Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

Best Practices


BEST PRACTICES: Blunting ‘BEC’ capers that continue to target, devastate SMBs and enterprises

By John WIlson

It’s no secret that cyberattacks can happen to any business, and we should all be suspicious of messages from unfamiliar senders appearing in our email inboxes.

Related: Deploying human sensors

But surely, we can feel confident in email communications and requests from our organization’s executives and fellow coworkers, right? The short answer: Not always

The reason is the rise in business email compromise (BEC) schemes. This type of targeted phishing or whaling (executive-level) attack tricks email recipients into believing someone they know and trust is asking them to carry out a specific financial task. Here are a few examples of how these insidious campaigns use the power of human relationships to defraud businesses via email:

Scenario 1. A CFO receives an urgent email request from the CEO asking her to pay a supplier invoice immediately. The CFO commonly carries out such tasks and arranges a wire transfer using the account information provided on the invoice. In actuality, the request is coming from a BEC fraud ring, and the payment details direct the funds to an account controlled by the attackers.

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

By Don Boian

Cyberattacks preceded Russia’s invasion of Ukraine, and these attacks continue today as the war unfolds. As the United States and other nations condemn Russia’s actions, the odds of Russian cyber actors targeting the U.S., allied countries, and businesses steadily increases.

Related: Cyber espionage is in a Golden Age

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate.

Each of these organizations performs cyber operations for various reasons. The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Some Russian cyber actors may gather intelligence while others are financially motivated.

Cybercrime is big business as global losses to ransomware are projected to reach $42 billion within the next two years.The economic sanctions that many nations have put in place to influence Russia will most likely trigger an increase in the illicit business of cybercrime to help offset losses to what was legitimate trade.

Cyber attack targets

Russia isn’t the only cyber actor increasing its pace of cyber operations during this time. While the world focuses on Ukraine, other state actors have increased actions to penetrate government and private sector organizations. While you might think that these actors are interested in government and defense information, their operations prove they are interested in much more – including software development and information technology, data analytics, and logistics.

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

By Nathan Sitbon

APIs have become a security nightmare for SMBs and enterprises alike.

Hackers don’t discriminate based on the number of employees or the size of the IT budget. The same types of security risks impact businesses, whatever their size.

Related: Using employees as human sensors

Day in and day out, small-to-medium businesses are targeted by cyberattacks. They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. A primary culprit of these attacks is the lack of understanding of application programming interfaces, or APIs.

SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. According to Forbes, “the first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records.”

These types of attacks can allow hackers to steal massive amounts of sensitive data, disrupt operations, and even take down websites. To protect against these attacks, businesses need to implement a wide range of strong API security measures such as authentication, authorization, encryption, and vulnerability scanning. The sheer number of options has a direct impact on the budget.

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

By Byron V. Acohido

Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become.

Related: The exposures created by API profileration

Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising from enterprises’ deepening reliance on open-source software.

This is all part of corporations plunging into the near future: migration to cloud-based IT infrastructure is in high gear, complexity is mushrooming and fear of falling behind is keeping the competitive heat on. In this heady environment, open-source networking components like Log4j spell opportunity for threat actors. It’s notable that open-source software vulnerabilities comprise just one of several paths ripe for malicious manipulation.

By no means has the cybersecurity community been blind to the complex security challenges spinning out of digital transformation. A methodical drive has been underway for at least the past decade to affect a transition to a new network security paradigm – one less rooted in the past and better suited for what’s coming next.

Log4j bathes light on a couple of solidifying developments. It reinforces the notion that a new portfolio of cloud-centric security frameworks must take hold, the sooner the better. What’s more, it will likely take a blend of legacy security technologies – in advanced iterations – combined with a new class of smart security tools to cut through the complexities of defending contemporary business networks.

GUEST ESSAY: Embracing ‘Zero Trust’ can help cloud-native organizations operate securely

By Jawahar Sivasankaran

Some 96 percent of organizations — according to the recently released 2021 Cloud Native Survey — are either using or evaluating Kubernetes in their production environment, demonstrating that enthusiasm for cloud native technologies has, in the words of the report’s authors, “crossed the adoption chasm.”

Related: The targeting of supply-chain security holes

It’s easy to understand why a cloud-native approach elicits such fervor. By using flexible, modular container technologies such as Kubernetes and microservices, development teams are better equipped to streamline and accelerate the application lifecycle, which in turn enables the business to deliver on their ambitious digital transformation initiatives.

However, despite cloud-native’s promise to deliver greater speed and agility, a variety of legitimate security concerns have kept IT leaders from pushing the throttle on their cloud-native agenda.

According to the most recent State of Kubernetes Security report, more than half (55 percent) of respondents reported that they have delayed deploying Kubernetes applications into production due to security concerns (up 11 percent from the year prior) while 94 percent admitted to experiencing a security incident in their Kubernetes or container environment in the past year.

It’s clear that until we can deliver security at the same velocity in which containers are being built and deployed that many of our cloud-native aspirations will remain unfulfilled.

Cloud-native requirements

Traditionally, developers didn’t think much about application security until after deployment. However, as DevOps and modern development practices such as Continuous Integration and Continuous Delivery (CI/CD) have become the norm, we’ve come to appreciate that bolting security on after the fact can be a recipe for future application vulnerabilities.

Security must be ‘baked in’ rather than ‘brushed on’—and this current ethos has given rise to the DevSecOps movement where security plays a leading role in the DevOps process. However, it’s not enough to simply shoehorn these practices into the dynamic cloud-native development lifecycle.

SHARED INTEL: A foolproof consumer’s guide to creating and managing bulletproof passwords

By Robert Siciliano

It can be a real hassle to keep track of the passwords you use. So many people use the same combination of username and password for every account. However, this isn’t a good idea. In fact, it’s terrible.

Related: Kaseya hack exacerbates supply chain exposures

You see, these days, many data breaches could be traced back to people using the same password across multiple accounts. And once the bad guy finds his way in, especially logging into your email, it is game over. From there, it’s easy to reset the pass code for almost all of your accounts when the bad guy controls your email too.

All it takes is a cracker to find this password, and now every account you have is compromised. And finding that password is even easier. Some studies show as many as 40 billion records were compromised in 2021. Many of those records are passwords.

At ProtectNowLLC.com, we have a tool that has access to over 12 billion compromised records where you can search your username aka your email address to find out if your username and associated password have been compromised on a variety of breached accounts.

Thankfully, there is an easy solution: use a password manager. I’ve had a password manager in place since 2004.

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

By Rob McDonald

It’s an irony often noted about wealth: The more money you have, the more you have to worry about money – managing it, protecting it, nurturing it for further growth.

Related: Using employees as human sensors

For businesses, the same is now true about information. Data has become critical to your organization’s success. At the same time – in fact, as a direct result of data’s central importance – more adversaries are working harder and finding more nefarious ways to steal or otherwise compromise your data. As just one measure, the number of data breaches in the first nine months of 2021 exceeded all those in 2020, a new record.

As the economy grows increasingly data-driven, and as cyber threats proliferate, business leaders recognize they must find a more effective approach to protecting their intellectual property, financial records, employee and customer information, and other sensitive data — while also ensuring their employees’ access to that data is not hindered.

The good news is that there’s a simple way to safeguard your vital information assets, and it’s within reach of virtually every organization.

Proliferating cyber challenges

More than one-half of organizations expect a surge in cyber incidents in 2022. In response, well over two-thirds say they’ll spend more on cybersecurity. But the challenges are accumulating on multiple fronts: