happen: companies in the e-commerce sector, and beyond, must view cybersecurity as a non-negotiable 

asset. 




Aman Johal, Lawyer and Director of Your Lawyers 

Aman founded consumer action law firm Your Lawyers in 

2006, and over the last decade he has grown Your Lawyers 

into a highly profitable litigation firm. 

Your Lawyers is a firm which is determined to fight on behalf 

of Claimants and to pursue cases until the best possible 

outcomes are reached. They have been appointed Steering 

Committee positions by the High Court of Justice against big 

corporations like British Airways - the first GDPR GLO - as 

well as the Volkswagen diesel emissions scandal, which is set to be the biggest consumer action ever 

seen in England and Wales. 

Aman has also has successfully recovered millions of pounds for a number of complex personal injury 

and clinical negligence claims through to settlement, including over £1.2m in damages for claimants in 

the PIP Breast Implant scandal. Aman has also been at the forefront of the new and developing area of 

law of compensation claims for breaches of the Data Protection Act, including the 56 Dean Street Clinic 

data leak and the Ticketmaster breach. 

Aman can be reached online at LinkedIn and at our company website: https://www.yourlawyers.co.uk/ 



Communication Streaming Challenges 

By Milica D. Djekic 

As it’s well-known, there are a lot of ways of tracking someone’s e-mail, chat or social media accounts. 

The defense professionals are quite familiar with such methods and those hotspots could be used in 

order to discover the new suspicious activities in cyberspace. So many transnational and terrorist groups 

use account tracking to stay updated about someone’s actions in the virtual domain. The main trick with 

the network traffic is that the data are put into packets keeping so sensitive information about the payload 

and routing information. In other words, those packets can travel from device to device relying on so 

critical communications infrastructure. If computer breach and account tracking are well-known ways of 

obtaining the sensitive content, it’s quite clear there are more critical points in the data exchange and 

storage. For instance, if anyone would want to avoid the challenges of servers, datacenters and endpoints 

breaches that person could try to do some communications tracking in order to catch the information on 

their way on. In so many cases those contents are under the key and there must be invested some effort 

in order to decrypt the message and make it being readable to everyone. In the modern time, so many 

communications channels have begun their life path as defense products and today they are fully under 

the commercial usage. Anything being widely accessible has the counter-system in order to remain under 

the control of its creators. Apparently, no one will develop the solution that works on its own and without 

being controllable by human beings. Next, the final product can do only what its developers defined it to 

do and it cannot cope without its secret counter-weapon. So, if the e-mail accounts, browsers and social 

media profiles deal with some kind of protection and they are so appealingly commercialized, it’s quite 



obvious those advancements have the reversible systems that make them being manageable. The 

similar situation is with the communications routes that can be tracked using the widespread monitoring 

tools. Even if the packets of their information are well secured they can be transformed into the plaintext 

as there are a plenty of options on the marketplace for such a purpose. 

The devices in network communicate with each other coping with the certain set of rules. First, it’s 

important to understand why communication protocols matter as they are from the crucial significance 

for the traffic enabling and information exchange. In other words, if two devices follow such rules and if 

their talk is accurate or as defined they will get a permission to make a connection with one another and 

do some data transfer. Logically, those information are the part of the communication channel and in both 

– policing and military – there can be an advisory who can listen to the traffic and re-direct its samples to 

the other machines. We call that operation tapping or streaming. Further, the exchanged information are 

secured with some sort of cryptography and the streamer cannot be confident what all that is about. The 

point is someone can make a breach into the network traffic as it’s possible making a breach into some 

device. On the other hand, when the traffic is streamed there can be a lot of job for cryptanalyst that 

needs to decrypt and analyze once sent content. From a security point of view, this matters for a reason 

communication tracking can be used by the illegal organizations in order to monitor someone’s activities 

on the web. As the consequence of such a campaign we can realize that so many community members 

as well as their infrastructure can be under the risk because the bad guys can come into the possession 

of the confidential information. Across the globe, there are so many network monitoring applications that 

can be applied to do some streaming and with the support of some cryptanalysis efforts reading once 

decrypted messages. Basically, the cryptanalyst is a person who is capable to transform the packets of 

the information into their plaintext form and make them being accessible to the rest of the team members. 

The fact is the cybercrime underworld has always been in position to do such a sort of the operations 

and undoubtedly is the threat to communities, businesses and government assets. It appears the hightech 

syndicates are the real global threat especially if we have in mind, they can be a very dangerous 

weapon in the hands of the rest of criminal and terrorist groups. 

The packet of the information is so complex set of the bits that depending on the 0s and 1s position in 

the array can mean a lot in the machine language sense. The two basic parts of the data packet are the 

payload and routing information that respectively cope with the message itself and the tracking path the 

packet must pass in order to be delivered from the starting point unless the final destination. The common 

type of the cryptography is end-to-end encryption or E2EE, so far. That kind of encryption means that the 

main message is ciphered at one device, then packed into the payload bits and finally sent to the 

destinating location. The entire communication network is so huge and very complicated, so in order to 

make the data transmission it’s necessary to get along with some path and prevent the encrypted payload 

getting streamed and read from its traffic route. The routing information or the path bits serve for the 

better packets distribution across the network. The E2EE is one of the best practice approaches in so 

many competitive armies and policing units as it serves for the quite reliable delivery of the messages. 

That sort of cryptography as anything else has its strong and weak sides and as it’s well-known the 

message is encrypted at the initial device and decrypted at the final destination, which means if those 

two devices are under the exposure the enemy can come in the possession of the accurate plaintext. 

Also, if anyone is doing the channeling of the communication asset that person can figure out the accurate 

interpretation of the payload itself. In other words, for the purposes of the good cryptanalysis it’s important 

to deal with the advanced knowledge of computer science and engineering and whatever goes through 

the channel deals with the array of the packet’s bits. If we know the position of each bit in that array we 

can make a choice between the 0 and 1, so – in other words, our chances to make the true guessing are 

half-half. In addition, it’s significant to take into consideration the meaning of ASCII characters that can 

give an opportunity to figure out how the open message could look like. For instance, any sentence within 



the plaintext ends up with some sign of interpunction, so there can be the entire variations of the possible 

decrypted information. In other words, as the E2EE is critical at its endpoints it can be quite concerning 

on its way through from the source to destination as the channel can be tapped and potentially broken 

in. 

In order to illustrate the link encryption, we can use an example of the highway with its entire infrastructure 

that serves in directing the traffic on. The driver on that road must know where he goes and he has the 

permission to rely on the traffic signalization. In other words, the usage of the maps and GPS navigation 

is allowed, but what those all if the driver does not know the pathway. It seems that the link encryption is 

more like sending the packet of the information through the well-protected channel which routing 

information bits are carefully encrypted. The only fining being available at that moment is the information 

about the next stop. So, if it is needed to apply some GPS navigation it’s necessary to go step-by-step. 

In other words, stop linkage information is included as the plaintext and reading so it’s possible to figure 

out where the next station to such a packet is. In so general terms, those stops can be considered as 

hops where the entire packet is decrypted and re-encrypted in order to obtain the information about where 

further the packet should be delivered. The best practice has suggested that the most useful solution is 

the combination of the E2EE and link encryption for a reason the both – payload and routing information 

– are well-protected. That sort of cryptography is known as the super-encryption. The hop is any device 

in the network where once directed traffic can go and it can be the router, modem or server. The hop is 

also so sensitive point in the network because the hackers can identify that part of the IT infrastructure 

and try to attack the place where decryption of the packet itself takes place. That is especially the huge 

risk in case of the network monitoring for a reason the bad guys can find and exploit the places where 

the plaintext is widely accessible. In other words, the ongoing cyber criminals are extremely skillful 

individuals with the exceptional technical brightness that are capable to discover any weakness in the 

system and take advantage over so. The mix of the E2EE and link encryption gives the safer environment 

for data transport, but it’s still vulnerable to the high-tech attacks and campaigns. 


Milica D. Djekic is an Independent Researcher from Subotica, the 

Republic of Serbia. She received her engineering background from 

the Faculty of Mechanical Engineering, University of Belgrade. She 

writes for some domestic and overseas presses and she is also the 

author of the book “The Internet of Things: Concept, Applications 

and Security” being published in 2017 with the Lambert Academic 

Publishing. Milica is also a speaker with the BrightTALK expert’s 

channel. She is the member of an ASIS International since 2017 

and contributor to the Australian Cyber Security Magazine since 

2018. Milica's research efforts are recognized with Computer 

Emergency Response Team for the European Union (CERT-EU), 

Censys Press, BU-CERT UK and EASA European Centre for 

Cybersecurity in Aviation (ECCSA). Her fields of interests are cyber 

defense, technology and business. Milica is a person with disability. 



Anatomy of a hack – Solar Winds Orion 

Nation State hacks major IS Software vender 

By James Gorman, CISO, Authx 

What happened when one of the leading IT support venders in the world, leading government agencies 

the world over and up 18,000-33,000 1 companies running the affected version (2019.4 HF 

5 and 2020.2 with no hotfix or 2020.2 HF 1) 2 of SolarWinds Orion software. 

What happened. 

1) The threat actor – indicated to be a nation state in Microsoft’s Threat Intelligence Center’s 

release 3 - was able to compromise the update process for Solar Winds and imbed a trojan horse 

that allowed the attacker to gain administrative access to the network. 

2) Using the acquired administrative access the intruder used a lateral attack to gain access to the 

certificate signing credentials of the organization. This allows the attacker to generate “reallooking” 

credentials to continue to move throughout the organization. 

3) Using the now trusted yet hacked credentials, the attacker then takes stock of what else they 

have access to in the organization, on-premise and cloud based. This is because they have 

access to seemingly valid credentials and are not flagging most alerts looking for unusual login 

failures. 

4) Once the attacker has access to a Global Administrator’s account or its trusted certificate, they 

use that to impersonate the admin, they essentially have the keys to the kingdom and can 

1 

https://www.sec.gov/ix?doc=/Archives/edgar/data/1739942/000162828020017451/swi-20201214.htm 

2 

https://www.solarwinds.com/securityadvisory 

3 

https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/ 



create new global admins, add them to existing services and or create new services and then 

go after API access to the organization. 

What has been reported is that once this particular hacker gets access to the global administrator they 

keep the malicious programs – Malware - to a minimum and used remote access to move through the 

enterprises and take over code repositories, trade secrets, MS Office 360, Azure Active Directory, 

essentially every system that relies on federated access and authentication. The list keeps growing of 

who was hacked and it is a veritable who’s who of what a Nation State actor would want – US State 

Department, Pentagon, Department of Homeland Security, National institute of Health and others, as 

well as many private firms 4 . While many of the known targets are the “big guys” if you use Solar Winds 

Orion assume you are compromised. 

If you use Solar winds Orion assume you are compromised, take it off line, upgrade and contact 

SolarWinds. https://www.solarwinds.com/securityadvisory 

If you are a CISO or security professional, you should know that in this hack you could do everything 

right and still have been vulnerable. You could have anti-malware tools running, login restrictions on 

sensitive systems, monitoring of the failures, all the things you would do in a traditional defense in 

depth environment. Because you trusted your supply chain and one of the largest and most trusted 

names in network monitoring and management was breached and you are now vulnerable and 

probably compromised. 

You could have done everything right and still been compromised! This is the lesson to learn 

here all you can do is mitigate and minimize the damage done. Some hackers are very, very good 

and your security is only as good as your weakest link in your supply chain. It could be one of your 

largest and most trusted IT suppliers that are the avenue of attack. You have to trust and verify 

everyone. 

So what is a person to do if they are or are not compromised? There are some things that had they 

been in place cold have mitigated or limited the damage due to the internal spread of this particular 

hack. We still do not know how the development/release system at SolarWinds was compromised – I 

for one am looking forward to seeing how that happened. 

What to do now that we know what we know – 

1) Update your software frequently – this is still the best way to keep known vulnerabilities at bay. 

Don’t let this supply chain hack scare you into not keeping your systems up to date. It is one of 

the most basic principals in Cybersecurity – path your systems 

2) Use updated antivirus systems that are quickly updated to mitigate this attack. 

4 

https://news.yahoo.com/solarwinds-orion-more-us-government-131005599.html 



3) Monitor your network and systems for anomalous behavior – Look for multiple power shell 

access to Active Directory from the same machine. Especially privileged sign ins. 5 

4) Look for adds to your federated services, use best practices for securing your AD FS services. 6 

5) Use whitelists for access to your sensitive network segments – block outbound traffic except 

what is needed for vital business processes on your trust segments. This blocks the trojans 

access to its home Command and Control (C2) servers where the hackers then get access to 

your environment. 

6) Use hardware based tokens (HSMs) for SAML signatures. 

7) Alert and verify as authorized new access credentials on OAuth applications and 

8) Reduce attack surface by removing applications and service principals that are not needed on 

your systems. Make sure you are logging the service principal access and look for anomalies. 

9) Use multifactor authentication with Biometric factors for all log ins. 

Authx https://authx.com is a prime example of how to verify who actually has access to your 

systems. It is a multifactor authentication mechanism that uses biometrics – face, finger, palm or 

one-time pad to give additional validity to the user access experience. Authx or another would have 

limited the ability for lateral movement and the persistence of this or most imposter credential 

attacks. 


James Gorman CISO, Authx 

James is a solutions-driven, results-focused technologist and 

entrepreneur with experience securing, designing, building, deploying 

and maintaining large-scale, mission-critical applications and 

networks. Over the last 15 years he has lead teams through multiple 

NIST, ISO, PCI, and HITRUST compliance audits. As a consultant, he 

has helped multiple companies formulate their strategy for compliance 

and infrastructure scalability. His previous leadership roles include 

CISO, VP of Network Operations & Engineering, CTO, VP of 

Operations, Founder & Principal Consultant, Vice President and CEO 

at companies such as GE, Epoch Internet, NETtel, Cable and 

Wireless, SecureNet, and Transaction Network Services. 

James can be reached online at (james@authx.com, https://www.linkedin.com/in/jamesgorman/ , etc..) 

and at our company website https://authx.com 

5 

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-all-sign-ins 

6 

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs 



Cybersecurity Maturity Model Certification (CMMC) 

It is not about compliance, or is it? 

By Carter Schoenberg, CISSP & CMMC Registered Practitioner Vice President – 

Cybersecurity SoundWay Consulting, Inc. 

As of the date of this publication, new requirements for U.S. Defense Contractors are in play. The days 

of taking an approach addressing cybersecurity requirements in the form of, “it doesn’t apply to me” are 

officially over. In case you missed it, there are four letters that should have you standing up and taking 

notice (CMMC). To start with, what exactly is CMMC? The Cybersecurity Maturity Model Certification 

(aka CMMC) is a new and comprehensive framework that will dictate future awards made by the U.S. 

Department of Defense. This framework is managed by a non-government entity known as the CMMC 

Accreditation Body (AB) and fully supported by the highest levels of the U.S Department of Defense 

(DOD) Leadership. 

Starting back in 2017, requirements to meet 110 security controls described in the National Institute of 

Standards and Technology Special Publication 800-171 “Protecting Controlled Unclassified Information 

in Non-Federal Systems and Organizations” were included in formal solicitations under the Defense 



Federal Acquisition Regulation (DFAR). Unfortunately, procurement officials generally highlighted this 

requirement with a single sentence in solicitations and relied upon self-attestation. Since that time, the 

F35 Strike Fighter technical designs, Naval defensive electronics on sea vessels, and arguably the 

largest release of malware created for offensive operations by the National Security Agency have all 

been compromised due to poor cyber hygiene by U.S. Government Contractors (GovCons). 

Regardless if we like it or not, the U.S. Government is justified in taking the position “enough is enough” 

and now forcing all, let me say that again,…”ALL” GovCons seeking work with the DOD to demonstrate 

adequate cyber hygiene. These efforts are spearheaded by Ms. Katie Arrington. As described by Ms. 

Arrington, the Government is taking a crawl, walk, run approach towards formal implementation of 

CMMC. CMMC has five levels of maturity starting with Maturity Level 1 equating to being able to 

demonstrate 17 practices (security safeguards) are implemented. Starting around June 2021, it is 

estimated 15 contracts will be issued impacting 1500 GovCons and this will ramp up to all engagements 

no later than FY2026. This is all contingent upon formal adoption within the DFAR. 

To make matters even more interesting is that the interim DFAR ruling explicitly states as of December 

1, 2020, a large number of GovCons have to immediately report their current status towards conforming 

with NIST SP:800-171 to the Government. If the level of accuracy for self-attestations seen previously 

is any indicator, there is a likelihood that GovCons may be inclined to fudge the results because who at 

the Defense Department is really going to police the results, right? WRONG! Misrepresenting the results 

has two significant consequences. One adverse consequence is defined by industry stakeholders and 

one is being overlooked. The first is what is known as a False Claims Act. This is actually a criminal 

investigation under the direction of the Justice Department and targets individuals (CEOs, Boards of 

Directors). The second is under the Federal Trade Commission (FTC) as a TITLE 15 violation for an 

unfair and deceptive business practice and can result in heavy financial sanctions. 

The Government is socializing their goal is not to make a compliance mandate but rather to foster the 

adoption of actual cybersecurity best practices in a way that enhances the GovCon. Regardless if you 

are Maturity Level 1 or even Level 5, two forms of objective evidence will be required for proof of adoption 

of the practices and processes defined within CMMC. Sounds a lot like a compliance initiative. Instead 

of using the term “audit” the term “assessment” is the CMMC nomenclature. 

If you have been through a FISMA, CMMI, ISO, PCI or other audit where objective evidence is required 

for proof of meeting the standard, this exercise is academically no different. There is one caveat to that. 

Once Maturity Level 3 is applicable (GovCon receives or creates CUI), then simply having safeguarding 

controls and appropriate policies & procedures is not enough. It is incumbent on the GovCon to 

demonstrate they are all “managed”. What does that mean though? Think of it as “operationalizing” these 



est practices into your core business daily operations. From here, you advance to Maturity Level 4, 

requiring everything from Levels 1-3 plus being able to demonstrate everything is “Reviewed” at least 

annually. Then at Maturity Level 5, you must be able to demonstrate your organization is optimizing the 

aforementioned practices and processes. 

If you are already ISO 27001 certified, congratulations – it is no longer enough. If you are CMMI Level 3 

Certified, congratulations – it too is no longer enough. What about FedRAMP? That too is no longer 

enough. 

To date, the DOD is stating that having your formal certification is not required to bid, just required at time 

of award. The Government and the CMMC-AB estimate you should allow yourself a 6-month window to 

prepare for Maturity Level 3 and higher. Having performed almost 40 of these types of assessments for 

Government and Industry, GovCons would be wise to project an 8 to 10-month runway. These 

presumptions are also problematic because the average award timeline is approximately 120 calendar 

days. Even if the 6-month preparation estimate is correct, that still leaves a delta of two months. This 

essentially means a failure to have certification prior to submitting your proposal for Maturity Level 3 and 

higher will likely result in somebody else receiving the award. 

For GovCons that are micro-size entities with home-based offices, you should consider the strong 

likelihood that your home will actually be inspected even at Maturity Level 1. For more details on what 

assessors will look for, please click here. 

It is important to note that if you are a GovCon you should: 

• Take immediate steps towards CMMC preparation at Maturity Level 1 with an understanding you 

may likely be required for Level 3 rating within a year or so. 

