Cyber Defense eMagazine December Edition for 2021

9 Ways Social Media Sabotages Your 

Cybersecurity 

How Covid-19 Changed Advertising Forever 

The Benefits of Hyperautomation 

Why Do You Need a Malware Sandbox? 

…and much more… 

Cyber Defense eMagazine – December 2021 Edition 1 

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

CONTENTS 

Welcome to CDM’s December 2021 Issue ----------------------------------------------------------------------------------------- 6 

9 Ways Social Media Sabotages Your Cybersecurity -----------------------------------------------------------------38 

By Alex Lysak, CEO of Scanteam 

Cyber Crime Is on The Rise and These Experts Have the Knowledge You Need ------------------------------42 

By Jon Clemenson, Director of Information Security, TokenEx 

When Diplomacy, Finance and Tech Collide: Cybersecurity Lessons Learned from Years Across Careers 

--------------------------------------------------------------------------------------------------------------------------------------49 

By Danny Lopez, CEO, Glasswall 

How Covid-19 Changed Advertising Forever ---------------------------------------------------------------------------53 

By Bernie Brode, product researcher at Microscopic Machines 

Why MFA Alone Isn’t Enough for True Cybersecurity ----------------------------------------------------------------57 

By Bojan Simic, Co-Founder, Interim CEO & CTO, HYPR 

Can Your Cybersecurity Culture Stand Up to the Latest Spear Phishing Techniques? -----------------------60 

By Josh Yavor, Chief Information Security Officer, Tessian 

3 Best Practices to Avoid Inevitable Ransomware Attacks ---------------------------------------------------------63 

By Jesper Zerlang, CEO, LogPoint 

The Benefits of Hyperautomation -----------------------------------------------------------------------------------------66 

By Nathan Hull, Principal Solutions Architect, Technologent 

Electric Vehicle Charging: The Next Cyberattack Frontier ----------------------------------------------------------69 

By Prof. Thomas R. Köhler, Member of the Board of Juice Technology AG 

Will Multi-Factor Authentication (MFA) Implementation Protect Countries from Cybercriminals? ----72 

By Marcin Szary, CTO and co-founder, Secfense 

Why Do You Need a Malware Sandbox? --------------------------------------------------------------------------------76 

By ANY.RUN Team 

Multi-Cloud Security and Compliance: Challenges & Best Practices ---------------------------------------------79 

By Avi Shua, CEO and Co-Founder, Orca Security 



How Do You Secure the Modern Supply Chain? -----------------------------------------------------------------------83 

By Brett Raybould, EMEA Solutions Architect, Menlo Security 

Don’t Take Yourself Out of The Game: Mitigating the Risk Of An Organizational Conflict Of Interest In 

Federal Contracts --------------------------------------------------------------------------------------------------------------87 

By Michelle Litteken, Of Counsel, Morris, Manning & Martin LLP 

Is Anti Data Exfiltration the Holy Grail of Cyberattack Prevention? ---------------------------------------------92 

By Dr. Darren Williams, Founder & CEO, BlackFog, Inc. 

Attorney-Client Privilege Communication Best Practices -----------------------------------------------------------96 

By Nicole Allen, Marketing Executive, Salt Communications. 

The Line-of-Sight Cybersecurity Problem in Healthcare ----------------------------------------------------------- 100 

By Samuel Hill, Director of Product Marketing, Medigate 

Caution: Personal Data Memorization in Progress ----------------------------------------------------------------- 104 

By Patricia Thaine, Co-Founder & CEO, Private AI 

Q&A: Roland Cloutier Chief Security Officer Tiktok and Bytedance ------------------------------------------- 108 

By Roland Cloutier 

Techniques Used by Hackers to Bypass Email Security Solutions ----------------------------------------------- 113 

By Michael Aminov, Perception Point 

How To Protect Your Digital Legacy ------------------------------------------------------------------------------------ 119 

By Jamie Wilson, MD, Cryptoloc Technology Group 

Sextortion Email Scams ---------------------------------------------------------------------------------------------------- 123 

By Harman Singh, director at Cyphere 

Getting Started with Active Directory Security ---------------------------------------------------------------------- 130 

By Justin Kohler, Director of BloodHound Enterprise, SpecterOps 

Surviving The New Era of Terabit-Class DDoS Attacks ------------------------------------------------------------ 133 

By Richard Hummel, Threat Intelligence Lead, NETSCOUTy 

Cyber (In)Secure: Business Sentiment on Cyber Security Challenges ------------------------------------------ 136 

By James Edgar, Senior Vice President and Chief Information Security Officer, FLEETCOR 

Enterprises Cannot Achieve Zero Trust Security Without Machine Identity Management -------------- 139 

By Murali Palanisamy, chief solutions officer, AppViewX 



@MILIEFSKY 

From the 

Publisher… 

Dear Friends, 

Looking back over ten years of publishing Cyber Defense Magazine, it is an honor and pleasure for me to report on the growth 

of our organization and breadth of our services. 

Cyber Defense Magazine has been the central and driving force in the Cyber Defense Media Group array of publishing, 

advertising, and other valuable media services. Since its initiation 10 years ago, we have published some 3500 articles from 

expert authors across the entire spectrum of cybersecurity endeavors. 

In addition to the Cyber Defense Magazine B2B offering, we publish the online B2C Cyber Security Magazine. Between the 2 

magazines, we provide millions of discrete clicks each month to the benefit of our advertisers, authors, and their companies 

– as well as the educational value of bringing actionable information to our readers. 

Cyber Defense TV has become a mainstay for growing cyber businesses to broadcast their messages and value propositions 

to a wide audience of professional and management individuals. 

Our Global Cyber Awards and Black Unicorn publications have taken center stage for our millions of readers and online 

audience participants. 

As we celebrate 10 years of publishing, we must also look forward to the growing challenges from vulnerabilities and solutions 

in cyber activities. Among the first are the 16 sectors of critical Infrastructure and their integrated command and control 

support. But we pride ourselves in reaching organizations of all sizes and types, including SMEs, nonprofit, and government 

entities. 

We are pleased to bring you a broad spectrum of articles with actionable information and wish you all success in your own 

cyber endeavors. 

Warmest regards, 

We’ll be celebrating our 10 th Year in business and of our Global InfoSec Awards and as a 

Platinum Media Partner of RSA Conference on Feb 7 – 10, 2022 – See You There! 

Gary S.Miliefsky, CISSP®, fmDHS 

CEO, Cyber Defense Media Group 

Publisher, Cyber Defense Magazine 

P.S. When you share a story or an article or information about 

CDM, please use #CDM and @CyberDefenseMag and 

@Miliefsky – it helps spread the word about our free resources 

even more quickly 



@CYBERDEFENSEMAG 

CYBER DEFENSE eMAGAZINE 

Published monthly by the team at Cyber Defense Media Group and 

distributed electronically via opt-in Email, HTML, PDF and Online 

Flipbook formats. 

InfoSec Knowledge is Power. We will 

always strive to provide the latest, most 

up to date FREE InfoSec information. 

From the International Editor-in-Chief… 

Once again, in this month’s review, we see a growing, but 

disparate influence of privacy initiatives in the international arena. 

If we could liken the movements and reactions to a physical being, 

it would look like expansion occurs with breathing in, and 

contraction occurs with breathing out. It seems that each time one 

of the international or international (including States and 

Provinces) take an action to expand its privacy reach, others move 

in a conflicting direction. 

Ultimately, however, we continue to hope that the efficiencies of 

uniformity will prevail – taking into account, of course, the 

necessities of cultural and historical differences observed on the 

international scene. 

Why, one might ask, do we find privacy initiatives influencing 

cybersecurity? As it happens, the playing field on which privacy 

legislation and regulation take place is largely a cyber-based 

structure. The vast majority of personal and sensitive information 

is transmitted, stored, accessed, and analyzed in cyber space. 

Whether in the servers of the affected organization or in the 

“cloud” (someone else’s server), compliance with privacy 

requirements happens in conjunction with cybersecurity. 

As always, we encourage cooperation and compatibility among 

nations and international organizations in responding to these 

cybersecurity and privacy matters. 

To our faithful readers, we thank you, 

Pierluigi Paganini 

International Editor-in-Chief 

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER 

Pierluigi Paganini, CEH 

Pierluigi.paganini@cyberdefensemagazine.com 

US EDITOR-IN-CHIEF 

Yan Ross, JD 

Yan.Ross@cyberdefensemediagroup.com 

ADVERTISING 

Marketing Team 

marketing@cyberdefensemagazine.com 

CONTACT US: 

Cyber Defense Magazine 

Toll Free: 1-833-844-9468 

International: +1-603-280-4451 

SKYPE: cyber.defense 

http://www.cyberdefensemagazine.com 

Copyright © 2021, Cyber Defense Magazine, a division of CYBER 

DEFENSE MEDIA GROUP 

1717 Pennsylvania Avenue NW, Suite 1025 

Washington, D.C. 20006 USA 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 

PUBLISHER 

Gary S. Miliefsky, CISSP® 

Learn more about our founder & publisher at: 

http://www.cyberdefensemagazine.com/about-our-founder/ 

9+ YEARS OF EXCELLENCE! 

Providing free information, best practices, tips, and techniques 

on cybersecurity since 2012, Cyber Defense magazine is your 

go-to-source for Information Security. We’re a proud division 

of Cyber Defense Media Group: 

CYBERDEFENSEMEDIAGROUP.COM 

MAGAZINE TV RADIO AWARDS 

PROFESSIONALS 

VENTURES 

WEBINARS 

CYBERSECURITYMAGAZINE (FOR CONSUMERS) 



Welcome to CDM’s December 2021 Issue 

From the U.S. Editor-in-Chief 

As we complete the year 2021 in our publishing rotation, we can see patterns developing and extending 

into the future. The breadth of topics among the 26 articles in the December issue of Cyber Defense 

Magazine reflect the perceived concerns and (in many cases) solutions offered by our contributing 

authors. 

This enlightening view of current industry challenges provides, among other benefits, both high-altitude 

observations and down-to-earth granular analysis of the developments in cybersecurity today. 

Take a moment to read through the Table of Contents. You will see numerous articles you will find of 

immediate interest. That is representative of how Cyber Defense Magazine strives to bring our readers 

actionable intelligence from highly knowledgeable cyber professionals. 

Once again, the articles this month cover a broad spectrum of threats, preventive measures, ways to 

assure resilience and sustainability, and operational advice for organizations needing to maintain the 

confidentiality, accessibility, and integrity of sensitive data. 

We believe Cyber Defense Magazine is most valuable to our readers by keeping current on emerging 

trends and solutions in the world of cybersecurity, and we use that guide as our pole star in undertaking 

this journey with our readers. 

Wishing you all success in your cybersecurity endeavors, 

Yan Ross 

US Editor-in-Chief 


About the US Editor-in-Chief 

Yan Ross, J.D., is a Cybersecurity Journalist & U.S. Editor-in-Chief of Cyber 

Defense Magazine. He is an accredited author and educator and has 

provided editorial services for award-winning best-selling books on a variety 

of topics. He also serves as ICFE's Director of Special Projects, and the author 

of the Certified Identity Theft Risk Management Specialist ® XV CITRMS® 

course. As an accredited educator for over 20 years, Yan addresses risk management in the areas of identity theft, 

privacy, and cyber security for consumers and organizations holding sensitive personal information. You can reach 

him by e-mail at yan.ross@cyberdefensemediagroup.com 

































































9 Ways Social Media Sabotages Your Cybersecurity 

By Alex Lysak, CEO of Scanteam 

Social media has become one of the most common ways to spend time online, with many of the world's 

most popular websites offering social features. Social media is described as a digital platform that allows 

users to create an account, share content and interact with other users. Main examples include sites 

such as Facebook, Twitter, and Instagram, but there are hundreds of different social media sites, each 

offering a unique set of features and catering to different groups of people. 

Social media is perfect for connecting with friends and family, as well as sharing ideas and content with 

people from all over the world. It's also a great place for businesses to interact with their potential 

consumers, engaging with them and advertising to them. One of the reasons why social media sites have 

become so successful is that they sell personal data to companies for advertising purposes. Brands can 

target people based on their age, location, and likes, reaching their target demographics more easily. 

Although social media is very popular, with over half of the world's population now owning at least one 

account, it does raise issues about cybersecurity. When signing up to a social media site, users need to 

be careful that they're not compromising their data, falling victim to data leaks, or downloading malware. 



With over 4 billion users, social media platforms present a big target for hackers, scammers, and identity 

thieves. As a result, it pays to be careful about the platform you use and how you use it. In this article, 

our US cybersecurity expert Alex Lysak will be looking at nine different ways social media and 

cybersecurity are connected and how to practice social media safety. 

What is Cybersecurity? 

Cybersecurity is the practice of protecting devices or networks from cyber-attacks, malware or other 

online threats. These cyberattacks are typically aimed at gaining access to, altering, or destroying 

sensitive data, extorting money from users, or disrupting normal corporate activities. Whether you're an 

individual or a company, cybercriminals don't discriminate, and you need to be able to protect your 

devices and data from cyber security threats. 

Because there are more devices than humans nowadays, and attackers are growing more inventive, 

putting in place effective cybersecurity measures is very difficult. Over the last few years, there has been 

a rise in the number of high-profile cyber-attacks, particularly those using ransomware. This type of 

malware encrypts a user's data, making it useless unless the user gives in to demands and pays a 

ransom. 

Hackers often demand payment in the form of cryptocurrency, which has the advantage of being much 

easier to use than other forms of online payment. Payments made using cryptocurrencies have increased 

a lot over the past few years, as researched by Scanteam, this is partly thanks to the added level of 

security as well as the potential anonymity. 

Protecting Yourself While Using social media 

Although you can use antivirus software and other tools to keep your device secure from threats, the best 

way to stay safe online is by taking the right precautions. By following good practices while online, you 

can avoid malware and stay safe from cyber-attacks, including those on social media. 

Here are a few of the things to avoid or be careful of when using social media if you want to stay secure: 

Providing Too Much Personal Information 

When using social media, users often fill out their profiles without caring much about who sees them. 

Although it may seem innocuous to provide details on your birthday, your family members, where you 

grew up, and more, it can put you at risk. By publishing so much information about yourself online, you 

can be affecting your cybersecurity, making it easier for hackers to gain entry to your accounts or for 

identity thieves to open up credit cards or bank accounts in your name. 

Additionally, you should also be careful about the contact details you provide, as scammers will often 

look for email addresses and phone numbers. When combined with your personal information, they can 



use this to create highly believable scams aimed at extracting money from your accounts. Privacy is one 

of the most important social media security issues, and users should be more careful about their personal 

information. 

Phishing Scams 

A phishing scam is one of the most common types of online scams, where scammers use social 

engineering to get the information they want. This type of social engineering involves an attacker sending 

a phony message to a human target in the hopes of obtaining sensitive information. In addition, the scam 

could also involve or deploy harmful software on the victim's infrastructure, such as ransomware. 

When using social media, you should always be wary of messages you receive, especially from people 

you don't know. Sometimes it could even appear to be someone you know sending a phishing message, 

either through a hacked account or a fake profile. 

Insecure Passwords 

Passwords are essential for keeping your accounts secure, and you should always make sure to use 

strong passwords no matter what kind of account it is. Using weak passwords is asking for trouble, as it 

means hackers can easily break into your account. Not only that, but you should also avoid reusing 

passwords on multiple accounts. You shouldn’t use the same password for your online banking and your 

Facebook account, for example. 

Single Layer Security 

Passwords aren't the only thing you should use to secure your account; many online sites also offer twofactor 

authentication or digital ID. This is where the site will send a code to your phone for you to use as 

well as your password. You should definitely set this up, as it means that even if hackers manage to 

crack your password, they won't be able to get access to your account. 

Outdated Apps 

Social media apps are constantly updated to remove bugs and exploits that make them vulnerable to 

social networking security threats. If you want your device to stay safe, make sure the app you're using 

is up to date, and if you're not sure, you can check to see if updates are available. Additionally, you can 

set the app to update automatically when new software patches are released. 



Unsecure Mobile Networks 

When using social media on a mobile device, you should be careful about which networks you connect 

to. Using mobile data in the US is fine but connecting to open Wi-Fi networks is often a risk. When you 

connect to an unsecured mobile network, you could be opening your device up to malware and cyberattacks. 

Malware Links 

Malware links are rare on social media as they often get reported and taken down. However, you can still 

find plenty of examples of social media cyber-attacks through malware being spread over various 

platforms, particularly through private messages. If you don't know the person, never open the link and 

be very careful about what links you open in general. 

Tags and Locations 

Part of the fun of social media is tagging friends in photos and sharing your location. However, this can 

potentially put you at risk. Be careful about sharing your location online, especially as you never know 

who can see this information. Some people in the US have had their homes robbed after revealing their 

location on social media, and it can be a cybersecurity risk too. 

Poor Privacy Controls 

When using social media, you're in control over who gets to see the content that you share, but you do 

need to adjust the privacy settings to change this. Make sure you revisit this often to prevent people not 

connected to you from accessing your personal data and ensure proper data security. 

About the Author 

Alex Lysak is working in online marketing since 2011, his main 

areas of expertise are marketing research, social media marketing, 

and SEO. During 9+ years of experience, he has helped many 

products and startups to develop marketing strategies and to 

implement them further. Alex Lysak can be reached online at 

alexlysak.scanteam.pro@gmail.com or Twitter and at our 

company website https://scanteam.pro/ 



Cyber Crime Is on The Rise and These Experts Have the 

Knowledge You Need 

By Jon Clemenson, Director of Information Security, TokenEx 

Nearly every day, there’s news about another major cyberattack on a large organization. We are living in 

a new reality where organizations are fighting a constantly evolving and restrategizing enemy, and the 

Biden Administration has heavily focused on investing resources and manpower to combat ransomware. 

This investment is represented by the President’s recent Executive Order that presents actions to 

improve cybersecurity of U.S. critical infrastructure. 

Celebrated in October, National Cybersecurity Awareness Month is a time to re-educate all individuals 

on effective cyber hygiene and what to be on the lookout for in this new age of hybrid work. We spoke 

with 10 cybersecurity experts to get their insight on best practices every organization can implement to 

keep themselves, their employees and their customers safe. 

Terry Storrar, managing director, Leaseweb UK 

"The security risks of remote working have been well documented. Away from the office, employees are 

now far more likely to practice poor cyber hygiene, for example connecting to unsafe networks, 

transferring work data to personnel devices, or sharing unencrypted files. And threat actors are 

relentlessly taking advantage of these vulnerabilities. 



However, as concerning as these practices are, they are often relatively simple to fix. This Cybersecurity 

Awareness Month provides the perfect opportunity to remind ourselves and co-workers to do our part 

and #BeCyberSmart. The simplest way we can do this is by developing good daily routines that work to 

manage the most common cybersecurity risks facing our organisations. Examples of this include keeping 

software up to date, backing up data, and maintaining good password practices. At the end of the day, 

lack of education and human error are two of the largest contributors to data breaches. Businesses need 

to start implementing more safeguarding protocols and make cybersecurity training not just accessible 

for all employees, but a basic part of onboarding. 

Cyber attacks nowadays do not often come from ingenious ‘hackers’ in dark rooms, they’re often the 

result of an employee reusing the same password, or businesses not implementing basic practices such 

as multi-factor authentication. By acting smart now, we can eliminate some of the greatest cyber threats 

facing our businesses today." 

Liron Damri, president/co-founder, Forter 

“At Forter, we’ve seen a marked uptick in Account Takeovers (ATO); a form of identity fraud in which a 

third-party steals credentials and / or gains access to user accounts. Our first party data shows that ATO 

has increased 55% year-over-year! 

How can that be? The global pandemic has kept people home, and so many consumers have entered 

the world of eCommerce. Many of those who are new to eCommerce have proven more likely to reuse 

passwords and less likely to follow security best practices. Fraudsters have been opportunistic in taking 

over these accounts. 

The burden isn’t only on the consumer here, it’s on businesses to deploy more sophisticated methods 

and models to protect those new customers from ATO—identifying them (and approving their 

transactions) and preventing fraud and abuse.” 

Jon Clemenson, director of information security, TokenEx 

"This National Cybersecurity Awareness Month, we’re reminded of how constantly evolving cyber threats 

such as breaches and ransomware create the need for security professionals to develop increasingly 

sophisticated defense strategies. These strategies can vary widely, which makes it especially important 

for security leaders to select the appropriate controls and security methods for the unique needs of their 

organization. 



In reality, there’s no one ‘silver bullet’ for cyber defense. Instead, a mature posture will combine a variety 

of security methodologies and technologies for data discovery, classification, access management, 

protection, and more. Further, it must function in a manner that accommodates necessary business 

operations. Finding the right balance between security and operability is one of the greatest challenges 

security professionals face, but it’s absolutely essential for a successful cybersecurity strategy.” 

Tyler Farrar, CISO, Exabeam 

“National Cyber Security Awareness Month 2021 is a time to reflect on the major technological and 

lifestyle shifts brought on by the pandemic and their security implications. Remote work unexpectedly 

became the norm in 2020, and as we close out 2021, the hybrid work model may be here to stay for 

decades to come. It’s clear that it's working. 

These changing approaches to work have caused security leaders and their teams to balance what’s 

necessary to keep sensitive company data and assets safe and secure in organizational landscapes that 

no longer have a security perimeter. People are everywhere now. Meanwhile, adversaries are growing 

more sophisticated by the hour. Critical infrastructure organizations like Colonial Pipeline, agriculture 

organizations like New Cooperative and tech firms like Kaseya and Olympus being targeted by 

cybercriminal groups are hitting the headlines on a near-weekly basis. How can security teams keep up 

with the barrage of attacks and network perimeter shifts? 

Rather than retreating back to legacy methods and previous strategies, companies must #BeCyberSmart 

and tackle modern threats head on. It’s critical to highlight that compromised credentials are the reason 

for 61% of breaches today. To remediate incidents involving user credentials and respond to adversaries, 

organizations must consider an approach that is closely aligned with monitoring user behavior to get the 

necessary context needed to restore trust, and react in real time, to protect employee accounts. This 

should include the ability to understand what normal looks like in your network, so when anything 

abnormal occurs, you can immediately detect it and prevent it from causing harm or damage to your 

organization. 

