Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact

Best Practices


Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

By Byron V. Acohido

The technology and best practices for treating cybersecurity as a business enabler, instead of an onerous cost-center, have long been readily available.

Related: Data privacy vs data security

However, this remains a novel concept at most companies. Now comes a Forrester Research report that vividly highlights why attaining and sustaining a robust cybersecurity posture translates into a competitive edge.

The report, titled “Embed Cybersecurity And Privacy Everywhere To Secure Your Brand And Business,” argues for a paradigm shift. It’s logical that robust cybersecurity and privacy practices need become intrinsic in order to tap the full potential of massively interconnected, highly interoperable digital systems.

Forrester’s report lays out a roadmap for CIOs, CISOs and privacy directors to drive this transformation – by weaving informed privacy and security practices into every facet of their business; this runs the gamut from physical and information assets to customer experiences and investment strategies.

Last Watchdog engaged Forrester analyst Heidi Shey, the report’s lead author, in a discussion about how this could play out well, and contribute to an overall greater good. Here’s that exchange, edited for clarity and length.

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

By Jeremy Swenson

The National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk.

Related: More background on CSF

However, it’s important to note that most of the framework core has remained the same. Here are the core components the security community knows:

Govern (GV): Sets forth the strategic path and guidelines for managing cybersecurity risks, ensuring harmony with business goals and adherence to legal requirements and standards. This is the newest addition which was inferred before but is specifically illustrated to touch every aspect of the framework. It seeks to establish and monitor your company’s cybersecurity risk management strategy, expectations, and policy.

•Identify (ID): Entails cultivating a comprehensive organizational comprehension of managing cybersecurity risks to systems, assets, data, and capabilities.

GUEST ESSAY: A DIY guide to recognizing – and derailing – Generative AI voice scams

By Alexander Konovalov

Americans lost a record $10 billion to scams last year — and scams are getting more sophisticated.

Related: Google battles AI fakers

Recently used to impersonate Joe Biden and Taylor Swift, AI voice cloning scams are gaining momentum — and one in three adults confess they aren’t confident they’d identify the cloned voice from the real thing.

Google searches for ‘AI voice scams’ soared by more than 200 percent in the course of a few months. Here are a few tips  how to not fall prey to voice cloning scams.

•Laugh. AI has a hard time recognizing laughter, so crack a joke and gauge the person’s reaction. If their laugh sounds authentic, chances are there’s a human on the other end of the line, at least.

News alert: Badge expands availability of ‘Enroll Once and Authenticate on Any Device’ software

San Francisco, Calif., Mar. 7, 2024 — Badge Inc., the award-winning privacy company enabling Identity without Secrets™, today launched a new Partner Program and welcomed Identity Data Management and Analytics provider Radiant Logic as its newest partner.

Radiant Logic joins Badge’s partner network alongside marquee identity partners, Okta and Ping Identity. The new Badge Partner Program further accelerates the adoption and integration of Badge’s privacy-preserving authentication, enabling even more users to benefit from seamless MFA experiences across any device or application without storing user secrets or private keys.

“We are thrilled to be working with Badge, enabling a best-in-class authentication solution that builds on top of our market-leading identity data management and identity analytics capabilities to provide greater privacy and security to our customers,” said Wade Ellery, Field CTO, Radiant Logic.

The integration of Badge brings downstream value to Radiant Logic customers, allowing employees to enroll once and log into any application via RadiantOne using their preferred biometrics and factors of choice for a safe and holistic user experience across any device. By eliminating passwords and stored secrets, Badge bolsters Radiant Logic’s extensible identity data platform to accelerate strategic initiatives such as digital transformation, Zero Trust, automated compliance, and data-driven governance.

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

By Byron V. Acohido

Achieving “digital trust” is not going terribly well globally.

Related: How decentralized IoT boosts decarbonization

Yet, more so than ever, infusing trustworthiness into modern-day digital services has become mission critical for most businesses. Now comes survey findings that could perhaps help to move things in the right direction.

According to DigiCert’s 2024 State of Digital Trust Survey results, released today, companies proactively pursuing digital trust are seeing boosts in revenue, innovation and productivity. Conversely, organizations lagging may be flirting with disaster.

“The gap between the leaders and the laggards is growing,” says Brian Trzupek, DigiCert’s senior vice president of product. “If you factor in where we are in the world today with things like IoT, quantum computing and generative AI, we could be heading for a huge trust crisis.”

DigiCert polled some 300 IT, cybersecurity and DevOps professionals across North America, Europe and APAC. I sat down with Trzupek and Mike Nelson, DigiCert’s Global Vice President of Digital Trust, to discuss the wider implications of the survey findings. My takeaways:

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

By Zac Amos

AI chatbots are computer programs that talk like humans, gaining popularity for quick responses. They boost customer service, efficiency and user experience by offering constant help, handling routine tasks, and providing prompt and personalized interactions.

Related: The security case for AR, VR

AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms. This helps them improve their performance over time by gaining data from interactions.

In 2022, 88% of users relied on chatbots when interacting with businesses. These tools saved 2.5 billion work hours in 2023 and helped raise customer satisfaction to 69% for $0.50 to $0.70 per interaction. Forty-eight percent of consumers favor their efficiency prioritization.

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

By Byron V. Acohido

Notable progress was made in 2023 in the quest to elevate Digital Trust.

Related: Why IoT standards matter

Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be.

We’re not yet at a level of Digital Trust needed to bring the next generation of connected IT into full fruition – and the target keeps moving. This is because the hyper interconnected, highly interoperable buildings, transportation systems and utilities of the near future must necessarily spew forth trillions of new digital connections.

And each new digital connection must be trustworthy. Therein lies the monumental challenge of achieving the level of  Digital Trust needed to carry us forward. And at this moment, wild cards – especially generative AI and quantum computing — are adding to the complexity of that challenge.

I had the opportunity to sit down with DigiCert’s Jason Sabin, Chief Technology Officer and Avesta Hojjati, Vice President of Engineering to chew this over. We met at DigiCert Trust Summit 2023.

We drilled down on a few significant developments expected to play out in 2024 and beyond. Here are my takeaways: