Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

GUEST ESSAY: Taking proactive steps to heal the planet — by reducing the impact of video streaming

By Philippe Wetze

Most folks don’t realize that the Internet contributes more than 3.7 percent of global greenhouse gas emissions.

Related: Big data can foster improved healthcare

Within that, video represents over 80 percent of the traffic that flows through this global network which is growing rapidly at about 25 percent per year. A similar dynamic is taking place over enterprise networks, especially in the wake of the COVID-19 pandemic. A tremendous amount of video traffic is being managed by IT departments. This is why tracking the impact of digital video consumption across the business ecosystem is becoming increasingly important.

Meanwhile, the number of screens consumers use — at home and work — is also multiplying at an astonishing rate. With all these devices, there is an increase in video and encoders to handle the exploding demand for video content, driven by the growth of video-heavy social applications — TikTok and WhatsApp, to name but a few. These factors drive high demand for encoders and decoders.

It is in this context that it is important to focus on the details of video technology. Encoders, for instance, consume significantly more energy than decoders – sometimes as much as 5 to 10 times as much energy, in comparison.

In the past, there was an asynchronous relationship between these two categories of technology. Most video content was created — and encoded — by a much smaller percentage of the population compared to those who consumed (more…)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

By Byron V. Acohido

The IQ of our smart homes is about to level-up.

Hundreds of different types of smart devices designed to automate tasks and route control to our smart phones and wearable devices have arrived on store shelves, just in time for the holiday shopping season.

Related: Extending digital trust globally

Some of these latest, greatest digital wonders will function well together, thanks to the new Matter smart home devices standard, which was introduced one year ago.

However, there’s still a long way to go to achieve deep interoperability of interconnected services in a way that preserves privacy and is very secure. Matter is a bellwether, part of a fresh slate of technical standards and protocols taking shape that will help to ingrain digital trust and pave the way for massively-interconnected, highly-interoperable digital services.

I recently discussed the current state of tech standards with DigiCert’s  Mike Nelson, Global Vice President of Digital Trust and, Dean Coclin, Senior Director of Trust Services, at DigiCert Trust Summit 2023. We drilled down on Matter as well as another new standard,  BIMI, which stands for “brand indicators for message?identification.” BIMI essentially is a carrot-on-a-stick mechanism designed to incentivize e-mail marketers to proactively engage in suppressing email spoofing. Here are my takeaways:

Matter picks up steam

Frustration with smart home devices should be much reduced in 2024. That’s because gadgets that bear the Matter logo are more readily available than ever.  Matter-compliant thermostats, pet cams, vacuum cleaners, kitchen appliances, TVs and security systems can no

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

By Byron V. Acohido

The ubiquity of smart surveillance systems has contributed greatly to public safety.

Related: Monetizing data lakes

Image capture devices embedded far and wide in public spaces help deter crime as well as aid first responders — but they also stir rising concerns about an individual’s right to privacy.

Enter attribute-based encryption (ABE) an advanced type of cryptography that’s now ready for prime time. I’ve had several discussions with scientists who’ve led the development of ABE over the past two decades.

Most recently, I had the chance to visit with Takashi Goto, Vice President, Strategy, and Fang Wu, Consultant, at NTT Research. We discussed how ABE is ready to help resolve some rather sticky privacy issues stemming from widespread digital surveillance – and also do much more.

For a full drill down on this leading-edge form of agile cryptography, please view the accompanying videocast. Here are my takeaways.

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

By Erin Kapcynski

Editor’s note: I recently had the chance to participate in a discussion about the overall state of privacy and cybersecurity with Erin Kapczynski, OneRep’s senior vice president of B2B marketing. OneRep provides a consumer service that scrubs your personal information from Google and dozens of privacy-breaching websites. Here is Erin’s Q&A column, which originally went live on OneRep’s well-done blog.)

For the first expert interview on our blog, we welcomed Pulitzer-winning investigative reporter Byron V. Acohido to share his ideas about the current cyber threat landscape, the biggest threats for businesses today, the role of AI and machine learning in cyberattacks and cyberdefence, and the most effective methods for companies to protect themselves.

