Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: The ethical considerations of personal privacy viewed as a human right

By Dean Chester

It ought to be clear to everyone that personal privacy should be a human right and not a commodity to be bought and sold.

Alas, we can’t take it for granted: data breaches put us under fire constantly, revealing everything about us from logs and passwords to medical data.

The recent Suprema data breach, for example, exposed such sensitive data as fingerprints, facial recognition, and clearance level information of as many as 28 million employees worldwide. This number is so high that it’s difficult to even imagine the consequences of it.

Luckily for us, there are ways to protect our private info, at least to some extent. But there seems to be an underlying problem in these possibilities.

The question of ethics

Yes, what we should ask is how ethical it is to even charge for upholding one’s privacy? It is true that there are cheap VPN services and even free ones. Isn’t it great to be able to hide your traffic by encrypting it for free?

But as it always is the case with free services, those that aren’t paid make you their product by limiting your speed and traffic, showing you ads, and – what a surprise – selling your private data to third parties.

Inexpensive services may not seek to profit off of you, but the question of ethics still stands. Is a right you have to pay for a right or is it a privilege?

It may be argued that it costs money to keep a virtual private network going, and it’s a good argument. This article, however, is not meant to be a jab at honest VPN providers. Obviously, what they do is logical and they can’t be blamed for it. There’s a market for the services they provide and they try to keep the fees low.

It is the situation creating this market that is unhealthy. And as long as it doesn’t change, we can’t take our privacy online as a fundamental right.

Free privacy… or is it?

Another popular solution to the lack of privacy on the Web today is Tor. At first glance, it seems to be a perfect one: it’s free and maintained by the sheer dedication of thousands of volunteers all around the globe. Sure, it may be slow, but that only adds certain grassroots charm to the whole affair.

The second glance brings disillusionment. Tor may be free to use but it’s not free to keep going and the funds have to come from somewhere. And they do – from the American government, as they always have. …more

GUEST ESSAY: Why the next round of cyber attacks could put many SMBs out of business

By Steve Akridge

In the last year, the news media has been full of stories about vicious cyber breaches on municipal governments.  From Atlanta to Baltimore to school districts in Louisiana, cyber criminals have launched a wave of ransomware attacks on governments across the country.

Related: SMBs struggle to mitigate cyber attacks

As city governments struggle to recover access to their data, hackers are already turning their sites on their next targets: small and medium-sized businesses (SMBs).

A 2018 study by the Ponemon Institute showed that 67 percent of SMBs experienced a cyber attack. Even worse, according to Ponemon, 47 percent of SMBs said they have no understanding of how to protect their companies from cyberattacks.

Most small and medium-sized organizations are highly vulnerable to cyberattacks because they usually don’t have a sufficiently strong information technology infrastructure, limited internal staff, or can’t afford to external consultants to handle data security.

When you realize that 54 percent of organizations that suffer an attack spend about $500,000 to restore their systems and 62 percent of SMBs close their doors after an attack, the damage to the economy becomes very apparent.

New SMB security solution

Unfortunately, most cybersecurity firms focus their attention on large organizations and corporations that can afford to pay their fees – leaving SMBs even more vulnerable to potential cyber criminals. While large corporations can get cyber security insurance and engage legions of consultants, the question is: …more

GUEST ESSAY: 6 unexpected ways that a cyber attack can negatively impact your business

By Mike James

Cyber crime can be extremely financially damaging to businesses. However, if you believe that money is the only thing that a cyber-attack costs your organization, you would be wrong. In fact, a recent academic analysis identified 57 specific individual negative factors that result from a cyber-attack against a business. Here are six ways, worth considering, that a attack can affect your organization.

SEO rankings

James

There are a number of issues that will occur in the aftermath of a cyber-attack that can have enormously negative consequences for your search engine optimisation (SEO). Hacked sites, for example, will by flagged in the rankings with a warning sign which can put off visitors. It is also worth noting that when a site is hacked it can start receiving bad reviews on Google’s review section – these can both begin to see you dropping in the rankings and losing traffic.

A large number of sites also have their content altered when they suffer a breach, and given the importance of content to the way that your site ranks, this can clearly play a huge role.

Legal and compliance issues

It is not just cyber-criminals that you have to worry about when you are calculating the costs of a cyber-attack. In the modern world of data protection and industry regulators, there are now powers to heavily fine businesses that fail to take adequate steps to protect their customers.

Related: Poll shows SMBs struggle dealing with cyber risks

Under the General Data Protection Regulation (GDPR) for example, regulators now have the power to fine businesses up to €20 million or 4 per cent of annual global turnover (whichever is greater), if they suffer a data breach and have failed to be in compliance with the regulation. This shows you just have expensive the concept is. …more

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

By Steve Kaufman

There’s oil in the state of Maryland – “cyber oil.”

With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.”

Related: Port Covington cyber hub project gets underway

That’s because Maryland is home to more than 40 government agencies with extensive cyber programs, including the National Security Agency, National Institute of Standards and Technology, Defense Information Systems Agency, Intelligence Advanced Research Projects Activity, USCYBERCOM, NASA and the Department of Defense’s Cyber Crime Center. Within these government labs and agencies, taking place is a groundswell of innovation in deep technology cyber disciplines to the tune of billions of dollars annually over the past three decades.

