Guest Blog Post

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

By Armistead Whitney

There is no shortage of innovative cybersecurity tools and services that can help companies do a much better job of defending their networks.

In the U.S. alone, in fact, there are more than 5,000 cybersecurity vendors. For organizations looking to improve their security posture, this is causing confusion and vendor fatigue, especially for companies that don’t have a full time Chief Information Security Officer.

The vendors are well-intentioned. They are responding to a trend of companies moving to meet rising compliance requirements, such as PCI-DSS and GDPR. Senior management is now focused on embracing well-vetted best practices such as those outlined in FFIEC and SOC 2, and many more. According to a recent study by PwC, 91% of all companies are following cybersecurity frameworks, like these, as they build and implement their cybersecurity programs.

All of this activity has put a strain on how companies buy and sell cybersecurity solutions. Consider that PCI-DSS alone has over 250 complex requirements that include things like endpoint protection, password management, anti-virus, border security, data recovery and awareness training.

Traditional channels for choosing the right security solutions are proving to be increasingly ineffective. This includes searching through hundreds of companies on Google, attending trade shows and conferences (not possible today with COVID), or dealing with constant cold calls and cold emails from security company sales reps.

GUEST ESSAY: Skeptical about buying life insurance online? Here’s how to do it — securely

By Cynthia Madison

Purchasing life insurance once meant going to an insurer’s office or booking an appointment with an insurance agent. Then, in most cases, you’d have to undergo a medical examination and wait a few weeks to get approved and complete the whole process. But this scenario doesn’t seem to fit the fast-paced world we live in anymore. Today’s generation is used to getting everything done fast and easy, so life insurance providers had to get with the times and cover all customers’ needs and requirements.

Related: Life insurance types explained

From shopping to socializing or paying their bills, people seem to be doing everything online these days, so it was only a matter of time until insurance companies stepped into the digital world. Now everyone has the possibility to purchase life insurance from the comfort of their home by simply going online and looking for the policies that will fit their needs. Even major life insurance companies have stepped up their game and now provide a variety of online resources to cater to all consumers.

But with all the convenience also came concern. Some are still reluctant to purchase life insurance online for safety reasons and because they’re still unfamiliar with the steps they should follow. When you search for life insurance online, you’re on your own, with no one to guide you through the process, so how can you be sure you won’t make any costly mistakes? Here we’re going to tackle these issues and more to help you make an informed decision if you decide to buy life insurance online.

The pros

Apart from providing a hassle-free process, there are other notable advantages to buying life insurance online. For one, online platforms give you the possibility to compare insurance options from different providers, something that’s not possible if you go the traditional route. Different companies will offer different prices for the same type of policy, so you’ll have to … more

Comment | Read | August 24th, 2020 | For consumers | Guest Blog Post

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

By David Balaban

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Numerous strains of this destructive code have been the front-page news in global computer security chronicles for almost a decade now, with jaw-dropping ups and dramatic downs accompanying its progress.

Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch diskettes. This debut was followed by the emergence of several marginal blackmail threats in the mid-2000s that never gained significant traction among online criminals. The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020.

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. It additionally spans mild-impact screen lockers, data wipers disguised as something else, infections that overwrite the master boot record (MBR), and most recently, nasties that enhance the attack logic with data theft.

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. None of these early threats went pro. In this timeline, I will instead focus on the strains that became the driving force of the ransomware evolution.

FBI spoofs

2012 – 2013. During this period, the ransomware ecosystem was dominated by Trojans that locked the screen or web browser with fake alerts impersonating law enforcement agencies. These warnings would state that the victim committed a … more

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

By Ebbe Kernel

When it was first introduced, device fingerprinting – or online fingerprinting in general – was meant to create a safer, more responsible internet. The idea was that by fingerprinting devices used to connect to the internet we could achieve better accountability.

The concept itself is still very much relevant today. Fingerprinting is considered a necessary practice to fight challenges such as fake accounts and the misuse of internet services. However, online fingerprinting is also being used to track users. Now, fingerprinting is a tool in the marketer’s toolbox. Has it failed in its initial mission?