Byron is the founder and editor-in-chief of The Last Watchdog on Privacy & Security. He previously chronicled the emergence of cybercrime while covering Microsoft for USA TODAY. His news analysis columns, podcasts, and videos are crafted to foster a useful understanding of complex privacy and cybersecurity developments for

STEPS FORWARD Q&A: Will ‘proactive security’ engender a shift to risk-based network protection?

By Byron V. Acohido

Something simply must be done to slow, and ultimately reverse, attack surface expansion.

Related: What Cisco’s buyout of Splunk really signals

We’re in the midst of driving towards a dramatically scaled-up and increasingly connected digital ecosystem. Companies are obsessed with leveraging cloud-hosted IT infrastructure and the speedy software development and deployment that goes along with that.

And yet it remains all too easy for malicious hackers to get deep access, steal data, spread ransomware, disrupt infrastructure and attain long run unauthorized access.

I heard a cogent assessment of the shift that must take at the Omdia Analyst Summit at Black Hat USA 2023. In a keynote address, Omdia’s Eric Parizo, managing prinicipal analyst, and Andrew Braunberg, principal analyst, unveiled an

Black Hat insights: Generative AI begins seeping into the security platforms that will carry us forward

By Byron V. Acohido

LAS VEGAS – Just when we appeared to be on the verge of materially shrinking the attack surface, along comes an unpredictable, potentially explosive wild card: generative AI.

Related: Can ‘CNAPP’ do it all?

Unsurprisingly, generative AI was in the spotlight at Black Hat USA 2023, which returned to its full pre-Covid grandeur here last week.

Maria Markstedter, founder of Azeria Labs, set the tone in her opening keynote address. Artificial intelligence has been in commercial use for many decades; Markstedter recounted why this potent iteration of AI is causing so much fuss, just now.

Generative AI makes use of a large language model (LLM) – an advanced algorithm that applies deep learning techniques to massive data sets. The popular service, ChatGPT, is based on OpenAI’s LLM, which taps into everything available across the Internet through 2021, plus anything a user cares

FIRESIDE CHAT: Outrageous phone bills stun businesses targeted for ‘SMS toll fraud’

By Byron V. Acohido

SMS toll fraud is spiking. I learned all about the nuances of deploying – and defending – these insidious attacks in a recent visit with Arkose Labs CEO, Kevin Gosschalk, who explained how the perpetrators victimize businesses that use text messages to validate phone users signing up for a new account.

Related: Countering Putin’s weaponizing of ransomware

The fraudsters set themselves up as “affiliates” of phone companies in Indonesia, Thailand and Vietnam and then use bots to apply for online accounts, en masse, at a targeted business. The con: each text message the business then sends in return —  to validate the applicant — generates a fee for the phone company which it shares with the affiliate.

This fraudulent activity usually remains undetected until the business receives a bill for an unusually high number of

RSAC Fireside Chat: Dealing with the return of computing workloads to on-premises datacenters

By Byron V. Acohido

A cloud migration backlash, of sorts, is playing out.

Related: Guidance for adding ZTNA to cloud platforms

Many companies, indeed, are shifting to cloud-hosted IT infrastructure, and beyond that, to containerization and serverless architectures.

However, a “back-migration,” as Michiel De Lepper, global enablement manager, at London-based Runecast, puts it, is also ramping up. This is because certain workloads are proving to be too costly to run in the cloud — resource-intensive AI modeling being the prime example.

I had an evocative discussion about this with De Lepper and his colleague, Markus Strauss, Runecast product leader, at RSA Conference 2023. For a full drill down, please give the accompanying podcast a listen. The duo outlined how

RSAC Fireside Chat: Counteracting Putin’s weaponizing of ransomware — with containment

By Byron V. Acohido

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts.

Related: The Golden Age of cyber espionage

Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Meanwhile, Russia has turned to weaponing ransomware in its attempt to conquer Ukraine, redoubling this threat. Now that RSA Conference 2023 has wrapped, these things seem clear: ransomware is here to stay; it is not, at this moment, being adequately mitigated; and a new approach is needed to slow, and effectively put a stop to, ransomware.