• Carefully review the specifications of the requirements in CMMC. 

• Do not take the position of believing you are in good shape because your IT guy told you so. 

• Do not take the position this framework will go away with the new administration. 

• Do seek out Registered Provider Organizations that have licensed Registered Practitioners 

authorized by the CMMC Accreditation Body. 

• Understand this framework is a work in progress and will continue to evolve as the cyber threat 

landscape evolves. 

One last noteworthy point is that there are a number of industry stakeholders continuously trying to find 

fault with the CMMC-AB and Ms. Arrington. Taking this approach is like waving at the train when it has 

already left the station. ALL ABOARD! 




Carter Schoenberg is the Vice President of Cybersecurity at SoundWay 

Consulting. Carter has over 20 years’ experience supporting Government 

and Industry stakeholders and is a subject matter expert on the 

Cybersecurity Maturity Model Certification (CMMC), cyber investment 

strategies, reducing organizational exposure to harm by cyber liabilities. 

His work products have been used by DHS, DOD, NIST, and the ISAC 

communities. 

Carter can be reached online at 

c.schoenberg@soundwayconsulting.com and through 

www.soundwayconsulting.com or the CMMC Marketplace 



Businesses Should See Security as An Enabler of Digital 

Transformation, Not A Hindrance 

A distributed workforce has renewed the importance of security for all aspects of organizations’ technology estates 

By Matt Gyde, CEO, Security Division at NTT Ltd. 

The pandemic has put a spotlight on cybersecurity issues as businesses have moved to a distributed 

workforce model. Many businesses found it difficult to move with agility to provide employees with the 

devices and network infrastructure needed to operate and communicate seamlessly when COVID-19 first 

hit. 

In fact, according to NTT’s 2020 Intelligent Workplace Report ‘Shaping Employee Experiences for a 

World Transformed’, in many cases, employees have been left to use their personal devices and 

applications, increasing the risk of security vulnerabilities. Additionally, only 46.4% of global businesses 

surveyed for the same report claimed they increased their IT security capabilities to keep their 

organization and employees secure. 

The rise in nefarious threats during the pandemic is clearly outlined in NTT’s Global Threat Intelligence 

report as hackers seek to exploit the coronavirus-related panic. Attacks have included informationstealing 

malware built into a fake World Health Organization (WHO) information app, while phishing 

emails have offered in-demand items including face masks, hand sanitizer and Coronavirus tests. These 

were so bad that the World Health Organization (WHO) called it an “infodemic.” 



Secure by design approach crucial for businesses to protect themselves 

Unfortunately, just like the COVID-19 virus itself, cybercriminals and spies aren’t becoming fatigued by 

its impact on our personal and professional freedoms and prospects, as many of us are. Threat actors 

and organizations are opportunistic and both well-organized and funded enough to ramp up their 

nefarious activities despite the current worldwide crisis. 

This has, in turn, spawned renewed acknowledgment of the importance of security being embedded in 

all aspects of organizations’ technology estates. Whether applications and workloads are running onpremises 

or in a public or private cloud and, irrespective of whether people are working from home, the 

office, or remotely, infrastructure needs to be inherently secure by design and entrenched into every 

aspect of a business’s environment. Security cannot be ‘bolted on’ as an afterthought because it impacts 

both the customer and employee experience. 

Perhaps many organizations have not embedded security in their organization because they see security 

as a hindrance and not a driver of digital enablement. A cultural mind-set shift needs to happen. Security 

helps businesses to deliver transformational technology that enables the best user experience. And it is 

intrinsically linked to the protection of employee data. 

Digital transformation with SASE 

At NTT, we predict in our ‘Future Disrupted: 2021’ report that the concept of ‘secure access service edge’ 

(SASE), a term coined by Gartner, is going to be a mainstream trend in the next 12 months. SASE 

focuses on achieving the best end-user experience in an increasingly SaaS and software-defined network 

paradigm, securing APIs and capitalizing on ‘as-a-service’ scenarios such as firewall-as-a-service or 

CASB-as-a-service. 

In order to start with SASE, businesses will need to truly assess what, and which assets, they need to 

protect, where distributed workloads are running, how their business consumes applications and ensure 

infrastructure is fit for purpose: 

• Assess what, and which assets businesses need to protect: To start, businesses should look 

at data protection. They’ll need to pinpoint exactly what they absolutely have to protect and 

decipher what is ‘crown jewels’ data and information versus what’s not. Then they can return to 

the basics: good operations hygiene and due diligence 

• Understand where various workloads are running: This will mean businesses should look at 

implementing appropriate firewalls and micro-segmentation 

• Consider applications and how they’re being consumed: Importantly, businesses should ask 

themselves how these consumption trends tie back to the platform strategy and related enduser/customer 

and end-point protocols and how are they interacting with various workloads and 

applications 

• ‘Dust-off’ existing network and application security strategies: Businesses should ensure 

that their security strategies are still fit-for-purpose. This will likely include making decisions about 

their path to SD-WAN adoption 

Ultimately, businesses must ensure that cybersecurity protects internal operations and employee data, 

as well as its customers. Today, this means that simply buying ‘point’ security is no longer a viable 

approach – it needs to be baked into system design. 



Businesses must increasingly focus on ensuring that cybersecurity is an enabler, not a hindrance, to 

digital transformation and use the right frameworks and partnerships within the ecosystem to do so. There 

is no more important time than now for the industry to come together to mount a powerful defence against 

an ever-mounting and ever-evolving cyber threat. 


Matt Gyde is the President and Chief Executive Officer, Security Division at 

NTT Ltd. He is leading the security strategy, services and go-to-market 

execution to build the world’s most recognized security business. Matt can be 

reached via his LinkedIn profile at: https://www.linkedin.com/in/matt-gyde/ and 

at https://hello.global.ntt. 



Asset Management, The Weakest Link in Cybersecurity 

Risk 

By Gyan Prakash, Head of Cyber Security / Security Engineering, Altimetrik Corp 

Summary 

This paper shares the details on limitations of existing asset management solutions for Cybersecurity 

needs and how to enhance the capability of existing asset management solutions that would meet 

enterprise cybersecurity risk needs. Uncover high risk and vulnerable assets to CISOs and senior 

management with data driven automation on near real time basis. 

Highlights the gap in the current asset management solutions and the critical role of Asset management 

solution provides in secure enterprise from advance threats and cyber security risk management. 

Importance of asset management in identifying asset criticality rating or static risk, inherent risk and 

residual risk. 



Cybersecurity risk not only help uncover the critical risky assets but also helps drive the enterprise 

priorities and future enhancements & investment on security technologies 

Introduction 

IT Asset management solutions helps discovers and provide visibility into the assets with regards to every 

IP connected device in enterprise environment. Accurate asset discovery and visibility is one of the critical 

needs to secure the asset. What you see is what you protect. 

Leading research shows that on average companies are blind to 40% of the devices in their environment. 

As a result, businesses do not have a real-time, comprehensive view of all the assets in their 

environment—or know the risks associated with them. 

Assets can be broadly divided into following categories: 

- Endpoint User Devices (Managed Assets & Unmanaged Assets) 

- Production and Non-Production Network Infrastructure devices 

- Enterprise IoT devices (Camera, Printers, Smart TVs, HVAC Systems, Industrial Robots, Medical 

Devices, Physical Security Access etc.) 

ISO 27001 - Information Security Management System (ISMS) certifications requires enterprise to 

identify information assets in scope for the management system and define appropriate protection 

responsibilities. NIST and CIS Critical Security Controls also include asset inventory management as part 

of critical infrastructure security. 

IT Asset inventory management is the basic need of an enterprise and urgency of discovery and visibility 

is not critical, whereas enterprise security primarily rely on accurate and detailed assets visibility on nearreal 

time basis. 



Majority of the enterprise assets are distributed across many different geos, networks such as private 

network, public cloud. With remote work universally acceptable, the near-real time asset visibility and 

management becomes even more critical. 

Traditional Asset Management 

Usually, there Asset management solutions in the market. Agent based on Network scan based and both 

of them plays a critical role in providing Assets visibility. 

Network Scan based Asset Discovery: Network Scan based solutions helps identify / discovery 

devices on the network, the limitations are that network scan must be reachable to all networks, VLANs, 

subnets in the entire enterprise. 

Network based scans are limited to the details discovered over the network. 

Agent based Asset discovery: Agent based solution provides info about the OS and core OS services, 

versions, Middleware services, patches etc. 

Traditional asset management solutions also referred as CMDB (Configuration Management Database) 

are required to meet the IT inventory & asset management need such as asset ownership, cost center, 

supporting patch management needs. These solutions were not designed to keep cybersecurity threats 

and cybersecurity risk management in focus. 

Cybersecurity Dependency on Asset Management 

Before we get into the details on Cybersecurity dependency, it is important to understand definition of an 

asset. Generally, asset is defined as an IP connected device, this usually works fine but has challenging 

in managing serverless assets. An application consists of group an assets. 

The exponential increase in the number of assets be it a mobile device or microservices based light 

weight servers, self-mutating server and serverless assets has made the near real-time asset 

management even more critical. The assets distributed over many networks and geos and private and 

public networks. The next generation asset management will be supporting the following capabilities: 

- Provides asset context with regards to network placement & external visibility 

- Binding between assets and applications or micro-services running on the assets 

- Provides asset criticality risk rating 

- Status of security agents on the assets 

- Status of SIEM integration for OS level and application-level logs 

- Correlating each asset with all the known security vulnerabilities either related to OS or application 

or identity & access management or firewall 



- Mapping sensitive data assets (such as PII, PAI or PHR) with each of the servers 

- Continuously track assets against enterprise security compliance 

Since 2019, OWASP has been also reporting Improper Assets Management as one of the top ten API 

Security vulnerabilities across the industry. 

Automate Asset Criticality Risk Rating 

Asset Criticality is the most important factor in understanding the risk of an asset being compromised. 

The asset criticality rating provides the view on the asset risk without any known security vulnerability. 

Any asset in production and non-production environment introduces risk and the risk is related to the type 

of data asset that assets process or handles, exposure of an asset to outside world and how an 

unavailability of assets impacts the business and enterprise services. We can also call this static risk 

that means minimum risk that this asset introduces to the enterprise. 

None of the traditional asset management solutions offers Asset Criticality Risk Rating, hence many 

enterprises rely on generating this asset criticality rating using non-standard and adhoc techniques. 

Asset Criticality Risk Rating What would be impact on enterprise if an asset is unavailable, tampered or 

breached. 

Critical assets are those that are essential for supporting the critical enterprise business needs. These 

assets will have a high consequence of failure, and it must be ensured that such assets of failure are 

avoided. These assets should be identified on urgent basis and more focus should be paid to these 

assets. 



Every organization has a way to identify which applications are critical, which is fairly easy but the 

challenges are mapping each and every asset to these critical applications and doing it consistently on 

real time basis. 

Building an Asset Criticality Rating 

Asset Criticality Risk Rating (ACRR) is foundation of determining Asset Risk. Some of the important 

aspect of building ACRR are following: 

- It must be fully automated and not dependent on user input 

- Provides consistent ACRR and in near real time 

- Provides options for Risk analyst to update the weightage of ACRR 

ACRR Calculation Approach 

In the proposed section, we share details on how CVSS (Common Vulnerability Scoring System) can be 

used for build ACRR. CVSS is an open framework providing characteristics and severity of software 

vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental. 

Our interest is in the Base CVSS. The Base CVSS represents the intrinsic qualities of a vulnerability that 

are constant over time and across user environments and composed of two sets of metrics: Exploitability 

metrics and Impact metrics. 

Exploitability Metrics 

Attack Vector 

Attack Complexity 

Privileges Required 

User Interaction 

Impact Metrics 

Confidentiality Impact 

Integrity Impact 

Availability Impact 

Scope 

For ACRR, we only need Impact Metrics, and we will then find an average Impact for Confidentiality, 

Integrity and Availability across all the key attributes required for generating ACRR. 



ACRR Formula 

The ACRR is based on the CVSS standard used for security vulnerability rating. We extend the same 

the same model to measure the criticality of an application. We will be using the following formula 

ACRR= f(Confidentiality, Integrity, Availability) 

Ci = Average weight of all the Confidentiality Impact for the asset 

Ii = Average weight of all the Integrity Impact for the asset 

Ai = Average weight of all the Availability Impact for the asset 

ISS = Impact Sub-Score 

ISS = (1 -((1-Ci)*(1-Ii)*(1-Ai))) 

ACRR = roundup (min (ISS * 8, 10)) 

The min() function returns the item with the lowest value of the items 

The roundup roundup to zero decimal 

We derived the constant 8 based on iterating with number assets that provide the acceptable risk rating 

score and following Delphi method. 

Mathematical Ranges 

Ci = [0,1] , 

Ii = [0,1] , 

Ai = [0,1] 

ACRR = [0 , 10.0] 



ACRR Rating Scale 

All the ACRR scores will be mapped to a qualitative rating and we will be in line with the industry standard 

CVSS rating scale; 

Rating 

ACRR Score 

None 0.0 

Low 0.1 to 3.9 

Medium 4.0 to 6.9 

High 7.0 to 8.9 

Critical 9.0 to 10.0 

ACRR Worksheet 

We are going to use the following key indicators for our worksheet to demonstrate generate ACRR for a 

given asset. 

Key Indicator Descriptions Possible options 

Sensitive Data Handling The type of data asset This could Personally 

applications or server is Identifiable Information (PII), 

processing. 

PCI Card Data (PCD), 

Personal Health Information 

Application Exposure 

Service Tier 

This represents application 

exposure to type of users and 

network. 

A service tier is indicating how 

critical a service is to the 

operation of your business 

from availability point of view. 

(PHI) etc 

Public Internet, Partner 

Network, Internet Network 

It could be Tier-0, Tier-1, Tier- 

2 and Tier-3. Whereas T0 – 

which is critical service to T3- 

Which is non-essential 

Sensitive Data Volume 

Number of External users 

Volume of data processed by 

the application or the servers 

involved in that applications. 

Number of active external 

users of the applications and 

will also apply to all the 

servers involved. 

It could be block of 100K or 

10K based on business risk. 

1million – 10million 



Development Model This indicated if the 

Application was developed by 

internal development team or 

developed using out souring 

model or mixed 

Hosting Environment This indicates the asset 

hosting environment. 

Internally Developed, 

Externally Developed, Hybrid, 

3 rd Party Product 

Public IaaS, PaaS or 

Kubernetes, SaaS, Private 

Data Center 

Additional key indicators could be used based on risks and threats related to Hosting Environment, 

Number of Admin users etc. 

In next section, we will generate ACRR for a given asset, we are going to use following key indicators 

that helps identify the impact. For each of these key indicators, we are going to assign weightage for 

Confidentiality, Integrity and Availability. The weightage is assigned based on the risk / impact that will 

caused if the asset involved gets compromised. The weightage must be assigned between 0 and 1. The 

lower weight is for low impact and higher weight is for high impact. 

Key Indicator Indicator Value Confidentiality 

Impact 

Integrity 

Impact 

Availability 

Impact 

Sensitive Data PCD & PII 0.7 0.7 Not applicable 

Handling 

Application Exposure Public Internet Not applicable Not 

0.9 

applicable 

Service Tier Tier-0 Not applicable Not 

0.9 

applicable 

Sensitive Data Volume 1million – 5million 0.8 0.8 Not applicable 

Number of external 100k-1m Not applicable Not 

0.7 

users 

applicable 

Development Model Internally 0.2 0.2 Not applicable 

Developed 

Hosting Model Public IaaS 0.6 0.6 Not applicable 

In essence, ACRR determines the impact the business is going to suffer if the asset in question were to 

be compromised. 

Ci = (0.7+0.8+0.2+0.6)/4 = 2.3/4 = 0.6 

Ii = (0.7+0.8+0.2+0.6)/4 = 2.3/4 = 0.6 

Ai = (0.9+0.9+0.7)/3 = 2.3/3 = 0.8 



Ci, Li, Ai are rounded off to 1 decimal. 

ISS = 1 -((1-0.6)*(1-0.6)*(1-0.8)) 

ACRR = roundup(min(ISS * 8 , 10)) 

The Asset Criticality Risk Rating is High. 

Enhance CyberSecurity Risk 

The goal of the asset management solution is to provide the asset attributes or key indicators collected 

using agent and or network-based scans and on consistent basis. The ACRR data does not change often 

but is critical for providing cybersecurity risk. 

Inherent Risk: As we know there are no perfect assets or applications. Any applications or servers on 

an average will have 40-75 known issues that includes vulnerabilities from Network & Infrastructure, 

open-source library, application security vulnerabilities from SAST, DAST etc. 

The inherent risk hugely depends on static risk i.e., ACRR, so it is very important to get the ACRR right 

on consistent basis and through automation. 

Inherent risk can be derived using CVSS methodologies as well and the challenge will be average out 

the exploit and impact across all the known vulnerabilities. Inherent must be done on daily basis and only 

a good automation mechanism with asset management and vulnerability correlation can provide this 

data. 

Residual Risk: Residual risk is what the CISOs are looking for to get an idea on how effective 

Cybersecurity investment has been and how are they protecting the known issues that cannot be fixed 

due to number of limitations. Residual Risk is the risk score after taking consideration of all the security 

counter measure and exploit prevention solution in place. Residual risk are the real threat and risk to the 

enterprise. 




Gyan Prakash is a Head of Information Security at Altimetrik. 

Before joining Altimetrik, Gyan was Global Head of Application 

Security & Security Engineering at Visa from 2016-2020. He 

managed Product Security Architecture and Engineering, 

Application Security & vulnerability management. Gyan also led 

Future of Payment and Blockchain / Crypto Currency research at 

Visa from 2014-2016. 

Gyan has 20+ years of experience in security technologies. He 

has implemented mature DevSecOps at Visa and has been 

consulting with Fortune 500 organizations working to implement 

DevSecOps at scale. Gyan is a technologist and innovator at 

heart, with 250 global patents including 152 granted in the areas of system security, mobile security, 

tokenization, and blockchain. 

LinkedIn: https://www.linkedin.com/in/gyan-prakash-747a8a2/ 

Altimetrik Corp: https://www.altimetrik.com/ 



The Rising Tide of Security Threats in The Industrial 

Internet of Things 

By Don Schleede, Information Security Officer at Digi International 

Throughout Cyber Security Awareness Month in October, many organizations shared their thoughts on 

the state of cybersecurity and reflected on the processes and steps that can improve it. However, the 

discussion largely focused on protecting end users rather than building security into networks and devices 

from a systemic perspective. In addition, through its theme of “If You Connect It, Protect It,” however, 

Cybersecurity Awareness Month has also opened the door to conversations about IoT cybersecurity. 

Most IoT discussions focus on consumer IoT – the smart trend-of-the-moment. That’s not surprising since 

consumer-centric applications and devices are increasingly visible in everyday life and provide that “living 

in the future” feeling that grabs attention. However, industrial and enterprise IoT applications have just 

as many implications – though perhaps slightly less visibly, which means they receive far less attention 

and are less understood. It’s easier to assume that industrial IoT is more secure than its consumer 

counterparts, since those applications are backed by large organizations facing greater security risks. 

However, that’s a mistaken notion: The industrial IoT’s struggle with security remains a challenge that is 

largely unaddressed. 



