Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

Guest Blog Post


GUEST ESSAY: How to detect if a remote job applicant is legit — or a ‘Deepfake’ candidate

By Zac Amos

Technology provides opportunities to positively impact the world and improve lives.

Related: Why facial recognition ought to be regulated

It also delivers new ways to commit crimes and fraud. The U.S. Federal Bureau of Investigation (FBI) issued a public warning in June 2022 about a new kind of fraud involving remote work and deepfakes.

The making of Deepfakes

The world is on track to see around 50% of workers transition to sustained, full-time telecommuting. Conducting job interviews online is here to stay, and deepfakes may be part of that new normal.

The term refers to an image or video in which the subject’s likeness or voice was manipulated to make it look like they said or did something they didn’t.

The deepfake creator uses “synthetic media” applications powered by machine learning algorithms. The creator trains this algorithm on two sets of videos and images. One shows the target’s likeness as they move and speak in various environments. The second shows faces in different situations and lighting conditions. The application encodes these human responses as “low-dimensional representations” to be decoded into images and videos.

The result is a video of one individual convincingly overlaid with the face of another. The voice is more difficult to spoof.

GUEST ESSAY: How to secure ‘Digital Twins’ to optimize asset use, while reducing exposures

By Claire Rutkowski

Our technological world is advancing at dizzying speeds.

Related: The coming of a ‘bio digital twin”

Over the last decade, we have seen the introduction of 4G and 5G telecommunication service, the iPad, Instagram, and the introduction, acceptance, and adoption of cloud services from Microsoft, Google, and Amazon, as well as cloud computing.

Add in an increasing focus on data becoming a crucial enterprise asset—as well as the introduction of countless database and analytical tools, digital twins, artificial intelligence, and machine learning—and we are dealing with unprecedented technical complexities and risk.

Digital twins are just one example of a complex system, but they expose companies to a lot of risk if they are not properly implemented with a cybersecurity plan in place. Digital twins are a digital representation of reality, either in physical or process form. For example, think of digital cities, or digital infrastructure assets.

Leveraging digital twins

One might operate a plant and then use the digital twin of that plant to plan maintenance and optimization and see what would happen before they execute in reality. Another example is a city using a digital twin so that they can model floods or earthquakes. Digital twins are incredibly useful.

GUEST ESSAY: How amplified DDoS attacks on Ukraine leverage Apple’s Remote Desktop protocol

By Paul Nicholson

Cyber-attacks continue to make headlines, and wreak havoc for organizations, with no sign of abating. Having spiked during the COVID-19 pandemic, threats such as malware, ransomware, and DDoS attacks continue to accelerate.

Related: Apple tools abuse widespread

A10’s security research team recorded a significant spike in the number of potential DDoS weapons available for exploitation in 2021 and early 2022. The total number of DDoS weapons, which was previously recorded at 15 million, has grown by over 400,000 or 2.7 percent in a six-month period.

This includes a notable 2X increase in the number of obscure potential amplification weapons such as Apple Remote Desktop (ARD).

The war in Ukraine has seen likely state-sponsored attacks using these types of DDoS attacks. The Log4j vulnerability has predictably proved fertile ground for hackers as well, putting millions of systems at risk, with Russia accounting for more than 75 percent of Log4j scanners and helping drive. In this intensifying threat landscape, the urgency for modern DDoS defenses becomes clearer every day.

A new report by the A10 Networks security research team explores the global state of DDoS weapons and tactics. Key findings follow.

GUEST ESSAY: The case for physically destroying — and not just wiping clean — old hard drives

By Kyle Mitchell

Cybersecurity poses a risk to all businesses.

Related: Biden moves to protect critical infrastructure

Dataprot reports that 59 percent of Americans have experienced cybercrime in the past. An estimate stated that $6 trillion worth of damage was caused by cybercrime in 2022, making it vital for businesses to securely destroy data.