I had the chance to visit with Steve Hahn, EVP Americas, at Bullwall, which is in the vanguard of security vendors advancing ways to instantly contain threat actors who manage to slip inside an organization’s network.

Guest expert: Steve Hahn, EVP Americas, Bullwall

Bullwall has a bird’s eye view of Russia’s ongoing deployment of ransomware attacks against Ukraine, and its allies, especially the U.S.

Weaponized ransomware doubly benefits Russia: it’s lucrative, generating  billions in revenue and thus adding to Putin’s war chest; and at the same time it also weakens a wide breadth of infrastructure of Putin’s adversaries across Europe and North America.

Containment is a logical tactic that could make a big difference in stopping ransomware and other types of attacks. For a full drill down, please give the accompanying podcast a listen. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

 

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

By Kolawole Samuel Adebayo

In an increasingly interconnected world, the evolution of the automotive industry presents an exciting yet daunting prospect.

Related: Privacy rules for vehicles

As vehicles continue to offer modern features such as app-to-car connectivity, remote control access, and driver assistance software, a huge risk lurks in the shadows.

The physical safety of things like airbags, rearview mirrors, and brakes is well accounted for; yet cybersecurity auto safety concerns are rising to the fore.

What used to be a focus on physical safety has now shifted to cybersecurity due to the widened attack surface that connected cars present. The rapid advancements in electric vehicles (EVs) has only served to heighten these concerns.

Funso Richard, Information Security Officer at Ensemble, highlighted the gravity of these threats. He told Last Watchdog that apart from conventional attacks, such as data theft and vehicle theft, much more worrisome types of attacks are emerging. These include ransomware targeting backend servers, distributed denial of service (DDoS) attacks, destructive malware, and even weaponizing charging stations to deploy malware.

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

By Byron V. Acohido

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth?

Preserving privacy for a greater good

A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

Last August, NTT, the Tokyo-based technology giant, unveiled its Health and Wellbeing initiative – an ambitious effort to guide corporate, political and community leaders onto a more enlightened path. NTT, in short, has set out to usher in a new era of human wellness.

Towards this end it has begun sharing videos, whitepapers and reports designed to rally decision makers from all quarters to a common cause. The blue-sky mission is to bring modern data mining and machine learning technologies to bear delivering personalized services that ameliorate not just physical ailments, but also mental and even emotional ones.

That’s a sizable fish to fry. I had a lively discussion with Craig Hinkley, CEO of NTT Application Security, about the thinking behind this crusade. I came away encouraged that some smart folks are striving to pull us in a well-considered direction. For a full drill down, please give the accompanying podcast a listen. Here are a few key takeaways:

A new starting point

Modern medicine has advanced leaps and bounds in my lifetime when it comes to diagnosing and treating severe illnesses. Even so, for a variety of reasons, healthcare sectors in the U.S. and other jurisdictions have abjectly failed over the past 20 years leveraging Big Data to innovate personalized healthcare services.

News alert: Kiteworks forecast lays out risk predictions, strategies for sensitive content in 2024

San Mateo, Calif., November 29, 2023 – Kiteworks, which delivers data privacy and compliance for sensitive content communications through its Private Content Network (PCN), released today its Sensitive Content Communications 2024 Forecast Report.

The report outlines 12 predictions and strategies to help IT, security, risk management, and compliance leaders tackle data privacy and cyber-risk challenges for the coming year.

The extensive report maps out 12 specific predictions based on current trends and expert assessments of the road ahead. Key areas of concern include the proliferation of AI technologies like chatbots that could enable new data breaches, growth in data privacy laws globally with harsher penalties, the rising importance of

News alert: AppDirect poll reveals company leaders losing sleep over cyber risks, compliance

San Francisco, Calif., Nov. 28, 2023 – AppDirect, the world’s leading B2B subscription commerce platform, today released key findings from its IT Business Leaders 2024 Outlook Report.

The study, conducted by independent research firm Propeller Insights, dives into how IT business leaders feel about their security posture in a world where the technologies they embrace to grow and thrive are also vulnerable to constant and increasing threats.

