Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For technologists

 

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

By Byron V. Acohido

Ever feel like your smart home has dyslexia?

Siri and Alexa are terrific at gaining intelligence with each additional voice command. And yet what these virtual assistants are starkly missing is interoperability.

Related: Why standards are so vital

Matter 1.0 is about to change that. This new home automation connectivity standard rolls out this holiday season with sky high expectations. The technology industry hopes that Matter arises as the  lingua franca for the Internet of Things.

Matter certified smart home devices will respond reliably and securely to commands from Amazon AlexaGoogle Assistant,  Apple HomeKit or Samsung SmartThings. Think of it: consumers will be able to control any Matter appliance with any iOS or Android device.

That’s just to start. Backed by a who’s who list of tech giants, Matter is designed to take us far beyond the confines of our smart dwellings. It could be the key that securely interconnects IoT systems at a much deeper level, which, in turn, would pave the way to much higher tiers of digital innovation.

I had the chance to sit down, once more, with Mike Nelson, DigiCert’s vice president of IoT security, to discuss the wider significance of this milestone standard.

4 Comments | Read | November 15th, 2022 | For consumers | For technologists | My Take | New Tech | Privacy | Steps forward | Top Stories

GUEST ESSAY: How humans and machines can be melded to thwart email-borne targeted attacks

By Lomy Ovadia

Phishing emails continue to plague organizations and their users.

Related: Botnets accelerate business-logic hacking

No matter how many staff training sessions and security tools IT throws at the phishing problem, a certain percentage of users continues to click on their malicious links and attachments or approve their bogus payment requests.

A case in point: With business losses totaling a staggering $2.4 billion, Business Email Compromise (BEC), was the most financially damaging Internet crime for the seventh year in a row, according to the FBI’s 2022 Internet Crime Report.

BEC uses phishing to trick users into approving bogus business payments to attackers’ accounts. BEC succeeds despite years of training users to recognize and address BEC emails properly and next-generation tools that harness AI,

Comment | Read | November 14th, 2022 | For technologists | Guest Blog Post | Steps forward | Top Stories

SHARED INTEL: The non-stop advance and diversification of ransomware extortion tactics

By Zac Amos

Cybercriminals are becoming more creative as cybersecurity analysts adapt quickly to new ransomware strategies.

Related: How training can mitigate targeted attacks

Ransomware has evolved from classic attacks to more innovative approaches to navigate reinforced security infrastructure.

Here’s how hackers crafting new ransomware extortion tactics to keep analysts on their toes:

Data exfiltration is no more. Most ransomware attacks follow a familiar formula — the hacker gets into a network, grabs data and takes it out to hold onto until the company pays. This storyline is flipped on its head if ransomware hackers decide to destroy information when companies don’t pay the ransom.

This increases the stakes, primarily if entities did not engage in proper backup protocols before the attack. This is known as data destruction. It makes scenarios worse if hackers remain in the network,

Comment | Read | November 7th, 2022 | For consumers | For technologists | Guest Blog Post | Top Stories

FIRESIDE CHAT: Timely employee training, targeted testing needed to quell non-stop phishing

By Byron V. Acohido

Humans are rather easily duped. And this is the fundamental reason phishing persists as a predominant cybercriminal activity.

Related: How MSSPs help secure business networks

Tricking someone into clicking to a faked landing page and typing in their personal information has become an ingrained pitfall of digital commerce.

The deleterious impact on large enterprises and small businesses alike has been – and continues to be — profound. A recent survey of 250 IT and security professionals conducted by Osterman Research for Ironscales bears this out.

The poll found that security teams are spending one-third of their time handling phishing threats every week. The battle has sprawled out beyond email; phishing ruses are increasingly getting seeded via messaging apps, cloud-based file sharing platforms and text messaging services.

Guest expert: Ian Thomas, VP of Product Marketing, Ironscales

Some 80 percent of organizations reported that phishing attacks have  worsened or remained the same over the past 12 months, with detection avoidance mechanisms getting ever more sophisticated.

I had the chance to visit with Ian Thomas, vice president of product marketing at  Ironscales, an Atlanta-based email security company.

We discussed advances in cybersecurity training that combine timely content and targeted training to combat the latest phishing campaigns. For a full drill down, please give the accompanying podcast a listen.

Timely, effective security training of all employees clearly must continue to be part of the regimen of defending modern business networks, even more so as cloud migration accelerates. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

2 Comments | Read | October 25th, 2022 | Best Practices | For consumers | For technologists | Podcasts | Top Stories

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

By Idrees Shafiq

Employee security awareness is the most important defense against data breaches.

Related: Leveraging security standards to protect your company

It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance. As such, you should limit the amount of information that employees have access to.

There are several ways you can protect your business from data breaches.

•Create security awareness for employees. One of the most important ways to protect against data breaches is to increase employee security awareness. Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. With proper training, employees can prevent these attacks before they happen.

While the protection of the company’s assets can never be completely guaranteed, security awareness training should be a top priority for business owners. Without it, a business is vulnerable to a variety of risks, including financial loss, damage to intellectual property, and brand reputation.

Comment | Read | October 24th, 2022 | Best Practices | For technologists | Guest Blog Post | Steps forward | Top Stories

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

By Byron V. Acohido

Standards. Where would we be without them?

Universally accepted protocols give us confidence that our buildings, utilities, vehicles, food and medicines are uniformly safe and trustworthy. At this moment, we’re in dire need of implementing standards designed to make digital services as private and secure as they need to be.

Related: How matter addresses vulnerabilities of smart home devices

A breakthrough is about to happen with the roll out this fall of Matter, a new home automation connectivity standard backed by Amazon, Apple, Google, Comcast and others.

Matter is intended to be the lingua franca for the Internet of Things. It’s only a first step and there’s a long way to go. That said, Matter is an important stake in the ground. To get a full grasp on why Matter matters, I recently visited with Steve Hanna, distinguished engineer at Infineon Technologies, a global semiconductor manufacturer based in Neubiberg, Germany.

For a full drill down on our evocative discussion, please watch the accompanying videocast. Here are the main takeaways:

Comment | Read | October 19th, 2022 | For consumers | For technologists | My Take | New Tech | Privacy | Steps forward | Top Stories | Videos

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

By Vivek Nair and Gonzalo Munilla Garrido

As digital technologies become more immersive and tightly integrated with our daily lives, so too do the corresponding intrusive attacks on user privacy.

Related: The case for regulating facial recognition

Virtual reality (VR) is well positioned to become a natural continuation of this trend. While VR devices have been around in some form since well before the internet, the true ambition of major corporations to turn these devices into massively-connected social “metaverse” platforms has only recently come to light.

These platforms, by their very nature, turn every single gaze, movement, and utterance of a user into a stream of data, instantaneously broadcast to other users around the world in the name of facilitating real-time interaction. But until recently, the VR privacy threat has remained entirely theoretical.

Berkeley RDI is a preeminent source of open-access metaverse privacy research. To test the true extent of data collection in VR, we designed a simple 30-person user study called MetaData. Users were asked to play an innocent-looking “escape room” game in VR, while in the background, machine learning scripts were secretly observing their activity and trying to extract as much information about them as possible.

Comment | Read | October 10th, 2022 | For consumers | For technologists | Guest Blog Post | Privacy | Top Stories

« Newer Articles
Older Articles »