Understanding the Industrial IoT 

When we talk about IoT, we tend to think of devices and connected “things” – smart TVs, home security 

systems, self-driving cars, to name a few. We rarely consider the resources these “things” rely on or the 

networks that connect them. Yet these systems are underpinned by hundreds – perhaps thousands – of 

connected devices that, when compromised, can have far-reaching consequences. 

To talk about industrial IoT security, we must first understand the types of disruptive security threats: 

• Confidentiality threats – These intrusions expose sensitive or confidential information, including 

the viewing of data in the actual device or the theft/cloning of device firmware itself. 

• Theft of service – Authentication weaknesses or failures create critical vulnerabilities. Upgrade 

features, unlocked without authorization, are also an important threat. 

• Data integrity threats – Unauthorized messages are introduced into a network, or an unauthorized 

party takes control of a device. 

• Availability threats – Denial-of-service (DOS) attacks prevent the device from sending messages 

by flooding it with hostile traffic. 

All of these disruptions can arise through different methods, from reverse engineering, micro-probing a 

chip, or exploiting unintentional security vulnerabilities within a code to exploiting weaknesses in internet 

protocols or crypto or key handling. No matter the source, one thing is clear: We need to know where to 

improve security and how to close those gaps. 

Building security from the ground up 

Our analysis of active devices found that 43% of IIoT devices communicate insecurely. That’s certainly 

far better than consumer IoT devices (98% of which are unsecured), but the reality is that the number is 

still far too high, and the potential repercussions of these lax protocols are serious. From manufacturing, 

transportation, and utilities to healthcare and other industries, organizations must adopt key strategies to 

prevent and mitigate security issues: 

• Security-by-Design: Vendors and customers repeatedly choose lower costs and faster go-tomarket 

options instead of investing the necessary time and effort to design and build top-level 

security into their devices and applications. As vulnerabilities and attacks continue, organizations 

are – at last – beginning to factor in the risks (think: liabilities and compliance issues) caused by 

faulty security settings and inadequate encryption/privacy protection. Security is also gaining 

importance over the long run because it reduces the costs of potential breaches. 

• Device Authentication and Identity: Passwords remain one of the most common forms of 

authentication – and one of the most common ways threat actors penetrate systems. Many 

organizations are opting for multi-factor authentication (MFA) that adds a second layer of access 

protection by requiring additional forms of authentication. From location-based options such as 

an IP address to something the user physically possesses like a phone or a key fob, MFA offers 

flexible controls for easier management and a smoother and faster user experience, while 

improving overall security even for physically dispersed devices. 



• Updates and Upgrades: IIoT devices have much longer longevity than consumer IoT devices – 

as much as 10-15 years. Updating and upgrading the firmware and software for each device 

becomes increasingly challenging as the volume of devices in the field rises. An organization 

cannot just deploy thousands of devices. It must manage them throughout that lengthy lifecycle. 

IIoT leaders can offer centralized device management solutions to help administrators manage 

updates and patches, troubleshoot through out-of-band-management, reconfigure devices, and 

monitor the health of the entire network. This holistic approach provides insight when a specific 

device is at risk and helps them mitigate issues before they worsen. 

• Risk Assessments and IoT Regulations: As we move into 2021, the number of IIoT devices 

will continue to grow, requiring organizations to assess both devices and networks. For security 

professionals, this is already a best practice for all deployments. However, soon it will be the 

standard thanks to guidelines within the NIST’s IoT security framework, legislative and industry 

regulations, and other mandates. This is a move in the right direction and a long-overdue step 

since large swaths of the IoT remain vulnerable today. 

Awareness, Understanding, and Action 

Embedded security is a critical requirement for a growing number of connected IoT applications and 

devices, especially as threats continue to rise. Although, we continue to play catch-up with threat actors, 

we are seeing a gradual shift in the right direction. More leaders understand the need to improve security, 

and new regulations have identified and highlighted a problem that has been lurking for years. It is time 

for IoT vendors, developers, admins, and engineers to make security a top priority. 


Don Schleede is the Information Security Officer for Digi International, 

a Minnesota-based manufacturer of embedded systems, as well as 

routers, gateways, and other communications devices for the Industrial 

IoT. He has 27 years of experience in high-tech security and has been 

with Digi for more than seven years. Earlier, Don held positions as a 

developer, IT Operations Director, and IT Architect. Don can be 

reached online at (EMAIL, TWITTER, etc..) and at our company 

website http://www.mycompany.com/ 



E-Merchants: Secure Your Online Sales from 

Cybersecurity Threats 

By Anthony Webb, EMEA Vice President, A10 Networks 

This year, online retailers pushed the boundaries with “Black Friday” deals in the hopes of improving their 

online sales, thanks to the uncertainty around in-store shopping due to COVID-19, leading many 

customers to make their purchases from the safety of their own homes. As a result, e-commerce 

merchants have witnessed a significant uptick in users and devices connecting to websites than in recent 

years. 

Good Cybersecurity is Crucial 

The good news for e-tailers is that overall sales are expected to grow in the new year. This has added 

importance in a year when many e-commerce businesses have faced unprecedented disruption. 

However, one thing is clear. Online sales will take centre stage. 



However, just as online sales are at the forefront, so should cybersecurity. Retailers aren’t the only ones 

looking to capitalise on the increase in online spending. Shopping seasons offer hackers an opportunity 

to profit as well. We’ve already seen a huge uptick in cyber-threats due to COVID-19. Now, online 

shopping provides cyber-criminals with additional motivation to launch their attacks using some of the 

below tactics: 

Phishing – Phishing and its variants, including spear-fishing and whaling, are email-based attacks that 

leverage social engineering techniques to fool recipients into providing sensitive information to the 

attacker. While spear-fishing and whaling attacks are more targeted than phishing, all three forms attempt 

to get the victim to read the email, click on a link, possibly open an attachment, and ultimately disclose 

valuable personal or corporate information. 

Ransomware – Ransomware attacks seek to extort money from victims by encrypting access to files or 

entire systems until they pay the attacker a ransom, have become increasingly popular in recent years. 

Much of this has to do with the potential to make large sums of money from the ransoms. Another reason 

for the rise in ransomware attacks is the availability of ransomware-as-a-service (RaaS) kits, which are 

inexpensive to purchase on the black market, making it easy for novice hackers to launch their own 

attacks. Phishing emails are the top threat vector to distribute ransomware. 

Distributed Denial of Service (DDoS) – DDoS attacks are designed to stop a computer, server, website, 

or service from operating by flooding it with internet traffic generated by an army of bots called a botnet. 

The tremendous growth in Internet of Things (IoT) devices, many of which are not properly secured, has 

made it easier for attackers to take control of more devices and create botnets. DDoS attacks can be 

especially damaging to e-commerce businesses if customers can’t access their websites to make 

purchases. 

Malware – Malware attacks take many forms including viruses, worms, spam, spyware, and more. Some 

malware threats such as spam are more of an annoyance, while others such as viruses and worms can 

spread across a network infecting systems and negatively impacting their performance and user 

productivity. Similarly, spyware can slow down systems. However, it can also be used to report sensitive 

information such as passwords back to the hacker. 

Injections – Injection attacks such as cross-site scripting and SQL injections are used to exploit 

vulnerabilities in web applications by injecting malicious code into a program, which then interprets the 

code and changes the program’s execution. In other words, it gets the application to do something 

unintended such as alter the behavior of a website or expose confidential data like login credentials to 

the attacker. E-commerce businesses hit with an injection attack could find their customers redirected to 

a fake site which illegally harvests customer information. 

The Consequences of Poor Cybersecurity 

If e-commerce merchants are not prepared to stop malware, DDoS attacks, and other threats, the 

consequences of a successful attack could be the difference between surviving and ceasing trading. 

Here’s what businesses could be facing: 

Lost Revenue – Any downtime to a web server that prevents customers from making a purchase is 

damaging to online sales and can potentially have a severe impact, especially for smaller organisations. 

Data Theft – The increase in online shopping during sales periods is a lure for cybercriminals to launch 

attacks aimed at stealing corporate and customer data. Phishing emails claiming to have information on 

fake shopping receipts, shipping status, and customer surveys are very popular in the run-up to 

Christmas. 

Disruption of Services – DDoS and ransomware attacks can target services that we deem essential. 

E-commerce sites, public utilities, and schools are just a few examples of their victims. Shutting down 

access to a service, even for a short period time, can have major financial and social impacts. 



Damaged Reputation – Damage can extend beyond short-term financial losses and data theft. 

Consumer confidence and brand reputation can quickly erode when consumers have a poor online 

experience. Customers aren’t shy about using social media to express their displeasure. 

Reduced Productivity – It’s not just customers who feel the impact of a successful attack. If employees 

can’t access the applications they need to do their jobs, expect to see a drop in productivity with an 

accompanying rise in undesirable workarounds. 

Steps to Take 

Cybersecurity is an everyday concern. Fortunately, there are some things that organisations can do to 

keep applications, networks, and the business safe from threats, especially during peak online shopping 

periods. 

First, look for a solution that provides DDoS detection and mitigation to ensure services are continually 

available to legitimate users. Hackers have learned how to weaponise IoT devices to launch complex 

multi-vector and volumetric attacks, capable of bringing down application servers and entire networks. 

Second, protect web-based applications with web application firewall (WAF) technology. Outdated 

applications are especially vulnerable to attacks. A WAF will secure them from hackers looking to exploit 

HTTP and web application-based flaws. 

Third, find solutions that meet current and future platform needs. Organisations may not have transitioned 

to the cloud yet, but they’ll likely have some cloud-based apps. They must be sure their solution is ready 

when the company is ready, whether it is moving to a hybrid cloud or multi-cloud infrastructure. And 

finally, continue to educate employees on the need for good cyber hygiene. According to a 2019 IBM 

study, 95% of cybersecurity breaches are caused by human error. 

With this shift to online a potentially permanent one, e-commerce merchants should expect these 

sustained levels of activity going forward. Therefore, it’s imperative that e-commerce businesses secure 

applications, servers, and networks from cyber threats at all times. 


As VP EMEA, Anthony Webb is responsible for managing and growing 

A10’s sales operations, as well as leading the company’s sales and channel 

strategy across the region. Before joining A10, he served as vice president 

EMEA of Ixia Technologies, focusing on maintaining Ixia’s position as the 

leading provider in network testing while driving their leadership status in 

network visibility. Prior to joining Ixia, he held positions at the vice president 

and managing director level for Juniper Networks, running sales 

organizations across EMEA and in the UK. In 2000, he joined Cisco as sales 

manager for service provider and enterprise verticals in the UK, before 

serving as enterprise sales director emerging markets with Cisco in MEA, 

then collaboration sales director emerging markets. He left Cisco in 2011 to return to the UK. 

Anthony can be reached online at (awebb@a10networks.com) and at our company website 

https://www.a10networks.com/ 



The Privileged Credential Security Advantage 

By Tony Goulding, Cybersecurity Evangelist at Centrify 

Over time, a causality has emerged that accounts for the majority of security risks for enterprises: 

privileged accounts lead to data breaches. So much so that the majority of breaches (over 67 percent) in 

2020 were caused by credential theft. 

Organizations that prioritize privileged credential security have an advantage over their peers by ensuring 

their operations are more resilient to data breaches. However, there’s a gap that continues to widen 

between those guarded against a breach and the numerous others that aren’t. 

Many have paid attention and embraced the warnings and guidance from analysts, press, and vendors 

that called for implementing privileged access management (PAM) security controls to mitigate the risk. 

The question is, did you go far enough? 



IT Automation Software and the Attack Surface 

As it relates to privileged accounts, the attack surface can be enormous and very diverse. Reducing this 

attack surface is a primary objective. However, for many organizations, the first – and often, only – focus 

is on the human administrator and their privileged activities. 

Let’s visit another slice of this attack surface that often flies under the radar. Your mileage may vary, but 

this risk can be just as significant, if not more so. It’s the use of privileged accounts by IT automation 

software; tools commonly found in IT service management (ITSM), IT operations management (ITOM), 

and continuous configuration and automation (CCA) platforms, such as asset discovery, vulnerability 

scanning, and software orchestration. 

For example, you may use one tool to scan the network for systems and analyze each one looking for 

exploits, vulnerabilities, and misconfigurations. And another tool may help you maintain a single system 

of record for your IT assets by conducting an inventory of each system, feeding results into different tools 

to show applications, infrastructure, as well as service relationships and dependencies. On top of these, 

a different tool from a different vendor may be helping you control your IT infrastructure, job scheduling, 

and inventory management. Like the others, it needs administrative access to IT infrastructure. 

In common, they all need to log into IT systems via SSH or WinRM to run commands and scripts with 

privileges and obtain system-level intelligence. 

Therein lies the risk. 

Externalizing Credential Management 

By default, IT configures these privileged account IDs and passwords statically within the tool. Let’s be 

clear about what this means. You’re entrusting the keys to every IT system, on-premises and perhaps in 

the cloud as well, to an application whose core strength is not identity and credential management. Not 

only that, IT must manually configure dozens or even hundreds of credentials in the tool. Multiply that by 

the number of tools requiring privileged accounts, and the lights never go off for IT. We haven’t even got 

to password rotation. 

Thankfully, several leading vendors in the space have recognized this. As an alternative, most allow IT 

to externalize identity and credential management to a third-party solution designed for the job. 

Relocating credentials to a hardened password vault is the best practice to mitigate this risk. Instead of 

IT configuring passwords within the tool, the tool fetches them from the vault at scan time. If an attacker 

compromises the tool, they won’t find any privileged account passwords in its configuration settings, 

preventing lateral movement to the IT servers and limiting what could amount to a complete compromise 

of every server in your IT infrastructure, including domain controllers. 

Reducing Risk and Adding Value 

The value doesn’t end there, however. By now, it’s evident that passwords are inherently weak and 

introduce risk. IT can use the vault to strengthen passwords and help prevent login denials. Frequent 

rotation helps mitigate the risk, along with setting long, cryptic passwords. Unfortunately, this falls below 



the line of high priorities for many IT shops, resulting in a “set it and forget it” mentality. With the vault, 

you get automatic account password rotation coupled with password quality of service policies. You avoid 

the risk of stale passwords with low entropy. No longer must IT manually log into each system to change 

the local account password, then manually update them in each tool to ensure consistency. 

The vault can also help prevent scan failures that occur in-between the scheduled password rotation 

jobs. Let’s say someone (a well-meaning internal admin or a threat actor) changes a local system 

password, but an ITOM tool is still using the old one. Subsequently, the login would fail, and you now 

have gaps in system coverage requiring manual intervention. Some password vaults can automatically 

reconcile out-of-sync passwords in real-time during password check out to ensure the local system 

account password and the vaulted password are the same. This client-based password reconciliation 

feature ensures that your tool will always fetch a valid password from the vault with which to log in at 

scan time. 

Because unauthorized access is a high-reward, low-risk endeavor, hackers will continue to seek out and 

find new ways of gaining access to high-value and sensitive resources. But embracing a defense in depth 

strategy by externalizing credential management and gaining insight into incremental risk can go a long 

way toward mitigating or preventing data breaches -- even if the specific attack vectors are not yet known. 


Tony is a Cybersecurity Evangelist at Centrify. He has over 30 years 

of security software experience and more than 15 decades of 

experience in identity and access management & privileged access 

management. 

Tony can be reached online on Twitter at @Tony_Centrify and at our 

company website www.centrify.com 



How To Keep Your Children Safe In Remote Learning 

Situations 

By Nevin Markwart, Chief Information Security Officer at FutureVault 

As parents, we have conflicting feelings on remote learning. One on hand, we want our children to stay 

healthy, especially in the midst of a public health crisis. On the other hand, online education opens the 

door to new threats—including opportunities for hackers, risks to our children’s privacy, and increased 

online harassment. 

Fortunately, we as parents can play a proactive role in ensuring that our children’s online education is a 

safe and fulfilling experience. Here are several easy steps that you can take to protect your children in 

remote learning situations: 

Classroom Learning 

Creating an open dialogue with your children’s educators is a simple yet effective way to ensure that 

everyone is on the same page when it comes to safety and privacy. You should discuss safety protocols 



with the school and flag anything that concerns you. Confirm the school has privacy policies in place and 

learn what they are. 

Speak with your children’s teachers and meeting administrators about which screenshare tool they use 

and confirm that only the school can control screenshare. Learn that program and security features as 

much as possible. 

Make sure the teacher allows students to turn off their cameras after confirming attendance if they’re 

uncomfortable “going live.” Many adults feel uncomfortable on camera, so imagine how children must 

feel. 

Privacy 

Parents should have ultimate control over what their children use and see online. Know what platforms 

your children are using, whether for learning or social media. Maintain direct oversight on whom your 

children engage with online and limit that circle to known friends, family, and acquaintances. Use 

Screentime or Parental Controls to restrict the types of online activities your children can do. 

You should set up secure passwords for your children to prevent their accounts from getting hacked. 

Secure passwords are at least twelve characters long, do not include dictionary words, and mix numbers, 

symbols, and letters (lowercase and uppercase). Turn on your firewall and make sure your children only 

download files from people or sites you know and trust. 

Remember that anything posted online is public, not private information. So, talk to your children about 

what they’re not allowed to post online. They should never post any sensitive personal information (e.g. 

social security number, passwords, etc.) on their internet profiles: changing a profile does not delete old 

copies of it. 

Cyberbullying 

Communication is a key step to prevent cyberbullying. Explain to your children that what happens on the 

Internet can be permanent and damaging. You should treat people the same way online as you would in 

person: with respect. This includes not saying anything mean or untrue about someone online. Ask your 

children’s school what disciplinary measures are in place for online misbehavior. 

Report online harassment, including any message that makes your children feel uncomfortable. If the 

harassment occurred through your children’s remote learning platform, notify their school. You can also 

report harassment to local law enforcement. Make sure to save and print any records of threatening 

messages—including screenshots, emails, and texts—for evidence. 




Nevin Markwart, Chief Information Security Officer at FutureVault. 

Nevin Markwart is the incoming Chief Information Security Office 

(CISO) for FutureVault Inc., an innovative internet cloud-based 

personal document storage, access and distribution company. 

Initiating his third professional career, Nevin graduated in 2019 with a 

Master of Science degree in Cybersecurity from Brown University, the 

Ivey League school located in Providence, Rhode Island. Nevin is an 

online information privacy expert, having written his graduate thesis 

paper, “Restricting the Adverse Effects of Internet Terms of Service 

Agreements,” with the support of his non-faculty academic advisor 

Tom Ridge, former Governor of Pennsylvania and first US Secretary 

of the Department of Homeland Security. 

Previously, Nevin was the Boston Bruins’ first pick in the 1983 NHL Entry Draft and turned pro 

immediately after the draft at age 18. He went on to play nine seasons in the NHL, retiring due to the 

cumulative effects of three shoulder surgeries. After retiring from hockey, Nevin completed his MBA in 

finance from Northeastern University in Boston in 1994 and began another career in the investment 

management industry. 

Nevin’s investment industry experience includes senior and executive roles in Boston as an equity analyst 

and portfolio manager, director of research, product manager, and head of Canadian equities for firms 

including Wellington Management and Fidelity Investments. 

Later in his investment management career, Nevin led two Canadian mutual fund companies as CEO: 

Calgary-based Canoe Financial and Toronto-based Front Street Capital. 