Employees must also play a role. Security teams that shake up their password protocols such as never 

using the same password twice, using password vaults and enabling multi-factor / adaptive authentication 

are winning against the adversaries. A combination of behavioral analytics and smart password practices 

can help employees, and their employers, stop credential-based attacks and adversarial lateral 

movement. Use this month to be sure you have the right threat detection, investigation and response 

(TDIR) technologies in place for yourself and your security teams." 



Danny Lopez, CEO, Glasswall 

“During this year’s National Cyber Security Awareness Month, I very much hope executive teams realize 

that employees should not be the only line of defense against cyberattacks. With the growing 

technological sophistication of data breaches and the sheer volume of threats today, any individual within 

a network can easily become a target. 

Unfortunately, most employees are unfamiliar with how to properly protect themselves. Attackers know 

how to depend on predictable patterns of human behavior to gain an advantage against their targets. 

Many users don’t think twice about opening an attachment or clicking a link that appears to be legitimate. 

As insider threats have increased by 47% this year, users may also think they are communicating with a 

colleague when the account has actually been taken over by an adversary. 

The best option is to remove the threat entirely before the user needs to make a choice. Increasingly, 

traditional sandboxing and antivirus software aren’t enough. Implementing solution-based file protection 

software like Content Disarm and Reconstruction (CDR) can rebuild files to a higher security standard so 

users can benefit from safe, clean files and organizational leadership can have peace of mind.” 

Surya Varanasi, CTO, StorCentric 

“Driven in large part by the COVID pandemic, massive layoffs, and record numbers of people being sent 

home virtually overnight to work, learn, shop and live, the number of successful cyberattacks climbed to 

dizzying heights. In fact, recent IDC research indicated that over the past year, more than one third of 

organizations worldwide experienced a ransomware attack or breach that successfully blocked access 

to systems or data. And for those that fell victim, many experienced multiple ransomware events. With 

cybercrime projected to cost the world $10.5 trillion annually by 2025, it is clear why ensuring your 

organization is taking the appropriate measures to ensure cyber safety and security must become priority 

number one. 

Traditionally, the game plan has been to maintain production data storage on-site, snapshot the data, 

replicate to an off-site location, store it to a disk, and then move it to tape storage and/or the cloud. 

Unfortunately, cybercriminals know this and have engineered their technology to behave accordingly. 

Bad actors can now rather easily use ransomware to infiltrate your network and render all forms of 

traditional backup useless. 



Today, what is required is an elevation in backup strategy from basic to unbreakable. In other words, for 

today’s ransomware threat what’s needed is to make backed up data immutable, thereby eliminating any 

way it can be deleted or corrupted. Unbreakable Backup can do just that by creating an immutable, 

secure format that also stores the admin keys in another location entirely for added protection. And, by 

layering-on a backup solution that has built-in verification, savvy SysAdmins can alleviate their worry 

about their ability to recover — and redirect their time and attention to activities that more directly impact 

their organization’s bottom-line objectives.” 

JG Heithcock, general manager of Retrospect, a StorCentric company 

“Today’s cyber criminals are attacking backups first, and then once under their control, coming after 

production data. This means that many enterprises are feeling a false sense of security, until it is already 

too late. 

I like to say, ‘backup is one thing, but recovery is everything.” In other words, choose a backup solution 

that ensures the recovery piece (which surprisingly, not all of them do). Look for a provider with vast 

experience, as well as a track record for continuous innovation that ensures its offerings are prepared to 

meet prevailing conditions. The solution(s) should provide broad platform and application support and 

ensure protection of every part of your IT environment, on-site, remote, in the cloud and at the edge. 

Next, the backup solution should auto-verify the entire backup process, checking each file in its entirety 

to ensure the files match across all environments, and you are able to recover in the event of an outage, 

disaster or cyber-attack. And, as a last but highly critical step -- at least one backup should be immutable 

-- unable to be altered or changed in any way, at any time. Even if the ransomware took a ride along with 

your data to your backup site, during the last backup.” 

Andy Fernandez, senior manager, product marketing, Zerto, a Hewlett-Packard Enterprise 

company 

“Saying that ransomware attacks are growing in severity and volume is an understatement. Hackers are 

finding ways to prolong unplanned downtime and increase data loss, and getting operational (back up 

and running) as quickly as possible is key. Yet legacy data protection solutions aren’t focused on the 

speed of recovery—only on recovering that data. Many organizations pay the ransom simply because of 

how long it would take their backup systems to restore encrypted data. While restoring the encrypted 

data is paramount, meeting those SLAs must have equal priority within the modern organization. 

Organizations cannot afford to wait days for critical applications to be up and running. From web 

experiences to employee tools, time is money and reducing unplanned downtime is key. 

Ransomware attacks are evolving, targeting next-gen applications like Kubernetes and Microsoft 365. As 

the adoption of cloud applications grows, so will exploits and attacks and in turn the importance of 



estoring data. Modern organizations that are responsible for that data will need to have native data 

protection solutions that can help them protect internal applications and applications shipped using 

containers. For example, we are seeing file-less attacks explicitly targeting stateful Kubernetes data. The 

consequences of downtime for these applications are growing, and organizations need solutions that are 

native and purpose-built to protect these applications. Whether the target is VMs, Kubernetes, or SaaS 

applications, being resilient when facing ransomware attacks is crucial.” 

Wes Spencer, VP, external CSO, ConnectWise 

“Let's admit it. Cybersecurity feels like a losing game. Breaches happen everywhere we look. It seems 

like no effort we make is really making a difference. And beyond that? Ransomware threat actors are 

spotted on the news driving camo green Lamborghini Aventadors. I can understand any SMB just wanting 

to give up in exasperation. But there is hope, and it comes in the form of cyber resilience. 

If you've never heard of cyber resilience, don't be shocked. It's a decade old term that is finally being 

revived amidst our travails but is now shining light as a powerful solution for MSPs and their SMBs. In 

short, cyber resilience is a renewed focus on keeping an organization resilient and operational in the 

midst of adverse cybersecurity conditions. Translated thus: let's build resilience to keep our organization 

functional when, not if, the big cyber attack happens. It allows us to focus on faster response and recovery 

to any threat. To be clear, we should not give up on prevention, we simply need to have a new focus on 

cyber resilience. After all, if we're unable to stop all cyber attacks, maybe we should start to focus on 

making them less impactful when they occur.” 

Neil Jones, cybersecurity evangelist, Egnyte 

“During Cybersecurity Awareness Month, we should actively review our cybersecurity preparedness, and 

consider how we can make our employees, contractors and business partners even safer online. 

Unfortunately, many organizational stakeholders are unaware of how to properly protect their companies' 

valuable data, so it’s up to the company to educate them on best practices. As an IT leader, you need to 

consistently update your cyberattack prevention strategies and implement practical measures like the 

following, which will protect you from falling victim to potential attacks: 

· Make compulsory cybersecurity awareness training a way of life, rather than a once-a-year IT 

requirement. 

· Limit access to mission-critical data on a “business need to know” basis. 



· Advocate a proactive approach to detect data misuse- including potential Insider Threats- before 

it’s too late. 

· Encourage all of your company’s stakeholders to speak up if they see a potential IT Security issue. 

Just like at the airport or in a train station, “if they see something, they should say something.” 

Throughout this month, encourage your employees and executive team to take proactive steps to 

enhance cybersecurity and remember to reinforce the importance of personal accountability with all of 

your associates.” 


In his role as TokenEx’s information security 

practice lead, Jon Clemenson combines a focus 

on quantifying and improving our security posture 

with a passion for automation. With 15 years of 

results-driven leadership experience in the tech 

industry and federal government, he considers 

security a team sport and enjoys tackling 

problems from a learn-it-all perspective. When he 

isn’t implementing initiatives that align security with 

business efficiency, you can find him in line at the nearest food truck. 



When Diplomacy, Finance and Tech Collide: 

Cybersecurity Lessons Learned from Years Across Careers 

By Danny Lopez, CEO, Glasswall 

While technology, finance and diplomacy may seem worlds away from one another in most people’s 

minds, they may be surprised to learn that there is significant crossover of the skills required. 

Prior to my time at Glasswall, I worked in finance for the first decade of my career at Barclays in a variety 

of international banking positions. I then transitioned into working as the managing director of marketing 

and communications at the Department of International Trade in the UK where I focused on implementing 

a marketing plan for the promotion of the UK economy internationally. I also worked with former London 

Mayor Boris Johnson to create London & Partners, the UK Capital’s international trade, investment, and 

promotional agency. After this role, I was appointed to the post of British Consul General to New York 

where I was responsible for the UK’s economic profile, foreign policy, and national security priorities in 

the tri-state area. During those five years, I gained a strong interest in technology which led to my role as 

the COO of Blippar, a technology firm specializing in augmented reality, before joining Glasswall. 



These cross-industry roles have collided to teach me valuable lessons about running transatlantic 

organisations -- as well as how to protect them from digital adversaries and nation-state threats. Through 

my diverse experience, I’ve learned that organisations can make improvements to their overall 

cybersecurity effectiveness by focusing on improving training, taking initiative, and increasing internal 

communication and collaboration efforts. 

Cybersecurity Culture Starts at the Top 

Leaders across each and every industry I’ve worked in are the ones who set the tone for how their teams 

engage with challenges, solutions and risks. A culture of security awareness and protection starts at the 

top. 

Their willingness to learn about cybersecurity can make a huge difference in the way the team 

approaches education and awareness. Cybersecurity training is often treated as a one-time, brief session 

to go over the basics such as password best practices and how to recognize phishing attacks. While this 

approach can be educational, there is a lack of engagement happening. organisations typically treat 

cybersecurity training as a ‘box ticking’ strategy, where employees are asked to do a training session and 

assume the job is done. In reality, employers should be creating a culture that helps people identify 

security challenges while also investing in the right technologies. 

Moreover, having a supportive and collaborative leadership team is crucial to creating a strong sense of 

involvement around cybersecurity. This involves taking a zero-trust approach to cybersecurity by 

assuming that there could always be risks. According to a 2020 Insider Threat Report, 68% of 

organisations reported that insider attacks were becoming more frequent. This involves having clear onboarding 

and off-boarding procedures for employees, hosting clear cybersecurity training sessions, 

regularly changing passwords, and having two-factor authentication on at all times. In addition, 

businesses should be aware of the best possible technological solutions. 

Taking Initiative with Cybersecurity Protection and Risk Factor Awareness 

In addition, many organisations struggle with corporate procrastination around cybersecurity issues. This 

can lead to major repercussions down the line. Issues should be addressed head on. There are many 

relevant examples of this such as an employee putting off changing passwords or implementing twofactor 

authentication. The number of stolen passwords and usernames in circulation has increased by 

300% since 2018 (Digital Shadows Research Team). Passwords are shared between personal and work 

devices and are often written in plain sight rather than secured with a password manager. This further 

improves the importance of taking a proactive approach to cybersecurity measures. Passwords should 

be regularly changed and updated. Leadership teams should be taking these extra steps. 



Another way leaders can take initiative in cybersecurity protection is by implementing proactive tools that 

work to prevent the problem before it arises. For example, Content Disarm and Reconstruction (CDR) 

technology removes potential threats from every file by inspecting, cleaning, and rebuilding files to a 

“known good” standard. 

Although some organisations may take some precautions, a leader or leadership team may not always 

understand the risks and how they should be addressed. For example, leaders may comprehend that 

ransomware attacks are on the rise but cannot translate that into the risks it presents to their own 

networks. Cybersecurity concerns should be addressed directly by preparing to implement change. This 

is not just about investing in technology but is about identifying the risk factors associated with major 

problems such as ransomware and phishing. While effective cybersecurity is built around strong 

technological solutions, organisations that are aware and ready to address these issues will always be 

better prepared. 

Clear Communication and Collaboration 

One of the biggest challenges and crucial values in the workplace is direct, honest communication and 

collaboration. In many organisations across sectors, there is a serious disconnect between leadership 

and other vital stakeholders. For example, some leaders view cybersecurity as an IT problem, and as a 

result, keep important issues at arm's length. They may not prioritize cybersecurity investment in the 

same way because it does not show a tangible ROI in most cases. 

There is still a large number of organisations that could benefit from prioritizing cybersecurity at a 

leadership level. Improving communication efforts between all parties is crucial to protect from growing 

cybersecurity risks. The estimated cost of cybercrime exceeded $1 trillion globally in 2020, more than a 

50% increase in two years (The Hidden Costs of Cybercrime, McAfee). It is better for organisations to be 

prepared by investing in cybersecurity best practices before it’s too late. 

Ultimately, organisations can improve their approaches to cybersecurity as a whole by staying up to date 

on the latest threats, modernising cybersecurity training and technology and ensuring everyone from the 

board and executives to the security analysts themselves have a clear cut, coordinated plan in place. It’s 

no simple task, but after decades working in international relations, finance and technology and observing 

security practices across them all, I can assure you these steps will put your team on the right path. 




Danny Lopez is the CEO at Glasswall. Danny has enjoyed a 

successful international career to date in banking, marketing, 

diplomacy, and technology. Danny is the CEO of award-winning 

cyber security firm Glasswall, which delivers unique protection 

against sophisticated threats through its ground breaking 

technology. For two years up until August 2018 Danny was the 

COO at Blippar, a UK-based augmented reality (AR) pioneer. 

Between 2011 and 2016 Danny was the British Consul General 

to New York and Director General for trade and investment 

across North America. Before this diplomatic posting, Danny 

was appointed by the Mayor of London as the inaugural CEO of 

London & Partners, the UK capital’s official promotional agency. Previously, Danny was a Managing 

Director at the UK government’s Department for International Trade. The first ten years of Danny’s career 

were at Barclays Bank, where he held several senior international positions in corporate and investment 

banking in London, New York, Miami, and Mumbai. Danny is a Non-Executive Director at Innovate 

Finance – the UK industry body championing global FinTech – and a special advisor to New York-based 

venture capital firm, FinTech Collective. He is also a Council Member and Trustee at the University of 

Essex, his alma mater. Danny speaks regularly on platforms across the world on topics including 

geopolitics and the intersection of market disrupting technologies and government policy. Danny holds 

a Bachelor of Arts degree in economics and a Master’s degree in international economics and finance 

from the University of Essex. Born in England, Danny grew up in Spain and is a fluent Spanish speaker. 

Danny and his Australian wife Susan live in London with their three children. Danny can be reached 

online at @GlasswallCDR and at our company website www.glasswallsolutions.com 



How Covid-19 Changed Advertising Forever 

By Bernie Brode, product researcher at Microscopic Machines 

There has been much written about how the Covid-19 pandemic has exacerbated inequality. Across the 

world, the virus exposed just how unprepared some countries, communities, and companies were for 

crisis, and those with the fewest resources were invariably those that were least able to respond. 

The same was true of advertisers. 

At the broadest level, the pandemic forced most brands to shift most of their marketing online. Some 

advertising agencies and platforms were ready for this, and some weren’t. This meant that, during the 

two long years of lockdowns and remote working, the agencies that were already in a strong digital 

position consolidated this, because those that weren’t failed to survive. 

The firms that have survived face a radically different market, with several advertising technologies 

spiking in popularity. In this article, we’ll look at three of the most important, and explain what this 

increased popularity means for the future of advertising. 



Connected TV 

It might seem strange to start this list with Connected TV – a relatively small part of the media landscape, 

and one that advertisers have been slow to embrace. But the importance of advertising on streaming 

services was hugely increased by the pandemic, and specifically by a strange coincidence. This is that a 

number of much anticipated streaming services were already due to launch during the period of stay-athome 

orders. 

These services include NBCUniversal’s Peacock and WarnerMedia’s HBO Max, both of which had the 

“good fortune” to launch at a time when there was a large and almost captive audience for this. 

Unsurprisingly, this led to the launch of both services going unexpectedly well. Some analysts have even 

spoken about a “revolution” in the TV industry, in which a long-term trend away from “traditional” cable 

and satellite television companies has become an abrupt abandonment. 

Audience figures certainly give credence to this view. Across the US, cord-cutting spiked during the 

pandemic rise: eMarketer forecast late last year that more than 6 million U.S. households had canceled 

their pay TV subscriptions last year, with TV ad spend dropping 15%, to its lowest level since 2011. This 

is not a short-term process, of course. But until now, it was expected the advertisers would have another 

decade – at least – to transition away from making TV adds, and gain expertise in new media. That time 

is now upon us, much earlier than some had hoped. 

This doesn’t mean, of course, that video marketing will die. Far from it. And in fact, with the rise of TikTok 

and similar apps over the past year, it could be said that we are entering a golden age for video marketing. 

However, advertisers will need to quickly gain (or hire) expertise in these “new” video platforms in order 

to take advantage of them, and ensure that their content stays relevant. 

E-Commerce 

The second big pandemic-driven shift in the last two years has been the rise and rise of e-commerce 

platforms. This, again, was not a trend that was invisible before the pandemic, but it is one that the virus 

accelerated rapidly. In short, e-commerce platforms are quickly becoming the standard way to purchase 

goods and services, with IRL stores needing to offer something extra to justify their existence. 

In principle, this is great news for advertising companies, or at least those capable of desiging, making, 

and delivering digital ads. eMarketer forecast in the fall that marketers would spend $17.37 billion in 

advertising on e-commerce sites and apps in 2020, up 38% from 2019. More recent figures, showing a 

huge increase in the volume of online sales during the pandemic, and sustained afterward, have led 

some to conclude that the retail industry has changed forever. 



However, this shift might not be such a simple one for advertisers. Many of these new e-commerce 

platforms are keen to handle promotion and advertising themselves, and in fact offer this to sellers as the 

primary advantage of their platforms. At the same time, more customers than ever are using ad blockers. 

This means that the “traditional” way in which advertising reaches consumers in the digital space is 

quickly becoming unfeasible, and unprofitable. 

Because of this, advertisers may find themselves becoming experts in the “dark arts” or e-commerce 

promotion. We are fast entering a world, in other words, in which customer reviews and SEO replace 

creative copy and marketing design. 

Flexibility 

Ultimately, however, the most important way in which the pandemic may have changed the advertising 

industry is by highlighting how quickly economic conditions can change. The firms which performed best 

over the past two years were those that were able to quickly pivot to new ways of working, and new ways 

of reaching their audiences. 

While for small firms this may have been a relatively straightforward shift, larger firms found it very difficult. 

Forrester Research forecast last year that the U.S. ad agency sector would lay off 52,000 jobs in 2021 

and 2022 amid spending cuts. Flexible marketing organizations have been one place those workers could 

turn, but many have left the industry permanently. 

These workers are going to be replaced by advertisers who came of age during the pandemic, and who 

see the value of embedded digital marketing. And dollars began to shift over to creators even more: A 

report from influencer marketing platform CreatorIQ said sponsored posts were up 46.6% year-over-year 

during the post-Thanksgiving sales weekend. This will be the legacy of the pandemic on the industry, 

and one that will shape it for years to come. 

The Future 

The pandemic has caused major changes in the industry, and accelerated some that were already 

apparent. Certain pieces of the ad industry were catapulted years forward as consumers stayed at home 

during the pandemic. Digital reigned supreme: Flexible buys, an ability to switch out messaging and 

direct-response buys that clearly showed return-on-investment were in high-demand by many advertisers 

who often had no idea what the next month, or even the next week, would look like. 

And that’s the new reality that we all have to live with. 




Bernard Brode is a product researcher at Microscopic 

Machines and remains eternally curious about where the 

intersection of AI, cybersecurity, and nanotechnology will 

eventually take us. 

Bernie can be reached online at bernie.l.brode@gmail.com 

and https://twitter.com/berniebrode?lang=en. 



Why MFA Alone Isn’t Enough for True Cybersecurity 

By Bojan Simic, Co-Founder, Interim CEO & CTO, HYPR 

Multi-factor authentication (MFA) was once a foreign terminology, but today, with the myriad of hacks 

and data breaches dominating headlines, it’s fair to say that most individuals now see MFA as a nobrainer 

– for now. When thinking about MFA, both companies and consumers alike consider it to be a 

safer, more secure option. And while that isn’t necessarily untrue (as it is safer than single-factor 

authentication), it doesn’t bypass the increasingly large password issue developing across digital 

mediums. In fact, despite widespread MFA adoption, account takeover fraud generated a $3.3 billion loss 

in 2020. 

Ever since the “password” was invented in the 1960s, it has been a topic of contention. The intent, always 

positive; but the efficacy, an ongoing debate – especially with the pace at which technology is evolving. 

As it stands today, there are three different kinds of MFA, the first being One-Time Passwords (OTP). 

OTP are a string of digits that are provided to a user via an app after they have entered a username and 

password; however, OTP are still based on passwords (it’s in the name, after all!) and are therefore 

subject to MFA phishing, mobile malware and keyloggers. 



The second kind of MFA is SMS two-factor authentication (the most common OTP delivery method 

today), wherein OTP are delivered to a user’s smartphone via text. Again, due to error or malicious 

activity, OTP can be delivered to the wrong mobile number or a stolen mobile phone or intercepted via 

SS7 network attacks. In fact, the National Institute of Standards and Technology (NIST) stopped 

recommending the use of SMS as a strong second factor back in 2016! 

And finally, PUSH authentication is another mobile-centric authentication method whereby the service 

provider sends the user a notification to their mobile phone. The user then has to tap the screen to get 

access to the account. And while PUSH authentication can be used as part of a passwordless system if 

the solution is built upon PKI or certificate-based authentication, most PUSH authentication is an MFA 

mode layered on top of additional shared secrets, including (you guessed it) a password. 

Unfortunately, many hackers have learned how to bypass traditional MFA, including intercepting, 

phishing and spoofing SMS text messages; many also engage in SIM swapping, wherein a hacker 

impersonates the target to dupe a wireless carrier employee into porting the phone number associated 

with their SIM card to a new (malicious) device. Moreover, there also new tools – e.g., Modlishka – that 

automate phishing attacks that bypass MFA. It couldn’t be easier for hackers nowadays. 

