Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For consumers

 

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

By Byron V. Acohido

Warning: count(): Parameter must be an array or an object that implements Countable in /home/lastwatc/public_html/wp/wp-content/plugins/the-excerpt-reloaded.php on line 104

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol.

Related: Why Google’s HTTPS push is a good thing

At the time, just 50 % of Internet traffic used encryption. Today the volume of encrypted network traffic is well over 80% , trending strongly toward 100%, according to Google.

There is no question that TLS is essential, going forward. TLS is the glue that holds together not just routine website data exchanges, but also each of the billions of machine-to-machine handshakes occurring daily to enable DevOps, cloud computing and IoT systems. Without TLS, digital transformation would come apart at the seams.

However, the sudden, super-saturation of TLS, especially over the past two years, has had an unintended security consequence. Threat actors are manipulating TLS to obscure their attack footprints from enterprise network defenses. The bad guys know full well that legacy security systems were designed mainly to filter unencrypted traffic. So cyber criminals, too, have begun regularly using TLS to encrypt their attacks.

TLS functions as the confidentiality and authenticity cornerstone of digital commerce. It authenticates connections that take place between a smartphone and a mobile app, for instance, as well as between an IoT device and a control server, and even between a microservice and a software container. It does this by verifying that the server involved is who it claims to be, based on the digital certificate issued to the server. It then also encrypts the data transferred between the two digital assets. …more

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

By Byron V. Acohido

Warning: count(): Parameter must be an array or an object that implements Countable in /home/lastwatc/public_html/wp/wp-content/plugins/the-excerpt-reloaded.php on line 104

Less than 48 hours after the killing of Iran’s General Qasem Soleimani, the U.S. Department of Homeland Security issued a bulletin calling out Iran’s “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.”

Related: Cyber warfare enters Golden Age

In fact, strategic cyber operations essentially pitting Russia and Iran against the U.S. and Saudi Arabia have been steadily escalating for at least the past decade, with notable spikes in activity throughout the course of 2019.

The Soleimani assassination simply added kerosene to those long-flickering flames. Since the killing, there has been a marked increase in probing for vulnerable servers – focused on industrial control systems in facilities in both the Middle East and North America. This escalation of reconnaissance is being closely monitored by the global cybersecurity and intelligence communities. Jeremy Samide, CEO of Stealthcare, a Cleveland-based cyberthreats intelligence gathering consultancy, is in the midst of it.

Samide and other experts say what’s coming next is very likely to be a series of varied attacks as combatants on all sides leverage footholds gained from ongoing intelligence gathering and malware planting. Evidence of this gelling scenario are called out in a recent report from Dragos, a Maryland-based supplier of industrial controls security systems, and also in a technical report issued earlier this month by Saudi Arabia’s National Cyber Security Center.

Samide

“This isn’t something that’s going to happen overnight,” Samide told me. “Iran’s response will be long and drawn out. There will very likely be a number of smaller and medium-sized attacks, culminating in a larger attack that will be highly coordinated and strike at just the right time. And it might not be Iran directly retaliating alone. It could involve multiple state actors, adversarial to the West, joining forces to co-ordinate an attack, or even multiple attacks.”

There has been plenty of news coverage of certain high-profile Iranian and Russian cyberattacks; not nearly as much on clandestine U.S. and Saudi cyber operations. Clearly, the U.S. is no patsy. The drone strike taking out Soleimani itself demonstrated America’s singular ability to potently blend cyber ops with physical firepower.

Touhill

“Adversaries should remember that our military doctrine identifies cyber as one of our combined arms capabilities,” says Greg Touhill, president of AppGate Federal Group, a Florida-based supplier of software perimeter security systems. “To ignore U.S. cyber capabilities working in conjunction with our other instruments of power would be foolish.”

Here are a few key things everyone should understand about the cybersecurity ramifications spinning out of the Soleimani assassination.

Historical context

There was strong anti-American sentiment woven into the Shamoon “wiper” virus that devastated Saudi oil company Aramaco in August of 2012. Shamoon wiped clean the hard drives of more than 30,000 Aramaco computers forcing a weeklong shut down of the company’s internal network. Buried in the Shamoon code was an image of a burning American flag, intended as an admonishment to the Saudi government for supporting American foreign policy in the Middle East.

…more

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

By Cynthia Lopez Olson

Warning: count(): Parameter must be an array or an object that implements Countable in /home/lastwatc/public_html/wp/wp-content/plugins/the-excerpt-reloaded.php on line 104

Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance.

Related: Bots attack business logic

Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities.

These risks are normally not covered by a general liability policy, which includes coverage only for injuries and property damage. In general, cyber insurance covers things like:

•Legal fees and expenses to deal with a cybersecurity incident

•Regular security audit

•Post-attack public relations

•Breach notifications

•Credit monitoring

•Expenses involved in investigating the attack

•Bounties for cyber criminals

In short, cyber insurance covers many of the expenses that you’d typically face in the wake of cybersecurity event. …more

MY TAKE: Why we should all now focus on restoring stability to US-Iran relations

By Byron V. Acohido

Warning: count(): Parameter must be an array or an object that implements Countable in /home/lastwatc/public_html/wp/wp-content/plugins/the-excerpt-reloaded.php on line 104

As tensions escalate between the U.S. and Iran it’s vital not to lose sight of how we arrived at this point.

