Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For consumers

 

NEW TECH: How a ‘bio digital twin’ that helps stop fatal heart attacks could revolutionize medicine

By Byron V. Acohido

Without much fanfare, digital twins have established themselves as key cogs of modern technology.

Related: Leveraging the full potential of data lakes.

A digital twin is a virtual duplicate of a physical entity or a process — created by extrapolating data collected from live settings. Digital twins enable simulations to be run without risking harm to the physical entity; they help inform efficiency gains made in factories and assure the reliability of jet engines, for instance.

As data collection and computer modeling have advanced apace, so have the use-cases for digital twin technology. And as part of this trend, development is now underway to someday bring “biological” digital twins into service.

This is very exciting stuff. It signals the leading edge of digital advances. In our immediate future are digital platforms capable of doing much more than deploying driverless vehicles or enabling joy rides into space. A day is coming when bio digital twins could help to prevent the onset of debilitating diseases and promote wellness.

NTT Research is in the thick of this budding revolution. A division of Japanese telecom giant NTT Group, NTT Research opened its doors in July 2019, assembling the best-and-brightest scientists and researchers to push the edge of the envelope in quantum physics, medical informatics and cryptography.

I had the chance to sit down with Dr. Joe Alexander and Dr. Jon Peterson who are heading up NTT Research’s effort to develop the computational models that would make possible a bio digital twin for the human heart. For a full drill down of our conversation, please give the accompanying podcast a listen. Here are a few key takeaways:

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

By Byron V. Acohido

Application Programming Interface. APIs. Where would we be without them?

Related: Supply-chain exposures on the rise

APIs are the snippets of code that interconnect the underlying components of all the digital services we can’t seem to live without. Indeed, APIs have opened new horizons of cloud services, mobile computing and IoT infrastructure, with much more to come.

Yet, in bringing us here, APIs have also spawned a vast new tier of security holes. API vulnerabilities are ubiquitous and multiplying; they’re turning up everywhere. Yet, API security risks haven’t gotten the attention they deserve. It has become clear that API security needs to be prioritized as companies strive to mitigate modern-day cyber exposures.

Consider that as agile software development proliferates, fresh APIs get flung into service to build and update cool new apps. Since APIs are explicitly used to connect data and services between applications, each fresh batch of APIs and API updates are like a beacon to malicious actors.

Organizations don’t even know how many APIs they have, much less how those APIs are exposing sensitive data. Thus security-proofing APIs has become a huge challenge. APIs are like snowflakes: each one is unique. Therefore, every API vulnerability is necessarily unique. Attackers have taken to poking and prodding APIs to find inadvertent and overlooked flaws; even better yet, from a hacker’s point of view, many properly designed APIs are discovered to be easy to  manipulate — to gain access and to steal sensitive data.

Meanwhile, the best security tooling money can buy was never designed to deal with this phenomenon.

GUEST ESSAY: The shock waves of mental illness have begun exacerbating cybersecurity exposures

By Nitin Chopra

Mental health at work is undergoing a rapid transformation. Even before the COVID-19 pandemic, which has caused an increase in feelings of loneliness and isolation, workers’ mental health was under pressure.

Related: Capital One hacker demonstrated ‘erratic behavior’

According to a recent workforce health survey, 40% of workers experienced mental health issues this past year, double the year before. We are in the midst of a workplace mental health crisis that’s affecting individual employees and entire companies.

While it’s obvious people are not getting the mental health care they need and deserve, and we must do better as a nation, there is an overlooked aspect of this crisis affecting businesses.

The vulnerabilities and challenges associated with declining worker mental health is causing cybersecurity risks to increase, especially from insider threats.

Mental health cyber risks

Many organizations categorize employee mental health and a human resources concern, yet mounting evidence proves that the effects of mental health go much deeper. Declining workplace mental health is affecting cybersecurity in various ways. When an employee is struggling, they may reach a tipping point and become an insider threat. According to Verizon, 22 percent of all security incidents involve insiders.

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

By Rob Gabriele

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts?

Related: Training human sensors

Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Guarding our digital lives (and real-world identities) with just a few keystrokes seems a tactic too simple to ignore, and if users are careful and stick with best practices, these simple measures can be remarkably effective.

Proper password hygiene doesn’t require a degree in rocket science. Follow these four easy tips, and you’ll sleep better and safer at night.

1) Create sufficiently-complex passwords. This may seem obvious, but most users have poor password habits because it’s far simpler to remember your pet’s name and birthday than a combination of random numbers and letters. But simpler passwords are much easier to hack. Anything quickly conceived can be deciphered with the same speed, so forget your old tricks and stick to these ground rules instead:

•Longer is better. The National Institute of Standards and Technology’s (NIST) latest guidelines stress that a password’s length is its most critical component. Make sure your code has at least eight characters, but it’s best to pick a dozen or more.

•Don’t use words or names. Words and phrases are easier to remember but highly susceptible to cracking. Hackers can run through entire dictionaries in seconds, making this approach similar to hiding a key under the doormat.

GUEST ESSAY: The three horsemen of cyber risks: misinformation, disinformation and fake news

By Dr. Pythagoras N. Petratos

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof.

Related: Fake news leveraged in presidential election

Such a transformation however, comes with its own set of risks.

Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Misleading information – comprised of the three horseman of cyber risks: misinformation, disinformation, and fake news — also affects something we rarely stop to consider: business.

The fake news “infodemic” that spread alongside the COVID-19 pandemic also affected the finance sector. For instance, during the lockdown period of 2020, there was a huge surge in fake news and illegal activity related to the financial and other markets.

GUEST ESSAY: How stricter data privacy laws have redefined the ‘filing’ of our personal data

By Patricia Thaine

Filing systems, historically speaking, have been all about helping its users find information quickly.

 Related: GDPR and the new privacy paradigm

Europe’s General Data Protection Regulations (GDPR) changed the game. Generally, filing systems sort by date, department, topic, etc. Legacy filing systems were not built to keep track of the personal data of specific individuals primarily to be in compliance with the many data protection regulations popping up around the world.

Since it took effect in 2018, GDPR’s core guidelines have been copied by LGDP in Brazil, POPIA in South Africa, and the PDPB in India. Under the GDPR, a filing system is defined as “any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis” (GDPR Article 4.6).

We can see, by this definition, that the focus of how filing systems should be organized shifts significantly with a central purpose now being the ability to classify individuals and the personal data an organization collects on them.

MY TAKE: lastwatchdog.com receives recognition as a Top 10 cybersecurity webzine in 2021

By Byron V. Acohido

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures.

Related article: The road to a Pulitzer

While I no longer concern myself with seeking professional recognition for my work, it’s, of course, always terrific to receive peer validation that we’re steering a good course.

That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics. The recognition comes from Cyber Security Hub, a website sponsored by IQPC Digital. We’ve been named one of the Top 10 cybersecurity webzines in 2021.

Here is their very gracious description of what Last Watchdog is all about:

“Founder, contributor and executive editor of the forward-thinking Last Watchdog webzine, Byron V. Acohido is a Pulitzer-winning journalist and web producer. Visit Last Watchdog to view videos, surf cyber news, gain informative analysis and read guest essays from leading lights in the cybersecurity community. Expect content that is always accurate and fair, with recent posts exploring the monitoring of complex modern networks, telecom data breaches that expose vast numbers of mobile users, efforts to make software products safer and ransomware attacks on global supply chains.”