If you are not familiar with the concept of online fingerprinting, the principles behind it are very simple. More about it can be found on Smartproxy. Whenever you access a web server, details about your IP address, your browser information, your device information, and other information are recorded in logs. Logged online activities are easier to trace so service providers can perform the necessary security check if one is required.

Fingerprinting makes it difficult for irresponsible parties to create fake accounts or social media pages. Service providers can recognize signs of fake accounts from similarities in their fingerprints, allowing further action to be taken against those accounts. In the era of bots and fake news, fingerprinting is supposed to work seamlessly.

The Electronic Frontier Foundation (EFF) recently revealed just how many details are leaked and stored when you access a web server. The number

of details that are recorded is simply staggering, with information such as your approximate location, the referrer site, and whether you have Do Not Track activated being leaked.

GUEST ESSAY: Strategic tactics are key to a robust Cloud Security Posture Management regime

By Yuri Diogenes and Dr. Erdal Ozkaya

A cyber strategy is a documented approach to handling various aspects of cyberspace. It is mostly developed to address the cybersecurity needs of an entity by focusing on how data, networks, technical systems, and people are protected. An effective cyber strategy is normally on par with the cybersecurity risk exposure of an entity. It covers all possible attack landscapes that can be targeted by malicious parties.

Editor’s note: This is an excerpt from Cybersecurity – Attack and Defense Strategies, Second Edition, a detailed overview of Cloud Security Posture Management (CSPM) and an assessment of the current threat landscape.

Cybersecurity is the focal point of most cyber strategies because cyber threats are continuously becoming more advanced as more sophisticated exploit tools and techniques become available to threat actors. Due to these threats, organizations are advised to develop cyber strategies that ensure the protection of their cyber infrastructure from these various threats.

In this article, we introduce how you can build effective cyber defense strategies. Please note, the steps given are meant to help you formulate your own cyber defense strategy and can be customized according to your need.

Understand the Business

The more you know about your business, the better you can secure it. It’s really important to know the Goals of your organization, Objectives, the People you work with, the Industry, the current Trends, your Business risks, how to Risk appetite and tolerance the risks, as well your Most valuable assets. Everything we do must be a reflection of the business requirements which is approved by the senior leadership, as it has been manded also in ISO 27001.

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

By Cynthia Lopez Olson

Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance.

Related: Bots attack business logic

Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities.

These risks are normally not covered by a general liability policy, which includes coverage only for injuries and property damage. In general, cyber insurance covers things like:

•Legal fees and expenses to deal with a cybersecurity incident

•Regular security audit

•Post-attack public relations

•Breach notifications

•Credit monitoring

•Expenses involved in investigating the attack

•Bounties for cyber criminals

In short, cyber insurance covers many of the expenses that you’d typically face in the wake of cybersecurity event.

GUEST ESSAY: When cyber risks rise in 2020, as they surely will, don’t overlook physical security

By Vidya Muthukrishnan

Physical security is the protection of personnel and IT infrastructure (such as hardware, software, and data) from physical actions and events that could cause severe damage to an organization. This includes protection from natural disasters, theft, vandalism, and terrorism.

Related: Good to know about IoT

Physical security is often a second thought when it comes to information security. Despite this, physical security must be implemented correctly to prevent attackers from gaining physical access and taking whatever they desire.

This could include expensive hardware, or access to sensitive user and/or enterprise security information. All the encryption, firewalls, cryptography, SCADA systems, and other IT security measures would be useless if that were to occur.

Traditional examples of physical security include junction boxes, feeder pillars, and CCTV security cameras. But the challenges of implementing physical security are much more problematic than they were previously. Laptops, USB drives, and smartphones can all store sensitive data that can be stolen or lost. Organizations have the daunting task of trying to safeguard data and equipment that may contain sensitive information about users.

Older Articles »

The Last Watchdog