Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For technologists

 

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

By Alexey Kessenikh

Working with personal data in today’s cyber threat landscape is inherently risky.

Related: The dangers of normalizing encryption for government use

It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. This can include:

Security contours. Setting up security contours for certain types of personal data can be useful for:

•Nullifying threats and risks applicable to general infrastructural components and their environment.

•Planning required processes and security components when initially building your architecture.

•Helping ensure data privacy.

Unique IDs. It is also possible to obfuscate personal data by replacing it with unique identifiers (UID). This de-risks personal data that does not fit in a separate security contour.

Implementing a UID system can reduce risk when accessing personal data for use in analytical reports, statistical analysis, or for client support.

Comment | Read | January 10th, 2022 | Best Practices | For technologists | Guest Blog Post | Privacy | Top Stories

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

By Julia Demyanchuk

Cyber threats continue to gain momentum and there are still not enough ways to counter it.

Related: Why the ‘Golden Age’ of cyber espionage is upon us.

The global threat intelligence market size was estimated at $10.9 billion in 2020 and will grow to $16.1 billion by 2025. Yet, according to the study by the Ponemon Institute, the number of insider leaks has increased by 47 percent in 2020 compared to 2018. As a result,

The majority of businesses (55 percent) are using some sort of a tool to monitor for insider threats; including data leak prevention (DLP) software (54 percent), user behavior analytics (UBA) software (50 percent), and employee monitoring and surveillance (47 percent).

They also enrich documents with metadata and place them in crypto-containers, access to which is only granted by permission. However, all of these solutions are powerless when it comes to photographing a document with a smartphone and compromising printed copies of documents. Therefore, these solutions cannot cope with such leaks.

Comment | Read | January 6th, 2022 | Best Practices | For technologists | Guest Blog Post | Privacy

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

By Byron V. Acohido

APIs are putting business networks at an acute, unprecedented level of risk – a dynamic that has yet to be fully acknowledged by businesses.

Related: ‘SASE’ framework extends security to the network edge

That said, APIs are certain to get a lot more attention by security teams — and board members concerned about cyber risk mitigation — in 2022. This is so because a confluence of developments in 2021 has put API security in the spotlight, where it needs to be.

APIs have emerged as a go-to tool used by threat actors in the early phases of sophisticated, multi-stage network attacks. Upon gaining a toehold on a targeted device or server, attackers now quickly turn their attention to locating and manipulating available APIs.

“Threat actors have become aware that APIs represent a ton of exposed opportunity,” says Mike Spanbauer, security evangelist at Juniper Networks, a Sunnyvale, Calif.-based supplier of networking technology.

Over the past year, I’ve had several deep conversations parsing how APIs have emerged as a two-edged sword: APIs accelerate digital transformation, but they also vastly expand the attack surface of modern business networks.

Comment | Read | January 4th, 2022 | Best Practices | For technologists | My Take | Privacy | Steps forward | Top Stories

GUEST ESSAY: Here’s how ‘WFM’ tools can boost productivity — and security — of remote workers

By April Miller

Workforce management software (WFM) is an essential tool companies across industries can  use to organize their workforce, track employee work and performance, forecast labor demand, and create schedules for employees.

Related: Turning workers into security security sensors

Most, if not all, WFM software is chock full of features that makes managing a workforce more efficient and effortless for top management. What’s more, WFM tools can help reinforce best security practices needed as companies increase their reliance on a remote workforce and using cloud-based software.

One of the primary benefits of using WFM software is the reduced labor costs. Research shows that 75% of organizations using WFM software report ROI in less than a year. This is one of the main reasons why more and more companies are leveraging this digital technology — it’s the ultimate goal for any company to improve ROI and meet its bottom line.

WFM tools can and should be deployed in a way the supports and enhances cybersecurity. Protecting employee data from unauthorized users is paramount, especially during a time where threats towards cybersecurity organizations are imminent.

Comment | Read | December 30th, 2021 | Best Practices | For technologists | Guest Blog Post

ROUNDTABLE: What happened in privacy and cybersecurity in 2021 — and what’s coming in 2022

By Byron V. Acohido

In 2021, we endured the fallout of a seemingly endless parade of privacy controversies and milestone cyber attacks.

Related: The dire need to security-proof APIs

The Solar Winds hack demonstrated supply chain exposures; the attempted poisoning of a Tampa suburb’s water supply highlighted public utilities at risk; and the Colonial Winds ransomware attack signaled cyber extortionist rings continuing to run rampant.

On the privacy front, California beefed up its consumer data privacy regulations even as Facebook and Apple publicly feuded over how each of these tech giants abuse of consumer privacy and loosey handle sensitive data.

Meanwhile, President Biden issued a cybersecurity executive order finally putting the federal government’s regulatory stamp on foundational cyber hygiene practices many organizations should have already been doing, yet continue to gift short shrift.

Last Watchdog sought commentary from technology thought leaders about lessons learned in 2021– and any guidance they might have to offer heading into 2022.

Comment | Read | December 27th, 2021 | For consumers | For technologists | My Take | Privacy | Top Stories

GUEST ESSAY: Why Microsoft Exchange users ‘must have’ robust data recovery policies, practices

By Bharat Bhushan

Cloud hosted email services have come into wide use as the go-to communication and collaboration work tools for businesses far and wide.

Related: Weaponized email endures as top threat

Digital native companies start from day one relying entirely on Microsoft Office 365 or Google’s G Suite and most established companies are in some stage of migrating to, or adjusting for, Office 365 or G Suite.

That said, Microsoft Exchange on-premises email servers – technology that once, not too long ago, dominated this space – remain in pervasive business use today.

In 2021, on-premises Microsoft Exchange Server mailboxes commanded a 43 percent global market share as compared to 57 percent for cloud Exchange mailboxes, according to this report from Statista. Some 11,800 computer software companies, 10,000 IT services vendors, 5,500 health care organizations and 3,200 financial services firms continue to maintain on-premises Exchange email servers, according to this report from Enlyft

What’s more, many of the organizations migrating to cloud IT infrastructure services are patching together hybrid email systems, part on-premises and part cloud-hosted.

Comment | Read | December 21st, 2021 | For technologists | Guest Blog Post | Imminent threats | Top Stories

GUEST ESSAY: Introducing ‘killware’ — malware designed to contaminate, disrupt critical services

By Jack Chapman

Within the past year, we have seen a glut of ransomware attacks that made global news as they stymied the operations of many. In May, the infamous Colonial Pipeline ransomware attack disrupted nationwide fuel supply to most of the U.S. East Coast for six days.

Related: Using mobile apps to radicalize youth

But the danger has moved up a notch with a new, grave threat: killware.

Killware is a type of malware deployed to cause physical harm: contaminate community water supplies, exploit and obstruct networks used by hospitals and healthcare facilities, jam air traffic control networks, contaminate gasoline supplies, and, in some instances, deliberately cause death where and when it is least expected.

Earlier in the year, there was an attempted hack of a water treatment facility in Oldsmar, Florida. This attack, however, was not for financial gain; it was intended to inflict harm.

Alejandro Nicholas Mayorkas, the U.S. Secretary of Homeland Security, told USA Today that the attack “was intended to distribute contaminated water to residents, and that should have gripped our entire country.”

Comment | Read | December 20th, 2021 | For technologists | Guest Blog Post | Privacy | Top Stories

« Newer Articles
Older Articles »