Related: We’re in the golden age of cyber spying

Mainstream news outlets are hyper focused on the events of the past six days. A Dec. 27 rocket attack on a military base in northern Iraq killed an American contractor and a number of service members. Protesters attacked the US embassy in Baghdad. President Trump then retaliated by ordering a drone strike that killed a top Iranian military leader,  Gen. Qasem Soleimani.

The open assassination of a top Middle East official has ignited a social media frenzy about how we very well may be on the brink of World War III. I very much hope cooler heads prevail.

Iran accord scuttled

A starting point for cooling things off would be for news pundits — as well as anyone who considers himself or herself a social media influencer, i.e, someone who fosters community discussions — to recall the hostile shove Trump gave Iran last May.

That’s when Trump scuttled the 2015 Iran nuclear deal – which was the result of 10 years of negotiation between Iran and the United Nations Security Council. The 2015 Iran accord, agreed to by President Obama, set limits on Iran’s nuclear programs in exchange for the lifting of nuclear-related sanctions.

For his own reasons, Trump declared the 2015 Iran accord the “worst deal ever,” and has spent the past several months proactively escalating tensions with Iran, for instance, by unilaterally imposing multiple rounds of fresh sanctions.

This, of course, pushed Iran into a corner, and, no surprise, Iran has pushed back. It’s important to keep in mind that Iran, as well as Europe and the U.S., were meeting the terms of the 2015 nuclear deal, prior to Trump scuttling the deal. …more

MY TAKE: Why it’s now crucial to preserve PKI, digital certificates as the core of Internet security

By Byron V. Acohido

Warning: count(): Parameter must be an array or an object that implements Countable in /home/lastwatc/public_html/wp/wp-content/plugins/the-excerpt-reloaded.php on line 104

For decades, the cornerstone of IT security has been Public Key Infrastructure, or PKI, a system that allows you to encrypt and sign data, issuing digital certificates that authenticate the identity of users.

Related: How PKI could secure the Internet of Things

If that sounds too complicated to grasp, take a look at the web address for the home page of this website. Take note of how the URL begins with HTTPS.  The ‘S’ in HTTPS stands for ‘secure.’ Your web browser checked the security certificate for this website, and verified that the certificate was issued by a legitimate certificate authority. That’s PKI in action.

As privacy comes into sharp focus as a priority and challenge for cybersecurity, it’s important to understand this fundamental underlying standard.

Because it functions at the infrastructure level, PKI is not as well known as it should be by senior corporate management, much less the public. However, you can be sure cybercriminals grasp  the nuances about PKI, as they’ve continued to exploit them to invade privacy and steal data.

Here’s the bottom line: PKI is the best we’ve got. As digital transformation accelerates, business leaders and even individual consumers are going to have to familiarize themselves with PKI and proactively participate in preserving it. The good news is that the global cybersecurity community understands how crucial it has become to not just preserve, but also reinforce, PKI. Google, thus far, is leading the way. …more

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

By Byron V. Acohido

I’m privileged to share news that two Last Watchdog articles were recognized in the 2019 Information Management Today MVP Awards. My primer on the going forward privacy and security implications of IoT — What Everyone Should Know About the Promise and Pitfalls of the Internet of Things — won second place in the contest’s IoT Security category.

In addition, my coverage of how the zero trust authentication movement is improving privacy and security at a fundamental level — Early Adopters Find Smart ‘Zero Trust’ Access Improves Security Without Stifling Innovation — won third place in the contest’s Hardware and Software Security category. I’ve been paying close attention to privacy and cybersecurity since 2004, first as a technology reporter …more

BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups — in the field

By Byron V. Acohido

Warning: count(): Parameter must be an array or an object that implements Countable in /home/lastwatc/public_html/wp/wp-content/plugins/the-excerpt-reloaded.php on line 104

Encrypted flash drives, essentially secure storage on a stick, are a proven technology that has been readily available for at least 15 years. A few years back, it seemed like they would fade into obsolescence, swept aside by the wave of streaming services and cloud storage.

Related: Can Europe’s GDPR restore data privacy?

And yet today there is a resurgence in demand for encrypted flash drives. What’s happened is this: Digital transformation has raced forward promoting high-velocity software innovation, with only a nod to security. This trend has opened up vast new tiers of attack vectors – and threat actors are taking full advantage.

Security-conscious companies – the ones who are proactively responding, not just to threat actors having a field day, but also to the specter of paying steep fines for violating today’s stricter data privacy regulations – are paying much closer attention to sensitive data circulating out in the field, as well they should.

Highly secure portable drives make perfect sense in  numerous work scenarios; encrypted flash drives, specifically, are part of a global hardware encryption market on track to climb to $296.4 billion by 2020, up 55% as compared to 2015, according to Allied Market Research. …more