Nevin is a member of the Board of Directors of the Business of Hockey Institute (BHI), the Saskatchewan 

CFA Society, Prairie Green Renewable Energy Inc and Evolution Potash. He is also a business 

management mentor for the Canadian Consulate’s Canadian Technology Accelerator (CTA) in Boston. 



More Internal Security Needed, Less Budget – 10 Tips to 

Help 

By Jody Paterson - Founder and Executive Chairman. ERP Maestro 

As if internal risks of fraud and data breaches were not high enough, enter in a year of new work 

environments and economic uncertainty that has also ushered in an even more risk-prone era. Before 

we even knew the word “COVID,” the frequency of fraud had tripled in the last four years, according to 

the Ponemon Institute’s 2020 Cost of Insider Threats report. By August of this year, a survey conducted 

by the Association of Certified Fraud Examiners (ACFE) revealed that 77 percent of responders said they 

had observed an increase in the overall level of fraud since the pandemic began, with one-third noting 

that the increase had been significant. 

The near-term future doesn’t look better. In the same ACFE report, 92 percent expected fraud to increase 

in 2021. However, fraud isn’t the only concern. Data theft by employees also has risen and research firm 

Forrester expects to see data breaches caused by insiders to increase by 33 percent in the year ahead. 



The cause? More remote work, fear of unemployment and easier ways to access and remove data are 

the reasons cited. 

At the same time, companies are reluctant to allocate more money for safeguards, even though the need 

for improved security is apparent. Yet, we know that leaving risks undetected can end up costing much 

more than the security solutions designed to prevent them. How, then, can companies get greater 

protection for business systems while also keeping costs down. The following 10 tips can help. 

Establish a Security Control Baseline 

When developing a strategy and cost-saving budget, start by establishing a security control baseline. A 

company’s security baseline is the minimum internal security controls needed to keep a system protected 

and the base objectives that must be met to achieve security goals. 

Perform a Risk Assessment 

Along with creating a security control baseline, determine your current risk level with an analysis of access 

risks by user, role and business process. This review will provide a deeper comprehension of key areas 

of risk and how to tackle them as cost-effectively as possible. 

Calculate Your Risk Tolerance 

Along with a risk assessment, a company should know exactly what its risk tolerance is – how much risk 

it can afford to have. While risk threshold determines how much risk is acceptable before action must be 

taken, risk tolerance gets into the dollars and cents of what a company can afford if an incident occurs. 

A company needs to weigh the potential cost of fraud, data breaches and mishaps by employees to 

determine if it can tolerate that amount of risk and loss. 

Decrease Audit Deficiencies 

Companies meeting audit compliance requirements for Sarbanes-Oxley have to think through the risks 

and costs of audit deficiencies and material weaknesses and add those to their probability of risks. 

Reducing risk – even audit risks – to begin with can be the more cost-effective posture to take. 

Reduce Risk Remediation 

Cutting the cost of access risk remediation is another budget-saving strategy. By running a risk analysis 

more frequently, risks can be found promptly and remediation work can be performed as risks arise rather 

than accumulating a massive number of risks and creating an overwhelming amount of remediation work 

all at one time. Such a scenario may slow remediation processes and even let some remediation slide, 

thereby leaving a company open to a greater risk of damaging incidents. 



Eliminate Complexity 

Manual processes or risk analyses are more complex and harder to perform. Simplify processes as much 

as possible to reduce errors, time and cost. But also think about more simplicity in whatever technology 

you use to help control risks. Bear in mind that an intuitive user interface and risk reporting can drive 

greater adoption and use while reducing training, costs and risk in general. 

Leverage Automation 

Lowering risks, cutting audit deficiencies and reducing remediation work are easier to achieve with 

automated tools. Organizations can not only save hours and hours of time spent on manual work but also 

improve accuracy and remediate any risks faster. 

Cloud Technology 

Most companies today realize the value of automation, which can be achieved in both on-premise and 

cloud technology, but cloud technology can add advantages and savings not possible with on-premise 

solutions. Cloud technology can come with some significant cost-savings, from no-cost deployments, to 

an end to continual upgrades and maintenance, to extreme flexibility and long-term agility. 

Rank Your Solution Needs 

One way to be more cost-conscious in security spending is to rank the importance of features in internal 

security and access control tools. One way to break this down is to think about not only what you need 

today but also what you might need tomorrow and what features are nice-to-haves versus must-haves. 

An important caveat here, however, is to not buy any unnecessary bells and whistles. Spending more 

doesn’t indicate that you have better cybersecurity readiness. Throwing more money at a problem isn’t 

the best approach. Research firm Gartner points out that a company may spend more money but invest 

in less-suitable solutions, therefore, inadvertently bloating budgets and making the business more 

susceptible to risk. 

Employee Training 

It may not be so obvious to include employee training when thinking about maximizing your budget. The 

truth is, however, that even with taking all of the measures you can with best practices and technology, 

insider attacks are attributed to employees of every rank. An all-inclusive security program should make 

training on internal risks, as well as external cyber threats, a priority. 

In conclusion, cutting costs for internal security shouldn’t mean cutting necessary security solutions or 

not investing in new or better tools. There are ways using the tips above, however, to keep costs at a 

minimum while getting better risk protection. 




Jody Paterson is a trusted governance, risk and compliance 

advisor and thought leader who is a Certified Information Security 

Specialist (CISSP), a Certified Information Security Auditor (CISA), 

a former KPMG director, and Chairman and Founder of ERP 

Maestro. 

Jody can be reached online at j.paterson@erpmaestro.com, on 

LinkedIn at https://www.linkedin.com/in/jodypaterson/ and via our 

company website http://www.erpmaestro.com 



Personal Data Breaches for GDPR Compliance: 

Everything You Need to Know 

By Dan May, Commercial Director, ramsac 

In the new era of cybercrime, identifying the proper sanctions and reactions for any business can seem 

challenging, if not confusing. When it comes to data protection and operational compliance in the digital 

world, authorities like the Information Commissioners Office, or ICO, have identified a sense of confusion 

surrounding incident management, which includes the whole process itself. 

The Information Commissioners Office recently revealed that nearly a third of the 500 reports of data 

breaches it receives weekly are unnecessary or fail to meet the minimum threshold of a GDPR personal 

data breach. As many operations attempt to anticipate GDPR (or compliance with the General Data 

Protection Regulation), there remains an unfortunate atmosphere of confusion, or misunderstanding, 

when it comes to appropriate incident management under data protection regulation. Operations seem 

to struggle with the types of incidents or breaches that should be officially reported under GDPR. 

It is understood that ‘over-reporting’ is the most common reaction to perceived breaches. Whilst this is 

largely motivated by a desire for operational transparency and good compliance practice, clearing up 

misconceptions surrounding GDPR and data breaches can help businesses remain competitive by 

avoiding risky or costly penalties. 



Identifying personal data breaches 

Over reporting is not a strategy as much as it is a scattered reaction to a data breach. Under GDPR 

compliance, which is far-reaching across European territories and beyond, there is a new urgency to 

officially report compromises that might upset data protection within your organisation. It is also 

considerably more important than a mere courtesy to your employees, but an attempt to strictly regulate 

the collection, movement, and storage of personal information, which is why it is most often a challenge 

to companies with access to larger amounts of data. 

Defined under the General Data Protection Regulation, a personal breach can be understood as a 

“breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised 

disclosure of, or access to, personal data transmitted, stored or otherwise processed” (captured in Article 

4, definition 12). 

Importantly, not all ‘breaches’ are equal in severity and, therefore, not every incident needs to be officially 

captured and reported. Any compromise that falls outside of the definition, according to GDPR 

compliance, or where the severity is limited, then action isn’t necessarily required. The goal for 

businesses should be clarifying whether action is officially required or not. But how does this look in 

everyday practice? 

It is always advisable to evaluate incidents and cases individually, determining the next actions based on 

the severity of each breach. Some breaches may affect or inconvenience the role of a single employee, 

whereas other, larger compromises can impact the emotional, physical, or financial lives of many. 

Any business that suffers a breach should plan to formally document what happened and any next 

actions, including whether it was reported or if it failed to meet the criteria. This can help businesses in 

the scenario that a decision is challenged. 

How soon should a breach be reported? 

All businesses are responsible for identifying, and responding to, breaches under data protection. Not 

only should businesses aim to have the right controls in place to promptly detect a breach, but they should 

report any compromises within 72 hours to the supervisory authority (which is summarised in Article 33). 

One of the most common misconceptions about compliance with GDPR is that this mandatory reporting 

period accounts for 72 “working” hours – whereas, a breach should be captured within 72 hours from the 

moment of discovery. 

Where employees or the public might be involved by unauthorised data breaches, those affected should 

be appropriately notified. In certain scenarios, a business may even need to release a press statement. 

This will allow those affected parties an opportunity to take precautions and guard themselves from any 

fallout. 

What needs to be officially reported? 

Compliance requires expertise. And failures, delays, or inaccuracies when businesses respond to the 

ICO’s request for information is increasingly common. Preparing for incident management within your 

organisation means understanding your responsibilities when a breach is detected and how it needs to 

be managed – including documenting actions. 



Refer to the ICO’s data breach reporting assessment for the kinds of information required following a 

breach and the depth expected from your investigation. The ICO expects every business to demonstrate 

the depth and breadth of their investigation by responding to everything from breach discovery to 

management of its effects. 

Failure to respond properly to data breaches, under the GDPR, can result in heavy fines and penalties. 

The role of data protection cannot be underestimated, both in how your company plans to prevent 

breaches and how it will manage any future ones. Compliance with GDPR, even though commonly 

misunderstood, can define how your operation does business in the markets under data protection 

governance. 


Dan May is the Commercial Director at ramsac, providing secure, resilient 

IT management, cybersecurity, 24-hour support, and IT strategy to 

growing businesses in London and the South East. 



Brave New World: Safari Content Blocking 

By Andrey Meshkov, CEO and CTO at AdGuard 

● Content blocking is not a priority for Apple and WebKit. 

● Content blocking in Safari is possible despite all its issues and limitations. 

● If we want to improve it, we need to contribute to WebKit ourselves. 

This article is about content blocking on Apple platforms, mainly iOS. Why is it important to talk 

about Apple? First of all, it's Apple, and it enjoys a large enough market share that many users 

will be affected by its content blocking capabilities (or lack thereof). Secondly, Manifest v3 is 

coming to Chromium, and half of the tech problems in Chromium have been solved, unlike Safari. 

There are a lot of similarities between the two, so we’ve been able to draw some conclusions 

about where Safari is falling behind. In this article, we’ll go over the content blocking methods 

available on iOS, and see how to get around the limitations when possible. 



Content blocking in general: System-wide filtering 

There are only two options for content blocking: System-wide filtering and Safari Content Blocking. 

System-wide filtering is not as widespread as Safari Content Blocking for a number of reasons. However, 

it’s the only way you can go beyond Safari and do content blocking in other apps and browsers. 

Furthermore, System-wide filtering actually was possible even before Safari Content Blocking was 

introduced in 2015. One of the first content blockers on the App Store, in fact, was quite a popular app 

called WeBlock, which did system-wide filtering. 

All System-wide filtering methods are based on NEVPNManager API. Using a local tunnel, the app can 

filter DNS, use a PAC file to block requests, scan SNI, or even intercept TLS. You can have all these in 

your app, but unfortunately nothing comes without downsides. There are techniques to bypass DNS 

filtering and PAC files, and there are also some technical limitations. For example, there’s a strict memory 

limit that iOS imposes on VPN tunnel processes, and it will kill any process that uses over 15MB RAM. 

The App Store may not be consistent with Apple’s rules 

The App Store Guidelines, Section 5.4, VPN Apps, states: “Parental control, content blocking, and 

security apps, among others, from approved providers may also use the NEVPNManager API.” Вut still, 

there are no guarantees that your app will be allowed on the App Store. 

We at AdGuard have a sad history with the App Store. Everything was great back in 2015 when we 

launched the app, but then in 2018, Apple suddenly decided to ban all apps that did system-wide filtering. 

We even had to discontinue our AdGuard Pro app after that. Then after a year or so, they changed their 

decision again and the guidelines now contain an exemption specifically for parental control, content 

blocking and security apps. So we were back in business, the app was approved, and we started working 

on a major update, new features, and other cool stuff. In the beginning of 2020, we uploaded a major 

update and it was rejected again with pretty much the same wording as they had used two years before. 

The reviewer told me over the phone that it wasn’t his decision; they had gathered a committee that 

decided that they didn’t want to have a system-wide filtering app on the App Store. So in order to pass 

the review, we had to make some rather drastic changes to the app, go through the App Store appeal 

process and review board, and only then was it approved. At the same time, I see multiple apps that do 

very similar things to the ones that we weren’t allowed to, and nothing happens to them. This shows that 

an app may pass the review process, but some time later, another committee may kick the app out of the 

App Store—or it might never happen. 

The Safari Content Blocking API has issues and limitations... 

In contrast to system-wide filtering, there’s no controversy about Safari Content Blocking: it’s definitely 

allowed, and it’s safe to make an app that does it—but nothing good comes without complications, so 

let's see the issues and limitations of this API. Fortunately some of them can be solved; maybe not fully, 

but to an extent. 

Safari Content Blocking comes with no debugging tools for debugging content blocking. The only tool 

that’s available is the browser Console, where you can see which requests were blocked, but from the 

Console output it’s impossible to understand what rule is blocking those requests. Figuring it out can be 

an annoying, time-consuming process. 



AdGuard, EasyList and uBlock filters are based on the original Adblock Plus “core” syntax. It has since 

been extended, but the “core” part of it is the same among all popular content blockers. Safari Content 

Blocking rules have nothing in common with this syntax, which is a problem because we don't want to 

create special Safari-only filter lists. Also, Safari just doesn’t provide tools for that. What we want is to 

use the good old traditional filter lists like AdGuard and EasyList. For now, we’re using a real-time 

approach right on the device to automatically convert our rules into Safari Content Blocking rules for the 

AdGuard apps. This way we can convert about 90% of all Easylist & AdGuard filters so they’ll work on 

iOS. 

...And slow compiling... 

This point is actually pretty massive, because it’s the reason for some other limitations. Safari compiles 

every content blocker’s JSON file into a “prefix tree,” and the process is quite slow. For example, it takes 

over two seconds on a new MacBook Pro to compile a JSON with just a little over 30K rules. 

Compared to content blockers on other platforms, it takes less than a second for the AdGuard Android 

app to parse and compile a list with over 100K rules. The obvious difference, though, is that our Android 

app uses a different syntax which is not as complicated as regular expressions; perhaps it’s not that 

flexible, but it’s specifically optimized for matching URLs. 

It’s easy to explain the next limitation. A single content blocker cannot contain more than 50K rules, and 

that’s a hard-coded limit. We contacted the developers of WebKit (the browser engine behind Safari), 

and they told us that the main reason for this limitation is how slow the compiling process is. They may 

increase it a little bit because new devices are faster, but that won’t magically solve all our problems. 

There’s no room for a substantial improvement as long as the rules are based on using regular 

expressions. This limitation itself is a major problem. AdGuard Base filters + EasyList have 100K rules in 

total and simply do not fit within the limit. 

There are a couple of things to do in order to solve this issue. We can convert our rules to Safari Content 

Blocking rules now, but we also need some more modifications to make the resulting list as short as 

possible. One of the things we do is combine similar element-hiding rules into a single rule. This helps a 

lot, but it’s still not enough. Another thing that we do is remove obsolete or rarely used rules from the filter 

lists that we use in Safari. So in order to solve this sort of issue, filter list maintainers can use special 

“hints” to exempt rules from the “optimization” process. 

But that’s not all. Now, we come to the issue of multiple content blockers. 

AdGuard registers SIX content blockers for Safari, and the user is supposed to enable them all. So, 

does six content blockers actually mean that the limit is now 6 x 50K = 300K rules? Yes and no; it’s just 

not that simple. The problem is that these content blockers are completely independent, and the rules 

in them can’t influence each other. If one content blocker decides that a URL should be blocked, the 

other ones can’t undo that decision. Or, if one content blocker decides that some page element should 

be blocked, it will be blocked; the others can do nothing about it. But that’s not how it works in real life 

on other platforms. Different filter lists are supposed to interact with each other; a good example is 

EasyList supplementary language-specific lists: they may fix issues on some local websites. 



...And slow development 

This is basically the full list of changes implemented in Safari Content Blocking: 

● 2015 - Safari Content Blocking is implemented 

● 2016 - Added one new feature (make-https) and a couple of major bugs were fixed 

● 2017 - Added one more new feature (if-top-url) which is pretty useless, if you ask me, added 

content blockers to WKWebView, and fixed a couple of bugs 

Then it drastically slows down… 

● 2018 - fixed a couple of bugs, refactoring 

● 2019 - fixed a couple of bugs 

● 2020 - no significant changes so far 

This year, we and Cliqz, Brave, Adblock Plus and some other developers wrote an open letter and 

compiled a list of the most pressing issues. Regardless of the severity of those issues, it doesn’t mean 

that the WebKit developers are undermining content blockers. To us, it just seems like it’s not a priority 

for them, or maybe they have limited resources, or both. 

Do it yourself! 

Regardless of the reasons behind WebKit’s laxness, it seems the only option we have is to do it ourselves, 

since content blocking remains a priority to us. WebKit is open source and they are open to contributions, 

so that seems like a good way forward. We may want to start with a proposal or a detailed specification 

of the changes we would like to implement in WebKit and see if it gets approved. I hope it does, and then 

we can implement it ourselves. 


Andrey Meshkov is a co-founder and CTO of AdGuard ad blocker. He's 

been working in IT for over 15 years and has accumulated tons of 

experience not just in his primary work area, but also in related ones, such 

as online privacy concerns. Sometimes the urge to share his thoughts 

becomes too unbearable and he takes a break from coding to write an 

article or two. 

First Name can be reached online at (https://twitter.com/ay_meshkov/) 

and at our company website http://www.mycompany.com/ 



When Businesses Get Hacked- Who Are the Victims? 

This article looks into who the victims are when an organisation comes under attack. 

By Nicole Allen, Marketing Executive, SaltDNA. 

Cyber-attacks occur every two and a half minutes, according to Government statistics, which is why 

ensuring that your company is protected and secure is critical. Threats can come in several different 

forms that vary depending on their severity. Hackers are deliberately trying to inflict damage in order to 

persuade employees to make one mistake which could allow them access into everything they need. 

The question is not "Which sectors are targeted the most?", as much as,”which sectors are the most 

likely to suffer the greatest loss as a result of a cyber attack?" 

Today's cyber criminals are not a homogeneous group. There are hackers who spend months at a time 

attempting to extract data and funds from a single company, and there are others who threaten hundreds 

of companies with phishing emails and other techniques, hoping to get a handful of curious workers to 

click on a mass email attachment and then extort money with a DDOS attack. These strategies result in 

their attack continually moving onto a new fresh batch of victims. 

So who are the victims of these attacks and how are they affected? 

Employees: 

The repercussions of cyber attacks are felt by companies across the globe. The global economy has lost 

5.2 trillion dollars over the past five years. Cyber attacks, however, go way beyond financial losses. 