AppDirect’s survey results come at a time when increased security is a growing need for organizations everywhere. According to the Gartner Digital Markets 2023 Global Software Buying Trends report, “42% of buyers say security is the most important factor when planning investment in new software.”

In the AppDirect study, 45% of IT business leaders said they experienced a security breach in

News alert: Hunters’ Team Axon discloses severe privilege escalation flaw in Google Workspace

Boston, Mass. and Tel Aviv, Israel, Nov. 28, 2023 –A severe design flaw in Google Workspace’s domain-wide delegation feature discovered by threat hunting experts from Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges.

Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all of the identities in the target domain. Hunters has responsibly disclosed this to Google and worked closely with them prior to publishing this research.

Domain-wide delegation permits a comprehensive delegation between Google Cloud Platform (GCP) identity objects and Google Workspace applications. In other words, it enables GCP identities to execute tasks on Google SaaS applications, such as Gmail, Google Calendar, Google Drive, and more, on behalf of

GUEST ESSAY: Steps to leveraging ‘Robotic Process Automation’ (RPA) in cybersecurity

By Zac Amos

In cybersecurity, keeping digital threats at bay is a top priority. A new ally in this battle is robotic process automation (RPA.) This technology promises to simplify tasks, boost accuracy and quicken responses.

Related: Gen-AI’s impact on DevSecOps

Robotic process automation is about getting repetitive, rule-based tasks done with the help of software robots, often called “bots.” These bots mimic human actions, handling tasks like data entry, retrieval and processing.

Automation matters in cybersecurity. RPA can be a lifesaver, freeing experts to focus on more complex security challenges.

Nine out of 10 employees want a single solution for their tasks. This emphasizes why automation is essential because it’s a way to make things more efficient and use human resources wisely. Here are some reasons why the role of automation is crucial in cybersecurity:

•Speed and accuracy: Cyber threats happen instantly and automation reacts quickly

News alert: Qualys unveils ‘Enterprise TruRisk Platform’ to help businesses eliminate cyber risks

Foster City, Calif., Nov. 21, 2023 — Qualys, a cloud-based IT, security and compliance solutions leader, unveiled its forward-looking vision of the Qualys Enterprise TruRisk Platform on Nov. 8.

The announcement was made by president and CEO, Sumedh Thakar at the company’s annual Qualys Security Conference in Orlando, Florida. The Qualys Enterprise TruRisk Platform centers around helping customers holistically measure, effectively communicate, and proactively eliminate cyber risk, with a hyper focus on the impact of cyber risk on business risk.

The ground-breaking platform is the maturation of a concept that Qualys began working on 18-months ago through a commitment to deliver powerful security solutions for attack surface management, vulnerability management, and remediation, in addition to providing a higher level of orchestration between these solutions that allow security leaders to better identify, prioritize, and action cyber risk remediation to maximize

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

By John Funk

A hacking gang known as Scattered Spiders soundly defeated the cybersecurity defenses of MGM and Caesars casinos.

Related: Russia puts the squeeze on US supply chain

This cost the Las Vegas gambling meccas more than $100 million while damaging their reputations. As the companies face nine federal lawsuits for failing to protect customer data, it’s abundantly clear hackers have checkmated multi-factor authentication (MFA).

Using a technique known as MFA fatigue, Scattered Spiders put MGM in manual mode and forced Caesars to pay a reported $13 million ransom. For the moment, hackers appear to have the upper hand in the global chess match between cybersecurity professionals and digital criminals.

That’s largely because the splashy headlines and online buzz created by bringing down the pair of casinos will only motivate more mid-level cybercriminals to follow Scattered Spiders’ model, putting wide-reaching businesses at risk of ransomware attacks due to the rise of ransomware-as-a-service models.

Scattered spiders

In early September, Scattered Spiders infiltrated MGM and Caesars using a variety of relatively common hacking techniques. But the coup de gras was how easily they brushed aside the multi-factor authentication protections.

The criminals’ ages are said to range between 17 and 25 years old, and their kung fu was nothing to boast about until