So, the question is, how do we move away from passwords yet still ensure enterprise level 

security? 

Every individual today is experiencing a certain level of MFA fatigue, then add the fact that every 

business, big and small, is maneuvering through the complex authentication landscape, while now 

managing the IT challenges of remote work. In fact, enterprise IT helpdesk departments spend more than 

30% of their time helping users with password and access issues, which prevents them from making 

progress on innovative projects that ultimately move the business forward. So, despite being mandated, 

MFA still carries a level of resistance. 

The solution? Marrying MFA with passwordless authentication. In short, combining MFA technology with 

a biometric login (think facial recognition). This concept removes any type of shared secret and eliminates 

the transmission or storing of credentials, thus removing the “man in the middle” and reducing the attack 

surface. By simply using a smartphone, security key, or platform authenticator, users can securely log 

into a workstation and corporate domain, without ever typing in a password. Passwordless authentication 

removes user frustration while ensuring the highest level of password security – by eliminating the 

password altogether. Leading companies such as Aetna/CVS Health, most major banks in the United 

States, airlines and insurance companies have all adopted passwordless technologies. 

Moving forward, passwordless authentication will certainly be the norm, particularly since the Federal 

Financial Institutions Examination Council (FFIEC) recently issued a guidance on effective authentication 

and access risk management practices for the various parties that access financial institution services 

and systems. Microsoft, in particular, is taking the lead in incorporating this technology and making it nonnegotiable 

for entities with data to secure (or, all entities). In fact, a Digital Defense Report recently 

distributed by Microsoft shows continued attacks from other nation-states that weren’t necessarily via 

exploitations of software, but rather well-known techniques such as password spray and phishing. This 



just highlights how vulnerable most organizations are to attacks, and how widespread the antiquated use 

of passwords is amongst the population. 

With the number of digital touchpoints increasing for companies across the board, MFA alone – and MFA 

rooted in password security – will continue to become less and less secure for both brands and 

consumers. With countless pieces of data and dollars to lose, neither party can afford to put their 

information at risk. Under the FFIEC’s guidance, and with Microsoft at forefront, Passwordless MFA is 

the way of the future. 


Bojan Simic is the Interim CEO, Chief Technology 

Officer and Co-Founder of HYPR. Previously, he 

served as an information security consultant for 

Fortune 500 enterprises in the financial and insurance 

verticals conducting security architecture reviews, 

threat modeling, and penetration testing. Bojan has a 

passion for deploying applied cryptography 

implementations across security-critical software in both the public and private sectors. His extensive 

experience in decentralized authentication and cryptography have served as the underlying foundation 

for HYPR technology. Bojan also serves as HYPR’s delegate to the FIDO Alliance board of directors, 

empowering the alliance’s mission to rid the world of passwords. 

Bojan can be reached online on LinkedIn, Twitter and at our company website https://www.hypr.com. 



Can Your Cybersecurity Culture Stand Up to the Latest 

Spear Phishing Techniques? 

By Josh Yavor, Chief Information Security Officer, Tessian 

Gone are the days of bulk spear phishing attacks, where hackers send scam emails and malicious 

attachments to as many people as possible and hope for a bite. Spear phishing techniques are growing 

more targeted and sophisticated, according to new data from Tessian that sheds light on the latest attack 

methods. 

Tessian’s report analyzed two million malicious emails that bypassed traditional email defenses like 

secure emails gateways within the past year. It found that hackers are targeting employees with more 

tailored emails that reap big rewards, like wire transfer fraud. Account takeover attacks are also a major 

threat that costs businesses $12,000 on average. 

With emails bypassing defenses, humans are left as organizations’ last line of defense against these 

email scams. But it’s unreasonable to expect each employee to be a cybersecurity expert and identify 

these attacks every time. Instead, organizations must build a strong cybersecurity culture that 

encourages people to flag suspicious activity and empowers them with the tools they need to stay secure 



on channels like email. This starts with understanding the latest threats and building a cybersecurity 

culture around them. 

The State of Spear Phishing 

Who is being targeted and when? 

Tessian’s report found that the average employee receives 14 malicious emails per year, but that number 

jumps significantly for highly targeted industries. For example, retail employees received 49 malicious 

emails per year, while manufacturing employees received 31. Those sectors are also experiencing 

staffing shortages from The Great Resignation, leaving employees stressed, distracted and potentially 

more vulnerable to falling for a scam. These risks must be prioritized as companies navigate hiring and 

turnover challenges. 

Bad actors try to trick employees by sending malicious emails in the late afternoon, hoping to slip past a 

tired or distracted employee. The most common times for spear phishing emails to be sent was 2 p.m. 

and 6 p.m. Bad actors also take advantage of the holidays by offering “too good to be true” deals. The 

biggest spike in malicious emails came immediately before and after Black Friday. 

What’s the latest attack playbook? 

Impersonation techniques continue to be a go-to strategy in the spear phishing playbook. Tessian found 

that display name spoofing was the most common tactic, found in 19% of malicious emails. These attacks 

use deceptive display names on an email to mislead employees. For example, a display name might 

show the first and last name of the company's Chief Financial Officer requesting a wire transfer. While 

the email address itself may still look suspicious, a recipient often only looks at the name of the sender 

and could mistake it for a legitimate request. 

Domain impersonation, on the other hand, happens when bad actors secure a domain that looks like it 

belongs to a legitimate business. This technique was used in 11% of malicious emails. The brands most 

likely to be impersonated were Microsoft, ADP, Amazon, Adobe Sign and Zoom. 

What are bad actors after? 

Tessian’s analysis found that tricking users into downloading malware remains a common motive of 

phishing emails. Malicious links still prove to be a popular and effective technique, with almost half (44%) 

of malicious emails containing a URL. 

Our researchers found more emails related to wire transfers than credential theft, suggesting 

cybercriminals are still largely focused on financial gain. For example, they’re more likely to try to steal 

money by impersonating a vendor and requesting a payment than by posing as an IT person requesting 

an employee’s password. 



Building a Cybersecurity Culture from The Ground Up 

These attacks are evolving and growing more sophisticated every day. Having a strong cybersecurity 

culture is more important than ever to ensure employees can work both securely and productively. Rather 

than getting in their way, an effective cybersecurity culture images employees as part of the solution while 

providing the tools they need to stay secure. 

This involves a layered approach, starting with creating a transparent, shame-free environment that 

encourages employees to admit to mistakes or share when something feels off. Unless employees feel 

comfortable flagging, suspicious emails or alerting IT when they’ve clicked a malicious link, security 

teams won’t know how or when they are being targeted. Essentially, they’ll have zero visibility into these 

threats. 

The next step is relevant, ongoing training. Employees should be trained using the latest and most 

relevant examples, such as real-world phishing emails. For example, they should see real examples of 

those “too good to be true” scams before the holiday season and should know to look out for spear 

phishing emails late in the afternoon. Automation and machine learning tools can also be used to provide 

in-the-moment training tailored to specific employees based on their role, tenure and location. 

But even with training, people will make mistakes like clicking a malicious link or sharing login credentials. 

Businesses need to take an advanced approach to email security to stop the threats that do get through. 

Relying on employees to identify and outwit threats 100% of the time will leave an organization 

vulnerable. The right security tools can provide an added layer of defense and support employees without 

disrupting their workflow. 


Josh Yavor is CISO at Tessian, leading information security, 

threat intelligence, and security research. Most recently he 

served as CISO for Cisco Secure and led cloud security for 

Duo Security, with earlier stops at Facebook, Oculus, and iSEC 

Partners. Josh is an aspiring woodworker and recovering 

middle school teacher. Learn more about Josh on Twitter and 

at Tessian.com. 



3 Best Practices to Avoid Inevitable Ransomware Attacks 

Tips to mitigate and protect against the ongoing threats of ransomware 

By Jesper Zerlang, CEO, LogPoint 

The total cost of ransomware in 2021 totals $20B and is expected to climb to $265B by 2031. With new 

ransomware attacks occurring every 11 seconds and the average incident resulting in nearly $700,000 

in damages, no industry is safe from the war against ransomware. In 2021 alone there has been headline 

breaking ransomware attacks on large organizations such as Colonial Pipeline, Brenntag, and JBS 

Foods. 

While cybercriminals rely on an array of tactics to breach a network, such as database hacking and 

denial-of-service attacks, phishing is the number one delivery method for ransomware. Throughout the 

pandemic, as the majority of businesses rapidly moved their workforce remote, the number of 

ransomware attacks only continued to climb, up 150% in 2020. 

These numbers aren’t slowing and it’s up to organizations to understand how they can protect their data 

and their employees’ information from a catastrophic attack, which could ultimately cost them millions. 

However, as the number of threats increase, businesses must look to find the right solutions to better 

protect, detect and respond to today’s complex threats. And while some require implementing new 

security tools and technology, others are as simple as changing protocols and priorities within the 

organization. Below are three tips to help any organization, large or small, in their efforts to increase 

cybersecurity and mitigate the risk of a ransomware attack. 



1. Build a strong cybersecurity foundation 

When thinking of cybersecurity, it’s natural to think of the innovative technologies available on the market 

today. However, there are so many steps that should be taken in-house to help to establish a secure 

network before introducing these additional technologies. Building the foundation for protecting your data 

starts with the basics, especially considering that these advanced technologies can only do so much if 

the foundation is not set. 

Patching, having secure configurations and following password best practices, such as ensuring strong 

password hygiene across the organization and incorporating two-factor authentication, are all basic 

needs to ensure a hacker cannot easily gain access to a network. While these may seem small, the 

protection they offer is mighty and effective, and with these measures in place, advanced technologies 

can be implemented in parallel to help build a stronger, forceful security posture for the overall 

organization. 

2. Stay “in the know” 

With the increase in cyberattacks, the government has been busy introducing new regulations and 

compliance standards. These will likely not go away – in fact, they will likely become stricter, with heavy 

fines for those organizations who do not comply. Being aware of the current state of the industry and the 

threats impacting fellow businesses can help you to understand what the risks are, how you can protect 

yourself and what may be introduced into the regulatory landscape in the near future. 

For example, it’s no secret that the need for a single platform that can both detect and respond to a threat 

is greater than ever before. Some organizations are finding that by integrating Security Information and 

Event Management (SIEM) with Security Operation Automation and Response (SOAR), they can help 

introduce the automation necessary to respond to even the most complex threats quicker than ever 

before, minimizing the need for human intervention. This reliable, automated protection enables 

organizations to respond in real-time and provides them with the situational awareness necessary to help 

predict the following phase of an attack. 

Technology like this is actively changing the industry and the way organizations prepare for ransomware 

attacks. Being aware of these types of innovations can help an organization better understand the 

benefits, help a business stay ahead of the industry trends and be ready for when these technologies 

become the regulatory standard in cybersecurity. 

3. Don’t forget about transparency 

As with any business challenge, being open and communicative is the only way to ensure alignment 

across teams. From security operations to IT and enterprise risk management, aligning on objectives is 

critical to ensure any and all gaps are covered in the protection of the organization. Without consistent 

collaboration and transparency between each lead department, the likelihood of an attack only increases, 

jeopardizing the critical data within the network. 



For example, an employee may become a target of a phishing scheme, recognize the warning signs, and 

simply delete the email. However, shortly after, an employee in another department could receive the 

same email and fall victim to the attack. Departments tend to work in silos with the belief that cybersecurity 

sits with only IT team and only the IT team. Yet, if the first employee had made the IT team aware of the 

phishing email, they could have warned the remainder of the organization before the second employee 

had fallen victim. Cybersecurity it a team effort and working together to stay goal-orientated amid the 

battle against ransomware is often one of the best forms of protection for any organization. 

It’s no longer if, but when. 

Ransomware is a cyberthreat that is constantly impacting our society, and organizations are no stranger 

to the term. However, there is still the overarching question of “how does my business ensure protection?” 

It’s safe to say that no organization is completely safe, as cybercriminals are actively targeting each and 

every industry – but there are ways to increase and prioritize protection. Cybersecurity is an ongoing 

priority that should be top of mind year-round. Building a strong foundation, staying educated and aware 

of current technology and being transparent with partner departments within the organization are just the 

start. However, taking the initiative to start is the first step in securing your data against the next 

ransomware attack. 


Jesper Zerlang is the CEO of LogPoint and has led LogPoint to become 

one of the dominant SIEM vendors in Europe. He has more than 25 

years’ experience in the IT industry and has held top management 

positions at Telia Company, Dell Computer and Compaq. His strong 

customer and partner focus, passion for his employees and strong 

entrepreneurial spirit helps to spark innovation and growth at LogPoint. 

He has supplemented his leadership skills with executive management 

programs at Harvard Business School. Jesper can be reached at 

https://www.logpoint.com/en/. 



The Benefits of Hyperautomation 

By Nathan Hull, Principal Solutions Architect, Technologent 

Hyperautomation – in short is the process of automating business automation. At least that is the goal. 

The term itself was coined by Gartner in 2019 and implies an actual framework for scaling business 

automation by combining complementary technologies to augment business processes. The benefits of 

hyperautomation extend beyond the simple cost savings of reduced overhead by automating tasks. 

Hyperautomation reduces the cost associated to implement business process automations and enhances 

the utilization of other technologies such as ML and AI within the organization. By increasing process 

efficiencies and boosting productivity there are many other tangible benefits. For example, improved 

customer perception of the organization by being able to increase the speed of product or service 

delivery. Hyperautomation also creates the opportunity for business and process improvement. As more 

workflows are digitized there is more data that can be collected, analyzed, and ultimately translated into 

more effective business decisions. 

Foundation is key! If I could stress only one common component in the successful implementation of 

technology projects, it would be just that. Having mature business processes in place and having a 

crystal-clear vision of what a process should be prior to taking on any type of automation project is highly 

recommended. At the end of the day, business process automation typically mimics what an individual 

user would do to complete a set of tasks. If the individual performing the tasks being modeled is 

completing them incorrectly, it isn’t going to be very beneficial for the organization. Having defined goals 



and outcomes is essential for project success and implementing Hyperautomation is no exception. 

Business automation almost always encompasses multiple organizational units. For instance, there is 

typically need for IT governance and oversight as well in-depth insight from the process owner that is to 

be automated. Therefore, to be most effective the business must be the driver of adoption and have 

appropriate executive sponsorship to prevent interdepartmental challenges from hindering the success 

of the project. How well processes are understood by both or multiple parties and having well established 

inter departmental communication is critical. Identifying the appropriate automation tools to construct a 

hyperautomation framework is also an important factor. For instance, if there are regulatory or 

organizational compliance guidelines that must be met, having automation tools that can support those 

policies is obviously key in developing an appropriate solution. 

Once an organization has a clearly defined use case for hyperautomation, it is a general best practice to 

initially limit the number of processes or tools to be automated. Trying to combine an excess number of 

tools or automate too many processes in a short time frame can prove to be extremely challenging and 

increase the potential for negative impact on an organization. As complexity increases so does the risk 

of project failure. Starting small and detailing success criteria can prove immensely valuable once you 

are ready to expand the scope of your hyperautomation project. 

Hyperautomation security is an important consideration and should be evaluated accordingly based on 

the organizations security policy and any overarching regulations or compliance mandates. Security 

policies regarding business automation systems are generally more focused on access controls given 

the nature of the products themselves. The majority of the tasks are transactional, and it is uncommon 

for the systems to store data within the platform itself. However, the possibility of a malicious user gaining 

access to sensitive data via an automation tool is plausible. If a malicious user were to utilize the tool 

itself to gather sensitive data from automated actions the impact could be rather substantial. Regarding 

access controls, it is important to understand the difference in roles between the hyperautomation 

components as well the user roles they take on to complete the automations. As an example, the 

hyperautomation of HR onboarding does not necessarily require the automation components to have the 

same permissions as an HR employee. The HR employee will likely have a much more expansive role 

and access to many systems unrelated to those necessary to perform the onboarding tasks. Keep in 

mind that the permissions allocated to the automation systems should meet only the requirements to 

perform the expected tasks and nothing more. 

Other security concerns may exist depending on the organization such as varying geographic regulations, 

privacy laws, etc. 



As with any system that is critical to business continuity, appropriate safeguards should be implemented 

to protect the business from system failure. Concepts such as high availability, disaster recover, etc., are 

an important factor when considering what role automation will have in your business. Setting appropriate 

service level expectations will assist in the supportability of the platform and assist in the adoption of 

these technologies. 

Ultimately hyperautomation proposes a more complete path for organizations to realize the benefits of 

automation and will likely have a profound impact on multiple areas of business in the future. 


Nathan Hull, Principal Solutions Architect for Technologent. 

With more than 15 years industry experience Nathan works with 

clients as a transformational IT consultant. He assists 

organizations in solving strategic, operational, and technological 

challenges. Carrying a reputation for motivating and inspiring 

teams through the well-organized, efficient implementation of 

emerging technologies. 

Nathan can be reached online at on the company website http://www.technologent.com/ 



Electric Vehicle Charging: The Next Cyberattack Frontier 

By Prof. Thomas R. Köhler, Member of the Board of Juice Technology AG 

The International Energy Agency estimates the global number of electric cars, buses, vans and heavy 

trucks on the road to reach 145 million by 2030. In the U.S. estimates are that 28 million EVs will 

be sold within that timeframe, in concert with the administration’s goal of 50% of new car sales to be 

electric by 2030. This will create a significant demand for more public charging stations and for flexible 

options like portable chargers that operate at home or on the road. Within each charging operation lies 

millions of lines of code and a wealth of personal and network data. The global cybercriminal community, 

always looking for new ransomware possibilities, will find this highly valuable data ripe for attack. One 

U.K.-based security research company, Pen Test Partners, already found, with several charging devices 

tested, that a cybercriminal could remotely gain control of the device, enabling the criminal to read user 

data or even hack into the owner’s home network via a wallbox. Researchers found vulnerabilities 

occurring in both home devices and charging networks. 

Unfortunately, the EV industry – car manufacturers, charging station suppliers, networking solutions and 

service providers – have not made cybersecurity a top-of-mind priority. While businesses in other sectors 

have made strides in better protection of their data and networks, many vending machines, for example, 

are better protected than charging stations. 

The specific risks caused by vulnerable charging stations and unprotected components are plentiful. 

Insufficient data protection can lead to user data leaks, manipulation of billing systems, ransomware 

demands to infrastructure operators to prevent denial of service attacks and gaining illegal access to 

businesses’ internal networks. 

Lack of advanced cybersecurity measures can also have devastating impact on the charging station 

operations, causing distress to operators and consumers. Cybercriminals can steal charging current, 

bring down the network with a denial-of-service attack, and even risk the stability of the local or area- 



wide electricity network due to repeated, simultaneous switching on/off of the charging current. It can 

also damage the vehicle battery being charged. 

All of these risk factors make a good case for the EV industry to implement cybersecurity practices that 

will protect EV customer data, as well as prevent network hacking and the potential costly loss of 

operation. In this era of concerns about compliance and data privacy the EV industry, notably charging 

station networks and suppliers, also cannot afford data breaches that will damage customer confidence 

and corporate image. 

ISO/IEC 27001 Certification 

First and foremost, ISO cybersecurity certification should be required for any business charging station 

supplier – whether they be portable chargers or networking applications that drive the charging operation, 

or any component that is tied to a network and thus vulnerable to a cyber threat. Compliance with 

ISO/IEC 27001 is considered the most important cybersecurity certification worldwide. It demonstrates 

that measures for ensuring information security and data protection have been implemented and are 

regularly monitored and reviewed. This proof is essential to developing a secure charging infrastructure 

and to protecting data generated by EV users, industry business partners, other supplier partners and 

investors. 

A Software-First Strategy 

Bringing the charging industry into advanced 21 st century cyber defense practices will be challenging. 

Many suppliers are “old world” thinkers, the “plugs and cables” hardware companies. The other side of 

this are startups who look at software security as an add-on, who've never focused that closely on 

software. They tend to underestimate the diverse range of sources of cyber threats that deficient software 

security can pose. 

Both types need to change their mindset to “software-first.” After all, charging stations have long since 

been highly complex, software-controlled systems that are equivalent to IoT nodes. They must cope with 

huge volumes of data streams, whether in communication with the vehicle to be charged, in 

communication with the electricity network, or in communication with user authentication and usage 

billing services. 

These are data streams that offer numerous points of attack for malicious parties, not to mention the 

physical access to the actual devices. U.K. researchers found that, in one case, a simple screwdriver 

was all that was needed to access the inner workings of the devices. The issue of vulnerability applies to 

popular charging stations and portable chargers with IoT connectivity. What is also notable is that security 

research in this area is lagging in spite of the growing adoption of EVs and increase in private and public 

charging stations. 



Going forward, EV dealers, charging infrastructure suppliers and partners should look for products that 

are built with a software-first approach, products that are designed from the start with data and networking 

security in mind. In this manner, charging stations can offer consumers a safe, secure method of charging 

their EVs. 

Creating Community 

Lastly, to make charging cyber safe will take a holistic approach that frankly doesn’t exist yet in the EV 

industry. When suppliers do consider security, they usually only think about their own domains. For 

example, the car manufacturer only thinks about their vehicle, the charging network operator about their 

stations, the energy providers about their network, and the billing service providers about their payment 

transactions. 

Given how the EV industry is still early days in the U.S. the industry has a great opportunity to share 

cybersecurity research, share ideas on common data security problems and, working in concert, present 

consumers with a growing choice of secure charging options. 

If a major data breach were to hit a charging network that will no doubt create a lack of consumer 

confidence. However, if the EV industry gets ahead of the game in cybersecurity, everybody - consumers, 

suppliers, and network operators – can win. 