A Kaspersky survey confirms that 31% of cyber attacks lead to job losses due to employees being 

involved with exposed customer data. According to the Data Security Breaches Report, 32% of all 



organisations have reported cybersecurity breaches over the last 12 months. The method of attack 

varies, but well known examples are as follows: 

80% of attacks are phishing attacks 

28% is hackers impersonating an individual via emails or online 

27% are ransomware attacks when businesses come under threat. 

These attacks all take advantage of employees and pose major threats to companies. 

A strong security plan must include sufficient controls to maintain a basic level of security and a tracking 

system to investigate attempts to breach the policy, which should be accompanied by training for all 

employees. When it comes to defending themselves from cyber attacks, many businesses fail to 

recognise that their people are as important as the cyber tools which they deploy. There are a variety of 

low-tech tactics used by hackers to take advantage of employees. Such tactics include: baiting, 

unsubscribe buttons, social engineering, keylogger and internal threats. 

It is in the best interests of all companies to guarantee that their workers have all the expertise, knowledge 

and skills they need to help protect the company and themselves from catastrophic cyber attacks and 

data breaches. This means ongoing education and training, with the active participation of the IT 

department of the organisation. All employees in the workforce should receive training to understand data 

processing, security, secure communications and disposal best practises from the moment they start with 

the organisation. It is not appropriate to underestimate the danger of cybersecurity threats, and it is up to 

employers to ensure that their workers have the resources required to ensure their business data is 

secure at all times. 

Business Owners: 

A successful cyber attack will cause your organisation to suffer significant harm. It can impact your bottom 

line, as well as the customer confidence of your brand. It is possible to narrowly divide the effect of a 

security breach into three different categories: financial, reputational and legal. 

Cyber attacks can cause devastating consequences to a company, almost to the point where it could 

shut a business down. A 2018 IBM study looked at 477 companies from 15 countries that had suffered 

some form of data breach and asked them how the organisation was impacted by these cyber-incidents. 

From this study, the healthcare sector was by far the most vulnerable in terms of overall damages from 

a hack. In fact, this sector registered average costs of more than $400 per compromised customer record. 

Financial services, at just over $200 a record, was a distant second. The financial loss usually is caused 

by corporate identity theft, financial information theft (e.g. bank data or credit card data), money theft, 

trade interruption (e.g. failure to carry out online transactions) or loss of trade or contract. 

Trust is an integral element of the relationship between customers and businesses. Cyber attacks can 

harm the credibility of your organisation and erode the trust your clients have in you. In turn, this could 

potentially lead to: customer loss, loss of sales and a drop in earnings. The effect of reputational harm 

may also affect your suppliers, or affect the relationships you might have with your company's partners, 

investors and other third parties. 

From a legal standpoint, data protection and privacy laws expect you to manage the security of all 

personal data owned by you, whether it be your employees or your clients. You can face fines and 

regulatory penalties if this information is unintentionally or purposely breached as a result of the company 



failing to enforce adequate security measures. British Airways is a prime example of this having been 

fined £20 million for a data breach which affected more than 400,000 of their customers. 

Customers: 

Cyber attacks are more likely to occur as cybercrime becomes more profitable. The short-term and longterm 

impact that cyber attacks could have on your organisation are important to understand. 

Similarly to the business owners having their reputation negatively affected, customers' perception of the 

company will change for the worst. According to Forbes Insight report, 46% of organisations were found 

to have suffered damage to their reputations and brand value as a result of a data breach. In other words, 

once the public sees an organisation in a bad light, its reputation is almost impossible to fix. Just ask 

Toyota, or any of the other brands that have suffered a data breach Tesla, or Hancock Health, are just 

about the worst light to be in. 

Lawsuits and fines are other long-term consequences that affect business’, there has been a huge 

increase in class action lawsuits in both the US and UK as victims seek monetary compensation for the 

loss of customers data. When cyber attacks leak large quantities of personal information, civil lawsuits 

are common. Sometimes, these cases take years and are costly to resolve. According to a report by 

security firm Norton, 978 million people in 20 countries lost money to cybercrime in 2017. 

How can you prevent your business from falling victim to a cyber attack? 

Even the most robust of organisations can be affected by data breaches. Managing the risks accordingly 

is very important. An efficient cybersecurity incident response plan and secure communications platform 

will assist you in preventing an attack from occurring in the first place, but also elevate pain when having 

to manage potential incidents when they do arise. If you're still reading, you will be very aware you're 

vulnerable to cyber crime. It is the new normal for all sizes of businesses, big or small. Media reports 

concentrate on corporate mega attacks and breaches, but small businesses are the new frontier for cyber 

criminals, as discussed earlier. 

At SaltDNA we work with organisations across the world of all sizes to enable them to have secure, 

confidential conversations wherever they are, at any time. Your best bet to ensure that the possibility of 

a cyber attack never becomes your reality is to enforce a secure communications platform alongside a 

comprehensive and ongoing employee education on cyber security. 

For more information on this article, sign up for a free trial or to talk to a member of the SaltDNA team, 

please contact us on info@saltdna.com. 



About SaltDNA 

SaltDNA is a multi-award winning cyber security company providing a fully enterprise-managed software 

solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered 

encryption techniques to meet the highest of security standards. SaltDNA offers ‘Peace of Mind’ for 

Organisations who value their privacy, by giving them complete control and secure communications, to 

protect their trusted relationships and stay safe. SaltDNA is headquartered in Belfast, N. Ireland, for more 

information visit SaltDNA. 


Nicole Allen, Marketing Executive at SaltDNA. Nicole completed her 

university placement year with SaltDNA, as part of her degree 

studying Communication, Advertising and Marketing at University of 

Ulster. Nicole worked alongside her degree part time during her final 

year and recently started full time with the company having 

completed her placement year with SaltDNA in 2018/19. 

Nicole can be reached online at (LINKEDIN, TWITTER or by 

emailing nicole.allen@saltdna.com) and at our company website 

https://saltdna.com/. 



Security and Remote Management: What Is the Market 

Looking Like as We Head Towards 2021? 

By Gil Pekelamn, CEO, Atera 

For many IT professionals and managed service providers (MSPs), remote management has always 

been part of the deal. Especially in this generation’s global economy, service providers are not always 

local to their clients, and it is much more efficient and effective to be able to support customers from afar. 

The big difference since the COVID-19 pandemic hit the headlines, is that employees are now working 

from home, which is a whole different ball game to managing anyone working from an office environment. 

Instead of managing a centralized location, there are now multiple remote offices - all with different needs 

and security set-ups. 

When working from home, employees are much more likely to be using personal devices, or shared 

computers, and yet they are still accessing sensitive customer information, much of which is governed 

by compliance regulations. Home networks are less secure than office networks, with weaker protocols 

in place. A single vulnerability could bring a whole network down, compromising an entire company. 



A Checklist for Remote Management of Home Workers 

With many companies already extending WFH policies to continue through to Q2 of 2021, and maybe 

even longer, and the FBI reporting a 400% increase in cybercrime since the start of the pandemic, 

security procedures are still more important than ever. 

It’s therefore essential that security teams up their game. Here are 5 top tips for IT professionals looking 

to secure their employee or client remote environments, and better educate end-users about working 

from home: 

1. Educate Against Phishing Threats: Nearly all cyberattacks come from a malicious link or 

attachment, which can only be effective if an employee falls for the scam. Keep your employees 

up to date on the latest threats, which sadly, at the moment, are leveraging fear around COVID- 

19, such as promising a vaccine or suggesting you have been in contact with someone that has 

tested positive. 

2. Don’t Forget Patch Management: Patched software is secure software, so whatever your 

process, make sure that no employees are running old versions or even end of life software at 

home. The best technology partners will allow you to automate the install and update of your 

software via vendors such as Chocolatey or Homebrew, so that you’re never behind the times. 

3. Think Home Network Vulnerabilities: You may need to think a little out of the box when it comes 

to protecting home networks. For example, how secure are your employee’s router settings, and 

what smart devices do they have which are connected to the home network? Take a thorough 

inventory of all connected devices, and start from there. 

4. Multi-Layered is the New Secure: There’s no such thing as a silver bullet for enterprise security 

anymore, so your best bet is a layered approach to cybersecurity. This might start with user 

education for example, followed by URL or script blocking, and then file scanning and integrity 

monitoring, and so on. Even if an attacker gets through one line of defense, the next is ready and 

waiting. 

5. Have a Disaster Recovery Plan: If all else fails, a robust disaster recovery plan will mean you 

can get back up and running as quickly as possible. Include a plan for business continuity, 

protecting sensitive information, minimizing financial loss and disruption to end-users, and an 

incident response plan to remain compliant with any relevant regulations.Make sure that your 

technology and service providers recognize the importance of securing this kind of unknown 

environment. 



Looking Ahead to 2021, and Beyond 

At the moment, none of us know what ‘the new normal’ is going to look like. For some, working from 

home will become commonplace, while others might move to a more hybrid way of working, some days 

from the office, some from home. We do know that organizations won’t want to risk being caught short 

again, struggling to securely manage at the same time as ensuring business continuity. 

This signals a real change in mindset for today’s IT professionals. Many companies historically saw IT 

as a cost, rather than an investment. They couldn’t see the value in having IT support managing 

operations proactively, preferring to hope for the best and call in an expert if and when something needed 

attention, on a break-fix model. The pandemic has changed that, showing business stakeholders that 

they can’t afford to be unprepared, and that they need a proactive approach to managing both IT and 

security. 

The important thing when targeting this investment, will be to ensure that security plays well with the rest 

of an organization’s IT ecosystem, whether that’s integrated in their professional services automation 

such as helpdesk software, or their remote management and maintenance, like remote access 

technology for example. If security is reliant on employee behavior or on multiple additional steps or 

vendor solutions, you’re going to struggle to ensure that you don’t have gaps. 

If, on the other hand, security comes as part of a package deal, you don’t need to rely on employee or 

customer education alone. Think about software updates and patching that happen automatically without 

any impact on your business operations. Consider a backup solution that is working silently and 

effectively in the background. Onboard 2FA as part of the deal for employees from day one. Altogether, 

you’re creating a much more resilient and robust environment in which to work. 


Gil Pekelman is the CEO and Founder of Atera. Under Gil’s 

leadership, Atera has grown into the most innovative, industry leading 

platform for MSPs both large and small. Prior to founding Atera, Gil 

held senior positions at Indigo NV, (now a division of HP) and Exanet 

(acquired by DELL). He has a degree in Economics and Management 

from Tel-Aviv University and is the sole inventor of three patents. 

https://www.atera.com/ 



Working from Home? You’re Not Alone 

The rise of cyber hacks in an age of remote working – and how to prevent them 

By Steve Hanna, Embedded Systems Work Group Co-Chair at Trusted Computing Group 

(TCG) and Jun Takei, Japan Regional Forum Co-Chair at Trusted Computing Group 

Technology is replacing a number of real-life activities, helping to maintain a level of normalcy and 

connection with familiar faces amid unprecedented times. As remote working continues to prove an everessential 

trend in light of our current global climate, organizational networks have expanded from single 

offices to cross-country residential spaces, from kitchens to spare rooms. 

In fact, according to global tech market advisory firm ABI Research, Connected Home devices are 

expected to become more popular in the coming months, with a 30% year-on-year sales increase 

projected, with more than 21 billion Internet of Things (IoT) devices expected by 2025. Cloud services 

have also been adopted at an increasing rate by organizations to deliver remote services and, with 84 

percent of enterprises now running on a multi-cloud strategy, is expected to account for 70 percent of 

tech spending this year. As a result, collaboration tools, including various video conferencing platforms, 

are being used far more frequently as companies adjust to the new normal of telework. Meanwhile, social 

media and video calling services such as FaceTime are allowing families and friends to stay connected 

and streaming services are providing entertainment on a more personal level. 

This new normal brings with it changed user habits and, with inadequate security protection on these 

devices, an increased level of risk in the form of new unknowns such as hacked devices and distributed 

denial of service attacks. Connected Home and other IoT disrupts our traditional methods of business, 

acting as a bridge between the virtual and physical world and offering new, almost limitless benefit for 



workforces and education. However, at the same time, it also increases the number of opportunities 

available to hackers that have never been possible before; remote work is a game changer for society, 

bringing huge benefit, but it is crucial that we also understand the risks. Faced with a more integrated 

and widespread network, security protection against business email compromise, data thefts and scams 

is something that all organizations and users must implement. As a result, it is critical that organizations 

invest in collaborative tools to enable remote workers to do their jobs securely whilst adhering to 

protective stay-at-home initiatives worldwide. 

It Starts at Home 

Working from home presents a communication barrier between employees, preventing instant, in-person 

discussions about suspicious digital activity that they may observe, for example an unusual email. The 

only current replacement of these face-to-face discussions is virtual conference calls – another popular 

security oversight and target for attackers. However, while this face-to-face communication is important, 

it is not essential to security protection measures, given that the correct automated detection and 

prevention security mechanisms are put in place. To successfully protect these avenues of online 

correspondence, it is vital that organizations work to become more security-conscious, starting with the 

user and their awareness of attacker behavior. 

Such measures can be difficult due to the added distractions faced by workers at home, including 

childcare and deadline pressures, among other things. From a technical perspective, the home network 

should not be trusted as it brings new vulnerabilities and is unable to support devices in the same way a 

corporate business network would, making a Virtual Private Network (VPN) essential. In some cases, a 

home PC may be used for other purposes by other members of the family, or an employee may want to 

use their personal device to access corporate information, for example with a work USB. This misuse not 

only provides opportunities for information hacking within the network, but also physically exposes 

devices to threats. Such technical risks, combined with the rushed and unpredictable nature of home 

working, presents a wide range of vulnerabilities that hackers can take advantage of as they get ever 

smarter. However, it is not enough to advise employees as to the correct device and data conduct at 

home; organizations need to go beyond this to accept the given risks and implement the appropriate 

protection mechanisms. 

To prevent device protection from being overlooked amid the irregularity of working from home, 

organizations should consider investing in training for remote workers to increase user awareness or 

more thorough backup systems. These can be crucial for safe, efficient and secure business operations, 

as well as helpful for maintaining normalcy. Preventative measures can also be taken on an 

administrative level, especially during video conferencing over collaboration platforms. For example, 

using unique access codes for each meeting, enabling a waiting room to keep track of meeting 

participants and limiting shared screen options within the meeting, privacy can be protected. By having 

the knowledge to put basic security measures in place, question browser pop ups and access a backup 

system if things become corrupted, organizational breaches – and breakages – can be prevented. 

Securing Devices from the Inside, Out 

With many countries having passed the peak of the COVID-19 pandemic, it is expected that this ‘new 

normal’ will continue far into our future, meaning that the demand for remote device security is not likely 

to wane. In answer to this search for long-term, full-coverage protection, Trusted Computing Group (TCG) 



has been working to develop device security which protects against these new-found risks that have 

come with our “new normal” from the inside. Offering agility and fast deployment, Trusted Computing 

ensures multi-layered security to safeguard corporate confidential information and personal data against 

the growing sophistication of interception and threats in the realm of remote working, not only within PCs 

but also among IoT and cloud-connected devices and networks. 

Such solutions come in the form of hardware-based, embedded security subsystems, such as the Trusted 

Platform Module (TPM). When implemented, these chips create a reliable trust relationship between 

interconnected devices, protecting against cyberthreats. Their cost-effective nature enables 

organizations to affordably protect entire networks of devices, securing systems thoroughly and 

efficiently. TCG specifications are needed to collaborate with government guidelines for a saferconnected 

future. This includes not only internal components such as the TPM, but also the use of 

security reinforcing authentication mechanisms, such as multi-factor authentication or longer passwords. 

Within a network, it is also encouraged to use device provisioning, ensure strong user authentication 

mechanisms, employ PKI based certification and conceal the whole system via a hardware-based rootof-trust. 

Many of these measures are already available for use in commercial entities and government 

digital infrastructures and are recommended for full-coverage data protection. 

COVID-19 has significantly impacted society, having pushed Digital Transformation (DX) in many places 

all over the world. Where working from home was not previously standard practice before the pandemic, 

many organizations now see it as the future of business, education and collaboration. However, while 

DX has been long-awaited among society, we must simultaneously implement the appropriate security 

protection measures in order to realise its full benefit, and more must be done to create this safe and 

secure digital ecosystem. The nature of technology, and therefore cybersecurity, is that it is everchanging; 

as devices advance, so do threats. Organizations, having implemented the current 

recommended measures, must ensure they remain vigilant and keep systems, software and backups 

updated for the ultimate protection. To do so, the integrity of the network endpoints needs to be measured 

and constantly monitored to avoid endpoint compromises. In adapting to our new normal and changing 

environment, it is vital that we adjust to the new technology challenges rapidly and proactively. By 

employing this security-first approach and building on these essential principals of updating, protection 

and resilience, billions of IoT and cloud systems will benefit, providing a safe, secure future despite a 

growing cybersecurity risk in our increasingly connected world. 



About the Authors 

Steve Hanna is the co-chair of the Embedded Systems Work Group in the 

Trusted Computing Group (TCG) and Senior Principal at Infineon 

Technologies. Hanna is a member of the Security Area Directorate in the 

Internet Engineering Task Force, also serving as the liaison from the TCG 

to the Industrial Internet Consortium. He is the author of several IETF and 

TCG standards and published papers, an inventor or co-inventor on 47 

issued U.S. patents, and a regular speaker at industry events. He holds a 

Bachelor’s degree in Computer Science from Harvard University. Steve 

Hanna can be reached online at tcg@proactive-pr.com and at our company 

website: https://trustedcomputinggroup.org/. 

Jun Takei is the co-chair of the Japan Regional Forum in the Trusted 

Computing Group and is a Principle Engineer in Intel. Since joining Intel, 

he has been responsible for technology policy and standards, and has 

a wealth of experience in the Internet and wireless communications from 

both a technology and policy point of view. From 2004 to 2015, he was 

a board member of the one of the most successful Internet research 

consortiums, the WIDE project, and has also spent time lecturing at Keio 

University. Now, he is working as the director of Security and Trust 

Policy in Intel. Jun can be reached online at tcg@proactive-pr.com and 

at our company website: https://trustedcomputinggroup.org/. 



The Best Network Protection: Go Deep or Go Broad? 

Combining Breadth and Depth Brings Full Protection 

By Albert Zhichun Li, Chief Scientist, Stellar Cyber 

Almost since the beginning of network security, vendors and practitioners have wrestled with choices 

between going deep and going broad for their security solutions. Mostly, the choice varies between 

predominantly one or the other. Going deep typically means careful monitoring and analysis of certain 

types of threats or behaviors at the cost of not examining a much broader range of activity. Solutions that 

are broader may lack the clarity and fidelity to make fast, accurate alerting. They also may miss important 

indicators. 

The battle to protect data, systems, users and networks has been far from easy. Today, a more interesting 

headline might announce when a data breach has not occurred. The odds are heavily in favor of 

attackers to penetrate a network and have free rein to engage in theft or damage. These high-value 

attacks are human-run and employ multiple approaches over a period of time. The now commonly 

acknowledged north, south, east and west type of activities work for an attacker to systematically, and 

sometimes serendipitously, accomplish their mission. One step, such as reconnaissance through some 

kind of scanning, will lead to a next and a next. This reality means that both depth and breadth are 

important if an organization has any hope of curtailing an attack. 



