Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For consumers

 

GUEST ESSAY: ‘Identity Management Day’ highlights the importance of securing digital IDs

By Jerome Becquart

The second Tuesday of April has been christened “Identity Management Day” by the Identity Defined Security Alliance, a trade group that provides free, vendor-neutral cybersecurity resources to businesses.

Related: The role of facial recognition

Today, indeed, is a good a time as any to raise awareness about cyber exposures that can result from casually or improperly managing and securing digital identities. Here are five tips for securely managing identities across the new, hybrid work environment:

•Think granularly. The first mistake a lot of organizations make when planning their identity management strategy is not considering every identity on their network. Sure, a lot think about their users and what types of credentials they’ll need for their various systems. But what about the numerous machines on a company’s network, like mobile devices, servers, applications, and IoT devices?

Machines are dramatically increasing, and require a solution that will identify these identities, authenticate them, and then secure their interactions across the network.  IT leaders need to consider PKI-based solutions for managing their machine identities, so their IT teams can issue certificates to their machines, track what is on their network, and encrypt the communication between the devices. This will prevent falsified entities from entering the network and putting data at risk.

•Verify email. In the face of phishing threats, many companies focus their investments on anti-malware software or new technology to prevent threats from getting through. Unfortunately, some of these emails will inevitably slip through the cracks.

ROUNDTABLE: Mayorkas’ 60-day cybersecurity sprints win support; also a prove-it-to-me response

By Byron V. Acohido

The Biden Administration is wasting no time fully re-engaging the federal government in cybersecurity.

Related: Supply-chains become top targets

Homeland Security Secretary Alejandro Mayorkas has assumed a very visible and vocal role. Mayorkas has been championing an extensive portfolio of initiatives to rally public-private collaboration to fend off cyber criminals and state-sponsored threat actors.

The need is great, of course. The Solarwinds hack and Microsoft Exchange breach, not to mention the latest rounds of massive thefts of personal data from Facebook and LinkedIn demonstrate this in spades.

Mayorkas announced a series of 60-day sprints to quell ransomware and to bolster the cyber defenses of industrial control systems, transportation networks and election systems. Mayorkas also pledged to increase the diversity of the Cybersecurity and Infrastructure Security Agency’s workforce, noting that roughly a third of CISA’s workers are part of minority groups.

This reminds me of how President Obama used his bully pulpit back in 2015 to promote accelerated sharing of threat intelligence and to push for a consumers’ bill of rights for online privacy.

SHARED INTEL: IT pros gravitate to ‘passwordless’ authentication to improve security, boost agility

By Byron V. Acohido

Passwordless authentication as a default parameter can’t arrive too soon.

Related: Top execs call for facial recognition to be regulated

The good news is that passwordless technologies are not only ready for prime time, they appear to be gaining traction in ways that suggest we’re on the cusp of a period of wide-scale adoption. That’s the upshot of a new report, The State of Passwordless Security 2021, put out by HYPR, a New York City-based supplier of advanced authentication systems.

HYPR polled 427 IT professionals and found a high level of awareness about passwordless authenticators — and not just for enhanced security. The IT pros also recognized how passwordless systems contribute to operational agility, as well, and they’ve begun to factor this into their planning.

Some 91 percent of the respondents agreed that passwordless authentication was important to stop credential theft and phishing. Meanwhile, 64 percent saw value in improving user experiences and 21 percent said it could help achieve digital transformation.

“Adoption of passwordless authentication is moving faster than we expected,” says George Avetisov, HYPR’s co-founder and chief executive officer. “The rise of remote work has created a huge urgency around adopting passwordless multifactor authentication, and the no.1 use case is remote access.”

I recently sat down with Avetisov to discuss a few other notable findings in HYPR’s study. For a full drill down on our conversation, please give a listen to the accompanying podcast. Here are a few big takeaways.

GUEST ESSAY: Remote workforce exposures exacerbate cybersecurity challenges in 2021

By Nick Campbell

The start of 2021 brings forth a cyber security crossroads. Many people are in the process of shifting back into office operations while balancing the potential risks and benefits of remote work.

Related: Breaches spike during pandemic

For some malicious hackers and IT experts, this could represent an opening. From the known compromise vectors to the most recent threats, hackers are constantly on the lookout for new strategies to bypass IT notice, out maneuver defense setups, and take advantage of new weaknesses.

Targeting remote workers

One of the most concerning cybersecurity trends this year is closely connected to 2020. Many IT experts are warning that it won’t be long before hackers compromise several unprotected home networks simultaneously to manufacture a forceful and large-scale breach of vital services and systems.

Many employees don’t have a wide range of security protections. They’ll most likely use broadband connections for their work and for personal reasons. This increases the corporate attack surface to dangerous levels.

To minimize the chances of attack, enterprises need to double down on IAM with devices that can effectively monitor user activities, corporate connective behaviors, and resource requests in a bid to streamline sign-in. Additional authentication is also needed in case potential complications are indicated.