Deleting information from a hard disk drive (HDD) is not enough. Hackers can recover data from physical drives, even when the information has been removed. When businesses have spent years building trust with customers, it is important to take the necessary precautions to protect data and the brand’s reputation by destroying data effectively.

Limits to wiping

Deleting files isn’t enough to keep data safe. With the right tools, hackers can retrieve deleted files. Depending on the operating system, there may be built-in tools to erase data. This is a quick and convenient method but third-party utilities offer a greater level of security.

DBAN is a free tool but is limited in its abilities, as it only works on hard drives and not solid-state drives (SSD). Working independent of the operating system (OS), DBAN can wipe the entire machine. This is important for any businesses upgrading their hardware to new technology, as it allows for the safe transfer of data before it is removed from old machines.

Other tools, such as CCleaner, require an upgrade to the premium version in order to fully wipe data, and cannot wipe the drive hosting the OS as this is where it will be installed.

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

By Michael Aminov

Phishing itself is not a new or a particularly complicated threat. But the emergence of  advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises.

Related: Deploying human sensors

Phishing comes with a simple premise – lure someone to interact with a malicious link, file, or credentials-input, disguised as a legitimate email or website.

The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S. companies rising to $14.8 million in 2021, compared with $3.8 million in 2015.

Despite increased public awareness of cybersecurity risks and safe browsing practices, the impact of phishing has increased exponentially – IBM’s 2021 Cost of Data Breach Report found phishing to be the second most expensive attack vector for enterprises.

Novel tactics

This is so, in part, because growing awareness has pushed hackers to create even more sophisticated means to plunder log-in information, or to lure employees to click on a malware-infected link – AKA next-gen, or “DeepSea” phishing.

These attacks use novel and rarely seen phishing techniques, often employing several layers of deception in parallel. Take this recent phishing attempt, which was identified by Perception Point’s Incident Response team:

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

By Gala Riani

Gathering intelligence has always been a key tool for organisational decision making – understanding the external operating environment is the ‘101’ for business. How can you grasp the challenges and opportunities for your company without a deep understanding of all the contributing factors that make the company tick?

Related: We’re in the golden age of cyber espionage

Intelligence is required to support the evolving needs of business, providing information for decision makers throughout the company lifecycle – everything from entering and exiting markets to managing mature operations. At any point the external environment can throw a curve ball – new government regulations, changes in political and social dynamics, or trends in sustainability to name a few.

In our recent report Intelligent Business: 2022 Strategic Intelligence Report we asked 205 creators and consumers of intelligence within large organizations (i.e. with a turnover of over USD 250 million) about the importance of intelligence to their company. 65 percent said that strategic intelligence had grown in importance over the past five years.

And why? The top reason, chosen from a proved list of ten, was ‘increased cyber security risks’, followed by the related concern, ‘new and/or increased data privacy regulations’. Cyber security keeps the C-suite up at night and perhaps that’s no surprise.

Cyber in a silo?

Cyber attacks are crippling incidents that hurt immediately – by halting business, and continue to hurt into the longer term – by hitting company reputation. This concern isn’t new, there is wide understanding that when it comes to cyber incidents, it is about  ‘when’ not ‘if’, and all large companies will have cyber strategies in place.

GUEST ESSAY: The post-pandemic challenges of securely managing employee endpoints

By Sriram Kakarala

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat.

Related: Deploying human sensors

Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say. This raises the concerns of corporate data security in remote working that still stand as a key challenge that organizations are trying to navigate, workforce productivity being the second.

Organizations need to have critical business data made available to the employees that work remotely- and this could include the devices carefully vetted and secured with corporate policies and provided by the organization, but could also include the devices that are not under the organization’s purview.

Fragmentation dilemma 

The modern employees demand flexibility and you simply can’t prevent employees from accessing work emails on their phones while they surf the beach or hike the mountains- nor does it add to your organization’s overall efficiency and productivity.

But this, along with the hugely fragmented devices and endpoints used in the virtual working environment adds to the security risks that can not only drain out the IT teams but also the CIOs to a great extent.