As solutions for eXtended Detection and Response (XDR)—and perhaps other categories of solutions— 

emerge, one of the more important questions they will have to face is this ongoing one between depth 

and breadth. Depth and breadth can work together to ensure higher fidelity alerts with a low number of 

false positives. The ability to understand potential attacker activity with detail as well as context can make 

all the difference in flagging something that is truly important. To be productive, activities must be 

identified that are both abnormal and malicious. 

Breadth is important since attackers use multiple tactics, largely sequentially. The ability to see the 

connectedness between events gives security groups a substantial advantage. This “seeing the forest 

for the trees” can identify something that might otherwise be missed or provide the fidelity to prevent 

“crying wolf” too many times. Breadth can also unify the strength of individual security solutions, each 

with its own area of expertise and specialization. 

Depth brings important details and may answer a number of the “who, what, where, when, how” 

questions. EDR systems, for instance, are best at understanding endpoint activity, CASB solutions are 

primed to make sense of certain cloud activities. UEBA tools help examine who did what on the network. 

Of course, it is simply not possible that one tool or system can do everything with full expertise and 

precision. This is why the idea of not only integrating but also aggregating key findings from a myriad of 

tools is so powerful. Sharing “the best of” from each system ensures that the whole is more valuable than 

sum of the parts. In this way, breadth and depth can combine and work together to minimize any tradeoffs 

of design to produce better results. 

Breadth should also work to fill any gaps between detections provided by various systems that might 

exist. Usually this means gaps in scope, but sometimes it might mean limitations or delays in what data 

is provided by a security system and when. Sensors can help fill this gap that inevitably exists. Logs may 

also provide supplemental information, but they generally cannot be depended on for timely insights and 

may be limited in what is captured. They can also be manipulated. 

Depth and breadth are good things, and vendors and practitioners should continue to build expertise in 

both areas. Still, to gain an upper hand against attackers, organizations cannot afford to choose between 

the two. Uniting these two dimensions will help even the odds. 


Albert Zhichun Li is the Chief Scientist at Stellar Cyber. He is a worldrenowned 

expert in cyber security, machine learning (ML), systems, 

networking and IoT. He is one of the few scientists known to heavily 

apply ML to security detection/investigation. Albert has 20 years of 

experience in security, and has been applying machine learning to 

security for 15 years. Previously, he was the head of NEC Labs’ 

computer security department, where he initiated, architected and 

commercialized NEC’s own AI-driven security platform. He has filed 

48 US patents and has published nearly 50 seminal research papers. 

Dr. Li has a Ph.D. in system and network security from Northwestern 

University and a B.Sc. from Tsinghua University. 

Albert can be reached online at Zli@stellarcyber.ai and at our 

company website http://stellarcyber.ai 



Cybersecurity Predictions For 2021 

Preparing for the “next normal” 

By Topher Tebow, Cybersecurity Analyst (Malware), Acronis 

For cybersecurity professionals, this year began more or less like any other. Fast forward to April, and 

nearly half of the American workforce was working from home — relying on remote access tools and 

cloud services for everyday business needs. It’s been a time of great challenges and opportunities. 

We’ve finally settled into the “new normal,” but cyberthreats continue to evolve and respond to the new 

environment. As we look forward to 2021, here are a few of our cybersecurity predictions: 

1. Attackers will continue targeting remote workers 

It goes without saying that the COVID-19 pandemic has fundamentally changed how business is done 

these days. Ninety-two percent of global organizations adopted new IT technologies this year, driven by 

the need to enable or expand their remote operations. Work-from-anywhere is the new normal, and with 

that comes a new IT infrastructure — and myriad associated security and privacy risks. 

Companies have rushed to integrate new tools and services for collaboration and remote access, but 

often lack the time to thoroughly vet these solutions — or the budget to work with tested vendors, and to 

properly train IT staff. Countless organizations are currently using misconfigured solutions (or ones that 

are simply of dubious quality), and are at elevated risk as a result. 



2. Threats against MSPs, cloud services, and businesses will rise 

With data accessibility at the center of everyday business operations — and remote access and 

collaborative features more necessary than ever — IT services are a requirement for every organization. 

Small and medium businesses are particularly reliant on managed service providers (MSPs) to fulfill this 

need. 

We’re already seeing an increase in attacks against MSPs and cloud service providers — no surprise, 

given their status as a prime attack target. Successfully compromising a service provider is a far more 

efficient prospect than targeting individual businesses, as it allows cybercriminals access to the provider’s 

entire customer base in one fell swoop. Expect to see this trend continue. 

3. Data exfiltration will become a bigger threat than encryption 

While we expect ransomware to hold its position as the number-one cyberthreat to businesses in 2021, 

the structure of these threats is shifting. In the near future, we expect that stealing sensitive data — rather 

than simply encrypting it on infected systems — will be the primary form that ransomware strikes take. 

Cybercriminals seek to monetize every attack, and recent trends have demonstrated that exfiltrating data 

greatly increases the odds of successfully negotiating a ransom demand. The prospect of having 

sensitive data — like trade secrets or personally-identifiable customer and employee information — sold 

or publicly released adds tremendous pressure to companies and government entities. Data protection 

and data loss prevention solutions will be particularly important in the coming year. 

4. Automation and personalization will cause malware samples to skyrocket 

Advances in computing power and artificial intelligence are kicking the malware development cycle into 

overdrive. Cybercriminals can build and iterate new cyberthreats with dizzying speed, sending out waves 

of attacks and using the results to shape their next variants. 

In addition, these threats are increasingly personalized — purpose-built for their targets using information 

mined from corporate websites and social media profiles. As spear-phishing campaigns have shown time 

and again, those who make the effort to tailor attacks in this way are often rewarded with an increased 

success rate. 

The industrialization of malware and social engineering campaigns poses a significant threat to modern 

businesses. The average lifetime of a malware sample is now down to a mere 3.4 days, severely 

hampering the effectiveness of signature-based detection. Now more than ever, it’s critical for 

organizations to invest in complete cyber protection solutions that can effectively detect and block both 

known and unknown cyberthreats. 



5. Malware will explore new targets 

Ransomware threats are expanding beyond their traditional purview of Windows and macOS desktops. 

Within organizations, increasingly-exposed industrial control systems (ICS) make a tempting target for 

takeover and extortion. 

Both at home and in the office, the growing adoption of the internet of things (IoT) — especially in 

connection with 5G — will continue to present new areas for infection in the form of smart devices. While 

internet-enabled appliances themselves don’t tend to store large quantities of data (nor particularly 

sensitive information), they present a potential attack vector towards their manufacturers — and may be 

incorporated into DDoS-fueling botnets. 

6. Preparing for the next wave of cyberthreats 

This has been a challenging year for businesses, to be sure. And we face a slew of new challenges in 

2021. Expect new tactics, never-before-seen malware, relentless automation, and attacks against 

surfaces that may not be well protected. 

Now more than ever, an intelligent and integrated approach is necessary to stay safe in the digital space. 

Businesses must invest in solutions that can stand toe-to-toe with the latest cyberthreats and provide 

complete cyber protection. 


Topher Tebow is a cybersecurity analyst, with a focus on malware tracking and 

analysis, at Acronis. Topher spent nearly a decade combating web-based 

malware before moving into endpoint protection. Topher has written technical 

content for several companies, covering topics from security trends and best 

practices, to analysis of malware and vulnerabilities. In addition to being published 

in leading cybersecurity publications, Topher has spoken at InfoSec conferences, 

and is an active part of the Arizona cybersecurity community. Topher can be 

reached online at @TopherTebow on Twitter, and at our company website 

https://www.acronis.com/. 



Why 'Thinking Small' Is the Way to Stop Ransomware 

and Other Cyber Attacks 

By Yuval Baron, CEO at AlgoSec, explains why micro-segmentation is one of the most 

effective methods to limit the damage of attacks on a network 

On August 15, 2020, the cruise line Carnival Corporation fell victim to a cyber-attack that may have 

resulted in the loss of personal data of millions of passengers and crew members. 

Carnival is the world's largest travel and leisure company with approximately 13 million passengers per 

year. The company has not revealed how many customers or which of their individual brands were 

affected but what we do know is that law enforcement agencies were been notified because one of the 

brands reported a ransomware attack that broke through an encrypted part of their network. 

This is not the first time that Carnival's security measures have been circumvented by hackers. In 2019, 

a cyber attack on Princess Cruises and Holland America Line resulted in the loss of the personal data of 

hundreds of passengers and crew members. The criminals stole names, social security numbers, 

passport numbers and credit card information. 



Carnival’s experience will feel all too familar to some businesses. In fact, we recently started working with 

two organizations who fell victim to high-profile ransomware attacks earlier this year, and reached out to 

us after the event to help prevent and mitigate such attacks in the future by tightning their security posture 

and limiting attack surface. 

While many believe that looking at the big picture is the best way to find solutions to protect large 

corporations, the answer actually lies in something much smaller - the micro-segmentation of the network. 

Damage limitation through micro-segmentation 

Hackers are never going to give up targeting large corporations, and ransomware attacks like that on 

Carnival will never disappear. Moreover, as criminals become increasingly sophisticated, it has become 

difficult to fully protect your network. What companies can do, however, is limit the potential damage 

hackers can cause if they do gain access to sensitive company or customer data. 

One way to do this is through network micro-segmentation, which is regarded as one of the most effective 

methods to reduce an organization’s attack surface. A lack of it has often been cited as a contributing 

factor in some of the largest data losses in ransomware attacks. 

Micro-segmentation minimizes the damage that hackers can do if they gain access, by stopping lateral 

movement across your networks. Just as the watertight compartments in a ship should contain flooding 

if the hull is breached, segmentation isolates servers and systems into separate zones to contain 

intruders or malware as well as insider threats, limiting the potential security risks and damage. 

Controlling the borders 

Although micro-segmentation is recognized as an effective method to enhance security, some 

businesses have been slow to adopt it because it can be complex and costly to implement, especially in 

traditional on-premise data centers. 

Moving to virtualized data centers with Software-Defined Networking (SDN) and cloud connectivity 

removes some of these barriers. The flexibility of the SDN enables more advanced, granular zoning, 

allowing networks to be divided into hundreds of micro-segments. To achieve this level of security in a 

traditional data center would be prohibitively expensive and too complicated to implement. 

But virtualized data centers do not eliminate all the stumbling blocks. Enforcing security policies and 

firewall configurations on all systems and across different IT environments would still have to be done 

manually. But this is an enormous task for the IT security department. This time is then lacking for large 

projects. The use of a filtering policy enforced by the micro-segmented structure is therefore still 

necessary and writing this policy is the first and biggest hurdle to be overcome. 



Simplification of micro-segmentation through security automation 

Automated network management makes it much easier for companies to define and enforce their microsegmentation 

strategy. It also ensures that critical business services are not blocked due to 

misconfiguration and that compliance requirements are met. It autonomously performs application 

discovery based on Netflow information and identifies unprotected data streams on the network that 

neither pass through a firewall nor are filtered for an application. It automatically detects changes in the 

network that collide with the current micro-segmentation setting, immediately suggests policy changes 

based on this information and, if desired, automatically and validated enforces them. 

So although micro-segmentation can be a costly and time-consuming process, solutions are now 

available to significantly speed up, improve and reduce the cost of setup and maintenance. An SDN data 

center and cloud combined with security automation puts companies on the road to effective protection 

against ransomware attacks of all kinds. 


Yuval Baron the CEO of AlgoSec. Prior to founding AlgoSec, 

Yuval Baron co-founded Actelis Networks Inc. in 1998 where 

he served as its CEO until 2002. Actelis Networks is the 

leading provider of high performance, scalable broadband over 

copper solutions. During his tenure, Actelis Networks raised 

$75 million in three separate funding up-rounds from investors 

including USVP, NEA, Walden, Carlyle, Salomon Smith 

Barney, France Telecom, Sumitomo, and Vertex. Prior to 

Actelis, Mr. Baron was vice president of sales and marketing 

at RIT Technologies (Nasdaq: RITT), a provider of network 

infrastructure solutions for data centers and communication networks. At RIT, he built a distribution 

network across 55 countries and drove revenue growth which led to a successful IPO. Prior to RIT, Mr. 

Baron spent a decade with Comverse Technology (Nasdaq: CMVT), a leading global provider of telecom 

business solutions. Mr. Baron has a B.Sc. in Mathematics, Computer Science, and Economics (Cum 

Laude) and an MBA in Finance. Yuval can be reached online at https://twitter.com/AlgoSec and at our 

company website https://www.algosec.com/ 



Your Vulnerabilities are Making You Miss Your 

Misconfigurations 

IT organizations regularly configure asset discovery tools in ways that leave them open to abuse by 

attackers; Vendor configuration documentation lacks details on the risk. 

By Evan Anderson, Director of Offense, Randori 

The security industry pays lots of attention to vulnerabilities and the need for patching. While there is a 

need for this, the industry has over-indexed on vulnerability management in the past couple decades. 

What doesn’t get as much attention, and is often more important to an attacker, are things like common 

misconfigurations or an improper implementation that introduces unintended risk. I can say with 

confidence that some vendor-recommended implementation strategies are widely abused by redteamers 

and attackers to achieve their objectives. I’ve been taking advantage of these types of flaws 

since the early 2000s, and it’s so common that red-teamers developed tooling to take advantage of faulty 

configurations. 

At Randori, we regularly see improper implementations,suggesting many blue-teamers are unaware of 

the risks of certain configuration methods. Vendor documented implementation methods -- that are 



commonly used by IT orgs -- can introduce unintended risk into your environment. And the challenge is 

that improper implementations can be near impossible to spot, and even more problematic to fix. 

Let’s take a closer look at this problem, using asset discovery tools as an example -- specifically 

ServiceNow Discovery. Organizations have rightfully started using auto discovery tools in order to find 

services, applications, and devices to mitigate the exposure of misconfigs before attackers can take 

advantage of them. These tools give companies a better understanding of what systems are on their 

network, their patch level, and how the systems are configured. Discovery tools programmatically log into 

systems and run commands to check their configuration. 

Unfortunately, asset discovery tools can themselves be improperly configured. This will increase risk to 

an organization rather than reducing it. 

Before I go on, a note: ServiceNow Discovery is not vulnerable or bad, nor is Virima or BMC Helix 

Discovery (other asset discovery tools that suggest similar implementations), it's simply a concrete 

example recently used by my team. The problem: When ServiceNow Discovery, BMC Helix Discovery or 

Virmia are configured with password credentials rather than a private key, they can easily be taken 

advantage of by an attacker. 

It’s low risk to use this weakness to for a multitude of reasons: 

1. I don’t have to make an exploit (which is expensive and takes time) 

2. I can just sit on the network and it will give me credentials - I don’t have to do any discovery or 

port scanning. 

3. I won’t trigger an alert. In many cases alerts associated with discovery tools are ignored or disable 

because they are considered benign (and with good reason). 

4. I don’t have to brute force entry (which could trigger alerts). 



“Discovery” explores UNIX and Linux devices utilizing SSH to execute commands on the system in 

question. In order to run the exploratory commands, “Discovery” must have some sort of credential in 

order to access the system. ServiceNow’s documentation has two ways to configure these credentials. 

One is username and password -- the other is via an SSH key. It is more secure to use SSH private key 

credentials rather than an SSH password, but password credentials are often preferred because they are 

easier to configure. In fact, the ServiceNow Discovery documentation does explicitly state: “SSH private 

key credentials are recommended over SSH password credentials for security reasons.” However, it 

doesn’t go into detail. 



ServiceNow Discovery Documentation 

People use passwords more than private keys because of the ease of deployment. Simply add an 

account to the system with a password and you’re in. Private key authentication has the extra steps 

generating the key pair, protecting the private key and copying the public key into place on the server 

systems. 

Capability in Action 

Let’s assume then as the attacker, I have gained access to a network by compromising a Linux system 

and am looking to move laterally to other systems. I begin by quietly observing or sniffing the network 

traffic with the goal of gaining situational awareness attempting to figure out what I can see and what I 

have access to. 

While watching network traffic, I notice an IP address attempting to connect to my compromised system 

on TCP port 22 (the default port for SSH servers.) So I know somebody or something is attempting to 

login via SSH. I quickly spin up an SSH server I control, and wait. 

Often the username for these types of asset discovery tools reference the product in some way. For 

instance `ServiceNowUser`. Just armed with that information, I know those credentials likely work on 

other *nix systems (UNIX, MacOS, FreeBSD, linux) and users are trained to ignore logins from that 

user. 

Now I’m off to the races -- I can steal leaked credentials and move laterally to other systems on the 

network, with little operational risk. And credentials are often used to verify patch states and system 

configurations, thus I have access to that data on each system, giving me a lot more information to do 

my job easily and stealthily. 

For anyone implementing a new technology consider taking the extra time to configure using a private 

key vs. a password (more on the advantages here). Review documentation thoroughly and pay special 

attention to best practices. Ask your vendor to give more details on security best practices if they aren’t 

included in the documentation. Some configurations may be quick wins for a project, but be careful you 

aren’t inadvertently giving away the keys to the kingdom.The details are important to understanding 

what risk you are accepting. 

Any software that is used on a network should be viewed as part of the attack surface, and thus must 

be considered when calculating risk. Purchasing a tool is not the solution to the problem, and may in 

fact cause more harm than good. You must allow teams the time to understand the ramifications of a 

product, how to properly implement and how to utilize tools properly in your environment. Recognize 

the risk you’re taking if you’re asking your team to implement something on a shorter timeframe -- that 

often means not as secure. 




Evan Anderson is the Director of Offense at Randori – where he leads 

the company’s Hacker Operations Center. In this role, Evan leads a 

team developing new and novel offensive capabilities for Randori’s 

automated attack platform. 

Evan can be reached online at linkedin.com/in/attack/ and at 

www.randori.com 



Are Your Organization’s Critical Assets Five Steps or 

Fewer from A Cyber Attacker? 

By Gus Evangelakos, Director Field Engineering, XM Cyber 

Cybersecurity is an asymmetric battle -- and one in which attackers hold an unfair advantage. Adversaries 

maintain the initiative and can attack from novel and unexpected angles, while defenders are forced into 

a reactive role. 

The asymmetric nature of cybersecurity isn't the sole reason data breaches continue to rise every year, 

of course. The popularity of cloud computing and constant expansion of the attack surface also present 

substantial ongoing challenges for today's organizations. 

This raises an interesting question: Just how quickly can critical assets be exfiltrated by cyber attackers? 

The 2020 Verizon Data Breach Investigations Report (DBIR) sheds some light on how attacks are 

unfolding -- and why adversaries often need only a handful of steps to expose the most valuable "crown 

jewel" assets. 

The Landscape Has Never Been More Favorable for Adversaries 

Understanding just how vulnerable your systems are is key to assessing risk. This applies to the specifics 

of our security environments and the larger conditions that affect how and why breaches occur. 

Misconfiguration errors -- which remain at epidemic levels -- are one reason why attack paths are often 

so short and direct. Cloud migration mandates, building remote workforce capabilities, managing access 

on the fly -- all of the demands placed on IT professionals create conditions that are highly conducive to 

misconfigurations. If you look at the highest-profile data breaches of the last five years, misconfigurations 

pop up as the culprit again and again. 



Launching successful attacks has also never been easier or more accessible, particularly for adversaries 

with low to moderate skill and limited resources. 

● Deloitte estimates a low-end cyber-attack costing just $34 a month could generate $25,000.. 

● A phishing campaign for $30 a month can return $500 a month. 