Thomas R. Koehler is CEO of German technology consultancy CE21 and a 

board member of Swiss charging specialist JUICE TECHNOLOGY. Thomas 

has a degree in business informatics from Wuerzburg University and was 

appointed research professor from the Center of International Innovation at 

Hankou University (CN). He has founded multiple companies (web 

development, software) and has a background in strategy consulting. He is the 

author of more than a dozen books on technology topics, including the English 

language books “Reorganizing Data and Voice Networks” (Artech House), 

“Understanding Cyber Risk” (Routledge Publishers / Taylor&Francis) and “The 

Digital Transformation of the Automobile” (Mediamanufaktur”). 



Will Multi-Factor Authentication (MFA) Implementation 

Protect Countries from Cybercriminals? 

By Marcin Szary, CTO and co-founder, Secfense 

American Login.gov service, the UK National Health Services Login application, the Czech DNS registry, 

the Swedish educational system eduID. These are just a few of many government applications from 

around the world, whose security is now protected by Multi-Factor Authentication (MFA). More and more 

heads of states, including the president of the United States Joe Biden, are calling for the implementation 

of MFA. Will this step protect countries from cybercriminals? 

The popularity of MFA, i.e. the use of an additional component when logging in to the application (a one 

time code, cryptographic U2F key or other form of additional authentication) grows noticeably. 

Cybercriminals don’t waste their time, and fast digitalization of everyday life only makes things better for 

them. We buy online more and more often, so the number of online transactions is growing. Enterprises 

are investing in cloud technologies, businesses are moving to the virtual world. This stimulates the 

audacity of cybercriminals, which in turn pushes governments into introducing stricter and stronger 

cybersecurity regulations. Today, the need to protect against cyberattacks is not an extra consciousness, 

but simply a necessity. 



How does this relate to MFA? Well, multi-factor authentication ensures that the person sitting on the other 

side of the monitor is exactly who they say they are. By implementing MFA, organizations can secure 

their data so it cannot be accessed by any bad actor who has stolen logins and passwords. The 

technology giants have known about it for years. 

The recent research shows that the global size of the MFA market will grow from USD 11.1 billion in 2021 

to USD 23.5 billion by the end of 2026. However, many companies have previously recognized the 

pressing need for global MFA adoption in their organizations. Facebook, Google and Twitter were the 

first to implement this technology. Another, such as CA Technologies, Vasco Data Security International, 

RSA Security LLC or Symantec Corporation, anticipating in 2016, the growth of the market, just then 

began large investments in research and development in this area. 

My way or the highway 

There is no need to convince anyone about the effectiveness of MFA as the technology giants have 

already battle tested it. Google corporation has kept 85K employees from getting phished since 2017. A 

recent declaration proving that MFA is the ‘must have’, comes from Mark Risher, Sr Director of Product 

Management at Google. On May 6 2021, he informed the media that soon Google account holders will 

be forced to use multi- factor authentication if they still want to use the company's services. 

And you can't be surprised at all because, today no company network is no longer a secure castle that 

cannot be accessed by outsiders. On the contrary - the growing number of applications in the cloud, 

working from home and from unsecure networks means that every person who appears in our network 

must be treated as an intruder. This approach is called the zero trust security model where the key to 

effective data protection is making sure we know who the person sitting on the other side of the screen 

is. Without this certainty, no security measures are effective. 

A Google study found that simply adding a recovery phone number to an account prevents nearly 100% 

of automated bots attacks, 99% of mass phishing attacks, and 66% of targeted attacks. 

Too expensive, too hard 

So why is MFA - considered by experts to be one of the most effective methods of protecting the user 

against identity theft - yet still used on a handful of applications and not organization-wide? 

The main problem with the widespread adoption of MFA in public organizations and institutions is the 

complexity and costs. The implementation of multi-factor authentication throughout the entire 

organization, requires a lot of capital and time. The highly heterogeneous IT environments, to which it is 

difficult to match the right tools, are also a big obstacle. 

One of the approaches to cybersecurity is the user access security broker approach which simply adds 

MFA between the application and the user. The security broker is placed as an intermediary layer that 

blends into the application, giving full control not only over the authentication phase, but over the entire 

user session. Importantly, such action does not require any programming work. It frees from the vendor 



lock-in, and lets organizations take advantage of any MFA method, including the latest and safest 

authentication standards, such as FIDO2. 

The example comes from above 

Due to the fact that MFA is a method that effectively protects organizations against phishing and 

credential theft, governments of many countries around the world have also become interested in its 

adoption. 

A few months ago, on May 12, 2021, there was big news in the cybersecurity world - the president Joe 

Biden signed an executive order to improve the nation's cybersecurity. The order called for the 

implementation of two-factor authentication (2FA) for the entire government within 180 days. And at 

September's Authenticate Virtual Summit, users, experts and vendors from around showed many case 

studies of how strong authentication helps with securing online identities. Participants, including 

representatives from the UK's National Health Service (NHS), US’s login.gov and the Internal Revenue 

Service (IRS), agreed that authentication and protection of digital identities is a top priority today and in 

the future. 

FIDO2 rules 

2021 has shown that the way world governments think about MFA is fundamentally changing. The role 

of FIDO2, a global, open authentication standard developed by the FIDO consortium and then approved 

by the W3C (World Wide Web Consortium), is growing rapidly. It seems that FIDO2 authentication is no 

longer just yet another authentication option but it is becoming the preferred choice of many government 

institutions as well as private organizations. 

How does it look in practice? For example, the governmental Canadian Digital Service has implemented 

hardware security keys that support all FIDO2-based methods. The authentication process with their help 

is very simple - when logging in, e.g. to email, you have to enter the password and additionally 

authenticate by inserting the security key into the USB port and pressing a button. In case of CZ.NIC, the 

Czech DNS registry, also accredited by the national digital identity provider and by eIDAS mojeID, 

800,000 users can log in to government services based on FIDO2 from September 2021. In Sweden, a 

digital identity system has been implemented in the educational eduID portal with support for 

authentication using the Universal Second Factor FIDO (U2F) protocol. 

In the USA, the American Login.gov service is based on the FIDO2 standard as well, and in the United 

Kingdom the UK National Health Services Login application uses biometrics. Similar practices are 

followed by the Korean government - a second component, fingerprint biometrics for 14 million users - 

and Thailand, has a dedicated website that helps organizations set up multi-factor authentication using 

FIDO technology. 

Overall, the government's move towards MFA to provide a scalable and cost-effective form of strong 

authentication is perfectly understandable. Governments and public organizations are forced by the 



constant exposure of countries to attacks by frequent cyberattacks as well as the growing pressure to 

increase access to public information and accelerate action - especially in times of a pandemic - simply 

forces governments to take steps that will ensure sensitive data to be protected with the highest possible 

measures. 

Hopefully the public officials and decision-makers will take into account the global adoption of MFA, and 

not only secure a fraction of government infrastructure with MFA. Only the global approach and the 

introduction of the zero trust security model has a chance to solve problems of identity theft and data 

leaks. 


Marcin Szary, CTO & co-founder, Secfense. 

Marcin Szary is a co-founder, CTO, and the person responsible 

for Secfense architecture and product development. Marcin has 

almost 20 years of technical experience with a focus on the 

security and identity management space. Before Secfense he 

held the position of CTO in multiple startups in the mobile, 

telecom, and security space. He was held responsible for R&D 

operations in the area of multi-factor authentication, mobile 

payments, notification services within GSM networks, and more. 

Marcin can be reached online at marcin@secfense.com, Marcin Szary | LinkedIn and at our company 

website https://secfense.com/ 



Why Do You Need a Malware Sandbox? 

By ANY.RUN Team 

To solve the problem of identifying previously unknown malware samples help malware sandboxes – 

protection systems that allow you to evaluate the security of software by running and analyzing it in an 

isolated virtual environment. This article will lead you through all the details of what it is and why any 

organization needs this service. 

What is a malware sandbox? 

Malware sandbox is an established class of solutions on the market. The main task of a sandbox is to 

check the objects placed in it, collect events in the network for further analysis, as well as process the 

collected data. Each event is verified according to configured policies. 

A sandbox is an isolated environment where an object, such as a suspicious file, is sent for analysis. The 

sandbox collects as much telemetry and context as possible from the pre-configured sensors in the 

network. The sensors can be any existing device or application: a mail gateway, workstation agents, or 

a firewall that sends files to the sandbox for inspection. Or a malware analyst can upload a file or submit 

a link for further research by themselves. 

It is important to check malware in different circumstances. And almost all operating systems are 

supported by a sandbox to reveal malware behavior. A customized sandbox is already a tool against 

targeted attacks. Customization, as always, depends on the user's priorities. 



Why do you need a malware sandbox? 

It is not always possible to detect malicious code in static analysis. The sandbox allows you to deploy a 

sample, examine its work and behavior in dynamics. The tool helps to build protection against any 

malicious objects: backdoors, downloaders, bankers, ransomware, etc. Websites, applications, and 

operating systems – the service landscape is huge. The sandbox is often placed in the DMZ segment, 

between the perimeter firewall and the core. 

What is the difference between a sandbox and an antivirus? 

A malware sandbox dynamically analyzes objects in an isolated network environment that has no 

connection to the company's network and allows the object to reveal itself as much as possible. Hostbased 

antivirus works another way around, it aims to block malware and its actions. Antivirus or EDR is 

the next tier of protection. Most importantly, the malicious object should not reach the workstation. 

What types of objects are handled by the sandbox? 

It can be links, binaries, word or excel files, images, any customer objects. It is worth mentioning that 

there is no sense in analyzing files larger than 300 MB. There are separate specific solutions for analyzing 

large files, this is very rarely needed. 

Malicious objects get to sandbox from several sources like Firewalls, mail gateway, WAF. And many 

standard protocols are supported for the exchange: Syslog, ICAP, SMTP, NFS. You can integrate the 

sandbox via an API into almost any environment, so all kinds of organizations can benefit from this tool. 

Does the sandbox help protect against an APT attack? 

Yes, the sandbox helps in defending against advanced persistent threats, APT attacks because it allows 

you to analyze events in depth. A malicious object can have different signatures and bypass the antivirus, 

but the behavior stays about the same, which the sandbox shows. One of the main goals is to make the 

sandbox the most attractive for malware so that it can expose itself as much as possible in a controlled, 

secure environment. For example, the interactive approach of ANY.RUN sandbox triggers malware that 

requires direct human actions. Drag a mouse, tap keys, create specific files and folders, open documents 

– do everything to trick malware. 

Of course, you can create your own isolated environment for malware analysis from scratch. But it takes 

a lot of effort and time in preparation. And still, there is a chance that your sandbox will not be secure 

enough, invisible for malware, and provide the necessary information. To speed up the process we 

recommend using ready-made solutions like ANY.RUN. It is an online service, so you can run a sample 

from anywhere and get results right away. 



Specialist qualifications for working with the sandbox 

With a competent and intuitive interface, the high qualification of an employee is not required. Sandboxes 

like ANY.RUN makes easy and fast analysis its main advantage. A little experience and a general 

understanding of the cyber security processes are enough. To solve incidents and investigations, you 

need a higher level but still ANY.RUN service’s all details and information are displayed conveniently, 

so you won’t miss a thing and carry out a complete analysis. 

Sandbox reports are transparent and readable (MITRE matrix, screenshots, and videos, IOCs, behavior 

activities, etc.). The collected information is aggregated and optimized, the report saves time for a 

technician. 

Conclusion 

A sandbox is one of the most important elements in building corporate infrastructure protection. A modern 

sandbox not only blocks the spread of a malicious object but also structures a significant amount of 

dynamic analysis data, passing this data to a specialist for further evaluation or via standard exchange 

protocols to other cybersecurity products. 

The malware sandbox functions with almost any operating system and device. The use of this tool 

gradually speeds up both investigation and verdict issuance. On average, delays in issuing a verdict are 

a few minutes. The global sandboxing market is growing rapidly and is projected to double in 2 years. 

And it’s clear that a malware sandbox is an effective service that you definitely need. 


ANY.RUN is the first interactive online malware analysis 

sandbox. The service provides detection, analysis, and 

monitoring of cybersecurity threats. Based on the interactive 

approach of investigations, ANY.RUN offers users to affect 

the virtual machine by launching various programs, changing 

configurations, rebooting the system, and running different scenarios. The user is in full control of the 

analysis flow in real-time. Find out more here: https://any.run/. 



Multi-Cloud Security and Compliance: Challenges & Best 

Practices 

By Avi Shua, CEO and Co-Founder, Orca Security 

Organizations are increasingly moving their operations to not just one, but in many cases, multiple public 

clouds. In a recent State of the Cloud Strategy Survey by HashiCorp, 76% of respondents said that they 

were already pursuing multi-cloud strategies. A further 47% of those respondents also said that security 

was a top cloud inhibitor. Multi-cloud strategies complicate cloud security and compliance even more 

since controls and policies need to be applied consistently across multiple cloud environments. However, 

by following a number of best practices, security teams can significantly minimize the complexity and 

overhead of securing a multi-cloud environment, allowing businesses to fully optimize their cloud strategy. 

What is a Multi-Cloud Strategy? 

A multi-cloud strategy is when organizations leverage multiple IaaS public cloud service providers - such 

as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud - to optimize their IT services and 

infrastructure. Since each cloud provider offers slightly different services and pricing models, 

organizations can get the best service at the best price by utilizing multiple cloud providers. 

The concept is best explained by a supermarket analogy. For instance, you might like to shop at a natural 

grocer for some favorite organic items and therefore accept that the pricing is a little higher. However, for 

more staple items, you might choose to go to a regular store since the prices are much lower. In short, 

you’re optimizing your grocery shopping based on the individual offerings and prices of each different 

store, which is similar to a multi-cloud strategy. 



What’s the Difference Between the Cloud Platforms? 

Like supermarkets, all cloud providers have similar offerings, but each takes a slightly different approach. 

While by no means a full comparison, we have included a short summary of how each of the leading 

cloud provider platforms delivers value in different areas: 

• AWS offers the widest selection of services, including compute, storage, database, analytics, 

networking, mobile, developer tools, management tools, IoT, security, and enterprise 

applications. 

• Azure has the benefit of combining productivity and enterprise software (such as Office 365 and 

Teams) with flexible cloud computing resources for developers in one platform. 

• Google Cloud stands out for its technological advancement around open source technologies, 

especially containers, and played an instrumental role in the development of Kubernetes, a 

container orchestration platform that is now becoming an industry standard. 

What Are the Advantages of a Multi-cloud Strategy? 

It is not surprising that most companies are utilizing multiple cloud platforms, since this strategy allows 

companies to: 

• Optimize access to services: As described above, some cloud service providers are more 

specialized in providing certain services than other providers, so it makes sense to select the best 

cloud provider for each specific service that you require. 

• Spread risk and resilience: It’s always a good idea to avoid ‘putting all your eggs in one basket.’ 

For instance, if there is an outage or other issue with one cloud service provider, the other cloud 

platforms will likely not be affected. 

• Reduce cost and dependency: By adopting multiple cloud providers, enterprises can stay 

nimble and switch providers to optimize spending, rather than being locked into one provider and 

facing high operational costs to move services. 

Security and Compliance Challenges of Multi-cloud Environments 

Although it makes a lot of business sense to use multiple cloud providers, it can complicate security and 

compliance efforts tremendously since security controls and policies should be consistent across the 

board. With most native cloud provider security tools only covering their own platform, and not all thirdparty 

solutions supporting multiple cloud providers, security and compliance for multi-cloud environments 

can quickly become an operational nightmare. 



If security controls are not consolidated in one platform, this leads to the following issues: 

• Lack of central visibility: Using different solutions for each cloud platform - and often even 

multiple solutions per platform, such as cloud security posture managers (CSPM) and cloud 

workload protection platforms (CWPP) - makes it nearly impossible to get a centralized overview 

of risks. This means that you will not have a clear handle on your overall cloud security posture 

and which risks require the most immediate attention. 

• High operational costs: Duplicating security policies for different cloud security and compliance 

tools can quickly become an exhausting drain on your already understaffed cloud security team. 

Cloud workload protection platforms (CWPPs) also require the installation of an agent on every 

cloud resource to be monitored. The larger and more diversified your cloud estate, the more time 

consuming it is to install and maintain agents for every resource. 

• Lack of consistency: If you are forced to use several different cloud security tools with each 

having different configuration options, it is a complex task to ensure the same security and 

compliance checks are performed across all cloud estates. 

• Increased chance of errors: The more manual intervention and duplication security policies 

require, the more room for human error and wrongly configured security controls. 

Best Practices for Multi-cloud Security and Compliance 

To minimize the complexity and overhead of securing a multi-cloud environment, follow these five best 

practices: 

1. Insist on multi-cloud support: This one is a no-brainer; make sure your cloud security vendor 

supports multiple cloud provider platforms. 

2. Consolidate cloud security solutions: Leverage full stack cloud security solutions (CWPP and 

CSPM in one - also referred to as a cloud-native application protection platform -- CNAPP), so 

you can reduce the number of point solutions and replace them with a single tool for all your cloud 

environments. 

3. Go agentless: Eliminate resource-heavy agent deployments that reduce nimbleness and hinder 

your ability to move applications to other cloud platforms when needed. 

4. Get platform specific mitigation steps: Use a cloud security solution with contextual intelligence 

that prioritizes critical risks and provides platform specific mitigation instructions to make it easier 

for practitioners to work on multiple cloud platforms. 

5. Identify cost saving strategies: Make your CISO love you by using a cloud security tool that 

allows you to view detailed information on each asset on every cloud platform, including how often 

it is used. This enables you to advise on further cost saving strategies, such as moving certain 

applications to other cloud platforms and consolidating or removing redundant services. 



In the age of multi-cloud, security has become more complex and time consuming than ever before. 

However, by using a holistic cloud security approach that can establish consistent security controls 

across multiple cloud environments, complexity and duplicated efforts can be greatly reduced. This allows 

security teams to waste less time on operational tasks and instead focus on securing the cloud 

environments. 


Avi Shua is the CEO and co-founder of Orca Security. He 

invented the patent-pending SideScanning technology upon 

which Orca Security is built. SideScanning uses novel, out of 

band, zero impact integration with the cloud virtualization layer 

to gain full visibility into those risks that matter most— 

vulnerabilities, malware, misconfigurations, weak and leaked 

passwords, lateral movement risk and improperly secured 

customer data. Learn more at Orca.Security. 

Avia Shua can be reached online at Twitter and at our company website https://orca.security/ 

LinkedIn - https://www.linkedin.com/in/avishua/ 

Twitter (Orca Security) - https://twitter.com/orcasec 

Twitter (Avi Shua) - https://twitter.com/shua_avi 



How Do You Secure the Modern Supply Chain? 

By Brett Raybould, EMEA Solutions Architect, Menlo Security 

Supply chains demand better security and in today’s highly interconnected world, this means more 

security innovation. 

The day-to-day operations of a supply chain are often complex, with businesses and individuals 

demanding that products and services are delivered quickly, efficiently, cost-effectively and, 

increasingly, sustainably. The role of supply chains has come sharply into focus in the last 18 months 

during the global pandemic with major challenges for many industries, including retail, manufacturing, 

energy and oil & gas. 

We have seen cases of empty supermarket shelves across several countries, as well as concerns 

around energy supplies to keep the lights on. Companies have voiced concerns about supply chain 

bottlenecks due to a spike in demand for items, such as agricultural and petrochemical commodities, 

paper, chemicals and construction materials, in many cases leading to inflation. 

Growing pressures 

So the pressure has never been more intense. Add to this, the increase in cyber attacks on supply 

chains in recent years. ENISA, the European Union Agency for Cybersecurity, estimates that there 

will be four times more supply chain attacks in 2021 than last year 1 . 

The ransomware attack in May on the Colonial Pipeline has been one of most high profile security 

stories this year. The attack by hacking group, DarkSide, shut down a 5,500 mile-long fuel pipeline on 

the east coast of the US, which carries 45% of the fuel used on the east coast. Since then the US 

1 

https://www.enisa.europa.eu/publications/threat-landscape-for-supply-chain-attacks 



government has offered a bounty of up to $10million (£7.4m) for information about the group, the largest 

bounty of its kind. 

The IT industry is not immune from supply chain attacks either. SolarWinds suffered an attack last year 

with hackers gaining access to the production system for Orion, SolarWinds’ flagship software. While in 

July, Kaseya, a provider of IT management software for MSPs and small to medium-sized businesses 

suffered a ransomware attack. As with the SolarWinds attack, the malware spread amongst Kaseya’s 

clients and affected dozens of businesses. 

So while organisations must manage the potential fallout of security breaches to themselves – 

reputational damage, disruption costs and more – the knock-on effect to customers, partners and the 

rest of the supply chain is potentially huge. 

Digitisation of the supply chain 

The ongoing digitisation of the supply chain, often through the cloud, has delivered major efficiency and 

cost benefits, with shared data and systems in areas such as integrated planning and execution systems, 

logistics visibility, autonomous logistics, smart procurement and warehousing, spare parts management 

and analytics. 

For a big company like Siemens, for example, working at the bleeding edge of supply chain innovation, 

the creation of a cloud-based operating system means that it can process data in real time from millions 

of devices and sensors in plants, systems, machinery and products dispersed throughout production 

processes and supply chains. 

Siemens may be working towards ‘supply chain nirvana’, where processes and decisions happen with 

minimal human intervention. But the reality for many suppliers, logistics companies, manufacturers and 

retailers is that business happens in browsers, on email and with shared files. The more we use the 

Internet to collaborate and communicate, the more we are exposed. Research has shown that web and 

email attacks are behind 90% 2 of all breaches. 

The increased adoption of cloud applications within the supply chain, accelerated by the challenges of 

COVID, has made the browser the most important productivity tool on any endpoint. But at the same 

time, the majority of cyber attacks start with the browser, and it doesn’t take much for a determined 

attacker to understand your key suppliers and partners and use this to target users with phishing emails 

and infected attachments, websites and downloadable documents. 

2 

Sources Google, Verisign 



The case for isolation 

Supply chains are evolving to be as much about the efficient exchange of information as they are about 

the flow of goods and services. But where there is information sharing, cybersecurity professionals are 

rightly uneasy. Menlo Labs has seen a steady rise in ‘credential phishing’ attacks by creating fake login 

pages or forms to steal users’ credentials for commonly used services, including email and document 

exchanges with supply chain partners. 