Ransomware and fileless malware breaches will rapidly continue to destabilize businesses in 2021. These kinds of attacks are configured to evade most detection control measures and compromise critical systems by taking advantage of the approved software and platform tools found within the corporate network.

GUEST ESSAY: ‘Cybersecurity specialist’ tops list of work-from-home IT jobs that need filling

By Scott Orr

Even before the COVID-19 pandemic turned many office workers into work-from-home (WFH) experts, the trend toward working without having to commute was clear.

Related: Mock attacks help SMBs harden defenses

As internet bandwidth has become more available, with homes having access to gigabit download speeds, a whole new world of career paths has opened for those who want to control their work hours and conditions. Maybe you want better pay, to be home near your kids or you just like the idea of avoiding the daily drive to an office. Whatever the reason, you can likely find work online.

One of the hottest fields right now on the WFH radar is the information technology (IT) sector. But you’ll first need to learn the specifics to get to work. Fortunately, there are online classes you can take to get that knowledge – and best of all, you can take them for free.  Let’s look at what’s available and how you might jumpstart a new career.

Most IT jobs require you to have some sort of experience before you can start charging enough to make them viable as full-time employment. And some are more like a side hustle or temp job.

Having said that, here are some examples of IT careers you can learn online through free courses:

Security specialist

The more we do online, the more criminals want to take advantage of us. That makes fighting cybercrime a definite growth industry. A wide range of companies, in just about every field, are adding computer security specialists. In fact, these jobs are expected to increase a whopping 31% by 2029. This job involves planning and implementing security measures for large and small companies that rely on computer networks. You will need to develop the ability to anticipate techniques used in future cyberattacks so they can be prevented.

MY TAKE: Why ‘basic research’ is so vital to bringing digital transformation to full fruition

By Byron V. Acohido

Basic research, also called pure research, is aimed at advancing scientific theories unfettered by commercial interests.

Related: The case for infusing ethics into Artifical Intelligence.

Basic research is the foundational theorizing and testing scientists pursue in order to advance their understanding of a phenomenon in the natural world, and, increasingly, in the digital realm. NTT Research opened its doors in Silicon Valley in July 2019 to help nurture basic research in three subject areas that happen to be at the core of digital transformation: quantum physics, medical informatics and cryptography.

Backed by Japanese telecom giant NTT Group, this new facility instantly jumped into the vanguard of basic research already underway that will eventually enable the routine use of quantum computers, which, in turn, will open the door to things like driverless cars and Star Trekkian medical treatments.

Along the way, of course, cybersecurity must get addressed. Ongoing basic research in advanced cryptography concepts is pivotal to putting the brakes on widening cyber risks and ultimately arriving at a level of privacy and security that makes sense.

I had a lively discussion about all of this with NTT Research’s Kazuhiro Gomi, president and chief executive officer, and Kei Karasawa, vice president of strategy. These senior executives wholeheartedly support the concept of basic research. Yet at the same time, they’re also charged with keeping an eye on the eventual “productization” of all this rarefied research. For a full drill down on this conversation, please give the accompanying podcast a listen. Here are a few key takeaways:

‘Big dreams’

Lots of big companies sponsor basic research; it’s how progress gets made. An estimated 60% of research and development in scientific and technical fields is carried out by private industry, with academic institutions and government accounting for 20% and 10%, respectively, according to the Organization for Economic Cooperation and Development.

NTT Group, for instance, typically spends more than $3.6 billion annually for … more

MY TAKE: Apple users show strong support for Tim Cook’s privacy war against Mark Zuckerberger

By Byron V. Acohido

Like a couple of WWE arch rivals, Apple’s Tim Cook and Facebook’s Mark Zuckerberg have squared off against each other in a donnybrook over consumer privacy.

Cook initially body slammed Zuckerberg — when Apple issued new privacy policies aimed at giving U.S. consumers a smidgen more control over their personal data while online.

Related: Raising kids who care about their privacy

Zuckerberg then dropped kicked Cook by taking out full-page newspaper ads painting Apple’s social responsibility flexing as bad for business; he then hammered Cook with a pop-up ad campaign designed to undermine Apple’s new privacy policies.

But wait. Here’s Cook rising from the mat to bash Z-Man at the Brussels’ International Privacy Day, labeling his tormentor as an obsessive exploiter who ought to be stopped from so greedily exploiting consumers’ digital footprints for his personal gain.

This colorful chapter in the history of technology and society isn’t just breezing by unnoticed. A recent survey of some 2,000 U.S. iPhone and iPad users, conducted by SellCell.com, a phone and tech trade-in website, shows American consumers are tuned in and beginning to recognize what’s at stake.

Fully 72 percent of those polled by SellCell said they were aware of new privacy changes in recent Apple software updates, not just in a cursory manner, but with a high level of understanding; some 42 percent said they understood the privacy improvements extremely well or at least very well, while 21 percent said they understood them moderately well.

Another telling finding: some 65 percent of respondents indicated they were extremely or very concerned about websites and mobile apps that proactively track their online behaviors, while only 14 percent said they were not at all concerned.