● Keylogging can return $723 a month for as little as a $183 investment. 

● More sophisticated attacks costing a few thousand dollars could return as much as $1 million per 

month 

Yet whether you're dealing with an amateur equipped with cheap darknet malware or a sophisticated 

Advanced Persistent Threat, one thing doesn't change: Nobody wants to waste time on hard targets. The 

shortest path is always the most attractive. 

Five Steps -- Or Less -- From Danger 

Attackers have many paths they can choose to target specific assets. Defenders, meanwhile, must try to 

visualize and map all the variables related to those paths and manage any vulnerabilities -- certainly no 

small task. Hardening the environment by reducing the number of obvious pathways is vitally important, 

as many attackers will simply move on to the next target when faced with a resilient security posture. 

Attackers are just as concerned about efficiency and ROI as any conventional business. 

This means that organizations that can develop security robust enough to require a long procession of 

steps are best positioned to deter attacks. Verizon's 2020 DBIR shows that the average breach requires 

fewer than five steps. Beyond 20 steps, attacks begin occurring with vastly less frequency. Interestingly, 

hacking and malware-based attacks tend to be highly overrepresented among attacks requiring more 

than 10 steps, while attacks based on errors, misuse or social paths are highly clustered within the fewerthan-five-steps 

category. 

Adversaries prefer short paths and rarely attempt longer or more complex attacks -- the numbers attest 

to this. This means that any action taken to increase the number of steps adversaries must take also 

increases the odds of a successful breach. 

What Organizations Can Learn From This 

Deterring attackers often comes down to one thing: Being a harder target than the next guy. Adversaries 

will typically take the path of least resistance. In practical terms, this means focusing on a few key areas: 

● 

● 

● 

Creating a true security culture within your organization. It's essential to create buy-in from the C 

suite on down. Every strategic decision should be viewed, in part, through the lens of 

cybersecurity. 

Human error -- the kind that can compromise critical assets in a few short steps -- is inevitable. 

Raising awareness of best security practices through routine training will only do so much before 

returns begin diminishing. One way to manage this risk is to commit to a security posture focused 

on continuous improvement. 

Automated penetration testing (using tools such as breach and attack simulation software) can 

help develop a harder and more resilient security environment. By continuously probing your own 

defenses for vulnerabilities, you can uncover gaps before they are exploited and wrest the 

initiative from attackers -- making the battle of cybersecurity less asymmetrical. 



● 

Gaining insight into how attackers can move laterally to compromise your assets is a core 

challenge. Determine how many steps would it take and what remediation steps will close the 

attack path. Again, automated penetration testing tools that provide prioritized remediation 

recommendations can be helpful in this regard. 

In Conclusion 

Given that critical assets are often just a handful of steps from danger, it's imperative to harden your 

security environments and work toward continuous improvement. For more information on this topic, I 

heartily recommend a recent webinar hosted by Security Scorecard that delves into these issues in 

greater detail. 


Gus Evangelakos is the Director of North American Field Engineering at 

XM Cyber. He has extensive experience in cybersecurity, having 

managed implementations and customer success for many major global 

brands such as Varonis, Bromium and Comodo. Gus has spent a 

decade also working on the client-side, supporting IT infrastructure and 

cybersecurity projects. He has a strong background in micro 

virtualization, machine learning, deep learning (AI), sandboxing, 

containment, HIPS, AV, behavioral analysis, IOCs, and threat 

intelligence. Gus can be reached online via LinkedIn and at our 

company website http://xmcyber.com/ 



Moving to Active Defense: What It Means, How It Works 

and What You Can Do Now 

By Ofer Israeli, CEO and founder, Illusive Networks 

Despite the myriad cybersecurity solutions out there, breaches, attacks and exploitations continue. The 

old approach isn’t working; cybersecurity teams need to move from a passive approach to one that’s 

more active. And MITRE’s introduction of Shield addresses this directly. MITRE, the federally funded notfor-profit, 

has made it clear that active defense, rather than the standard whack-a-mole responsive 

defense, is paramount in the fight against cybercrime. 

With the release of their Shield framework, MITRE has shifted the cybersecurity focus to active defense 

techniques. Government IT teams that know the latest strategies and recommendations put their 

agencies in a strong position to remain secure. 



MITRE Shield introduces active defense 

The MITRE Corporation’s goal is to “solve problems for a safer world.” Shield is an active defense 

knowledge base constructed from over a decade of enemy engagement. With it, MITRE is trying to gather 

and organize what it has been learning with respect to active defense and adversary engagement. This 

information ranges from “high-level, CISO-ready considerations of opportunities and objectives to 

practitioner-friendly discussions of the TTPs available to defenders.” MITRE hopes that Shield will 

encourage discussion about active defense and how defenders can use this information to get the upper 

hand. 

But what exactly does active defense mean? And what do organizations need to know? 

Understanding active defense 

Active defense entails the use of limited offensive action and counterattacks to prevent an adversary from 

taking digital territory or assets. Active defense covers a swathe of activities, including engaging the 

adversary, basic cyber defensive capabilities and cyber deception. Taken together, these activities 

enable IT teams to stop current attacks as well as get more insight into the attacker. Then they can 

prepare more thoroughly for future attacks. 

MITRE makes it clear in its discussion of Shield that deception capabilities are a necessity in the modern 

security stack to truly deter and manage adversaries. In Shield’s new tactic and technique mapping, 

deception is prominent across eight active defense tactics—channel, collect, contain, detect, disrupt, 

facilitate, legitimize and test—along with 33 defensive techniques. 

What agencies need to know 

Government organizations are continuous targets for bad actors, whether it’s nation-state attackers 

seeing proprietary information or more run-of-the-mill criminals looking to cause chaos and obtain some 

PII they can exploit. 

There is a huge amount of intellectual property within government agencies. A lot of the intellectual 

property that’s created in the U.S. that is of interest to adversaries is in the DoD supply chain or is being 

submitted to the U.S. Patent and Trademark office. Government agencies are holding some of the most 

valuable and sensitive data sets, including lawsuits being handled by the Department of Justice and 

counterterrorism tracking in the Department of Homeland Security. 

Bad actors attempt to sneak into these environments and then gain access to even more impactful 

information – like stealing the security clearance forms for 20 million people from the Office of Personnel 

Management. Analysts estimate that critical breaches of government networks have increased by a factor 

of three to six, depending on the targets. 

Agencies also need to know and avoid the misconceptions about deception. A prevailing misconception 

is that deception is synonymous with honeypots, which have been around for a long time and are no 

longer effective. And to make them as realistic as possible requires a lot of management so that if 



attackers engage with a honeypot, they won't be able to detect that it is not a real system and therefore 

know they're in the middle of getting caught. 

A second misconception is that deception is overly complicated and complex, with comparatively little 

ROI. Security organizations could enjoy the benefit of using deception technology – which is lightweight 

and has a low cost of maintenance – but are not engaging because they think it’s an overwhelming, 

complex approach that they won’t get enough value from. 

The reality is that deception technology is not the same as honeypots. That’s how deception began, but 

it has evolved significantly since then. Today’s deception takes the breadcrumb/deceptive artifact 

approach that leads attackers on a false trail, which triggers alerts so that defenders can find and stop 

the attackers in real time. Only unauthorized users know the deceptions exist, as they don’t have any 

effect on every day systems, so false positives are dramatically reduced. These aspects of deception 

technology add tremendous security and financial value to the IT security organization. 

Raise your Shield 

The attack surface that security teams must secure continues to expand rapidly as attacker tactics evolve 

– whether through nation-states attack teams, insider threats, for-hire groups or others. The forced digital 

transformation during the pandemic, and long-term ramifications that have resulted from it, points to the 

need for a more robust approach to protecting critical assets. And this is where active defense is key. It 

is likely that the MITRE Shield will become a standard to measure security proficiency by. Government 

agencies need to expand that proficiency by including the best practice of deception to their security mix. 


Having pioneered deception-based cybersecurity, founder and CEO of 

Illusive Networks Ofer Israeli leads the company at the forefront of the 

next evolution of cyber defense. Prior to establishing Illusive Networks, 

Ofer managed development teams based around the globe at Israel’s 

seminal cybersecurity company Check Point Software Technologies and 

was a research assistant in the Atom Chip Lab focusing on theoretical 

Quantum Mechanics. Ofer holds B.Sc. degrees in Computer Science 

and Physics from Ben-Gurion University of the Negev. 

Ofer can be reached on Twitter @ofer_israeli and at 

https://www.illusivenetworks.com. 



How Next-Gen Identity Governance and Administration 

(IGA) Fits in with Your Hybrid IT Strategy 

By Thomas Müller-Martin, Global Partner Technical Lead, Omada 

More and more organizations are using a hybrid IT environment that combines both on-premises and 

cloud-based applications. The rise of remote work, driven by the pandemic, has only increased the speed 

of this transformation. In fact, Gartner predicts that more than 75% of midsize and large organizations 

will have adopted some kind of multi-cloud or hybrid IT strategy by 2021. 

While this approach brings many advantages, it can also make it harder to get a transparent view of who 

has access to which IT systems and applications within the organization. As organizations continuously 

move more workloads to digital services, they will need a more solid approach to identity management. 

Identity Governance and Administration (IGA) has become a cornerstone of solid IT security, allowing 

organizations to implement processes for controlling, managing and auditing access to data, which is an 

important prerequisite to reduce the security risk. 



The growth of hybrid IT 

Cloud adoption shows no signs of slowing down – in fact, IT spending overall continues to shift to public 

cloud computing. Gartner analysts believe that more than 45% of IT spending on system infrastructure, 

infrastructure software, application software and business process outsourcing will shift from traditional 

solutions to cloud by 2024. 

The cloud has been integral for many companies’ capability to stay productive during the shift to remote 

work, and it also comes with plenty of other advantages – like the cost savings of not having to house an 

on-premises data center. That said, not every business can or should shift entirely to the cloud. Some 

things have to remain on-premises and as a result, hybrid IT is growing. 

However, these new solutions must still maintain regulatory compliance and secure collaboration across 

the organization and with partners and customers. They must support the rapid adoption of new digital 

services while respecting security and compliance. The solutions need to protect the brand and IP while 

acting in a complex ecosystem. The organization must therefore manage the risk while maintaining 

business agility and increasing efficiency. 

The role of identity governance and access management 

Ensuring security and staying compliant means that identity access management and identity 

governance are key. Migrating to the cloud creates potential exposed openings for attackers and different 

vulnerabilities, so organizations must revise their risk and security management. 

Therefore, they need to have a vision for secure cloud adoption and then establish appropriate 

governance. It is important to ensure that a well-functioning, future-proof architecture for identity 

management and access governance is implemented. This architecture should secure the organization 

long-term and ensure correct data flows across disparate systems and directories. 

An organization must know its identities and related accounts before enabling users to access and use 

cloud services. Companies must make sure that federated identities from suppliers, partners or 

customers are governed in a proper manner. Ideally, this should happen before collaboration begins, and 

the correct processes must be established and implemented. Organizations should also establish “local” 

security mechanisms, such as access request and certification, and they must also establish policies for 

cloud services. 

What organizations need to know 

When an organization uses an IGA solution, it allows the IT department to manage and govern all user 

access rights across a hybrid IT environment. Among the elements IGA processes oversee are: 

• audit and compliance reporting to ensure continuous risk overview 

• managing access to resources across an organization’s hybrid IT environments (on-premises and 

cloud-based applications) 



• performing access reviews and certifications across all cloud and on-premises applications 

• onboarding of new employees and offboarding leavers 

• a structured approach to onboarding applications 

• managing access to applications on a granular level in compliance with company policies, 

handling of access assignment policies and provisioning 

The ability to process these elements effectively lets companies ensure compliance, save money and 

minimize the risk of data theft by insiders and hackers. A key factor in doing this well is ensuring that 

business systems are only accessible to those who need to use them to do their job – the “least privilege” 

approach. 

Take control 

As cloud adoption soars, hybrid IT shows no sign of slowing down. Market forces have converged to 

make this standard operating procedure. But that means, for regulatory and security reasons, 

organizations must get control of who has access to which parts of their distributed business systems. 

To ensure security, compliance and efficiency, businesses need IGA processes in place. These 

processes protect organizations from incidents that could damage their reputation or, in the worst case, 

cause them to go out of business. In the era of the cloud, with skyrocketing cyber threats and stringent 

legislation such as GDPR, having best practice IGA processes in place has become a license to operate. 

Implementing an IGA solution should be seen as a strategic investment, empowering organizations to 

realize significant business value. 


Thomas Müller-Martin is Global Partner Technical Lead at 

Omada. He has spent more than 15 years in identity and 

access management. As the implementation of identity-centric 

cyber-security strategies become more and more relevant for 

enterprises around the globe, he helps Omada partners to 

make their Identity Governance and Administration journey a 

success. 

Thomas can be reached online via LinkedIn and omada.net. 



Analytics & Security Insight On 2021 And Beyond 

Predictions for the Future of the Security Space 

By Billy Spears, Chief Information Security Officer, Alteryx 

2020 has been a year unlike any other, with unforeseen challenges creating hurdles for businesses in 

every sector of the economy. As companies look for ways to insulate themselves from future shocks 

while preparing for the year ahead, insider insights can help companies to understand how societal and 

economic trends have and will impact their industries and what to expect in 2021. Below, I share a few 

predictions that will help leaders stay ahead of the curve and tackle anything that 2021 throws at them. 

First, I believe that in 2021, zero-trust security will become the new normal. The work-from-anywhere 

concept has created an interesting opportunity for CISOs to consider strategic approaches for managing 

non-traditional security risks. To accommodate this shift, we’ll see corporate security departments 

expanding the perimeter into associates’ homes to ensure that cyber risks are not unknowingly introduced 

into the corporate network. 2021 will see CISOs working with HR, further pushing to increase each 

associate’s cyber awareness to proactively recognize and report related risks, meaning that “zero-trust 

security” will be the new standard methodology for supporting associates working remotely. CISOs must 

adopt this model as it improves secure access to corporate resources through continuous assessment 



and intent-based authentication policies. Furthermore, Virtual Private Network (VPN) connections must 

become a default setting to increase protections for associates requiring remote access. 

Additionally, citizen data scientists will play a bigger role in preventing cyber attacks in 2021. As workers 

everywhere become more comfortable working with data, the ability of a business to deliver value in data 

processing and analysis increases exponentially. Their ever-expanding skillset increases value by 

delivering actionable insights from terabytes of otherwise impenetrable data to help the company 

forecast, mitigate risk and fraud, deliver relevant products to their customers and improve cybersecurity 

defensiveness. Effective cybersecurity threat hunting has always been built around the constant pursuit, 

near capture and repeated escapes of adversaries attempting to infiltrate a corporate network. Using a 

powerful analytics platform that enables machine learning capabilities is crucial to detect and address 

cybersecurity threats more rapidly by providing security departments with the ability to examine large 

volumes of data to uncover trends, identify patterns and deliver actionable intelligence. 

With the further democratization of data, 2021 will see citizen data scientists more and more playing a 

key role in helping security teams enhance and simplify their cyber defense technologies by precisely 

detecting future attacks, proactively identifying security blind spots across the network and protecting 

valuable company information. 




processes across the organization. 

Billy Spears, Chief Information Security Alteryx. He 

is responsible for overseeing enterprise cybersecurity 

and associated risk management practices. With a 

strong focus in both internal and external security, Billy 

ensures that Alteryx associates, customers, partners 

and vendors are thoroughly protected via state-of-theart 

policies, processes and technologies. His passion 

for architecting and implementing strategic solutions 

that build trust, enable resilience and incorporate core 

principles are driving transformation and simplifying 

Billy brings more than 20 years of experience leading and building teams in the information and security 

space across both the corporate world and the federal government. His strong background in information 

and security across different industries and verticals is critical in enforcing best practices within all areas 

of the business. Billy’s informed guidance and strategic approach to risk management and security efforts 

is instrumental in improving protections as Alteryx and the larger self-service analytics market continues 

to grow and expand across the globe. 

Prior to joining Alteryx, Billy served as executive vice president and chief information security officer at 

loanDepot, a market leader and online mortgage lender for consumers. While in this role, Billy helped 

create the first security enabled digital home loan experience for consumers – a game-changing 

advancement in the mortgage business. Billy has held similar positions at companies like Hyundai Capital 

America, General Electric and Dell, as well as the U.S. Department of Homeland Security. He is also a 

veteran of the U.S. Marine Corps. 

Billy is an adjunct cybersecurity professor for Webster University and a member of the company advisory 

board for Cymatic, a web application defense platform. Billy holds a bachelor’s degree in information 

technology from National University and received his MBA from University of Phoenix. 

Billy can be reached online on Twitter at his handle @BillyJSpears and at our company website 

https://www.alteryx.com/ 



Innovation, Automation and Securing A “Work from 

Anywhere” Environment In The Middle East 

By Mazen A. Dohaji, Vice President, India, Middle East, Turkey & Africa (iMETA), 

LogRhythm. 

Throughout 2020, enterprises and public sector organizations across the Middle East have been 

managing disruption and finding new ways to work. The challenge as we begin 2021 is to not just survive 

but thrive in this new business environment. That requires adopting new tools and creating a secure 

foundation that keeps users connected and moving forward. 

While many organizations have experienced lockdowns and quarantines throughout 2020, security and 

infrastructure teams are looking at how to provide flexible working while maintaining their cybersecurity 

posture. Users have shifted to a diverse and changeable working environment while cyberattacks in the 

Middle East have surged. 

The UAE saw cyberattacks increase from 43,000 in April 2020 to peaks of 120,000 in July and 123,000 

in August, according to the UAE’s Telecommunications Regulatory Authority (TRA). Between April and 

August, there was a 186% increase in cyberattacks in the country, which tracks closely with lockdown 



estrictions. Organizations have to be prepared for further uncertainty in 2021 and take action to manage 

their risk in the long term. What they can be certain of is that cyberattacks will continue to be a pain point 

and have the potential to spike again in 2021. 

‘Work from Anywhere’ 

Security Operations Center (SOC) teams should be reviewing and reflecting on 2020 and thinking about 

how they will support dynamic working environments that aren’t just working from home or in the office 

but look more like “work from anywhere” scenarios. Most organizations have evolved tremendously over 

the last 12 months and SOC teams need to stay in-tune with current operational norms and expectations 

of both users and business managers. SOC teams should question the state-of-play for their organization 

in 2021 and ask if their business is prepared for a new dynamic and fluid working environment. They 

should ask themselves: 

1. What did we learn about our systems and processes throughout 2020? 

2. What changes do I need to make to optimize our approach to security in the new year? 

3. How do we secure a workforce that is fluid and moving between remote and on-premises? 

4. Are my security controls and infrastructure built for this, or am I taking additional risk? 

5. What is the state of play for security visibility in this flexible environment? 

6. How prepared are we to change and adapt in case we are ready to come back to a fully officebased 

operation by the summer? 

7. What do our users want? How can we enable their success? 

8. Where do we start with so much uncertainty? 

Based on their responses, they should take action to ensure that their security posture matches the 

organization’s requirements and ensure it is ready to flex and adapt as needed. There are a few basic 

steps all organizations in the Middle East should be evaluating and prioritizing. 

