Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Book Excerpts

 

BOOK REVIEW: ‘Security Yearbook’ preserves cybersecurity history — highlights tectonic shift

By Byron V. Acohido

Warning: count(): Parameter must be an array or an object that implements Countable in /home/lastwatc/public_html/wp/wp-content/plugins/the-excerpt-reloaded.php on line 104

Along with Richard Stiennon, I belong to a small circle of journalists and tech industry analysts who’ve been paying close attention to cybersecurity since Bill Gates curtailed commercial work on Windows to rivet Microsoft’s attention on defending its software code.

Related: The role of PKI is securing digital transformation

That was in 2002. Back then, email spam was a nuisance evolving into a potent attack vector, and the top malware innovators were script kiddies seeking bragging rights.  Much has changed; much has remained the same.

Cybersecurity, which started with antivirus suites, spam filters and firewalls, has mushroomed into a $103 billion industry. Companies today spent vast amounts on incredibly sophisticated defenses, such as next-gen firewalls, EDR, DLP and IDS technologies that generate oceans of threat feeds pouring into artificially intelligent  SIEMs, UEBAs and other analytics platforms.

Yet, catastrophic breaches persist. And that’s why Stiennon and I are among the 45,000 or so attendees of RSA Conference 2020 here at San Franscisco’s Moscone Center. This is my 16th RSA.

I recently had a chance to have a rich discussion about the state of cybersecurity with Stiennon, the occasion being him sending me a copy of his new book: Security Yearbook 2020: A History and Directory of the IT Security Industry. Here are takeaways from our discussion:

Preserving history

Steinnon told me he got inspired to write Security Yearbook one year ago at RSA 2019, as he sat in a booth signing copies of previous book, Secure Cloud Transformation. A lot of folks came up to him and told him they were new to the industry and had been sent to RSA to learn it.

Then as he wandered the exhibits floors, Stiennon ran into startup after startup pitching their great new cybersecurity  innovation. “There were all these great ideas that were going to change the world, but it looked just like stuff that came out in the early 2000s,” he says. “I’d tell them about their predecessors in the field, and they’d look at me blankly – they’d never heard of them. …more

GUEST ESSAY: Strategic tactics are key to a robust Cloud Security Posture Management regime

By Yuri Diogenes and Dr. Erdal Ozkaya

Warning: count(): Parameter must be an array or an object that implements Countable in /home/lastwatc/public_html/wp/wp-content/plugins/the-excerpt-reloaded.php on line 104

A cyber strategy is a documented approach to handling various aspects of cyberspace. It is mostly developed to address the cybersecurity needs of an entity by focusing on how data, networks, technical systems, and people are protected. An effective cyber strategy is normally on par with the cybersecurity risk exposure of an entity. It covers all possible attack landscapes that can be targeted by malicious parties.

Editor’s note: This is an excerpt from  Cybersecurity – Attack and Defense Strategies, Second Edition, a detailed overview of Cloud Security Posture Management (CSPM) and an assessment of the current threat landscape.

Cybersecurity is the focal point of most cyber strategies because cyber threats are continuously becoming more advanced as more sophisticated exploit tools and techniques become available to threat actors. Due to these threats, organizations are advised to develop cyber strategies that ensure the protection of their cyber infrastructure from these various threats.

In this article, we introduce how you can build effective cyber defense strategies. Please note, the steps given are meant to help you formulate your own cyber defense strategy and can be customized according to your need.

Understand the Business

The more you know about your business, the better you can secure it. It’s really important to know the Goals of your organization, Objectives, the People you work with, the Industry, the current Trends, your Business risks, how to Risk appetite and tolerance the risks, as well your Most valuable assets. Everything we do must be a reflection of the business requirements which is approved by the senior leadership, as it has been manded also in ISO 27001. …more

GUEST ESSAY: The true cost of complacency, when it comes to protecting data, content

By John Safa

Warning: count(): Parameter must be an array or an object that implements Countable in /home/lastwatc/public_html/wp/wp-content/plugins/the-excerpt-reloaded.php on line 104

Facebook was lucky when the Information Commissioner’s Office (ICO)—the UK’s independent authority set up to uphold information rights in the public interest—hit the U.S. social media company with a £500,000 fine.

Related: Zuckerberg’s mea culpa rings hollow

This penalty was in connection with Facebook harvesting user data, over the course of seven years — between 2007 and 2014. This user data became part of the now infamous Cambridge Analytica scandal.

Facebook was very lucky, indeed, that its misdeeds happened before May 25, 2018. On that date, the EU General Data Protection Regulation (GDPR) came into force.

If its violation had happened after that, the fine could have been up to £17 million or 4 percent of global turnover. Yet, even with the prospect of stupendously steep fines hanging over the heads, insecure enterprises still don’t grasp the true cost of data privacy complacency.

