Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

GUEST ESSAY: Has shielding and blocking electromagnetic energy become the new normal?

By Nikoline Arns

Surrounded by the invisible hum of electromagnetic energy, we’ve harnessed its power to fuel our technological marvels for decades.

Related: MSFT CEO calls for regulating facial recognition tech

Tesla’s visionary insights from 1900 hinted at the potential, and today, we bask in the glow of interconnected networks supporting our digital lives. Yet, as we embrace this wave of connectivity, we often overlook the pressing need for protection.

Since 1984, when Japan’s pioneering 1G network blanketed the nation, we’ve been swept up in the excitement of progress. But let’s pause and consider—how often do we truly contemplate safeguarding ourselves from the very forces that fuel our interconnected world?

Link to identities

Over the past decade, mobile data traffic has surged an astonishing 4,000-fold, while an additional 400 million users have joined the digital realm over the past 15 years. As we venture into the era of 5G and witness the rise of private networks, the surge of electromagnetic charge is (more…)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

Black Hat Fireside Chat: In a hyper-connected world, effectively securing APIs is paramount

By Byron V. Acohido

APIs. The glue of hyper connectivity; yet also the wellspring of risk.

Related: The true scale of API breaches

I had an enlightening discussion at Black Hat USA 2023 with Traceable.ai Chief Security Officer Richard Bird about how these snippets of code have dramatically expanded the attack surface in ways that have largely been overlooked.

Please give the accompanying podcast a listen. Traceable supplies systems that treat APIs as delicate assets requiring robust protection. At the moment, Bird argues, that’s not how most companies view them.

All too many organizations, he told me, have no clue about how many APIs they have, where they reside and what they do. A good percentage of APIs, he says, lie dormant – low hanging fruit for hackers who are expert at

Breaking News Q&A: What Cisco’s $28 billion buyout of Splunk foretells about cybersecurity

By Byron V. Acohido

There’s a tiny bit more to Cisco’s acquisition of Splunk than just a lumbering hardware giant striving to secure a firmer foothold in the software business.

Related: Why ‘observability’ is rising to the fore

Cisco CEO Chuck Robbins has laid down a $28 billion bet that he’ll be able to overcome challenges Cisco is facing as its networking equipment business slows, beset by supply chain issues and reduced demand, post Covid 19.

As a leading supplier of advanced security information and event management (SIEM) technology, Splunk happens to find itself in the thick of a tectonic shift. Network security is getting reconstituted. A new tier of overlapping, interoperable, highly automated security platforms is rapidly taking shape. In this milieu, SIEM systems have emerged as the telemetry ingestion engine, of choice, to help companies figure out how to effectively monitor — and securely manage —  hyper-connected software.

Last Watchdog engaged Forrester Principal Analyst Allie Mellen in a discussion about the cybersecurity angle

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

By Neil Taurins

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority.

Related: SMBs too often pay ransom

Small businesses, including nonprofit organizations, are not immune to cyberattacks. The average cost of a cybersecurity breach was $4.45 million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks in 2020, according to the Small Business Association.

Nonprofits are equally at risk, and often lack cybersecurity measures. According to Board Effect, 80% of nonprofits do not have a cybersecurity plan in place.

Given the risk involved, small businesses and nonprofits must consider prioritizing cybersecurity policies and practices to stay protected, retain customers, and remain successful. Financial information is one of the most frequently targeted areas, so it’s crucial

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

By Byron V. Acohido

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe.

Preserving privacy for a greater good

This is to be expected. After all, government mandates combined with industry standards are the twin towers of public safety. Without them the integrity of our food supplies, the efficacy of our transportation systems and reliability of our utilities would not be what they are.

When it comes to IoT, we must arrive at specific rules of the road if we are to tap into the full potential of smart cities, autonomous transportation and advanced healthcare.

In the absence of robust, universally implemented rules of the road, cybercriminals will continue to have the upper hand and wreak even more havoc than they now do. Threat actors all-too-readily compromise, disrupt and maliciously manipulate the comparatively simple IoT systems we havein operation today.

I had an eye-opening conversation about all of this with Steve Hanna, distinguished engineer at Infineon Technologies, a global semiconductor manufacturer based in Neubiberg, Germany. We went over how governments around the world are stepping up their efforts to impose IoT security legislation and regulations designed to keep users safe.

This is happening at the same time as tech industry consortiums are

Black Hat insights: Generative AI begins seeping into the security platforms that will carry us forward

By Byron V. Acohido

LAS VEGAS – Just when we appeared to be on the verge of materially shrinking the attack surface, along comes an unpredictable, potentially explosive wild card: generative AI.

