Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: Lessons to be learned from the waves of BofA phone number spoofing scams

By Richard Grant

Phone number spoofing involves manipulating caller ID displays to mimic legitimate phone numbers, giving scammers a deceptive veil of authenticity.

Related: The rise of ‘SMS toll fraud’

The Bank of America scam serves as a prime example of how criminals exploit this technique. These scammers impersonate Bank of America representatives, using the genuine bank’s phone number (+18004321000) to gain trust and deceive their targets.

Victims of the Bank of America scam have shared their experiences, shedding light on the deceptive tactics employed by these fraudsters. One common approach involves a caller with an Indian accent posing as a Bank of America representative. They may claim that a new credit card or checking account has been

GUEST ESSAY: A call to decentralize social identities — to curtail social media privacy abuses

By Chris Were

Social media giants have long held too much power over our digital identities.

Preserving privacy for a greater good

Today, no one is immune to these giants’ vicious cycle of collecting personal data, selling it to advertisers, and manipulating users with data metrics. By making people feel like mere products- this exploitative digital environment further encourages a bubble of distrust amongst social media users.

With numerous incidents to cite, tech behemoths have time and again proven their inadequacy to securely handle their user’s digital identity and data.

In recent years, Meta (previously Facebook) has faced a number of fines for violating user privacy. In 2019, the company was ordered to pay a record-breaking $5 billion penalty by the Federal Trade Commission (FTC) for violating consumers’ privacy rights.

The fine was the largest ever imposed on a social media company for privacy violations. Last month, again, Meta was penalized for more than €1.2bn (£1bn) and ordered to suspend data transfers to the US by an Irish regulator for its handling of user information. This hefty penalty set

GUEST ESSAY: Why any sudden influx of spam emails is an indicator of a likely security issue

By Zac Amos

We all get spam emails, and while it’s annoying, it’s not usually anything to worry about. However, getting a huge influx of spam at once is a warning sign. People suddenly getting a lot of spam emails may be the target of a sophisticated cyber-attack.

Related: How AI can relieve security pros

What causes spam emails? Someone leaking, stealing or selling account information can cause a sudden influx of spam emails. It may also be a part of a more targeted attack. There are four main causes of spam emails:

•Sold email: Websites sometimes sell email address information to third parties.

•Spam interaction: Previous interactions with spam are a signal to scammers. They send more messages when they know the account is active and possibly interested.

•Leaked email: Companies or third-party vendors put email address security at risk when they experience data breaches.

•Mailing list: Signing up for a mailing list may trigger spam. Even without hitting enter,

GUEST ESSAY: Here’s why shopping for an EV feels very much like shopping for a new laptop

By James Jeffs

Computer chips have been part of cars for a long time, but no one really cares about them until they stop working or they are late to the production line.

Related: Rasing the bar of cyber safety for autos

However, the research within IDTechEx’s “Semiconductors for Autonomous and Electric Vehicles 2023-2033” report shows that trends within the automotive industry mean consumers will soon be caring far more about what chips are in their cars. IDTechEx expects that purchasing a new vehicle will soon feel like shopping for a new laptop.

What are the main concerns when buying a laptop? For most people, it will be things like how long the battery will last, how nice the screens are, and what computer chip it comes with.

Evaluating a vehicle’s worth based on the number of cylinders, horsepower, and miles per gallon will soon be irrelevant. We already know that electric vehicles will be dominating the market soon, ticking off the choice of vehicle based on how long the battery lasts, but what about the other two criteria?

It has been hard to escape the screenification of car cabins over the past few years.

GUEST ESSAY: Why it’s high time for us to rely primarily on passwordless authentication

By Thierry Gagnon

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies.

Related: Satya Nadella calls for facial recognition regulations

Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember. That all changed rather quickly.

Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web. In fact, according to Verizon’s most recent data breach report, approximately 80 percent of all breaches are caused by phishing and stolen credentials. Not only are passwords vulnerable to brute force attacks, but they can also be easily forgotten and reused across multiple accounts.

They are simply not good enough. The sudden inadequacy of passwords has prompted broad changes to how companies must create, store, and manage them. The problem is these changes have made the user experience more convoluted and complicated.

GUEST ESSAY: Dialing in generative AI to truly relieve and assist cybersecurity professionals

By Zac Amos

As the threat of cybercrime grows with each passing year, cybersecurity must begin utilizing artificial intelligence tools to better combat digital threats.

Related: A call to regulate facial recognition

Although AI has become a powerful weapon, there’s concern it might be too effective compared to human cybersecurity professionals — leading to layoffs and replacements.

However, the truth is that automated AI tools work best in the hands of cybersecurity professionals instead of replacing them. Rather than trying to use AI to get rid of your security team, seek to use automated tools in conjunction with your existing professionals to ensure the strongest cybersecurity defense.

AI breakthrough

The newest breakthrough in artificial intelligence technology is machine learning and generative AI. Unlike traditional AI, machine learning can be taught to act on data sets and make accurate predictions instead of being limited to only analyzing.

Machine learning programs use highly complex algorithms to learn from data sets. In addition to analyzing data, they can use that data to observe patterns. Much like humans, they take what they have learned to “visualize” a model and take action based on it.

A program that can take data sets and act independently has enormous cybersecurity potential. Generative AI can look for patterns

GUEST ESSAY: Taking a fresh approach to privileged access management — to curtail abuse

By Ravi Srivatsav

To be productive in an interconnected work environment, employees need immediate access to numerous platforms, both on- and off-premises.

Related: Why SMBs need to do PAM well

Keeping track of user activity and effecting proper on- and off-boarding are becoming more and more difficult, even as unauthorized access via unused, expired, or otherwise compromised access credentials has become the number one cybersecurity threat vector.

Some nine out of ten cyberattacks are estimated to begin with a threat actor gaining unauthorized access to a computer system via poorly managed access credentials.

The sophistication of cyberattacks is perpetrated through unused, old, expired, and otherwise mismanaged access credentials are increasing by the minute, at the same time as it’s becoming challenging to respond to these attacks in an organized and timely manner.

Context needed

Organizations that are used to workflow-based access systems or ticket-based systems, i.e. traditional Privileged Access Management (PAM,) must now make a big cultural shift. PAM enables granular access and monitors, detects, and alerts instances of unauthorized access through policy guardrails.

However, while PAM and other legacy access management systems do alert to unauthorized access, these warnings lack a clear picture of the user’s intent and the context behind the alert.