In addition, the state is home to 16 nationally designated cybersecurity Centers of Excellence and a state university and college system that graduates more cyber-degreed engineers than any other state. The state counts approximately 109,000 cyber engineers.

Not only does the advanced development at these government agencies contribute to the success of cybersecurity in the state, but also so do many Maryland-based cybersecurity companies. Two notable examples are Sourcefire, acquired by Cisco for $2.7B and Tenable, which went public in 2018 with a market capitalization of approximately $4 billion.

Maryland and environs, including Virginia and Washington D.C., has also attracted a powerful and growing flow of venture capital to the region – about $1 Billion in 2018 and growing at an incredible pace.

Such bona fides led to the inaugural private “by invitation”  Global Cyber Innovation Summit (GCIS) in Baltimore in May 2019.  GCIS was a Davos-level conference with no vendors and no selling, where scores of chief security information officers (CISOs), top CEO’s, industry and government thought leaders and leading innovators discussed the myriad challenges in and around cybersecurity and possible solutions in today’s environment.

All this represents the early phases of a foundation-building process that is on track to eventually create a grander landscape. In the eyes of many cyber pros and investors, Maryland is becoming such a fast-growing cybersecurity hub that many believe it will replace the cyber component of Silicon Valley, hence becoming “Cybersecurity Valley,”  within the next five years. …more

GUEST ESSAY: Only cloud-based security can truly protect cloud-delivered web applications

By Vivek Gopalan

Web applications have become central for the existence and growth of any business. This is partly the result of Software as a Service, or SaaS, becoming a preferred mode of consumption for software services.

Related: AppTrana free trial offer

Most companies today own a web application and if that application is an integral part of their business, then they cannot afford to think of website security risk as an afterthought.

In a lot of cases, pure SaaS vendors such as an online e-commerce company, the website/app itself is the reason for the existence of the business. And, increasingly,  their customers are questioning them about the security of sensitive personal and business data.

This rising trepidation, with respect to web app security, should come as no surprise. Technology research firm Gartner estimates that over 70% of security vulnerabilities exist at the application layer – and 75% of security breaches happen at the application layer.

Meanwhile, the National Institute of Standards and Technology says that 92% of reported vulnerabilities are in applications, not networks; and NIST pegs the cost of fixing such bugs in the field at $30,000 vs. $5,000 if the bug is fixed during coding.

The speed factor

There is compelling rationale for companies to take proactive steps to continually improve web application security. For one, compliance with standards, such as section 6.6 of Payment Card Industry Data Security Standard, requires either secure code review or deployment of a Web Application Firewall (WAF.) …more

GUEST ESSAY: Dear America, Facebook is an addictive digital drug of little productive value

By Sen. Josh Hawley

Social media consumers are getting wise to the joke that when the product is free, they’re the ones being sold. But despite the growing threat of consumer exploitation, Washington still shrinks from confronting our social media giants.

Why? Because the social giants have convinced the chattering class that America simply can’t do without them. Confront the industry, we’re told, and you might accidentally kill it ? and with it, all the innovation it has (supposedly) brought to our society.

Related: The cost of being complacent about privacy.

Maybe. But maybe social media’s innovations do our country more harm than good. Maybe social media is best understood as a parasite on productive investment, on meaningful relationships, on a healthy society.

Maybe we’d be better off if Facebook disappeared. Ask the social giants what it is that they produce for America and you’ll hear grand statements about new forms of human interaction. But ask where their money comes from and you’ll get the real truth.

Advertising is what the social giants truly care about, and for an obvious reason. It’s how they turn a profit. And when it comes to making money, they’ve been great innovators. They’ve designed platforms that extract massive amounts of personal data without telling consumers, then sell that data without consumers’ permission.

And in order to guarantee an audience big enough to make their ads profitable, big tech has developed a business model designed to do one thing above all: addict. …more

GUEST ESSAY: How stealth, persistence allowed Wipro attacker to plunder supply chain

By Chris Gerritz

The recent network breach of Wipro, a prominent outsourcing company based in India, serves as a stunning reminder that digital transformation cuts two ways.

Our rising dependence on business systems that leverage cloud services and the gig economy to accomplish high-velocity innovation has led to a rise in productivity. However, the flip side is that we’ve also created fresh attack vectors at a rapid rate – exposures that are not being adequately addressed.

Related: Marriott suffers massive breach

We now know, thanks to reporting from cybersecurity blogger Brian Krebs, that the Wipro hack was a multi-month intrusion and likely the work of a nation-state backed threat actor. What’s more, the attackers reportedly were able to use Wipro as a jumping off point to infiltrate the networks of at least a dozen of Wipro’s customers.

Wipro issued a media statement, via its Economic Times division, acknowledging “potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign . . . Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact.”

Wipro did not provide many additional details. However, one has to wonder whether, beyond its customers, …more