Related: Can ‘CNAPP’ do it all?

Unsurprisingly, generative AI was in the spotlight at Black Hat USA 2023, which returned to its full pre-Covid grandeur here last week.

Maria Markstedter, founder of Azeria Labs, set the tone in her opening keynote address. Artificial intelligence has been in commercial use for many decades; Markstedter recounted why this potent iteration of AI is causing so much fuss, just now.

Generative AI makes use of a large language model (LLM) – an advanced algorithm that applies deep learning techniques to massive data sets. The popular service, ChatGPT, is based on OpenAI’s LLM, which taps into everything available across the Internet through 2021, plus anything a user cares

STEPS FORWARD: Can ‘CNAPP’ solutions truly unify cloud, on-premises best cybersecurity practices?

By Byron V. Acohido

A fledgling security category referred to as Cloud-Native Application Protection Platforms (CNAPP) is starting to reshape the cybersecurity landscape.

Related: Computing workloads return on-prem

CNAPP solutions assemble a varied mix of security tools and best practices and focuses them on intensively monitoring and managing cloud-native software, from development to deployment.

Companies are finding that CNAPP solutions can materially improve the security postures of both cloud-native and on-premises IT resources by unifying security and compliance capabilities. However, to achieve this higher-level payoff, CISOs and CIOs must first bury the hatchet and truly collaborate – a bonus return.

In a ringing endorsement, Microsoft recently unveiled its CNAPP offering, Microsoft Defender for Cloud; this is sure to put CNAPP on a rising adoption curve with many of the software giant’s enterprise customers, globally. Meanwhile, Cisco on May 24 completed its acquisition of Lightspin, boosting its CNAPP capabilities, and Palo Alto Networks has continued to steadily sharpen its CNAPP chops, most recently with the acquisition of Cider Security.

At RSA Conference 2023, I counted at least 35 other vendors aligning their core services to CNAPP, in one way or another;

FIRESIDE CHAT: Outrageous phone bills stun businesses targeted for ‘SMS toll fraud’

By Byron V. Acohido

SMS toll fraud is spiking. I learned all about the nuances of deploying – and defending – these insidious attacks in a recent visit with Arkose Labs CEO, Kevin Gosschalk, who explained how the perpetrators victimize businesses that use text messages to validate phone users signing up for a new account.

Related: Countering Putin’s weaponizing of ransomware

The fraudsters set themselves up as “affiliates” of phone companies in Indonesia, Thailand and Vietnam and then use bots to apply for online accounts, en masse, at a targeted business. The con: each text message the business then sends in return —  to validate the applicant — generates a fee for the phone company which it shares with the affiliate.

This fraudulent activity usually remains undetected until the business receives a bill for an unusually high number of

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

By Kolawole Samuel Adebayo

In an increasingly interconnected world, the evolution of the automotive industry presents an exciting yet daunting prospect.

Related: Privacy rules for vehicles

As vehicles continue to offer modern features such as app-to-car connectivity, remote control access, and driver assistance software, a huge risk lurks in the shadows.

The physical safety of things like airbags, rearview mirrors, and brakes is well accounted for; yet cybersecurity auto safety concerns are rising to the fore.

What used to be a focus on physical safety has now shifted to cybersecurity due to the widened attack surface that connected cars present. The rapid advancements in electric vehicles (EVs) has only served to heighten these concerns.

Funso Richard, Information Security Officer at Ensemble, highlighted the gravity of these threats. He told Last Watchdog that apart from conventional attacks, such as data theft and vehicle theft, much more worrisome types of attacks are emerging. These include ransomware targeting backend servers, distributed denial of service (DDoS) attacks, destructive malware, and even weaponizing charging stations to deploy malware.

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

By Byron V. Acohido

The Internet of Everything (IoE) is on the near horizon.

Related: Raising the bar for smart homes

Our reliance on artificially intelligent software is deepening, signaling an era, just ahead, of great leaps forward for humankind.

We would not be at this juncture without corresponding advances on the hardware side of the house. For instance, very visibly over the past decade, Internet of Things (IoT) computing devices and sensors have become embedded everywhere.

Not as noticeably, but perhaps even more crucially, big advances have been made in semiconductors, the chips that route electrical current in everything from our phones and laptops to automobile components and industrial plant controls.

I recently visited with Thomas Rosteck, Division President of Connected Secure Systems (CSS) at Infineon Technologies, a global semiconductor manufacturer based in Neubiberg, Germany. We discussed how the Internet of Things, to date, has been all about enabling humans to leverage smart devices for personal convenience.