Attackers can use credential phishing to breach an organisation’s smaller supply chain partner (whose 

controls may be easier to bypass) then use an exchange of information, containing malware, as an easy 

way to laterally move and infect the larger enterprise. If this company is consciously or unconsciously 

allowing smaller partners to store sensitive data, attackers don’t even need to move laterally – the data 

is already freely available on the smaller partner’s network. 

We can all fall victim to a seemingly normal website or email. So now businesses are exploring options 

that isolate employees’ devices. Rather than detecting threats and blocking employees from accessing 

potentially malicious web content, this approach simply isolates all endpoints from browser-based traffic. 

If you take the example of a large, global manufacturer with many employees engaged in digital research 

and communications, they were trying to manage large volumes of phishing attacks and web malware. 

This meant infected devices required costly, time-consuming reimaging. While anti-phishing training for 

employees had some impact in reducing attacks, many employees continued to click on infected links 

leading to credential theft and malware infection. 

Isolation has changed this as all the unknown executable code from the Internet that employees 

previously came into contact with – including any websites visited – are now executed in a remote cloud 

container. Whether browsing online, reading emails or downloading documents, it is impossible for 

malware to infect users’ devices or the network. Plus, there is no impact on user accessibility or 

performance. 

To reduce risk but maintain agility, fast-moving organisations in the manufacturing, logistics, retail and 

other industries are deploying solutions to prevent malicious code from ever reaching the network 

perimeter – mobilising isolation-powered cloud security to shut the door on malware from within any 

supply chain communications. 

Isolation, however, will not protect an entire supply chain system from the growing number and range of 

attacks. Cybersecurity for these critical networks needs security and IT specialists to have conversations 

with a wider range of functions, such as sourcing, vendor and partner management and logistics, in a 

coordinated effort to reduce risks. 




Brett Raybould, EMEA Solutions Architect, Menlo Security 

Brett Raybould is EMEA Solutions Architect at Menlo 

Security, a leader in cloud security. In this role, he is 

responsible for technical sales, product demonstrations, 

installations, solution proposals and evaluations. Brett joined 

Menlo Security in 2016 and discovered how Isolation 

technology provides a new approach to solving the problems 

that detection-based systems continue to struggle with. 

Passionate about security, Brett has worked for over 15 

years for some of the leading vendors specialising in the detection of inbound threats across web and 

email, and data loss prevention (DLP) including FireEye and Websense. He has represented Menlo 

Security as a speaker at industry events, including e-Crime & Cybersecurity Congress and Cloud Security 

Expo. 



Don’t Take Yourself Out of The Game: Mitigating the Risk 

Of An Organizational Conflict Of Interest In Federal 

Contracts 

By Michelle Litteken, Of Counsel, Morris, Manning & Martin LLP 

Nearly every solicitation for a federal government contract contains a provision pertaining to 

organizational conflicts of interest (OCI). These OCI provisions are important as the existence of an OCI 

can result in the loss of a contract. The risk of an OCI is particularly acute in the information technology 

(IT) and cybersecurity sectors because of the nature of the work performed, as well as the access to 

sensitive information that providing such services may facilitate. Yet, many government contractors do 

not understand OCIs, and as a result, are unable to identify potential OCIs or proactively implement 

measures to avoid or mitigate an OCI. It is not uncommon for a contractor to be unaware of a potential 

or actual OCI until after a contracting officer raises the topic or a competitor files a bid protest. At that 

stage, it may be difficult – if not impossible – to mitigate or avoid the OCI. For this reason, gaining a 

better understanding of OCIs can provide a contractor with a competitive advantage. 



Understanding OCIs 

Contracting officers are required to determine whether a potential or actual OCI will arise as early in an 

acquisition as possible. 3 If the award to a particular offeror would result in an actual or potential OCI, and 

the OCI cannot be mitigated or avoided, the offeror will likely be deemed ineligible for the award. 

There are three types of OCIs: 

• Unequal Access to Information: This type of OCI arises in situations in which a contractor has 

access to non-public information as part of its performance of one government contract and that 

information may provide the firm with a competitive advantage in a later competition for another 

government contract. 

• Biased Ground Rules: This type of OCI issue arises in situations when a contractor, as part of 

its performance of a government contract, has, in some sense, set the ground rules for 

government procurement, for example, by preparing the statement of work or the specifications. 

The concern with a biased ground rules OCI is that the contractor may have skewed the 

procurement in the contractor’s favor – even if unintentionally. 

• Impaired Objectivity: This type of OCI issue arises in cases when a contractor’s work under one 

government contract could entail it evaluating itself, an affiliate, or a competitor, either through an 

assessment of performance under another contract or an evaluation of proposals as part of 

another contract. This type of OCI occurs when the contractor may not be able to provide the 

government with impartial advice or assessments. 

It is important to recognize that a single contract may give rise to more than one type of OCI. For example, 

if a contractor was performing a contract that involved independent verification and validation (IV&V) 

tasks related to IT systems used by an agency, the contractor could have both an equal access to 

information OCI and an impaired objectivity OCI. The unequal access to information OCI would result 

from the contractor having access to nonpublic information about the IT systems provided to the agency 

by other contractors. And, an impaired objectivity OCI could arise because the IV&V tasks would likely 

require the contractor to assess the services or products provided by other contractors. 

OCI Risks for Cybersecurity and IT Services 

The type of tasks common to contracts involving cybersecurity or IT services can increase the risk of an 

OCI. Namely, providing these types of services to the government often puts a contractor in a position 

where it has access to nonpublic government or competitor information – an unequal access to 

information OCI – or requires the contractor to assess the services or products provided by competitors 

or affiliates – an impaired objectivity OCI. 

3 48 C.F.R. 9.504(a)(1). 



The U.S. Government Accountability Office’s (GAO) bid protest decision in Steel Point Solutions, LLC 4 , 

provides an instructive example of how an impaired objectivity OCI can come about while providing IT 

services to the government. The protest involved a solicitation to design, build, and operate a corporate 

automation implementation center for the National Geospatial-Intelligence Agency (NGA). The scope of 

work included recommending, designing, deploying, monitoring, and maintaining robotic process 

automation solutions for the NGA. Deloitte Consulting, LLP (Deloitte) was selected for the award, and a 

protester challenged the award, arguing Deloitte had task orders with the NGA that created an impaired 

objectivity OCI. 

Under one of the task orders, Deloitte supported the NGA in determining what products to purchase to 

maintain NGA’s IT portfolio. At the same time, under the protested contract, Deloitte would be deploying 

and maintaining IT systems if the contract award was upheld. Stated differently, under the task order, 

Deloitte would be making recommendations to the NGA about what products to purchase to maintain the 

IT systems under the protested contract – which could include Deloitte’s own offerings. GAO 

characterized the situation as a “textbook example” of an impaired objectivity OCI because Deloitte would 

be “in a position to make judgments or recommendations that would have the effect of directly influencing 

its own well-being.” 

GAO also found a separated Deloitte task order presented an impaired objectivity OCI. Under the second 

task order, Deloitte facilitates the review and approval of all NGA information systems. In its proposal for 

the protested contract, Deloitte recognized there was a potential OCI because its work under the task 

order could require Deloitte to determine whether to approve systems to be used under other contracts, 

and Deloitte attempted to address the potential OCI using the template mitigation plan that was provided 

with the solicitation. GAO found the mitigation plan was vague and nonspecific, and the separate 

mitigation plan Deloitte submitted for the task order was ultimately of no help because the plan depended 

on Deloitte not pursuing work that would give rise to an OCI – which clearly did not work because of 

Deloitte’s decision to compete for the protested contract. GAO sustained the protest and recommended 

that the NGA reconsider its OCI analysis. 

One can easily imagine how the task order discussed above could give rise to an unequal access to 

information OCI. For example, advising an agency about the types of IT services and products to procure 

could provide a contractor with information about the agency’s budget forecasts, future requirements, 

and acquisition plans – all competitively useful nonpublic information. Likewise, facilitating the review 

and approval of an agency’s information systems would provide a contractor with information about 

competitors’ systems and the agency’s requirements – also competitively useful nonpublic information. 

At this point, the significance of OCIs for contractors working in the IT and cybersecurity sectors should 

be clear. 

OCIs Caused by Subcontractors 

Contractors should also be mindful of the fact that a subcontractor can introduce an OCI into a 

procurement. If a subcontractor would have an OCI as a prime contractor for a given opportunity, 

performing as a subcontractor does not remove the OCI. 

4 Steel Point Solutions, LLC, B- 419709, B-419709.2, July 7, 2021, 2021 CPD 254. 



GAO’s decision in L-3 Services, Inc. 3 , demonstrates how a subcontractor’s existing contractual 

relationships can cause an OCI for a prime contractor. The bid protest involved a contract to consolidate 

operations and maintenance requirements for networks at seven operating bases. The protester argued 

that the awardee had an unequal access to information OCI and a biased ground rules OCI because 

another company affiliated with the awardee’s subcontractor had provided technical guidance for the 

protested requirement and had access to unredacted copies of contracts, core communications 

requirements, internal agency information about upgrading communications and IT infrastructure, and 

proprietary information of other companies. 

After the protest was filed, the agency argued there was no unequal access to information OCI because 

(i) the information was not competitively useful and (ii) the information used to develop the solicitation 

was disclosed to all offerors. GAO rejected these arguments, finding neither the contractor nor the 

agency had tracked what information the affiliated company had access to over the course of 

performance. GAO surmised that the affiliated company likely had access to nonpublic information the 

agency was not aware of and that was never disclosed to offerors. Notably, in overturning the award, 

GAO did not base its decision on whether or not the prime awardee actually had access to the 

information. Instead, GAO held that access by an affiliate of a subcontractor was sufficient to create an 

OCI. 

GAO also held there was a biased ground rules OCI because although the subcontractor’s affiliate did 

not draft the specifications, the affiliated company participated in the business/mission case development. 

GAO also noted the affiliated company’s research became part of the source information used to develop 

the requirement. GAO sustained the protest, recommended the awardee’s subcontractor be excluded 

from the completion, and recommended the procuring agency conduct a new OCI investigation and 

determination. 

Mitigating an OCI 

As the cases discussed above illustrate, an OCI can be devastating for a company. However, in many 

situations, the adverse effects of an OCI can be avoided by proactively implementing an OCI mitigation 

plan. To be effective, a mitigation plan must be tailored to a specific contract opportunity and the 

circumstances that give rise to the actual or potential OCI(s). Nonetheless, there are some general 

principles that may guide the development of a plan: 

• An unequal access to information OCI is the easiest type of OCI to mitigate. The objective is to 

limit access to and dissemination of competitively useful nonpublic information. Mitigation 

techniques include nondisclosure agreements, firewalls, document controls, and restricting 

personnel assignments. 

• An impaired objectivity OCI is more difficult to mitigate. A firewall or other types of information 

controls will not mitigate an impaired objectivity OCI. Using a separate division to perform 

problematic tasks will not mitigate the OCI. Instead, an impaired objectivity OCI may be mitigated 

by using a firewalled subcontractor who reports directly to the government or using objective 

3 L-3 Services., Inc., B-400134.11, B-400134.12, Sept. 3, 2009, 2009 CPD 171. 



assessment criteria for the tasks for the problematic tasks. Recusal may also be an option. All of 

these techniques require government cooperation. 

• A biased ground rules OCI is also difficult to mitigate. Firewalls or even using a different division 

are insufficient because anyone who works for the contractor will be presumed to act in the 

contractor’s interest. For this reason, recusal or using a firewalled subcontractor are often seen 

as the only viable strategies. 

For all of these mitigation strategies, proactive OCI identification, prior to bidding on the contract, is 

critical. 

Conclusion 

In a world where the government is acquiring more and more IT and cybersecurity products and services, 

the potential for overlapping requirements – and OCIs – increases. Contractors operating in these 

sectors should be attuned to OCIs and the associated risks. In many cases, if a potential OCI is identified 

early and handled proactively, its impact on future opportunities can be mitigated or negated. To take 

critical proactive actions, the contractor must understand what an OCI is and how an OCI arises. Armed 

with this information, a contractor may retain hard-won contracts and avoid exclusion because of OCIs. 


Michelle Litteken is Of Counsel with the Government Contracts 

Practice Group in Morris, Manning & Martin LLP’s Washington, 

D.C. office. She helps clients understand and successfully 

navigate all aspects of government contracts by using creative 

and practical measures. Ms. Litteken regularly advises her 

clients at every stage of the process, from understanding the 

requirements and securing the contract, to defending the bid, 

as well as assisting with potential issues that may arise 

during contract performance. She can be reached 

at mlitteken@mmmlaw.com. 



Is Anti Data Exfiltration the Holy Grail of Cyberattack 

Prevention? 

By Dr. Darren Williams, Founder & CEO, BlackFog, Inc. 

Despite organizations continuing to invest heavily in the latest cybersecurity solutions, and the realization 

that AV solutions are not able to defend against most new attack vectors, cyberattacks are at an all-time 

high. This year has witnessed an unparalleled number of attacks which has devasted infrastructure, 

governments, and businesses alike, and is expected to cost more than 6 trillion dollars globally. With 

access to so many cybersecurity tools, why are we losing the battle? Why are existing solutions so 

ineffective? Is Anti Data Exfiltration the Holy Grail of cyberattack prevention? 

To understand the problem, it is important to look at the lifecycle of an attack in order to devise counter 

measures to protect against them. Since the 1980’s the general approach to attacks has not changed. 

The theory is pretty simple, once an attack has occurred, identify the code that caused the damage and 

create a fingerprint (a signature in cybersecurity parlance). Store the signatures in a database and 

distribute it to all customers, and upon execution check if it exists. If it does, prevent execution and remove 



the file. This was a great technique that worked well for many years until the threat actors developed 

fileless and polymorphic attacks (code that changes dynamically and has no signature). 

Traditionally, the focus of cyberattacks was disruption and bragging rights, very few focused on the 

economics of making money directly from the endeavor. Until the rise of cryptocurrency in the early part 

of the century (2009 to be precise) it was difficult for cybercriminals to make money directly from an 

attack. Often it was state sponsored attacks that fueled growth. The economics focused around the loss 

of business or the negative impact on stock prices from the attack or pump-and-dump schemes that 

influenced the price of stocks short term. 

Cybercrime changed forever in 2013 when the first successful ransomware appeared. Dubbed 

CryptoLocker, it was enclosed as an email attachment and encrypted most files on the target device, 

offering to decrypt only when a ransom was paid. Thanks to cryptocurrency the payments were virtually 

impossible to track. This was the beginning of a new era and one that continues to reach new highs every 

year. 

In 2021 we have seen devasting attacks across the globe. The top cyberattacks of 2021 such as CNA 

Financial, Colonial Pipeline and JBS Foods helped raise awareness and capture the minds of 

governments and citizens alike. Ransomware attacks are now so prevalent that TV shows regularly 

develop plotlines around ransomware, recent examples include “The Good Doctor” and “9-1-1”. 



Ransomware has also evolved from those early days, while initially focusing on encryption, it has now 

moved to triple and even quadruple extortion. The focus of these new attacks is less about encryption, 

but rather other mechanisms of making money. The typical strategies these gangs employ to make 

money include. 

1. Direct encryption: Encrypt files on the device and display a paywall which requires a 

cryptocurrency payment before decryption takes place. 

2. Data Extortion: Instead of encrypting files, cybercriminals exfiltrate data from the device in the 

background, sending data to command and control (C2) servers in foreign countries like Russia 

and China. A small sample of the files are published on the Dark Web as evidence and is available 

for sale to other third parties. 

3. Attack Notification: Prior to launching a cyberattack, ransomware gangs sell the information about 

a pending attack to third parties who can use the information to short stocks or any other means 

of making money from this advance notice. 

4. Cryptojacking: In addition to stealing data, new ransomware variants also include the ability to 

mine cryptocurrency and effectively make money by hijacking the CPU of the host device. This 

allows cyber criminals to make money while avoiding the massive energy costs associated with 

cryptocurrency mining. Because cryptojacking involves data exfiltration this is often overlooked 

by traditional security solutions. 

These new attacks are highly coordinated by well-resourced gangs that have business models and even 

channel operations like a traditional business. If you want to launch an attack you can contact the gangs 

directly to license their software and you must provide a percentage of the ransom paid. 

The one common factor with these new approaches is they all involve some form of data exfiltration. For 

any of these attacks to be successful data must be exfiltrated from the device. In fact, of the 244 reported 

ransomware attacks this year, 83.3% threatened to exfiltrate data. 

New data from Osterman Research reveals that despite significant investment in tools like data loss 

prevention, organizations still struggle with cyberattacks and the prevention of data exfiltration. In 

addition, an overwhelming majority of respondents (62%) reported that they have weak confidence in 

their current solution’s ability to prevent data exfiltration or prevent ransomware (55%). This provides 

clear evidence that most organizations are missing an important piece in their approach to cybersecurity. 

Existing technology is ineffective in protecting what has arguably become a business’s most valuable 

asset, the data itself. It’s clear that more needs to be done to ensure organizations are able to lock down 

their critical information in the face of mounting attacks. And it’s not just external cyber adversaries that 

pose a risk. The majority of organizations (59%) lack confidence in their current solutions ability to prevent 

insiders from exfiltrating data, and nearly half (41%) have experienced an employee’s mistake resulting 

in data exfiltration. The human element cannot be overlooked when it comes to security – especially in 



the wake of the pandemic where the blurred lines between corporate and personal lives leaves critical 

assets more vulnerable than ever before. 

The consequences of having inadequate tools can be catastrophic, with companies’ sensitive data 

becoming compromised and their reputation often being damaged irreparably. For companies that are 

hit by a ransomware attack consumer trust is often severely impacted, with 23% of consumers reporting 

they would stop doing business with a company that paid a ransom, and 48% indicating it was a great 

concern and they would seriously consider stopping business with the company entirely. It is therefore 

critical to have both a data protection strategy and the tools in place for anti data exfiltration the new holy 

grail in cyberattack prevention. 


Dr. Williams is a serial entrepreneur and founder of several tech 

startups, most recently BlackFog, which has pioneered Anti Data 

Exfiltration (ADX) in the fight against cybercrime. Dr. Williams 

holds a Ph.D. and Bachelor of Science with Honors from the 

University of Melbourne. 



Attorney-Client Privilege Communication Best Practices 

By Nicole Allen, Marketing Executive, Salt Communications. 

On a daily basis, corporate counsel and their clients communicate confidentially. Assumptions regarding 

what is and will remain attorney-client privileged are included in these interactions. Attorney-client 

privilege, one of the oldest legal concepts in Anglo-American jurisprudence, is facing a paradigm shift 

with today’s rapid work culture advancement. While technological innovation has allowed for faster and 

more effective communication and production, it has also increased the risk of losing attorney-client 

privilege. Given the speed and complexity of today's corporate environment, maintaining confidentiality, 

which is a core element of this privilege, is positioned to become an accidental and unrecognised 

casualty. 

As a result of this shift, in-house legal counsel must become more knowledgeable about an already 

complex legal system while navigating a range of cloud collaboration programmes and other types of 

electronic communication. In-house counsel should review the following recommended practices to 

preserve privilege and protect confidentiality in a modern business setting. 

Attorney-Client Privilege & In-House Counsel 

The attorney-client privilege protects oral and written communications to, from, or with an attorney for the 

purpose of asking or receiving legal advice. It is one of the more sophisticated but well-respected areas 

of legal practice. 



Certain communications are protected from disclosure to third parties under the attorney-client privilege. 

These conversations must be confidential, between an attorney and a client, and made for the purpose 

of getting or providing legal advice to qualify for this protection. If these three pieces of criteria aren't met, 

the communication isn't considered valuable. The overarching goal of this privilege is to encourage open 

communication and information sharing in order to seek legal counsel without fear of unintentional 

exposure. 

Best practices for legal professionals 

Attorney-client privilege is still one of the more difficult and subtle aspects of legal practice. The corporate 

entity – with employees, business units, and governing boards – adds to the intricacy of this privilege for 

corporate counsel. The fact that in-house counsel serves as both a trusted legal expert and a business 

advisor further complicates the matter. 

Despite the fact that there is minimal case law specifically dealing with privilege and communication 

platforms or tools, established privilege rules apply. Courts use the modified subject matter test to 

evaluate whether a communication is protected by the attorney-client privilege. When a corporate 

employee communicates with the corporate attorney about legal advice, the subject matter is within the 

scope of the employee's duties, the employee's superior incentivises the employee to make the request, 

and only those who need to know the contents of the communication receive it, meaning the 

communication is protected. 

Take time to educate yourself 

Model Rule 1.1, which stipulates that a lawyer "should keep aware of changes in the law and its practise, 

including benefits and hazards connected with applicable technology," has been approved by the 

American Bar Association and various states. As a result, lawyers are expected to be aware of the 

hazards and benefits of technology and to make judicious use of it. 

BYOD Policies 

BYOD (bring your own device) policies can be written to provide some protection against certain dangers. 

The usage of a BYOD smartphone or tablet by employees blurs the barrier between personal and 

professional life. In comparison to a thumb drive, a BYOD device can readily keep trade secrets on the 

device itself or via a cloud storage service. The expectation of privacy of an employee is at the heart of 

the legal issue. The most forward-thinking businesses will create a detailed, customised BYOD strategy 

that works in tandem with existing security measures. Employees who use a BYOD smartphone or tablet 

in conjunction with business computers would have to sign away their expectation of privacy in more 

restricted regimes. 



Bring-your-own-device rules appear to reduce company expenditures on the surface, but they come with 

a slew of hidden costs, including issues with attorney-client privilege. Companies with a BYOD policy 

have less control over the devices and are constrained in their capacity to implement proper security. 

Furthermore, businesses have less control over information access and how it is sent and stored on 

personal devices, which could be problematic in terms of confidentiality and attorney-client privilege. 