According to research by one law firm, pre-GDPR regulatory fines had almost doubled, on average, between 2017 and 2018, up from £73,191 to £146,412. Those figures pale when stacked against the potential bottom line impact that now exists. …more

MY TAKE: Once upon a time, circa 2003-2004, botnets emerged as the engine of cybercrime

By Byron V. Acohido

Warning: count(): Parameter must be an array or an object that implements Countable in /home/lastwatc/public_html/wp/wp-content/plugins/the-excerpt-reloaded.php on line 104

Betty Carty figured she ought to be in the digital fast lane.

Last Christmas, Carty purchased a Dell desktop computer, then signed up for a Comcast high-speed Internet connection. But her new Windows XP machine crashed frequently and would only plod across the Internet.

(Editor’s note: This 2,200 word article was originally published, Sept. 8, 2004,  in print form as a USA TODAY Money section cover story, part of one of a three part series on the emergence of botnets for systemic criminal use. Botnets are today much larger, stealthier and more sophisticated. They actually pivot off cloud-based services — and they continue to be the engine that drives most forms of Internet-centric hacking.)

Dell was no help. The PC maker insisted — correctly — that Carty’s hardware worked fine.

But in June, Comcast curtailed Carty’s outbound e-mail privileges after pinpointing her PC as a major source of e-mail spam. An intruder had turned Carty’s PC into a “zombie,” spreading as many as 70,000 pieces of e-mail spam a day.

Related article: The care and feeding of botnets in 2017

The soft-spoken Carty, 54, a grandmother of three from southern New Jersey, was flabbergasted. “Someone had broken into my computer,” she says.

Since early 2003, wave after wave of infectious programs have begun to saturate the Internet, causing the number of PCs hijacked by hackers and turned into so-called zombies to soar into the millions — mostly in homes like Carty’s, at small businesses and on college campuses. And, much like zombies of voodoo legend, they mindlessly do the bidding of their masters and help commit crimes online.

Personal computers have never been more powerful — and dangerous. Just as millions of Americans are buying new PCs and signing up for ultrafast Internet connections, cybercrooks are stepping up schemes to take control of their machines — and most consumers don’t have a clue.

“We thought things were bad in 2003, but we’ve seen a sharp uptick in 2004. I’m worried things will get much worse,” says Ed Skoudis, co-founder of consulting firm Intelguardians

Carty’s PC could have been taken over in myriad ways. She could have been fooled into opening a virus-infected e-mail. She might have innocently surfed to a Web page bristling with contagious code. Or she may have done nothing at all. One of dozens of network worms, voracious, self-replicating programs that pinball around the Web searching for security holes in Windows PCs, may have found one on her new PC. …more

VIDEO: Can Shape Security revolutionize Web defense?

By Byron V. Acohido

Shape Security. Remember that name. The Silicon Valley start-up emerged from stealth mode this morning to publicly unveil details of its plan to revolutionize cybersecurity.

If Shape can deliver, its technology could radically disrupt the engine that drives cybercrime: botnets.

Related video: Shape Security creates first “botwall’

A botnet is a sprawling network of thousands of infected PCs or Web servers, referred to as bots. The top dozen or so cybercriminal rings command massive botnets honed to automate and scale up the delivery of spam scams, the carrying out of denial-of-service attacks, the booby-trapping of legit websites and the hijacking of online financial accounts.

Botnets can’t be stopped largely because the bad guys have mastered a technique, called polymorphism, by which they continually …more

The Internet’s 40th anniversary timeline of milestones

The Associated Press and Symantec have each compiled timelines to mark the 40th anniversary of the creation of the Internet. The compilation below begins with LastWatchdog’s description of the current threat landscape. Combined and supplementing the timelines reveal how a military grade experiment, designed with an open architecture that preserves s anonymity, evolved into a global force, embraced with equal fervor by corporations, braggarts and criminals.

Summer of 2009: Bad URLs swamp the Internet. Through the first half of 2009, IBM’s X-Force team tracks a 508% leap in the number of new malicious Web links versus the first half of 2008. Most bad links function as relays to other Web pages …more

Hacking for bragging rights gives way to hacking for ill-gotten profits

Book Excerpt
Chapter 1-Built For Speed
Pages 14- 21
Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity

ISBN- 13: 978-1-4027-5695-5

White Hats, Black Hats, Gray Hats

Mafiaboy

The year is 1999-the close of the twentieth century. “Livin’ la Vida Loca,” Harry Potter, and The Blair Witch Project dominate pop culture. John F. Kennedy, Jr., piloting a small plane to a Martha’s Vineyard wedding, crashes; his wife, her sister, and he die in the tragic accident. Major news organizations hype what turns out to be an inert Y2K threat. Antitrust regulators bear down on Microsoft for using illegal monopolistic practices, while tech darlings …more