“What has changed in just the past year is that things are now starting to talk to other things,” Rosteck observes. “Smart devices and IoT systems are beginning to interconnect with each other and this is only going to continue.”

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

By Byron V. Acohido

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth?

Preserving privacy for a greater good

A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

Last August, NTT, the Tokyo-based technology giant, unveiled its Health and Wellbeing initiative – an ambitious effort to guide corporate, political and community leaders onto a more enlightened path. NTT, in short, has set out to usher in a new era of human wellness.

Towards this end it has begun sharing videos, whitepapers and reports designed to rally decision makers from all quarters to a common cause. The blue-sky mission is to bring modern data mining and machine learning technologies to bear delivering personalized services that ameliorate not just physical ailments, but also mental and even emotional ones.

That’s a sizable fish to fry. I had a lively discussion with Craig Hinkley, CEO of NTT Application Security, about the thinking behind this crusade. I came away encouraged that some smart folks are striving to pull us in a well-considered direction. For a full drill down, please give the accompanying podcast a listen. Here are a few key takeaways:

A new starting point

Modern medicine has advanced leaps and bounds in my lifetime when it comes to diagnosing and treating severe illnesses. Even so, for a variety of reasons, healthcare sectors in the U.S. and other jurisdictions have abjectly failed over the past 20 years leveraging Big Data to innovate personalized healthcare services.

ROUNDTABLE: CISA’s prominent role sharing threat intel could get choked off this weekend

By Byron V. Acohido

Once again, politicians are playing political football, threatening a fourth partial government shutdown in a decade.

Related: Biden’s cybersecurity strategy

As this political theater runs its course one of the many things at risk is national security, particularly on the cyber warfare front.

Given the divergent paths of the U.S. Senate and the U.S. House of representatives, federal agencies could see funding largely choked off on Sunday, resulting in the furloughing of hundreds of thousands of federal workers.

A wide range of federal government services, once more, would slow to a crawl —  everything from economic data releases to nutrition benefits for poor children. And the Cybersecurity and Infrastructure Security Agency (CISA) may be forced to send home some 80 percent of its workforce, drastically shrinking its capabilities as a catalyst for public-private sharing of fresh

News alert: Wisner Baum lawsuit alleges joint spyware scheme by Google, Meta, H&R Block

Los Angeles, Calif.,  Sept. 27, 2023 — Citing organized crime statutes, attorneys with Wisner Baum have filed the first RICO class action alleging that H&R Block, Meta, and Google jointly schemed to install spyware on the H&R Block site, scraping customers’ private tax return information for profit.

The suit comes on the heels of a July 2023 congressional report which found “a shocking breach of taxpayer privacy” when tax preparation companies shared millions of customers’ personal and financial information with Meta and Google, which used that information to create targeted ads.

The congressional report describes how Meta and Google helped H&R Block and other tax prep firms place “pixels” on the websites where customers entered tax information, in order to share that information with Meta and Google. The report found firms like H&R Block were “shockingly careless with their treatment of taxpayer data,” and that Meta had used this data to

News alert: DigitalAPICraft and Google partner to simplify development, integration of new apps

London, UK and Austin, Tex., Sept. 27, 2023 — Organisations around the world are rushing to build API (application programming interface) marketplaces to foster greater connectivity between them and their partners and users.

Global spend on API marketplaces is set to reach $50b by 2030 and helping organizations make them a success, DigitalAPICraft is today announcing their partnership with Google and the appointment of HSBC exec Marco Tedone as CTO as they scale the business.

APIs form the connection points between platforms and ecosystems. Every connected mobile app, every website and every application deployed on a cloud service uses APIs and the number of APIs within organizations is growing rapidly. This has led to the prominence of API marketplaces which provide numerous benefits to developers and organizations. They simplify the process of designing and developing new applications and integrating and managing existing ones.

A major advantage of the API marketplace is improved collaboration, as APIs facilitate seamless communication among various cloud applications and platforms. This allows for automated workflows and

News alert: ACM TechBrief lays out risks, policy implications of generative AI technologies

New York, NY, Sept. 27, 2023 – ACM, the Association for Computing Machinery has released “TechBrief: Generative Artificial Intelligence.”

It is the latest in the quarterly ACM TechBriefs series of short technical bulletins that present scientifically grounded perspectives on the impact and policy implications of specific technological developments in computing.

“TechBrief: Generative AI” begins by laying out a core challenge: the rapid commercialization of GenAI poses multiple large-scale risks to individuals, society, and the planet that require a