Secure your communications 

Counsel should make certain that communications are sent to the appropriate people. If irrelevant 

individuals are included in confidential communications, it may be more difficult to demonstrate that 

privilege applies. This approach applies to all kinds of communication, including new messaging tools 

such as Slack and agile project management platforms such as Jira and Trello. Despite the ease and 

efficiencies offered by many current platforms, the legal system is straining to keep up with such rapid 

technological advancement. 

Salt is a secure communications solution that provides the best armour available to protect and secure 

information when communicating on mobile and desktop devices. As a proven safe haven network it 

provides the highest security available for both law firms and their clients. Mobile communications present 

major privacy challenges for the legal industry. Client-attorney privileged discussions, confidential 

merger/acquisition details, and integral legal strategies are just a few examples of mobile 

communications that have been intercepted and used to the perpetrator’s advantage. 

The trend away from traditional face to face meetings with clients towards real-time messaging 

applications like WhatsApp and Zoom, risks highly sensitive information being shared on a less secure 

open platform. There are many media reports of security breaches on consumer-oriented platforms such 

as the recent Pegasus based attacks. If you fear a hack by malign actors who may be motivated by 

political, economic, personal, or ethical reasons, then it is essential to protect the internal and external 

communications of the firm from attack and exploitation, in a bid to protect the value content of the 

information, as well as your attorney-client privilege. 

Overall, if you're not certain that your message is only sent to people who need to know, consider 

modifying your communication delivery strategy to alleviate or reduce your concerns. Through a 

dedicated Management Portal, Salt allows you to create closed, private communication groups between 

you, your colleagues, and your clients. No uninvited users can contact you via Salt. No uninvited users 

can attack or hack you via Salt. You have control and can be seen to protect your clients and internal 

communications. 



At Salt Communications we work with attorneys of all sizes all around the world to enable them to have 

secure, confidential discussions wherever they are, at any time. 

To discuss this article in greater detail with the team, or to sign up for a free trial of Salt Communications 

contact us on info@saltcommunications.com or visit our website at saltcommunications.com. 

About Salt Communications: 

Salt Communications is a multi-award winning cyber security company providing a fully enterprisemanaged 

software solution giving absolute privacy in mobile communications. It is easy to deploy and 

uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications 

offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and 

secure communications, to protect their trusted relationships and stay safe. Salt is headquartered in 

Belfast, N. Ireland, for more information visit Salt Communications. 


Nicole Allen, Marketing Executive at Salt Communications. 

Nicole has been working within the Salt Communications 

Marketing team for several years and has played a crucial role 

in building Salt Communications reputation. Nicole implements 

many of Salt Communications digital efforts as well as managing 

Salt Communications presence at events, both virtual and in 

person events for the company. 

Nicole can be reached online at (LINKEDIN, TWITTER or by 

emailing nicole.allen@saltcommunications.com) and at our 

company website https://saltcommunications.com/ 



The Line-of-Sight Cybersecurity Problem in Healthcare 

Why device visibility is hard to get but so worth it 

By Samuel Hill, Director of Product Marketing, Medigate 

The pandemic shed light on a big problem in healthcare. Most healthcare delivery organizations don’t 

accurately know their clinical assets, where they’re located, and whether they’re being used efficiently. 

The frantic search for ventilators, IV pumps, and other critical equipment needed to treat COVID-19 

patients highlighted the issue, but it’s a problem that’s been around for quite a while. 

Every now and again, there’s a story about nurses looking for and hiding equipment so they know where 

something is when they need it. MedWrench reports “up to 40% of healthcare technology management 

staff (HTM) time is spent on non-value-added work such as: searching for equipment, assessing 

unbroken assets due to operator error, and juggling the details of multiple vendor contracts.” 



And it’s only getting worse. If you’re wondering how big this problem really is, it’s enormous when you 

consider there are approximately 15 million medical devices in U.S. hospitals today with billions of IoMT 

devices, experts believe, on the way. There’s no easy fix because highly detailed device information is 

extremely difficult to come by. 

Data silos and disconnects 

Traditional computerized maintenance management systems (CMMS), which help HDOs track and 

manage their inventory, aren’t actually connected to the devices they manage and don’t have access to 

live traffic, so they don’t consistently know location, utilization, or other vital device details. IT asset 

management (ITAM) and configuration management databases (CMDB), which organizations use to 

track and manage their IT assets, don’t offer much relief. While they can dynamically capture information 

on the networked assets in the environment, they lack visibility and understanding of medical devices. 

That is, they can tell you the IP address of a device, what ports it’s connecting to, and maybe even what 

type of device it is (e.g., an IV pump or an MRI machine); however, the classifications are often incorrect. 

They can’t tell you what modules are attached to a device (e.g., syringe module on an IV pump). They 

can’t tell you anything about serially attached medical devices that don’t have an Ethernet connection. 

They can’t tell you what proprietary protocols are being used, what embedded software is on the device, 

how often that device is used, where it’s located, or any anomalies in the network traffic. 

As a result, BioMed, clinical engineering, and maintenance teams need to spend a lot of time trying to fill 

in their inventory gaps. Unfortunately, this usually means HTMs are stuck wandering their halls to collect 

needed information. It also means a lot of the data is outdated almost as soon as it’s captured because 

most devices rarely remain in one place. This creates huge blind spots that can lead to costly and 

dangerous operational omissions. 

What are the risks to healthcare organizations? 

It may seem overblown to say that these informational holes pose a danger to a health system’s 

operations, but they do. Silos can lead to inefficient workflows, gaps in operational oversight, and other 

organizational risks. At best, if left unaddressed, these disconnects add costs and delays to the business 

that can make it challenging to offer connected care; at worst, they can generate failures or disruptions 

in care which affect a health system’s integrity, reputation, and long-term economic viability. 



Getting specific about what HDOs need in device visibility and insights 

CMMS data deficits must be resolved quickly, accurately, and continuously. Creating a single source of 

device data truth goes a long way to supporting ongoing risk abatement and workflow efficiencies that 

help keep operations secure. To achieve this, HDOs need to feed their CMMS dynamic information and 

validate it against existing CMMS data fields. This level of dynamic information should include specific 

details on the device model, make, OS version, network status, security posture, utilization, and location. 

Therefore, data solutions need to apply advanced deep packet inspection (DPI) techniques combined 

with vast medical expertise, so they can identify and capture relevant device details and consider the 

clinical context in which these devices are operating. Clinical context, after all, is crucial because medical 

devices are not like other IT devices. 

For example, most clinical devices are closed systems, and AV or security agents cannot be downloaded 

to protect them. They run proprietary or legacy software that can’t be patched unless approved and 

authorized by the manufacturer. This means vulnerabilities may persist, and devices may be open to 

exploit for the duration of the patch/fix process. They also often leverage proprietary or clinical protocols 

to communicate, so to identify activity that could pose a threat, these protocols need to be fluently 

understood. 

Since most clinical devices serve a specific function and act a certain way, they’re much more predictable 

than general computer systems controlled by people. However, this is only useful if the workflows and 

manufacturer-defined behaviors of the specific device are known. HDOs are unique because they require 

solutions with a level of knowledge that don’t produce a lot of false alarms on activity that is perfectly 

normal (and necessary) for a medical device’s operation. 

Probably the most important (and somewhat obvious) thing to be mindful of is that clinical devices are 

used in procedures and treatment plans, so protective measures cannot be disruptive. If access to a 

ventilator is blocked or an IV pump is prevented from communicating with a patient monitor simply 

because it was moved, powered up, or made a new connection, an unnecessary point of failure is 

introduced that can impact patient care and outcomes. All these things need to be considered and 

accommodated in device management and security decisions. 



The benefits are great 

When HDOs have real-time visibility and insights into their inventory, they can start to streamline and 

mature their security, BioMed, and IT workflows to lower risks and costs. For instance, they can use 

device location and utilization information to understand front-line care team preferences, improve patch 

planning, and optimize asset distributions, which can ultimately generate significant CAPEX and OPEX 

benefits. 

With a wide-angle view of where devices are used, HDOs can determine when to purchase new 

equipment or even reallocate devices from under-utilized locations to optimize capacity and meet needs. 

They can consider the risk posture of devices in their buying, renting, and leasing decisions; automate 

vulnerability correlations to pinpoint impacted devices (e.g., with an OS version-specific problem, 

outdated firmware, vulnerable application entity, etc.); and trigger associated remediation work orders 

that reduce the overall risk to operations. 

Automating device data collection and management routines allows HDOs to make data-driven decisions 

that increase their security posture, improve the lifecycle of their fleet, and drive operational savings. It’s 

essential not only for the sanity of HTMs (no more frantic searches for equipment) but also the HDO at 

large – benefiting their patients, balance sheet, and ongoing operations. 


Samuel is the Director of Product Marketing for Medigate. 

Before working in technology, he spent seven years as an 

emergency room tech for two different health systems and lived 

through an EHR transition twice! He is a husband to one, father 

to four, and lives on a rural island near Seattle, WA when he is 

not camping. He holds a B.A. from Pacific Lutheran University 

and an M.A. in Strategic Leadership from Life Pacific University. 

Samuel Hill can be reached online at samuel@medigate.io or @samueljhill and at our company website 

http://www.medigate.io 



Caution: Personal Data Memorization in Progress 

How a Korean chatbot’s privacy scandal can inform your chatbot’s privacy success 

By Patricia Thaine, Co-Founder & CEO, Private AI 

On April 2nd, 2021, SLATE published a story titled A South Korean Chatbot Shows Just How Sloppy 

Tech Companies Can Be With User Data. It covered a privacy breach by ScatterLab, a South Korean 

chatbot company who was “accused [...] of collecting intimate conversations between lovers without 

informing the users and then using the data to build a conversational A.I. chatbot” (source). This incident, 

where the chatbot was “exposing people’s names, nicknames, and home addresses in its responses,” 

(source) happened despite warnings from the privacy and Natural Language Processing (NLP) research 

community that language models (which are used in chatbots, automatic speech recognition, sentiment 

analysis and countless other NLP tasks) memorize rare information within their training data. Previously, 

“ScatterLab had boasted about its large dataset of 10 billion intimitate conversation logs” (source). 



4 Pillars of Privacy-Preserving AI 

Understanding the privacy challenges that chabots face requires, first and foremost, a general 

understanding of what the privacy challenges are for machine learning systems in general. There are 

four pillars to privacy-preserving AI: 

1) Training data privacy: making sure that you can’t reconstruct sensitive or personal information 

within the training data, 

2) Input privacy: privacy of the individual whose data you’re inferring upon, 

3) Model weights privacy: privacy of the model of a particular corporation, institution, or individual 

who created it. This is about IP protection, but also training data privacy, since it is possible to 

determine information about the training data from model weight updates, 

4) Output privacy: also about protecting the privacy of the individual whose data you’re inferring 

upon. 

By collecting private conversations with identifiable individuals and training their models on them, 

ScatterLab first violated (2) input privacy, then (1) training data privacy, and possibly (4) output privacy. 

Training Data Privacy 

Much of research and development these days focuses on training data privacy, in part because of how 

likely deep learning models are to memorize training data, with the potential of spewing it out in production 

to unknown parties. The secret sharer: Evaluating and testing unintended memorization in neural 

networks [Nicholas Carlini, Chang Liu, Úlfar Erlingsson, Jernej Kos, and Dawn Song. 2019. The 

secret sharer: Evaluating and testing unintended memorization in neural networks. In 28th 

USENIX Security Symposium, pages 267–284, Santa Clara, CA. USENIX Association.] by Carlini et 

al. (2019) is a pivotal paper discussing the problem. They placed a fake social security number into the 

Penn Treebank dataset as a canary and then trained a character language model on the dataset. They 

then measured the perplexity of various sequences of numbers and found that the model was less 

surprised to see the sequences of numbers that made up the canary; i.e., the language model had 

recorded that it was more likely to encounter the canary rather than other random numbers given the 

training data. This is a problem because it shows that the language model memorized the secret. 

Another paper titled Extracting training data from large language models by Carlini at al. (2020) 

demonstrates how GPT-2 was actually memorizing data from the pre-training dataset. [Nicholas Carlini, 

Florian Tramer, Eric Wallace, Matthew Jagielski, Ariel Herbert-Voss, Katherine Lee, Adam 

Roberts, Tom Brown, Dawn Song, Ulfar Erlingsson, et al. 2020. Extracting training data from large 

language models. arXiv preprint arXiv:2012.07805.] It had memorized addresses, names, and other 

information that could be considered sensitive had the data not been publically available. It is important 

to keep in mind that these very models will be memorizing that same kind of information from chatbot 

training data. The paper showed that an extra large GPT-2 model already started memorizing information 

after seeing only 33 examples. 

Privacy issues have also been raised about training non-contextual word embeddings on data containing 

sensitive information in Exploring the privacy-preserving properties of word embeddings: Algorithmic 



validation study by Abdalla et al. (2020) [Mohamed Abdalla, Moustafa Abdalla, Graeme Hirst, and 

Frank Rudzicz. 2020. Exploring the privacy-preserving properties of word embeddings: 

Algorithmic validation study. J Med Internet Res.]. 

There are four types of disclosure concerns when it comes to protecting data privacy: 

● 

● 

● 

● 

Identity disclosure: identifying an individual. 

Attribute disclosure: identifying an individual’s ethnicity, religion, physical attributes, etc. 

Group attribute disclosure: e.g., is a particular group more likely to have cancer? 

Membership disclosure: e.g., is this person part of a pharmaceutical trial? 

Not all attributes are the same with regards to increasing the risk of these disclosures. Within 

conversations with chatbots, users might reveal direct identifiers (e.g., full names, exact addresses, 

phone numbers, credit card numbers) and quasi-identifiers (e.g., religion, origin, gender, etc.). When 

combining quasi-identifiers together, the risk of re-identifying an individual grows exponentially. 

The ScatterLab incident mentioned above is an example of identity and possibly attribute disclosure, 

though one major issue was actually membership disclosure through identity disclosure. These 

disclosure types were caused by the leak of direct identifiers and perhaps of quasi-identifiers as well. 

Preventing Identity, Attribute, and Membership Disclosures 

There are a few solutions for dealing with training data memorization within chatbots. One is differentially 

private gradient descent (DPGD), which was used in Carlini et al.’s 2019 paper. DPGD adds noise to the 

ML model training process. The original idea behind differential privacy is to be able to make 

generalizations about a population without the risk of disclosing any specific individual’s unique 

information. The goal of adding differential privacy to an algorithm, like a chatbot model, is that if you run 

the algorithm on two datasets differing by a single entry, then the likelihood of getting a different set of 

possible outputs is negligible. DPGD provides mathematical guarantees that rare information is not being 

memorized by a machine learning model, though often at the expense of model utility. 

Another solution is highly accurate redaction or de-identification, which means removing the direct 

identifiers and quasi-identifiers within your training data (e.g., location, names, telephone numbers, etc.). 

There’s a lot you can gather from a conversation’s context without the need for identifiable information. 

Finally, another option is using synthetic personal data generation. This method allows for replacement 

of direct and quasi-identifiers in a very natural way, so a chatbot’s training data matches the style of the 

language model’s pre-training dataset, which prevents downstream model accuracy loss. It also has the 

additional benefit that, if any personally identifiable information is missed, it’s very difficult to tell what the 

original data was from the synthetic data. Targeted synthetic data generation changes the paradigm of 

disclosure risk versus data utility. 

If ScatterLab had used either one of these three methods to protect the privacy of their users, they would 

have prevented violating training data privacy, as well as input and output privacy. Their story inspires 



concern and a desire to be cautious. Though it is not enough to just want to be proactive about user 

privacy: actions must be taken to integrate privacy into a chatbot’s very design. 


Patricia Thaine is the Co-Founder and CEO of Private AI, a 

Toronto- and Berlin-based startup creating a suite of privacy 

tools that make it easy to comply with data protection 

regulations, mitigate cybersecurity threats, and maintain 

customer trust. 

She is a Computer Science PhD Candidate at the University of 

Toronto and a Postgraduate Affiliate at the Vector Institute doing 

research on privacy-preserving natural language processing, 

with a focus on applied cryptography. Her research interests also include computational methods for lost 

language decipherment. 

Patricia is a recipient of the NSERC Postgraduate Scholarship, the RBC Graduate Fellowship, the 

Beatrice “Trixie” Worsley Graduate Scholarship in Computer Science, and the Ontario Graduate 

Scholarship. She has nine years of research and software development experience, including at the 

McGill Language Development Lab, the University of Toronto's Computational Linguistics Lab, the 

University of Toronto's Department of Linguistics, and the Public Health Agency of Canada. 

She is also a member of the Board of Directors of Equity Showcase, one of Canada's oldest not-for-profit 

charitable organizations. Patricia Thaine can be reached online at patricia@private-ai.com, @PrivateNLP 

and at our company website https://www.private-ai.com. 



Q&A: Roland Cloutier Chief Security Officer Tiktok and 

Bytedance 

By Roland Cloutier 

As Global Chief Security Officer of ByteDance and TikTok, Roland Cloutierbrings an unprecedented 

understanding and knowledge of global protection and security leadership to one of the world's leading 

media, social, and technology companies. He oversees the company’s information protection, risk, 

workforce protection, crisis management, and investigative-security operations worldwide. Before joining 

ByteDance andTikTok in 2020, Cloutier spent about 10 years as CSO at payroll-services firm ADP. Prior 

to ADP, he was CSO at data-storage vendor EMC (now owned by Dell). Cloutier started his career with 

over a decade of service to the US Air Force and US Depts. of Defense and Veterans Affairs. In 2015, 

he authored and published a business book, “Becoming a Global Chief Security Executive Officer.” 

You recently launched the #BeCyberSmart campaign at TikTok as a part of Cybersecurity 

Awareness Month. What was the driver for doing this? 

At TikTok, we believe everyone benefits from a safer and more secure world. For Cybersecurity 

Awareness Month and all year long, we're inspiring our diverse global community to make good choices 



and stay safe online. That’s why we launched #BeCyberSmart , a campaign championed by the National 

Cyber Security Alliance(NCSA) and industry-leading experts on how we can all create a culture of 

cybersecurity. We're always inspired by creators fueling #LearnOnTikTok , and it was exciting to launch 

a new @TikTokTips video series on ways to spot and defend against common cyberthreats. The series 

features TikTok creators and employees, including touring comedian @alex_falcone telling tales of 

cybercrimes and how to #BeCyberSmart. 

We also want to uplift the next generation of leaders. While the pandemic hit many industries hard, 

cybersecurity skills have never been needed more. Over 3million cybersecurity jobs went unfilled last 

year. We’re providing tools, training, and encouragement to inspire more people to get into cybersecurity. 

We've also been strengthening our security team at TikTok. 

We're actively recruiting for over 300 roles across 19different disciplines, because securing a platform 

that brings joy to over 1 billion people is a job that's never done. 

Ransomware attacks have significantly driven cybersecurity’s public profile. How have you 

seen this impacting internal support for cybersecurity initiatives, budgets and overall 

awareness with businesses? 

Ransomware attacks have surged 311% in the past year with a business now being attacked every 11 

seconds, and the threat landscape is constantly evolving. At TikTok, the safety and security of our global 

community is always a top priority. We know that staying ahead of next-generation cyber threats requires 

bolstering the security and integrity of our platform and business operations on an ongoing basis. Critical 

to that effort is partnering with the world's best researchers, academic scholars, and independent experts 

to test and validate our own defense. 

In the past year alone, we've strengthened our global security organization and established global Fusion 

Center operations in Washington DC, Dublin, and Singapore. We’ve earned ISO 27001 certifications in 

the US, UK, Ireland, Singapore, and India for investing in the people, processes, and technology to keep 

our community safe. 

We continue to partner with leading organizations like the National Cyber Security Alliance to inspire 

leaders of the future and encourage people of all backgrounds to #BeCyberSmart 

While celebrating our 1-year anniversary with HackerOne and the evolution of its Internet Bug Bounty 

(IBB) program, we worked to spotlight the top ethical hackers helping TikTok pioneer new defenses to 

protect over 1 billion people worldwide. Our comprehensive scope and commitment to transparency is 

what keeps drawing new hackers to the program. 



What advice would you give to CISOs looking to raise cybersecurity awareness within their 

business and promote a ‘cyber risk’ culture? 

People are the foundation of any organization, and security is a team sport. At TikTok, our employees 

are our first line of defense. We're focused on creating a culture of security within our organization. That 

includes developing an internal video game to educate employees on cybersecurity and sharing 

@TikTokTips videos to encourage strong passwords, multi-factor authentication, and ways to spot 

phishing attempts. We also host a regular "Mission Possible" series with programming to engage crossfunctional 

teams around the world, including a friendly "Security Feud" competition to win TikTok swag 

for claiming the top score on a range of cybersecurity topics. 

We believe our ability to protect against threats is only as strong as our ability to identify and work together 

to address them. This fall, we hosted a global security leaders offsite, featuring guest speakers and a 

"field trip" to IBM's Cyber Range where our team was tested with a simulation requiring them to come 

together to manage seven crises simultaneously. We know it's not enough to build security into our 

product. We also have to test our own defenses, both as a team and with outside partners who help us 

continually improve the safety and security of our platform. 

You’ll be talking at next year’s Ransomware Resilience Summit series on ‘determining roles and 

responsibilities in a response’. How critical is it for the business to pre-determine their 

responses and responsibilities to an attack before it happens? 

There are a handful of sayings that I often share with my team. One is that, "we don't rise to the level of 

our expectations; we fall to the level of our training." Or to quote Ben Franklin, "an ounce of prevention is 

worth a pound of cure." It's critically important to have a plan, along with a backup plan. We have an 

entire team focused on business resilience and crisis management at TikTok. Their job is to anticipate 

worst-case scenarios and then create strategies to mitigate them. 

