Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Author Archive

 

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

By Rob Gabriele

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts?

Related: Training human sensors

Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Guarding our digital lives (and real-world identities) with just a few keystrokes seems a tactic too simple to ignore, and if users are careful and stick with best practices, these simple measures can be remarkably effective.

Proper password hygiene doesn’t require a degree in rocket science. Follow these four easy tips, and you’ll sleep better and safer at night.

1) Create sufficiently-complex passwords. This may seem obvious, but most users have poor password habits because it’s far simpler to remember your pet’s name and birthday than a combination of random numbers and letters. But simpler passwords are much easier to hack. Anything quickly conceived can be deciphered with the same speed, so forget your old tricks and stick to these ground rules instead:

•Longer is better. The National Institute of Standards and Technology’s (NIST) latest guidelines stress that a password’s length is its most critical component. Make sure your code has at least eight characters, but it’s best to pick a dozen or more.

•Don’t use words or names. Words and phrases are easier to remember but highly susceptible to cracking. Hackers can run through entire dictionaries in seconds, making this approach similar to hiding a key under the doormat.

GUEST ESSAY: The three horsemen of cyber risks: misinformation, disinformation and fake news

By Dr. Pythagoras N. Petratos

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof.

Related: Fake news leveraged in presidential election

Such a transformation however, comes with its own set of risks.

Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Misleading information – comprised of the three horseman of cyber risks: misinformation, disinformation, and fake news — also affects something we rarely stop to consider: business.

The fake news “infodemic” that spread alongside the COVID-19 pandemic also affected the finance sector. For instance, during the lockdown period of 2020, there was a huge surge in fake news and illegal activity related to the financial and other markets.

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

By Balraj Dhillon

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience.

Related: Hackers relentlessly target healthcare providers

However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. This data is managed by different entities, such as primary care facilities, acute care facilities and within associated applications that collect, store and track health data, creating numerous exposure vulnerabilities.

There are many reasons for the vulnerable state of healthcare data. One significant factor is the merger and acquisition renaissancethat the healthcare industry is undergoing, which according to a new report from Moody’s Investors Service is expected to continue.

Healthcare organizations pursue merger and acquisitions for many reasons, including improving the ability to meet patient consumerization requirements, providing more

GUEST ESSAY: How stricter data privacy laws have redefined the ‘filing’ of our personal data

By Patricia Thaine

Filing systems, historically speaking, have been all about helping its users find information quickly.

 Related: GDPR and the new privacy paradigm

Europe’s General Data Protection Regulations (GDPR) changed the game. Generally, filing systems sort by date, department, topic, etc. Legacy filing systems were not built to keep track of the personal data of specific individuals primarily to be in compliance with the many data protection regulations popping up around the world.

Since it took effect in 2018, GDPR’s core guidelines have been copied by LGDP in Brazil, POPIA in South Africa, and the PDPB in India. Under the GDPR, a filing system is defined as “any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis” (GDPR Article 4.6).

We can see, by this definition, that the focus of how filing systems should be organized shifts significantly with a central purpose now being the ability to classify individuals and the personal data an organization collects on them.

MY TAKE: lastwatchdog.com receives recognition as a Top 10 cybersecurity webzine in 2021

By Byron V. Acohido

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures.

Related article: The road to a Pulitzer

While I no longer concern myself with seeking professional recognition for my work, it’s, of course, always terrific to receive peer validation that we’re steering a good course.

That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics. The recognition comes from Cyber Security Hub, a website sponsored by IQPC Digital. We’ve been named one of the Top 10 cybersecurity webzines in 2021.

Here is their very gracious description of what Last Watchdog is all about:

“Founder, contributor and executive editor of the forward-thinking Last Watchdog webzine, Byron V. Acohido is a Pulitzer-winning journalist and web producer. Visit Last Watchdog to view videos, surf cyber news, gain informative analysis and read guest essays from leading lights in the cybersecurity community. Expect content that is always accurate and fair, with recent posts exploring the monitoring of complex modern networks, telecom data breaches that expose vast numbers of mobile users, efforts to make software products safer and ransomware attacks on global supply chains.”

MY TAKE: For better or worse, machine-to-machine code connections now form much of the castle wall

By Byron V. Acohido

Managing permissions is proving to be a huge security blind spot for many companies.

Related: President Biden’s cybersecurity order sets the stage

What’s happening is that businesses are scaling up their adoption of multi-cloud and hybrid-cloud infrastructures. And in doing so, they’re embracing agile software deployments, which requires authentication and access privileges to be dispensed, on the fly, for each human-to-machine and machine-to-machine coding connection.

This frenetic activity brings us cool new digital services, alright. But the flip side is that companies have conceded to a dramatic expansion of their cloud attack surface – and left it wide open to threat actors.

“The explosion in the number of human and non-human identities in the public cloud has become a security risk that businesses simply can’t ignore,” observes Eric Kedrosky, CISO at Sonrai Security.

I’ve had a couple of deep discussions with Kedrosky about this. Based in New York City, Sonrai is a leading innovator in a nascent security discipline, referred to as Cloud Infrastructure Entitlement Management (CIEM,)

GUEST ESSAY: Here’s what every business should know — and do — about CaaS: crime-as-a-service

By Jack Chapman

It doesn’t matter if you want to learn a new language or figure out how to fix your broken clothes dryer; the tools, tutorials, and templates you need are available online.

Related: Enlisting ‘human sensors’

Unfortunately, with crime-as-a-service, the same is true for people interested in trying their hand at cybercrime. The dark web provides virtually everything potential attackers need to make their move.

Let’s look closely at precisely what crime-as-a-service (CaaS) is, why it’s so dangerous, and how your business can defend itself.

CaaS variants

Experts define  CaaS as what happens when sophisticated hackers and criminals work together to create technology, toolkits, and methodologies geared toward carrying out cyberattacks. CaaS is happening with increasing regularity. For example, an Illinois man recently faced conviction for running a website that allowed users to buy subscriptions to launch distributed denial of service (DDoS) attacks against computer networks.