Guest Blog Post

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

By Rob Gabriele

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts?

Related: Training human sensors

Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Guarding our digital lives (and real-world identities) with just a few keystrokes seems a tactic too simple to ignore, and if users are careful and stick with best practices, these simple measures can be remarkably effective.

Proper password hygiene doesn’t require a degree in rocket science. Follow these four easy tips, and you’ll sleep better and safer at night.

1) Create sufficiently-complex passwords. This may seem obvious, but most users have poor password habits because it’s far simpler to remember your pet’s name and birthday than a combination of random numbers and letters. But simpler passwords are much easier to hack. Anything quickly conceived can be deciphered with the same speed, so forget your old tricks and stick to these ground rules instead:

•Longer is better. The National Institute of Standards and Technology’s (NIST) latest guidelines stress that a password’s length is its most critical component. Make sure your code has at least eight characters, but it’s best to pick a dozen or more.

•Don’t use words or names. Words and phrases are easier to remember but highly susceptible to cracking. Hackers can run through entire dictionaries in seconds, making this approach similar to hiding a key under the doormat.

GUEST ESSAY: The three horsemen of cyber risks: misinformation, disinformation and fake news

By Dr. Pythagoras N. Petratos

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof.

Such a transformation however, comes with its own set of risks.

Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Misleading information – comprised of the three horseman of cyber risks: misinformation, disinformation, and fake news — also affects something we rarely stop to consider: business.

The fake news “infodemic” that spread alongside the COVID-19 pandemic also affected the finance sector. For instance, during the lockdown period of 2020, there was a huge surge in fake news and illegal activity related to the financial and other markets.

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

By Balraj Dhillon

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience.

However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. This data is managed by different entities, such as primary care facilities, acute care facilities and within associated applications that collect, store and track health data, creating numerous exposure vulnerabilities.

There are many reasons for the vulnerable state of healthcare data. One significant factor is the merger and acquisition renaissancethat the healthcare industry is undergoing, which according to a new report from Moody’s Investors Service is expected to continue.

Healthcare organizations pursue merger and acquisitions for many reasons, including improving the ability to meet patient consumerization requirements, providing more

GUEST ESSAY: How stricter data privacy laws have redefined the ‘filing’ of our personal data

By Patricia Thaine

Filing systems, historically speaking, have been all about helping its users find information quickly.

Europe’s General Data Protection Regulations (GDPR) changed the game. Generally, filing systems sort by date, department, topic, etc. Legacy filing systems were not built to keep track of the personal data of specific individuals primarily to be in compliance with the many data protection regulations popping up around the world.

Since it took effect in 2018, GDPR’s core guidelines have been copied by LGDP in Brazil, POPIA in South Africa, and the PDPB in India. Under the GDPR, a filing system is defined as “any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis” (GDPR Article 4.6).

We can see, by this definition, that the focus of how filing systems should be organized shifts significantly with a central purpose now being the ability to classify individuals and the personal data an organization collects on them.

GUEST ESSAY: Here’s what every business should know — and do — about CaaS: crime-as-a-service

By Jack Chapman

It doesn’t matter if you want to learn a new language or figure out how to fix your broken clothes dryer; the tools, tutorials, and templates you need are available online.

Related: Enlisting ‘human sensors’

Unfortunately, with crime-as-a-service, the same is true for people interested in trying their hand at cybercrime. The dark web provides virtually everything potential attackers need to make their move.

Let’s look closely at precisely what crime-as-a-service (CaaS) is, why it’s so dangerous, and how your business can defend itself.

CaaS variants

Experts define CaaS as what happens when sophisticated hackers and criminals work together to create technology, toolkits, and methodologies geared toward carrying out cyberattacks. CaaS is happening with increasing regularity. For example, an Illinois man recently faced conviction for running a website that allowed users to buy subscriptions to launch distributed denial of service (DDoS) attacks against computer networks.

GUEST ESSAY: Tapping Bitcoin’s security — to put a stop to ‘51% attacks’ of cryptocurrency exchanges

By Maxwell Sanchez

Over the past five years, cryptocurrency exchanges have been the target of increasingly damaging “51% attacks” resulting in the theft of over $30 million worth of cryptocurrency to date.

However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves.

Every blockchain uses a consensus protocol which allows all nodes on the network to agree on the current state of the blockchain. In Bitcoin, for example, a process known as “Proof-of-Work” (“PoW”) involves miners solving a difficult mathematical problem with powerful computers.

And whichever miner finds a solution adds a block to the blockchain, which contains transactions from users on the network. Each node validates the solution before accepting the block, and miners should begin working on solving the problem for the next block.

GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries

By Ofer Israeli

When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home.

For instance, if you’ve ever played Grand Theft Auto, you know the goal is quite simply mass destruction: Use whatever resources you have at your disposal to cause as much damage as you possibly can and just keep going.

Not familiar with Grand Theft Auto? Let’s try Super Mario Bros. then. As Mario makes his way through eight increasingly difficult worlds, each of them is protected by a castle. As Mario reaches the end of each castle, he can defeat Bowser.

This is not unlike the mindset of modern cyber attackers – they’re wreaking havoc and becoming pros at finding ways to get away with it.Living-off-the-land (LotL) attacks are providing a way for adversaries to stay under cover. Attackers use tools and features that are already available in the systems they’re targeting so they look like legitimate users — until they steal your crown jewels.

But you can fight back. There are several methods of active defense that companies can utilize to safeguard their networks, and it’s time for CISOs to start picking. To date, the main goal in mind has been to prevent attackers from breaching your defenses and making their way into the castle, but the reality is this approach is flawed.

Attackers will get in, it’s only a matter of time. Traditional network security solutions, such as firewalls, are not effective at detecting and stopping lateral attack movement – and that’s where the real damage is done. Many forms of access control and endpoint protection, such as EDR, are nothing more than a checkpoint that provides unfettered access once defeated – like Mario raising a flag after beating a level.

To take the analogy further, only after defeating Bowser does Mario … more

Older Articles »

The Last Watchdog