This team is part of TikTok's global Fusion Center operations, which are an important cornerstone to 

address the converged global threat landscape we face every day. These operations fuse critical 

business, security, legal, privacy, communications, and other cross-functional stakeholders to ensure 

alignment across all parts of the business. Our approach helps to provide a comprehensive view of how 

our business and community intersects with the world -- both on and off the platform. However, our 

mission is about more than protecting against malicious threats. It's also about ensuring the platform's 

availability and reliability for exciting global LIVE events like the Ultimate Super Bowl LV Pregame 

Experience, UFC Fight Night, TikTok UEFA EURO 2020 Show with Ed Sheeran, an innovative concert 

experience with The Weeknd, or an around-the-world museum tour to explore art and culture. 

Our all-hands, all-hazards incident management approach focuses on four pillars: 

1. Understanding our critical business operations, assets, services, and community 



2. Enabling over-the-horizon threat monitoring capabilities to detect and defend threats to our 

business operations, assets, services, and community 

3. Protecting against events that negatively impact our community and business on and off platform 

4. Rapid response capabilities to minimize impact if something bad were to happen 

We're also creating customized, threat-led defense technology and capabilities that combine industryrecognized 

frameworks like VERIS, MITRE ATT&CK, CSF, Data Defense, and ISO 27001. As the threat 

and cybercriminal landscape changes, so are we by building new protocols and systems to detect, 

manage, triage, and escalate all types of security events spanning ransomware, organized cyber crime, 

and inauthentic behavior. Our multidisciplinary approach enables us to catch and eliminate potential 

security and safety incidents or adversaries before they put our platform or community at risk. 

What are you most looking forward to by being a part of the Ransomware Resilience Summit 

series? 

Roland will be speaking alongside 30+ other experts at the upcoming Ransomware Resilience Summit 

series (London, February 22-23 and Washington D.C., March 29-30). Limited places are available to join 

TikTok, Netflix, Bupa, Microsoft, Oracle, Aston Martin, Trainline and many more behind closed doors and 

share best practices and lessons learned for tackling the unabating ransomware threat. 

It's critical for the business community to get together, educate, and connect with one another. Industry 

forums like the Ransomware Resilience Summit are important because they bring together key 

stakeholders -- from security practitioners to law enforcement officials -- to share lessons learned and 

enable stronger defenses. The ability to connect digitally and in real-time is not just important, but maybe 

the most important driver of economic opportunity and change in our lifetime. The more we can learn 

from and uplift one another, the safer and more secure our world will be. I look forward to sharing the 

stage with fellow practitioners next year and continuing these important conversations. 

With Cyber Security Awareness month behind us, what do you have planned for the 

#BeCyberSmart campaign moving forward? 

Cybersecurity Awareness Month may be over, but we aim to encourage online safety year round. For 

International Fraud Awareness Week (November 14 - 20), we're joining the Association of Certified Fraud 

Examiners (ACFE) as a continuation of our #BeCyberSmart campaign. We're hosting a special 

#LearnOnTikTok LIVE stream on November 15 in conversation with @Alex_Falcone and industry experts 

sharing tips on how to avoid falling victim to fraud, because fraud is not a victimless crime. In the physical 

world, we follow expert guidance: "If you see something, say something." The same principle applies to 

the digital world, and people with cybersecurity skills have the power to protect those around them by 

sharing their expertise. We're welcoming security practitioners and companies across all industries to 

join us in creating TikTok videos to help others #BeCyberSmart. 




Interviewer 

Aaron Rawcliffe 

Profile Director 

Ransomware Resilience Summit 

Kisaco Research 

Interviewee 

Roland Cloutier 

Global Chief Security Officer 

ByteDance/ Tik Tok 



Techniques Used by Hackers to Bypass Email Security 

Solutions 

By Michael Aminov, Perception Point 

There are many email security solutions available in the market today, yet organizations still see phishing 

and malware reach users. In some situations, a SOC team may get a report sent by an employee. 

However, when the payload has reached the users’ computer and has been opened, what normally 

happens is an alert coming from the endpoint solution. Even worse, the organization becomes 

compromised - data can be stolen or encrypted, and business processes are in danger of major 

disruption. 

This article will look at the most-used techniques that hackers choose to bypass traditional email security 

solutions. 



Hosting malware on file-sharing services 

Cloud storage and data sharing applications such as OneDrive, Google Drive, SharePoint are creating 

an increasing number of security blindspots for hackers to leverage. 

Many file-sharing services offer free packages, which let an attacker upload a payload for free. These 

services work by using link sharing, and the link then comes from their domain which has a good 

reputation. The attacker crafts an email and puts the link inside an email. 

Why is this so difficult to detect? 

Traditional solutions scan the URL. In these cases, there is nothing suspicious inside, as the link will lead 

to the legit website. The site itself is safe but when the user clicks on a “download” button the malicious 

file is activated and your user is compromised. 



Phishing scams avoid email security with login forms hidden inside local web pages 

In this case, the hacker leverages a login page inside a local html page, which is attached to the email 

instead of hosting the login page online. And when you open the HTML attachment, any JavaScript inside 

the HTML will be allowed to run by default by your browser. The page is rendered locally on the victim’s 

computer, and only after credentials are entered into the fake login page, a JavaScript code (usually 

obfuscated) uploads this information online straight to the attackers’ hands. 

Why is this difficult to detect? 

• The email does not contain an embedded link that could be unpacked and scanned. All engines 

based on reputation (URL reputation, domain legitimacy and so on) are not valid. Also solutions 

such as URL rewriting in Office365 will not help. 

• The URL in the address bar seems as if it is harmless, with no website name. 



Spotting Spear Phishing 

Attackers try to trick users into thinking they landed on a well-known internal company portal. The attacker 

identifies a third-party service that a company uses, and mimics it with fake versions of it. 


• Employees expect to see emails from these sources as internal only, and will not pay attention to 

signs of phishing. 

• Some company portals are accessed from the internet—making hackers’ lives even easier to 

spoof them. 

In the below example, we can see a fake Okta login page. It contains all visual elements and the 

company’s logo (and its even SSL encrypted), just waiting for the user to enter his or her credentials (an 

action done several times a day). A large portion of phishing campaigns sent to companies are actually 

an impersonation of their own brand. 



ATO Detection 

Account takeover benefits from the account’s credibility and history with their own company and external 

organizations that they do business with. A fraudster who has access to an account can cause 

tremendous damage. 


• With ATO, the email is coming straight from the vendor’s IP and the actual sender’s mailbox. 

• The attacker will read the email communications, and wait for the perfect time to inject a message 

for fund transfer. He will usually reply back with a signature that’s identical to the vendor’s and 

will ask for you to transfer money to other bank accounts. 

Blacklisting email security vendor IP addresses 

Hackers blacklist email security vendors’ IP addresses. They create phishing websites, being aware that 

their target is highly fortified, and they assume email security solutions will scan their website before it 

will reach the end user. 


By fingerprinting the different email security solutions, a hacker can understand what the IP addresses 

are of the email security provider services. Once fingerprinted, they can easily blacklist that IP. 

Recommendations 

1) When selecting an email security solution, an organization should consider a service that identifies 

all threats before they arrive in a user’s inbox. The ideal solution should provide various detection 

layers to identify advanced phishing attacks as well as ATO, malware, 0-days and more. 

Look for services that: 

• Dynamically scan 100% of emails and their embedded content before they arrive to the user’s 

inbox without affecting user experience 

• Use technology to deterministically provide verdicts on malware and not rely on behavioral 

analysis 

• Leverage image analysis Image recognition of URLs 

• Can detect account takeover detection 



2) Educate your employees to always check the authenticity of the sender by checking if the display 

name and the email address match in order to decrease the chance of a successful spoofing attempt 

3) Avoid clicking links if you are not sure about them. If you click a link from an email, inspect the website 

even if it seems to display non-malicious content. 

4) Before giving away details, always check if the domain is known to you and that the website is 

protected by SSL (HTTPS and not HTTP). 


Michael Aminov is the founder and chief 

architect of Perception Point. Previously, he 

was the chief architect of CyActive, acquired by 

PayPal. Michael was also an officer in the 

classified elite cyber unit in the Israeli 

Intelligence Corps and was awarded the Israeli 

National Security Award. 

https://perception-point.io 

Michael.aminov@perception-point.io 



How To Protect Your Digital Legacy 

By Jamie Wilson, MD, Cryptoloc Technology Group 

From your birth certificate to your will, much of your life is lived on paper – and now, that paper is moving 

to the cloud. But while there are clear advantages to digitising our most important documents, there’s 

also an art to doing it properly. Here’s how you can move your records online safely and securely, and 

ensure you’re able to pass your digital legacy on when the time comes. 

Why should you digitize your documents? 

Over the course of our lives, we accrue a lot of documents that need to be stored safely – everything 

from contracts, wills, trust deeds, share portfolios, property and vehicle leases, insurance policies, tax 

returns, power of attorney documents and funeral plans to hard-earned degree certificates, precious 

family photos and spicy love letters. 

But if you’re relying on paper documents, then you could be setting yourself up for disaster – quite literally, 

in the case of a fire, flood or even a tornado. Even if you avoid that worst-case scenario, information 

stored in physical formats will deteriorate a little further every time it’s handled, so it’s essential to preserve 

paper documents by scanning and converting them into digital files. 



If you’re running a business, then the number of documents and records that you need to keep track of 

grows exponentially. And the more you’re relying on paper-based processes, the less efficient your 

business will be on a day-to-day basis – especially if your business is geographically dispersed across 

multiple locations, or, like so many businesses today, you have employees working remotely. 

Ditching those bulky filing cabinets and replacing them with digital files that are quickly and easily 

searchable and accessible will enable you to save time, improve productivity and reduce operating costs 

now, while also putting you in good stead for the future. 

Of course, it’s one thing to have digital records of all your documents. But the real question is how you 

can store and share these files securely, because if you can’t do that, you may as well have just set all 

that paper on fire yourself. 

And perhaps most importantly, you need to ensure that the right people – and only the right people – are 

able to access those files when you’re not around to share them anymore. Because ultimately, that’s 

what your digital legacy is all about. 

Clouding the issue: Securing your digital legacy 

To get value out of going digital, you need to store your files in a system that’s both easy to manage and 

truly secure. This is something I found out the hard way. 

I was working as an accountant when my father passed away from pancreatic cancer in 2010, leaving 

me with the task of rounding up and managing his will, superannuation details and other legal documents 

and files for my mother. 

Losing a loved one is extremely hard – in some cases, it might be the hardest thing you ever go through. 

And, though it’s never been easier to digitise our documents, it can be overwhelming for our next of kin 

to track down and gain access to these documents at a time when they’re already distressed. 

It’s not something we tend to think about – or, for that matter, something we want to think about – but it’s 

important that we can easily pass on this information when we pass away. 

Knowing that data storage devices like hard drives and thumb drives were no safer in the event of a 

natural disaster than paper documents (and much easier to lose), I went looking for a secure cloud-based 

solution – and ended up having to create my own. 

I didn’t want other people to have the same challenges that I did in such a difficult time. I was also thinking 

about my accounting clients at the time. What if something happened to me? I had ownership of all their 

business strategy and financial documents, which they likely wouldn’t have gotten back. That could have 

crippled their businesses. 

I thought there had to be a solution on the market that enabled businesses and individuals to own their 

data; to create digital documents that would stand up in court as well as the paper-based originals; and 

to nominate a party or parties to be able to access the documents in the event of a loss. But I found that 

this technology and this level of security simply did not exist, so I set off on my journey to create both. 



I worked with cybersecurity experts, mathematicians and encryption specialists to develop Cryptoloc’s 

patented three-key encryption technology, which combines three different encryption algorithms into one 

unique multilayer process, and deployed it across several products. 

One of those products is Cryptoloc Cloud, a secure cloud storage service, which enables users to safely 

store, edit, share and sign documents with complete confidence; files can only be accessed by the people 

the user authorises; and every change is tracked. 

These fully encrypted documents can then be sent to clients, customers, lawyers, government 

departments and anyone else who needs them, directly from Microsoft Outlook. 

But what I’m proudest of is that Cryptoloc Cloud enables users to create a true data legacy – their files 

are preserved, but not just anyone can access them. Instead, files can only be accessed by users 

nominated by the deceased before their passing. This is a feature that any cloud storage service that’s 

serious about preserving a person’s digital legacy needs to offer. 

In our case, the system enables users to nominate a person – such as a loved one or executor – to 

access their data in the event of their death, incapacitation, or another trigger event of their choosing. 

Users can nominate the person to be able to access as many, or as few, of their files as they like – if they 

don’t want to hand over their entire digital legacy to one person, they can specify which of their drives 

they’d like them to receive, and/or nominate multiple people. 

Cryptoloc isn’t the only cloud storage service to consider a user’s digital legacy. Google’s Inactive 

Account Manager, for instance, enables users who have data saved on Google services to assign their 

data to a digital executor when their account become inactive, and Apple have just introduced a Digital 

Legacy feature that enables users to set a person as their Legacy Contact, giving that person access to 

their Apple ID account and data after they die. 

I’m pleased to see more services realising the importance of a Digital Legacy feature, but many cloud 

storage providers still don’t offer one. Instead, users are required to include an e-register of digital assets 

with their will, despite the fact that digital estate planning legislation is largely uncharted territory, and the 

legal rights that apply to our physical possessions or financial assets don’t yet apply to our digital assets 

in most jurisdictions. 

Some services actively prohibit the sharing of usernames and passwords, and the transferring of data 

between accounts – so leaving it to the courts to enforce your wishes is a legal minefield. 

The benefits of being able to simply nominate someone to inherit files you’ve stored in the cloud, directly 

through the service itself, are obvious. For instance, if you’re an estate lawyer, you can assist your clients 

to set up their own data legacy, and nominate you – or a loved one of their choosing – to receive their 

will and their other legal documents upon their passing. 

Conversely, you can ensure that the documents you’re holding onto yourself can be safely passed on to 

another lawyer, or to your clients themselves, when the time comes. 



This is, after all, the whole reason I set out to create Cryptoloc in the first place. It’s personally very 

satisfying to know that users can store all their important documents securely in one place, and establish 

a digital legacy that they can easily pass on to the people that they choose. 

Nobody should have to go through the hassle of putting a loved one’s affairs in order while they’re grieving 

for them and now, nobody does. 


Jamie Wilson is the founder and chairman of Cryptoloc, 

recognised by Forbes as one of the 20 Best 

Cybersecurity Startups to Watch in 2020. 

Headquartered in Brisbane, Australia, with offices in 

Japan, US, South Africa and the UK, Cryptoloc have 

developed the world’s strongest encryption technology 

and the world’s safest cybersecurity platform, ensuring 

clients have complete control over their data. Jamie can 

be reached online at www.linkedin.com/in/jamie-wilson- 

07424a68 and at www.cryptoloc.com 



Sextortion Email Scams 

What to Do and How to Respond 

By Harman Singh, director at Cyphere 

Sextortion emails scams are becoming more common, but how can you tell if it's a legitimate request for 

money or an actual sextortion scam? Here are some signs to a lookout. First off, if the person is asking 

for money in order to send pictures back, this is most likely a scam. Second, if the sender threatens 

physical violence against you or your loved ones unless you pay up right away- delete them immediately! 

Scammers may access your information through a phishing attempt or any other hacking technique. 

Finally, before paying any of these scammers any amount of money, please read about such scams 

online, especially your individual country’s law enforcement websites, action fraud websites, and consult 

with someone who knows about internet security. 

What is a sextortion email? 

A sextortion scam uses blackmail to coerce the potential victim into paying money under the threat of 

publishing or threatening physical violence. The scammers will most often use the photos they've 

obtained illegally as leverage for this type of cybercrime. 



In a sextortion scam, someone contacts you online with the intention of extorting money from you. They 

might say they have compromising photos or videos of you and threaten to send them out unless a 

ransom is paid. 

What should I do if I'm receiving sextortion emails? 

If you're receiving an email like this, delete it immediately. Never send any money or share your personal 

information with the sender. If you fear someone may have actually accessed your email account and 

taken compromising pictures of yourself, make sure to contact law enforcement officials as soon as 

possible for help in getting those images cleaned from the website where they were posted without 

consent. 

What is a sextortion attack? 



Sextortion attacks are a type of cyber-attacks that successfully gains access to sensitive information from 

the potential victim, such as pictures or videos. The attacker then uses this knowledge to coerce them 

into performing other actions by using fear and intimidation. 

The attacker will threaten to release the information publicly if they do not comply with their requests. 

This is among the scariest forms of cyber-attacks because it can cause real-life damage and ruin a 

person's reputation, even though no physical harm was done directly. 

Prevention tips against sextortion scams 



We have shared a few tips for preventing sextortion scams. 

1. Use burner email addresses, also known as disposable email addresses for temporary online 

accounts. 

2. Don't share any photos that you think can be misused against you. If you aren’t sure, don’t do it even 

with someone you trust. 

3. Never send money to someone who contacts you unexpectedly. 

4. If the person is asking for money in order to send pictures back, this is most likely a scam. 

5. Do not give out personal data ever! If they know where you live and have your full name, it's even 

easier for them to extort more from you using fear. 

6. Do not ever share any personal information with anyone online. 

7. If you fear someone may have actually accessed your account and taken compromising pictures of 

yourself, contact the authorities and check your local law enforcement official websites. Ask for help in 

getting those images removed. 

8. Use two-factor authentication on all accounts. 

9. Always use secure passwords with both letters and numbers, so it's harder to guess or hack your 

account. Use a password manager for easy handling of all your passwords 

10. Create a unique secure password for every website (especially social media) using a password 

manager. If possible, use a password manager to store all your secrets and generate them randomly 

when required. 

11. Set up automatic security alerts, so you know if your accounts have been accessed by someone 

other than yourself. 

12. Don't open emails from unknown people, and always check the link associated with it, look out for 

the red flags such as hyphens in the address, typo squatting errors or too good to be true offers giving 

away hints about a possible scam. 

How will I know if I'm being targeted by a sextortion email scam? 

Sextortion scams have several different warning signs to look out for. If the sender asks you for money 

in order to send pictures back, this is most probably a scam and should be deleted immediately. 

Scammers also often use threats of physical violence or public humiliation as leverage against the 

potential victim. If you ever receive a sextortion email like this, delete it and do not send any money to 

the sender. Most importantly, if someone is threatening physical violence or your loved ones unless you 

pay up- contact law enforcement officials right away! 



How to respond to a sextortion email? 

If you've already received a sextortion email, the most important thing to do is delete it immediately. Never 

send any money or share your sensitive information with the sender, and if possible, contact law 

enforcement officials for help in getting those images removed from wherever they were posted without 

consent. 

What should you do after receiving a sextortion email? 

You need to be very careful after receiving such an email. Following steps should be taken after you 

receive any sextortion email 

1. Change password 

2. Update security alerts on accounts 

3. Delete the email right away without responding to the sender 

4. Stay calm 

5. Change password and alert IT 

6. Don't send money to any scammer 



7. Don't give up personal information 

8. Contact and report to law enforcement if images have been posted without consent or fear for selfsafety. 

What if I'm already paying money? 

If you've already paid the scammer, contact your bank immediately to request a chargeback. If they have 

access to any of your accounts, including Facebook, YouTube or WhatsApp, make sure to change all 

associated passwords as soon as possible. Also, be aware that if these scammers are using an email 

address for their official communication with you, it's possible they also got to other online accounts you 

use. 

If I've already paid money, is there anything else that can be done? 

Seeking help from the relevant authorities is the best thing you can do if this has happened to you. They 

will be able to find out where your images are being held and work with law enforcement in those countries 

to get them removed. Contacting an online security professional is also a good idea if you're not familiar 

with this sort of thing and need help keeping your private data secure in the future. 

Sextortion email examples 

There are many examples of sextortion email scams floating around the internet. We have shared a few 

of them below. 

Example 1: Threatening email asking for bitcoin 

Dear (insert victim's name here), 

You don't know me, but I've been watching you. I hacked into your computer and took some very personal 

pictures of you that I now have as leverage against you. You can view them on this site: (site with 

compromised images). If you would like to get the photos back, send $500 to Bitcoin wallets address: 

(insert bitcoin address here) 

You have 24 hours. If I don't get my money, these pictures will be released for everyone on the internet 

to see, and you'll never be able to scrub them from existence. You can keep it anonymous if you wantthat 

should still scare you. 

-Scammer 



Example 2:'You've been hacked' email asking for money 

Dear (insert victim's name here), 

I know who you are and what you've been doing on your computer. I had recorded videos of everything 

- mainly the videos that show up when you were visiting adult websites, as well as other things like 

webcam footage from Skype sessions with family members or colleagues. 

You should read this article: (insert a link to article) 

If you don't take action and pay ransom immediately, I will release these videos and photos of you on the 

internet so that your family and friends get a good laugh. 

I'll be in touch soon! 

-Scammer 


Harman is a director at Cyphere where he advises businesses on how 

to protect from cybersecurity threats to businesses. It involves 

performing hacking simulations in real-time to explain technical 

concepts just like you would to your grandparents. 

Harman can be reached online at 

https://twitter.com/thecyphere 

https://www.linkedin.com/in/harman12/ 

https://thecyphere.com/company/enquiries/ 



Getting Started with Active Directory Security 

Evaluating, Benchmarking and Creating a Strategy 

By Justin Kohler, Director of BloodHound Enterprise, SpecterOps 

Over 90% of the Fortune 1000 use Microsoft Active Directory (AD) for identity and access management. 

This ubiquity makes AD a prime target for attackers because compromising it almost always gives them 

the access they need to achieve their goals. Additionally, attackers can compromise AD easily by 

manipulating common errors in user identity and privilege. 

Consider this scenario: An attacker gets an employee’s credentials through a phishing attack. That user 

is a member of the “Help Desk” security group in AD with a low level of privilege. But the Help Desk group 

has been nested inside another group that has privileges over a PCI server. Our hypothetical employee 

is not supposed to have control over that server, but the group nesting has given them privilege over it 

accidentally. That server also has a service account logged in, and it’s simple for an attacker to steal 

those credentials now that they have control over the server. That service account happens to have the 

“Add Member” privilege to the Domain Administrators group, so now the attackers can make themselves 

a domain admin. This chain of steps that allows an adversary to escalate privilege and move laterally 

through Active Directory is an example of an Identify Attack Path (referred to as “Attack Path” for the rest 

of this article). Multiple Attack Paths just like this exist in nearly every environment my colleagues and I 

examine. 