User Vulnerability 

The first step for SOC teams across the Middle East should be to re-enforce best practice within their 

organizations and spend time educating users about policies, guidelines and best practices. Internal 

communications to users drive awareness and understanding of security risks. This should be increased 

and combined with more training. If training took place at the beginning of the pandemic, then 

organizations should be revisiting this in 2021. 

Whether it is in the private or public sector, user-based threats, like compromised accounts, increase risk 

and exposure across organizations. Human nature is still a primary vulnerability in an already complex 

threat landscape. 

Endpoint is the Bottomline 

SOC teams need new levels of visibility that are built to serve both remote and office-based working. 

They should be focused on the collection and correlation of endpoint, VPN and other pertinent 

infrastructure data like employees connecting back into the corporate network, identity and access 



management, as well as monitoring collaboration technologies like Office 365, Teams, Zoom, and Slack. 

It is about gaining visibility and control over the users’ ICT ecosystem and understanding where to, from, 

and how employees are authenticating and accessing data and applications. 

When an intrusion is suspected, they need to be able to qualify the threat and assess its potential impact. 

They can only do that if they have captured a wide variety of activity occurring on their endpoints and 

servers in real-time. Every organization should be able to search rich forensic data to understand when 

and how the incident occurred, and then contain the compromise with an endpoint lockdown. 

Automate Everything 

While automating everything might not be possible today, SOC teams should be exploring automating 

as many processes as possible. They are capturing massive amounts of data, which has made 

automating security processes a necessity. Not only does it eliminate human error, it ensures that precise 

decisions can be made at speed. SOC automation tools reduce an organization’s time to qualify (TTQ) 

and mean time to respond (MTTR) to a security threat. TTQ refers to the average time it takes to 

determine whether an incident is benign or should be considered a threat that requires 

investigation. Research by the Ponemon Institute found that it took organizations an average of 280 days 

to identify and contain a data breach in 2020. 

For most private and public sector organizations, that “wait time” is way too long. In a risky and uncertain 

time, they can’t wait for a human to perform an action that could be executed by a Security Information 

and Event Management (SIEM) solution with Security Orchestration, Automation and Response (SOAR) 

capabilities. 

Reinventing the Wheel 

When it comes to visibility and automation, there’s no reason to reinvent the wheel. SOC teams don’t 

have to develop all of this themselves. Instead, they should look for one-click, out-of-the box automation 

solutions that help them meet local compliance requirements and quickly deliver for their organizations. 

In markets like the Kingdom of Saudi Arabia, predefined reports and use cases can be made immediately 

available to organizations so they can meet local cybersecurity controls. This can be a way to quickly 

enhance an organization’s security posture while being able to demonstrate compliance. 

It also increases cost-efficiencies and enables local organizations to bridge skills gaps in the Middle East 

and benefit from both local and global expertise. Pre-defined use cases and reports can make it simpler 

and easier to deploy and enhance security in 2021. 

2021 and Beyond 

Rapid digitalization across the private and public sector in the Middle East is only going to continue in 

2021. The digital transformation and flexible working boom that started in 2020 will accelerate. This 

means that cybersecurity has to continually evolve to match the needs of rapidly changing ICT 

ecosystems. Adaptability and agility are critical and that starts with a secure foundation. Throughout 



2021, SOC teams should review, reflect and adapt as their operational environment continues to change 

and unexpected events influence the threat landscape. 


Mazen A. Dohaji has worked for LogRhythm for more than 6 years, where he 

started as a Senior Regional Director for India, Middle East, Turkey & Africa 

(IMETA) and is now Vice President for IMETA. He has 26 years of IT industry 

wealth in the Middle East region and more than 3 years in the SIEM 

space. Mazen is driven by market challenges and has extensive knowledge 

of the Middle Eastern Security market. This has led him to be the trusted 

advisor for major government entities and large enterprises across the region. 

He has also won “Top Performer” awards in multiple multinational 

organizations including IBM (formerly Informix), HP, and McAfee. 



Peer-To-Peer Cybersecurity Insights For 2021 

Based on real practitioners’ experiences 

By Stuart Berman, IT Central Station Super User 

December is typically a month when people who work in the IT field offer predictions for the coming year. 

2020 has been a highly atypical year, however, so it’s a bit daunting to think about what’s coming over 

the horizon. Yet, my company is in a unique position to engage in prognostication. We source user data 

directly from users in the trenches. In a year when travel has not been possible, IT professionals could 

not rely on the traditional get-togethers and in-person discussions to get advice and feedback from other 

industry experts. Online review sites such as our have boomed as a result. With that in mind, here are 

five predictions for cybersecurity, based on what are learning from real practitioners. 

Countermeasures and security operations catch up with containerization and microservices— 

While neither containerization nor microservices are new, they have reached a level of adoption that calls 

for a revised approach to cloud security. I say revised, versus new, because it’s easy to get pulled into 

“It’s all different, trash everything you’re doing” discussions. These are traps to avoid, as are the seductive 

but in my view false ideas like “Firewalls are dead in the cloud. You just need good code.” No, principles 

like Defense in Depth don’t go away just because you’re running virtualized services in the cloud. Rather, 

securing containers and microservices calls for new, virtualized versions of familiar technologies like 

firewalls. 



Automation of security processes and SecOps becomes the norm—This has also been a long time 

coming, but the security field has reached a point where manual processes will no longer suffice. There 

is just too much going on, too many threats to mitigate, too many alerts to handle. Instead, solutions like 

Security Orchestration, Automation and Response (SOAR) will become “must haves” in the Security 

Operations Center (SOC). SOAR solutions use automated “playbooks” to handle threats at a speed that 

people cannot possibly match by hand. 

Multiple security and related systems become more deeply integrated—The need to integrate the 

different elements of a security program will become more pressing in 2021. This goes along with 

automation. As security incident response becomes automated, it will make sense to eliminate manual 

handoffs between the systems that power the response, e.g., the SOAR solution will connect with the IT 

ticketing system via Application Programming Interfaces (APIs) for generating and assigning tasks. 

Security moves a lot faster—Security processes, along with the systems that support them, will start to 

move a lot faster in 2021. This might take the form of increased automated system updates versus 

manual re-installs, to name just one possible example. Automation also naturally moves processes along 

at a far faster clip than was previously possible. 

Security partners more closely with other corporate groups—Security, as well as its close cousin, 

compliance, will require more collaboration between multiple groups inside an organization. With privacy, 

for example, there will likely be much closer coordination between legal teams and engineering. For 

example, to ensure the “right to be forgotten” under GDPR and CCPA, the legal team has to have a 

thorough understanding of how the consumer’s rights will be honored through technology. To get it right, 

everyone is going to have to learn to speak across organizational boundaries. 

In general, I think 2021 is going to be a year when the dialogue between vendors and buyers starts to 

become more holistic and productive. The cloud computing trend, as well as the growth of DevSecOps 

and SOAR, are leading to a situation where the old “My solution is better than their solution” argument 

just really falls flat. We are hearing this in so many ways on the site. Buyers no longer care so much if a 

solution is 99% effective versus a competitor that is 98%. Good security managers want to understand 

how a solution will work in context, for a particular business use case. 

One thing is for sure: It’s going to be an interesting year. Let’s all stay safe. 


Stuart Berman, IT Central Station Super User 



Transitioning to Remote Work: The Apps You’ll Need to 

Ensure A Productive Workforce 

By Ikechukwu Nnabeze, SEO Copywriter, Traqq 

The world is changing at a swift pace. A couple of years ago, remote work was an unheard term in the 

business world; it was a privilege enjoyed by a select few. However, this is no longer the case as more 

organizations are embracing working from home and its associated benefits. Even workers and team 

leaders are now quick to sing about the many positives that it brings. 

Before the pandemic, working outside the office wasn’t an accepted idea among employers. However, 

current health risks have changed many minds. Everyone has been forced to adapt and become flexible 

about how things should be done. Employees who have tasted the work-from-home setup would prefer 

to continue if given the option. 

It’s true that there’s no one-size-fits-all when it comes to deciding the sustainability of remote work for 

your business. Even so, it helps to know the best apps that will help your team transition in this permanent 

setup. After all, there are several business risks in remote work. Fortunately, there are tech solutions that 

can mitigate these common problems. These modern digital apps help you to coordinate and monitor 

your staff, no matter their location. From time tracking software to free collaboration tools for remote 

teams, there are several ways to ensure productivity among your employees. 



Tool to Prevent Miscommunication: Slack 

It’s easy to lose proper communication while transitioning to a remote working structure. It’s one of the 

common issues companies face, which can lead to a massive dip in productivity. For starters, workers 

can no longer talk to each other face to face as they used to. The ease of walking over to a teammate’s 

desk to ask questions and come up with solutions to a problem is no longer there. This can lead to a 

messy communications network where vital information can get lost. 

While emails will work in a scenario where all employees commute to a physical workplace, it’s less 

feasible with remote work. It’s difficult to hold continuous conversations over emails, especially when you 

need to talk to many people on small issues at the same time. 

To create an effective workflow and boost productivity, you need a tool like Slack. This is an instant 

communication tool that comes with two primary modes of communication: 

• Channels message 

• Direct message 

Using these two modes, employees can exchange solutions, creative ideas, and information seamlessly. 

In addition, it comes with add-ons that give it an added efficiency that you can’t get with email 

communication. 

Slack also features a video call tool that you can use when you want to have face-to-face conversations. 

This gives a feeling that’s close to what you get from talking to a colleague or employee in a physical 

office. It’s also useful for holding quick meetings. Everyone can simply sign in and enjoy the pleasure of 

seeing each other’s faces, smiles, and gestures. 

The app allows for file sharing, which makes it the perfect communication tool. Moreover, it can be 

integrated with other third-party team management software such as Jira and Google Calendar. 

1. Tool to Prevent Time Theft: Traqq 

Working from home is great. However, it can come with a problem of distraction. In an office, it’s easy to 

keep an eye on your employees, caution them, or help them do their tasks without procrastinating. 

However, when it comes to telecommuting, the story is different. You need to find a way to monitor staff 

without being the overbearing boss that everybody hates. This is where time management apps come 

in. 

Traqq is a time tracking software that allows you to keep tabs on employee activity, no matter where they 

are in the world. Research shows that individuals tend to work faster when they realize their activity is 

being monitored. This means that you can ensure an increase in productivity even without having your 

workers under one roof. 

For example, managers use Traqq to keep track of their staff’s on-screen activity. They can see which 

websites and apps an employee visits during work hours. In addition, they get reports on how much time 

a worker spent on those sites and what they were doing on the pages they opened. 

This time tracking tool helps you figure out how many minutes or hours each worker spends on particular 

tasks. At the end of every week or month, you get a detailed report that’ll help you give feedback and 

coaching to your employees. If a staff member is wasting time surfing through Instagram or playing games 

during their work time, you’ll know from the activity report that the time management app will generate. 



Traqq also performs automatic tracking, which means that it quietly records user activity in the 

background without creating distractions or interfering with their daily work. It achieves this by taking 

screenshots or video recordings at intervals. The manager can then review this visual data and see an 

accurate calculation of the number of hours worked. 

This app has many features that help to keep employees focused. For instance, this tool measures each 

worker’s activity level based on keyboard movements and mouse clicks. Your staff will stay focused on 

tasks, knowing there’s a tool monitoring their activity during work hours. 

At the end of the workweek or month, the data is collated, and the app automatically gives you an 

extensive report. It shows the productivity level of each worker and provides accurate data for invoicing, 

salary payment, and client billing. 

2. Tool to Prevent Data Leaks: LastPass 

As an organization moves its business online, it has to incorporate a lot of digital tools into daily 

operations. Using various apps and services means having several accounts – this, in turn, means 

creating many passwords. 

It can get tedious trying to keep up with remembering and protecting all company passwords, especially 

when you have several employees under your wing. Writing them down somewhere can be risky as well 

– they can fall into the wrong hands. To operate an efficient and safe business, you need a way to keep 

these passwords secure while ensuring workers don’t get locked out of their accounts. 

LastPass protects your company data by giving every team member a single master login password. As 

for the passwords to the other numerous accounts, they’re securely stored in the LastPass tool and are 

loaded automatically whenever a login page requests them. 

The app is available on several platforms and is compatible with numerous devices. It was designed 

specifically for remote business purposes and to simplify the process of handling multiple work-fromhome 

employees. 

3. Tool to Prevent File Loss: Google Drive 

We cannot overemphasize the importance of having a secure system for sharing files and collaborating 

on digital data. Transitioning your business to a remote working structure means you have to find an 

efficient platform to protect business-related sensitive information. 

Employees need to exchange lots of information to facilitate the work process and ensure that crucial 

documents are stored safely. Since they can no longer do this physically, the amount of digital data that 

needs to be exchanged online will significantly increase. A secure file-exchanging and projectcollaboration 

network is necessary to avoid miscommunication and safeguard sensitive material from 

getting lost in transit. 

Sending large files through email can get messy because there’s no way to organize and collaborate with 

other team members in your inbox. Besides, it’s easy to mistakenly miss an important message when 

they pour in from several sources simultaneously. Large organizations can easily invest in customized 

file sharing and collaboration tools. However, small businesses might not have the resources to pull it off. 



Fortunately, Google came to the rescue with an app, which small to medium-sized companies can use 

to share and store data. Google Drive a cloud-based tool that your employees and teammates can use 

to collaborate on projects while keeping your data secure. No matter the worker’s location, they can 

share, download, edit, and leave comments on documents. The platform gives you 15GB of storage for 

free, which you can use to share any type of files—from documents and images to videos and links and 

videos and spreadsheets. 

Since many people are already familiar with Google-based products, it’ll be easy to transition your 

workforce towards using other Google-based tools. 

4. Tool to Prevent Mental Blocks: Mural 

When in a physical office space, it’s easy to get creative ideas from interacting with other employees, 

having meeting sessions, and engaging in playful banters. Even that chance meeting in an elevator can 

create bursts of fresh ideas coursing through you. This is not so when working from home – you’re alone, 

and it can get stale and mentally dull pretty quickly. There are no brainstorming sessions or cooperative 

working events in your home office to get the inspiration flowing. 

In these situations, digital communication tools might not be so helpful – creativity and inspiration 

sometimes need spontaneity, which these apps don’t give. It can get monotonous scheduling calls and 

video conferences just to bounce ideas off each other. 

Mural is a digital tool designed specifically for this purpose – the app is like a canvas for ideas and 

spontaneous creative thoughts. Unlike most project sharing platforms, it gives you the freedom to share 

ideas in any form you want. 

Teammates and colleagues can put their thoughts on digital sticky notes, which they can arrange into 

diagrams, flow charts, and even drawings. Mural adds a new fun way of staying organized and creative. 

It’s a great alternative to other more traditional project management tools and is an amazing tool for 

boosting creativity among your workforce. 

5. Tool to Prevent Feelings of Isolation: Yammer 

Remote work can get lonely sometimes, especially when you’re living alone. We are social creatures, 

and we crave human-to-human communication. When making changes to take your business online, this 

is something to keep in mind. 

While there are many professional collaboration and communication tools with all the right features, these 

apps fail to cover the social aspects of cooperating on projects. To achieve team bonding, consistent 

communication and feedback between teammates are essential. One way to accomplish this in a 

traditional office space is through team-building outings and social events. However, this might not be 

possible when you have several employees in different and faraway locations. 

Yammer helps you with this. Commonly known as the “Facebook for business,” the app has the makings 

of a social media network. However, instead of focusing on random personal updates and gossip news 

sharing, the tool focuses on work-related project updates. Teammates can like, share, and comment on 

posts/updates made by colleagues on projects that they’re working on, just as they’d on do on social 

media. 



6. Tool to Prevent Inefficient Task Delegation: Every Time Zone 

Running a remote business means dealing with employees in different time zones. This presents the 

challenge of not knowing who’s available at any given time, which can make handing over and task 

delegations difficult. Unfortunately, keeping track of everyone’s time zones can be exhausting, and 

colleagues may end up messaging or calling each other at odd hours. This can create more barriers to 

productive communication. 

Every Time Zone is an app that takes away the issue of performing calculations whenever you need to 

check who’s available for a task. It shows you the current time in every time zone that your employees 

or colleagues are working from. This makes it easier to know whom you can call or chat with when 

necessary. 

It may seem like a relatively small issue, but knowing who is available and what time they’re reachable 

can help teammates delegate tasks more efficiently. Productive communication is necessary for building 

a successful remote business team. 

Conclusion 

Transitioning to a remote business structure doesn’t mean you have to sacrifice productivity and security. 

With the tools listed in this article, you can protect yourself and employees from miscommunication, data 

hacking, and time theft. As a manager, solving these issues will give you time to focus on other crucial 

aspects of your business that require your attention, such as improving your products and services. 


Ikechukwu Nnabeze is a tech expert and content writer at Traqq whose 

goal is to improve people's lives with the help of modern technology. His 

interest in providing practical solutions to real-life tech problems has led 

him to a successful career in content creation. His passion is to help 

individuals and organizations from all over the world to embrace the lifechanging 

beauty of modern technology. He enjoys poetry and stargazing 

when he’s not spending time with family. 

Ikechukwu can be reached online at support@traqq.com and at our 

company website https://traqq.com/ 







Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS 

“Amazing Keynote” 

“Best Speaker on the Hacking Stage” 

“Most Entertaining and Engaging” 

Gary has been keynoting cyber security events throughout the year. He’s also been a 

moderator, a panelist and has numerous upcoming events throughout the year. 

If you are looking for a cybersecurity expert who can make the difference from a nice event to 

a stellar conference, look no further email marketing@cyberdefensemagazine.com 



You asked, and it’s finally here…we’ve launched CyberDefense.TV 

At least a dozen exceptional interviews rolling out each month starting this summer… 

Market leaders, innovators, CEO hot seat interviews and much more. 

A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine. 



FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL 

ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR MAGAZINES FOR FREE. 

This magazine is by and for ethical information security professionals with a twist on innovative consumer 

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our 

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best 

ideas, products and services in the information technology industry. Our monthly Cyber Defense e- 

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare 

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of 

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here 

to sign up today and within moments, you’ll receive your first email from us with an archive of our 

newsletters along with this month’s newsletter. 

By signing up, you’ll always be in the loop with CDM. 

Copyright (C) 2021, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. 

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a 

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com, 

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability 

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465, 

Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS# 

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com 

All rights reserved worldwide. Copyright © 2021, Cyber Defense Magazine. All rights reserved. No part of this 

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, 

recording, taping or by any information storage retrieval system without the written permission of the publisher 

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of 

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may 

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect 

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content 

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at 



276 Fifth Avenue, Suite 704, New York, NY 1000 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 


www.cyberdefensemagazine.com 

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA) 

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 01/04/2021 

Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guysebook/dp/B07KPNS9NH 

(with others coming soon...) 



9 Years in The Making… 

Thank You to our Loyal Subscribers! 

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know 

What You Think. It's mobile and tablet friendly and superfast. We hope you 

like it. In addition, we're shooting for 7x24x365 uptime as we continue to 

scale with improved Web App Firewalls, Content Deliver Networks (CDNs) 

around the Globe, Faster and More Secure DNS 

and CyberDefenseMagazine.com up and running as an array of live mirror 

sites. 

Millions of monthly readers and new platforms coming…starting with 

https://www.cyberdefenseprofessionals.com this month…

Cyber Defense eMagazine January 2021 Edition

Create successful ePaper yourself

Delete template?

Save as template?