Improving AD security to prevent these attacks requires IT Operations, Security Operations, and Identity 

and Access Management (IAM) teams to work together since each owns a portion of securing AD. A 

successful strategy must 1) be understandable and defensible to management, 2) give practical solutions 

that can realistically be implemented by AD administrators, 3) be measurable so that the organization 

can track progress over time, and 4) cannot require changes that greatly interfere with normal business 

operations. 



How can this strategy be implemented? Let’s look at a practical, actionable approach to securing AD 

security with these four steps: 

Step One: Define High-Value Assets 

First, think like an adversary and focus on what they’ll focus on. Define the high-value assets in Active 

Directory that most attackers will target. A great place to start is the objects in Active Directory that enable 

full control over the domain. Commonly referred to as “Tier Zero” or “Control Plane” in Microsoft’s new 

Enterprise Access Model, these include the Domain, Enterprise, and Schema Admins, and Domain 

Controllers groups, plus the domain head object, and applicable group policies. Adversaries want to get 

privilege on these assets because they enable additional access required to accomplish their objectives. 

IT may also consider including other critical systems that would have a significant payoff for attackers, 

such as privileged access management (PAM) solutions. 

Step Two: Map Attack Paths 

Next, map out all of the ways an adversary could compromise those high-value assets. Unfortunately, 

AD’s interface and built-in tooling do not provide the necessary visibility to audit privilege effectively. This 

lack of visibility makes it very difficult to see users’ privileges, which groups they are members of, etc., 

which causes Attack Paths to build up over time. Surfacing these paths will require specialized tools like 

BloodHound (an open-source Attack Path mapping tool), which gives visibility into AD to map out how 

attackers can use misconfigurations to control high-value assets. 

Step Three: Start with Critical Paths 

An enterprise AD environment can easily have tens of thousands of potential Attack Paths. For an AD 

security plan to be practical, it must prioritize which ones to fix first. Without the ability to measure the 

exact risk of each path in your environment, two manageable areas present a significant risk to any 

environment. 1) attack paths from large groups in the environment to critical assets and 2) Kerberoastable 

critical assets. Here is a full explanation of how to find and fix these specific issues. 

These two areas represent a significant risk because each may be executed by effectively any member 

of the organization through the use or abuse of AD configurations. Another area the security or IAM team 

may consider reviewing is any permissions granted to the large default groups such as Domain Users, 

Authenticated Users, or Everyone. These permissions can create large beachheads for attackers to move 

laterally within the environment, even if they don’t grant full access through a critical asset. 



Step Four: Develop Actionable Remediations 

The final piece of the puzzle is to create clear remediation guidance that all teams can understand. AD 

administrators or IAM team members will likely implement any changes to AD. They have different 

priorities than the security team, and they’re under extreme pressure to maintain the backbone of the 

enterprise. Therefore, they need to consider how any changes to AD will affect the user's ability to do 

their jobs. 

That means any remediation recommendations need to clearly explain what the AD admins should do, 

the side effects of the change, and how the fix will affect overall risk exposure. This lets AD admins, 

executives, and management make informed decisions about executing the change. For example, 

remediation could break legacy application functionality. As a result, the change may need to be logged 

for a substantial amount of time before the organization feels confident that it won’t cripple a critical 

business function. 

Active Directory has existed for over 20 years. Unfortunately, 20 years without visibility into how privileges 

are applied leads to seemingly insurmountable challenges. To make real progress, teams must use other 

methods to evaluate their AD environment, measure risk, and give practical, actionable guidance for 

fixing problems. Any plan that can account for all these elements will be a massive step towards a more 

secure AD environment for everyone. 


Justin Kohler is the director for the BloodHound Enterprise 

product line at security consulting company SpecterOps. 

He is an operations expert who has over a decade of 

experience in project and program development. After 

beginning his career in the US Air Force, he worked for 

several consulting firms focused on process and workflow 

optimization and held positions at Microsoft and Gigamon. 

He enjoys building and leading teams focused on customer 

delivery at Fortune 500 companies. 

Justin can be reached online at @JustinKohler10 and at our company website https://specterops.io/ 



Surviving The New Era of Terabit-Class DDoS Attacks 

By Richard Hummel, Threat Intelligence Lead, NETSCOUTy 

In March 2018, a massive Distributed Denial of Service (DDoS) disrupted service for the developer 

platform GitHub. The attack, which lasted for approximately 20 minutes, was the largest on record. 

It was also a milestone. At roughly 1.2 terabits for second, it formally inaugurated the era of terabit-class 

attacks, roughly the equivalent of 25 or 30 high definition movies every second. It was followed one week 

later by another attack, a 1.7 Tbps assault at a U.S.-based service provider. 

DDoS attacks flood targeted networks with requests for traffic that overwhelm the system and cause 

outages. Attackers had been, for years, setting new records in the volume of traffic they could send. Still, 

in the years leading up to the attack, there were some that debated whether an attack of that size was 

even feasible given certain technical limitations. 

Now, just three years later, terabit-class attacks occur nearly every month. Recently, a major international 

enterprise software provider said that it had mitigated a 2.4 Tbps attack. 

The good news is that organizations with up-to-date DDoS defenses and sufficient mitigation capacity 

can maintain availability in the face of these extremely large attacks. But, that doesn’t mean enterprises 

can ignore the risk of massive DDoS attacks. Cybercriminals continue to innovate in this field by 

combining volumetric DDoS attacks with other threats, such as ransomware; or by deploying multi-vector 

attacks that drastically increase complexity for defenders. 



The New Normal 

Several factors have converged to drive terabit-class attacks. Attackers continue to build massive 

botnets, the armies of infected devices that can direct malicious traffic at targeted systems. Meanwhile, 

IoT devices, which too often have lax cybersecurity standards, have only increased the number of devices 

available to compromise. 

A second factor is the continued development of reflection amplification attacks. Think of it this way: in 

most DDoS attacks, a targeted system is flooded with requests for information that initiate a response. In 

a reflection attack, attackers disguise the origin of the attack traffic to make it appear that it is coming 

from the targeted network or device. In other words, the attack tricks the targeted system into sending 

the response back to itself. But the size of the request for information and the response are not always 

symmetrical. For some internet-based services, a request for information initiates a response that is far 

larger in proportion. By targeting these services, attackers can significantly amplify the size of their attack. 

A reflection amplification attack both magnifies the amount of malicious traffic an attacker can generate, 

and obscures its source. In the first half of 2021 alone, threat actors weaponized at least seven new 

reflection and amplification vectors. The deployment of this new tactic ignited an explosion of new attack 

modes. Along those lines, the number of vectors used in multivector DDoS attacks has soared, with a 

record-setting 31 attack vectors deployed in a single attack against one German organization. 

That’s the type of attack launched against GitHub. Known as a memcached attack. Open source and 

free, Memcached is a high-performance, distributed memory caching system designed to optimize 

dynamic web applications. The amplification capabilities of Memcached servers is so great that if you 

send a single request, that request could send back more than 50,000 responses. 

Mixing Tactics, Vectors, and Targets 

Large attacks are relatively easy to identify by automated defenses. But that has value in itself to 

attackers. A large DDoS campaign may, for example, provide cover for another attack, and threat actors 

can adapt their tactics to overcome defenses when volume alone does not suffice (though, to be clear, a 

big attack still causes many problems). 

An emerging trend has been the development of adaptive attack techniques designed to evade traditional 

defenses. These types of attacks require extensive pre-attack research and reconnaissance to identify 

vulnerabilities. The result, however, is an attack perfectly calibrated to overcome an organization’s 

defenses. Furthermore, attackers don’t always need to attack an organization itself to cause damage. In 

many cases, DDoS attacks can target service providers, including DNS servers, VPN concentrators to 

inflict collateral damage. 

Defending Against Terabit-Class Attacks 

Overall, the first half of 2021 saw a staggering 11 million DDoS attacks. It’s not a matter of if a company 

will find themselves in the crosshairs of a DDoS attack, it’s a matter of when. The pandemic, and its 



accompanying shift toward more digital services for consumers and businesses, has expanded the threat 

surface. Businesses are more reliant on digital services to reach their customers than ever before, driving 

an even greater need for adequate defenses. 

The first step in protecting an organization is taking a good, hard look in the mirror. The shifting dynamics 

of the workplace brought massive changes. Businesses should conduct frequent evaluations to stay 

ahead of new threats, and assessments of whether DDoS mitigation capacity continues to be adequate. 

Companies should also have conversations with their third-party suppliers on which they rely for 

connectivity, including ISPs and VPN concentrators to ensure they have adequate mitigation capacity. 

Running next-generation security tools that leverage packet data can provide insights into possible 

incursions and changes to networks and infrastructure, offering early alerts to security and network 

operations teams. 

Despite being one of the oldest known forms of cyber attack, DDoS remains a pervasive threat. Terabitclass 

attacks are unfortunately inching closer to the mainstream, but even worse, they are just one tool 

in the attackers’ arsenal as they continue to innovate new vectors and attack methods. Hence it is more 

imperative than ever before that defenders and security professionals remain vigilant to protect the critical 

infrastructure that connects and enables the modern world. 


Richard Hummel has over a dozen years of experience in the 

intelligence field and is currently the Threat Intelligence Research Lead 

for NETSCOUT's ASERT Research Team. Previously, he served as 

Manager and Principal Analyst on the FireEye iSIGHT Intelligence’s 

Financial Gain team. He began his career as a Signals Intelligence 

Analyst with the United States Army. During the course of his service 

he became certified in Digital Network Intelligence and supported 

multiple operations overseas including a deployment to Iraq. 

After departing from the Army as an enlisted soldier, he began 

contracting work as a Computer Network Operations analyst in support 

of the Army. During his tenure as a contractor, he developed many 

methods and procedures for conducting Cyber Discovery and trained 

analysts at Army INSCOM HQ's. At FireEye iSIGHT Intelligence, he led a team of technical analysts in 

the tracking, reporting, and analysis of various cyber crime related malware families. 

Richard can be reached online at www.netscout.com 



Cyber (In)Secure: Business Sentiment on Cyber Security 

Challenges 

By James Edgar, Senior Vice President and Chief Information Security Officer, FLEETCOR 

Undoubtedly the last two years have been incredibly challenging for businesses, as many companies 

grappled with the health and safety of employees, massive revenue loss, threats of closure and the great 

resignation. To make matters worse, as businesses set their sights on recovery, cybercriminals focused 

on taking advantage of any vulnerabilities available. 

According to the FBI’s Internet Crime Report, the Internet Crime Complaint Center (IC3) saw a 69% 

increase in total complaints from 2019 to 2020. Business E-mail compromise, phishing and ransomware 

all are on the rise. 

Yet, despite an uptick in cyberattacks since the pandemic began, global corporate payments provider 

FLEETCOR surveyed business owners and learned 91% say they have not fallen victim to a cyberattack 

in the last 12 months. 

According to FLEETCOR’s 2021 Insights on Business Cybersecurity Study, for small companies with 20 

or fewer employees, the number dips even lower with just 7% of survey respondents saying they fell 

victim to a cyberattack during the same timeframe. For businesses with 21-50 employees, that number 

doubles to 14%. 



Survey results show businesses are becoming increasingly aware and diligent in their security practices, 

especially as the pandemic reshapes work environments, including increased cloud adoption and 

companies welcoming hybrid work scenarios. However, the threat of a cyberattack still looms. 

Business disruption is the most prevalent concern 

Nearly two-thirds (62%) of FLEETCOR survey respondents report concerns their business is at risk of 

becoming cyberattack prey, while 83% strongly agree cybersecurity breaches are damaging to business. 

Not surprisingly, when asked to select the most concerning cyberattack consequence, 65% of 

respondents chose loss of profitability and/or disruption to operations. And it’s no wonder since, in 2020, 

the average cost of a data breach was $3.86 million, according to the Cost of a Data Breach Report by 

Ponemon Institute. 

Little spent on cybersecurity protection 

Despite the high level of apprehension for being at risk of a cyberattack, few businesses surveyed by 

FLEETCOR put their money where their concern is. Fifty-seven percent of respondents said they allocate 

5% or less of their annual IT budget to cybersecurity protection, while 25% allot 6%-10% of their IT 

budgets to this cause. Although they’d like to spend more on cybersecurity protection, lack of capital 

resources is the primary reason businesses don’t. 

Digital payments here to stay 

As many businesses at the onset of the pandemic temporarily closed physical locations, digital payments 

soared, and this shows no signs of slowing. More than half of American business owners (53%) surveyed 

said the global crisis increased their adoption with apps being the most executed method. It’s no wonder 

since they’re easy to use, safe and can be used around the clock. 

And while secure digital practices should be table stakes for companies conducting business with other 

companies, most respondents – four out of 10 – don’t know about their vendors’ cybersecurity policies 

and practices. More than 20% rely on word of mouth and said they had no knowledge regarding this 

matter at all. 

This practice of not knowing is risky. When vendors lack strong security controls, your company is 

exposed to a myriad of risks – financial operational, regulatory and reputational, to name a few. 

Don’t risk it 

Going into the new year, evaluate your company and vendor security practices and identify areas you 

might be falling short. Consult with your fellow business leaders and put a plan in place to mitigate risk. 

The last two years have proven life is unpredictable, but the more you understand your business risk 

realities, the better equipped you will be to handle security challenges. 




James Edgar, Senior Vice President and Chief Information 

Security Officer, FLEETCOR 

James Edgar is currently SVP & CISO for FLEETCOR 

Technologies, a global leader in fuel, lodging, tolls and 

commercial payment solutions. He oversees the global 

Information Security and IT Compliance teams, which span four 

continents and multiple business lines. Before joining 

FLEETCOR, James was the VP of Security Architecture, Risk and 

Assurance for U.S. Bank's payment processing division, Elavon. 

Prior to joining U.S. Bank, James led the Security Architecture 

and Risk team for Cox Communications, the 3rd largest cable 

operator in the nation. James has served on the Steering 

Committee for the Payment Processors Information Sharing Council (PP-ISC), participated in the NIST 

Cybersecurity Framework (CSF) development workshops and has been actively involved in the 

governance, risk and compliance (GRC) community in Atlanta. 



Enterprises Cannot Achieve Zero Trust Security Without 

Machine Identity Management 

Thanks to the rise of machines and shift towards zero trust security, organizations’ security will require 

a new type of identity management 

By Murali Palanisamy, chief solutions officer, AppViewX 

The enterprise IT landscape is experiencing phenomenal disruption. While digital transformation, cloud 

migration, and the remote work model have opened a world of possibilities for organizations, these 

sweeping changes permanently reset the cybersecurity game's rules. The attack surface is expanding 

and trying to respond to these changes with increased frequency and sophistication. 

Organizations are increasingly looking at alternative approaches for securing a growing, cloud-driven, 

distributed environment. The surge of digital technologies has led to massive growth in the number of 

machines or digital assets, opening a vast attack surface. Securing these distributed assets and their 

communication is critical for data security. However, with network perimeter fast disappearing, digital 

security has become a significant challenge for organizations. Amid all these changes, a new one: 

managing the identities of machines has emerged as a top priority. In fact, Gartner has named machine 

identity management an essential element in securing today’s enterprises. 

This recognition and shift towards zero trust security has led to security leaders recognizing the 

importance of machine identity management, but how to properly approach it is one of the biggest 

challenges. 



Building digital trust 

With identity becoming the new network perimeter, verifying digital identities on a network is integral to a 

zero-trust strategy. But limiting verification to user identities is not sufficient. Proper zero trust 

implementation is heavily dependent upon digital certificates and key pairs. The objective is to strengthen 

security and ensure device verification along with identity verification. 

Adopting the zero trust model starts with segmentation, implementing privilege access management 

(PAM), multi-factor authentication (MFA), vulnerability and patch management, and security analytics. 

However, companies miss out on one crucial area, and that includes managing machine identities. This 

opens risks rising from compromised encryption tunnels. 

Manually managing certificate lifecycles whether it’s through spreadsheets – or paper documents – is 

time-consuming, error-prone, and highly inefficient. With hundreds of thousands of certificates in 

circulation, administrators cannot rely on manual management techniques to ensure that public key 

infrastructure (PKI) is constantly secure and up to date. There is a pressing need for a management 

system that includes alerting processes and automated workflows for PKI tasks such as certificate 

renewal, requisition, revocation, deployment, and more. 

Recognizing the power of automation 

While digital certificates contribute much to a zero-trust architecture, organizations need a managed 

solution with the capabilities to automate the certificate lifecycle. Implementing an end-to-end certificate 

lifecycle automation solution is a key initiative towards achieving a fully functional zero trust model. 

Automation tools simplify certificate operations by allowing administrators to carry out all necessary 

activities from a single interface (i.e., without using each certificate authority’s interface to renew or revoke 

the certificates they have issued). Last, automation helps enable cryptographic agility. For example, 

digital identities can stay on top of protocol and algorithm upgrades to offer the best possible protection 

under all circumstances. 

Embracing PKI to secure networks 

It’s no longer enough to simply set up the necessary SSL certificates on websites and servers and renew 

them once every few years. PKI protects nearly every internet-facing system (and its back-end servers), 

software programs (in the form of code-signing certificates), and communication in general. There have 

been well-documented occurrences of PKI being the weak link that resulted in data breach, such as the 



Capital One breach back in 2019. Additional emerging trends that have underscored the need for 

organizations to embrace PKI include: 

• Cloud Applications: With the emergence of cloud-based apps, multicloud deployment, and 

container-based deployment, the need to secure the hosting infrastructure and individual 

consumer endpoints has become paramount. 

• Internet of Things (IoT): Not only are IoT deployments numerous in terms of individually 

connected endpoints, but several applications of IoT also hold sensitive data that should be 

protected at all by PKI, as the vanguard. 

• DevOps: PKI and DevOps have never been compatible – DevOps exemplifies agility, while PKI 

has traditionally been a slow, manual exercise. However, certificates need to be rapidly deployed 

to protect outgoing code, applications, and communication lines in general. 

• Remote Work: As an entirely remote workforce slowly becomes the norm, the existence of valid, 

constantly updated PKI on organizational systems not only makes remote access secure it also 

ensures that employees' digital assets remain secure by enabling constant updates via air. 

• 

Infusing AI and ML in Identity Management to thrive in a current and post-pandemic world 

In recent years, artificial intelligence (AI) and machine learning (ML) have been quietly transforming 

industries. With cyberattacks becoming more sophisticated and the continued rise in ransomware 

demands, new tools with advanced AI and ML capabilities are needed. 

Machine learning leverages algorithms to analyze large quantities of data to uncover patterns that enable 

accurate predictions. According to Gartner, IAM is "the security discipline that enables the right individuals 

to access the right resources at the right times for the right reasons.” 

Adding ML capabilities to IAM solutions helps authenticate the user and whether they should be granted 

access to specific applications/data. In other words, it helps validate if these are the right resources for a 

particular user. 

AI is instrumental in the future of IAM since it recognizes patterns and expands knowledge exponentially 

at the same rate as risk. Continuous authentication ensures that for every interaction, the context of a 

user is constantly evaluated. Organizations can detect potential threats easily as AI analyzes interactions 

while considering time, place, and even user movement. All these analytics help calculate the level of 

potential risk at every point. 

AI-based tools based on machine learning ease off the authentication burden on users and infuse 

enhanced security fueled by robust identity management and access controls. 

Organizations need to embrace a holistic cybersecurity strategy that is forward-looking, will reduce 

access and compliance costs, help them stay agile and flexible while accelerating their journey to the 

cloud. 




Murali Palanisamy, chief solutions officer, AppViewX, is 

responsible for overall product vision, development and 

technical direction of AppViewX. Prior to AppViewX, he was 

a Senior Vice President at Bank of America, where he was 

leading the e-commerce application delivery’s architecture 

and engineering team. He also served as VP of Architecture 

and Product Engineering for Merrill Lynch, where he 

designed and developed automation and integration solutions 

for servers, application delivery controllers, IP services and 

networking. Murali can be reached through his LinkedIn and through AppViewX: 

https://www.appviewx.com/talk-to-an-expert/. 







































CyberDefense.TV now has 200 hotseat interviews and growing… 

Market leaders, innovators, CEO hot seat interviews and much more. 

A division of Cyber Defense Media Group and sister to Cyber Defense Magazine. 



Free Monthly Cyber Defense eMagazine Via Email 

Enjoy our monthly electronic editions of our Magazines for FREE. 

This magazine is by and for ethical information security professionals with a twist on innovative consumer 

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our 

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best 

ideas, products and services in the information technology industry. Our monthly Cyber Defense e- 

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare 

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of 

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here 

to sign up today and within moments, you’ll receive your first email from us with an archive of our 

newsletters along with this month’s newsletter. 

By signing up, you’ll always be in the loop with CDM. 

Copyright (C) 2021, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. 

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a 

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com, 

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability 

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465, Cyber 

Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS# 

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com 

All rights reserved worldwide. Copyright © 2021, Cyber Defense Magazine. All rights reserved. No part of this 

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, 

recording, taping or by any information storage retrieval system without the written permission of the publisher 

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of 

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may 

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect 

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content 

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at 



276 Fifth Avenue, Suite 704, New York, NY 1000 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 


www.cyberdefensemagazine.com 

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA) 

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 12/03/2021 



Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH 

(with others coming soon...) 

9+ Years in The Making… 

Thank You to our Loyal Subscribers! 

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know What You Think. It's mobile 

and tablet friendly and superfast. We hope you like it. In addition, we're past the five nines of 7x24x365 

uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) 

around the Globe, Faster and More Secure DNS and CyberDefenseMagazine.com up and running as an 

array of live mirror sites and our new B2C consumer magazine CyberSecurityMagazine.com. Millions of 

monthly readers and new platforms coming…starting with https://www.cyberdefenseprofessionals.com this 

month…

Cyber Defense eMagazine December Edition for 2021

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?