Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: Threat hunters adopt personas, leverage AI to gather intel in the Dark Web

By Brad Liggett

The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what’s going on there.

Related: ‘IABs’ spread ransomware

Planning your roadmap, executing your projects, and keeping an eye on the barrage of ransomware headlines, it’s understandable if you and your team are feeling some anxiety.

Cyber anxiety can indeed be paralyzing, but new software solutions have the potential to become game-changers for IT departments. These automated programs will hunt the Deep & Dark Web for you, trawling through the deepest and dirtiest pools, looking for the next threat that has your name on it.

There are many facets to what I’ll call “The Underground.” It extends beyond the Deep & Dark Web to: unindexed Web forums, messaging boards, and marketplaces, encrypted messaging systems, and code repositories. It is simply impossible for a human analyst to sort through it all.

Additionally, filtering through these channels is made even more difficult due to language barriers, as well as gaining trust and access to these various forums.

GUEST ESSAY: Five steps to improving identity management — and reinforcing network security

By Jackson Shaw

The identity management market has grown to $13 billion and counting. While intuition would tell you enterprises have identity under control, that is far from reality.

Related: Taking a zero-trust approach to access management

Current events, such as the global pandemic and ‘The Great Resignation,’ which have accelerated cloud adoption, remote working environments, and the number of business applications and systems in use has complicated matters.

As a result, new solutions and features to address identity challenges have emerged. In a sense, this is a positive trend: change makers are innovating and trying to stay ahead of imminent threats.

On the other hand, there’s a good deal of snake oil on the market, making it hard for organizations to realize the value of their tech investments. Last, and perhaps most significant, many solutions don’t work together harmoniously, making it hard for employees to get work done.

When you consider these points, it’s understandable why businesses end up with too many solutions to effectively manage, or simply default to manual, inefficient processes to address identity- and security-related tasks. But for progress to happen, we must first get to the root of why this is happening.

SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 — why there’s more to come

By David Magerman

At the start of this year, analysts identified a number of trends driving the growth of cybersecurity. Among them: an expanding digital footprint, growing attack surfaces, and increasing government regulation.

Related: Taking API proliferation seriously

Last year saw an unprecedented $21.8 billion in venture capital poured into cybersecurity companies globally. Investors more than doubled down in 2021, increasing investment by about 145 percent.

Based on the early-stage startup pitches we are seeing at Differential Ventures, that trend isn’t going to let up anytime soon. The top drivers of the continued growth of cybersecurity are: the growing need to protect the API supply chain, the inadequacy of existing identity management systems, and the unfulfilled promise of data-driven AI-powered cybersecurity systems.

Securing APIs

The SolarWinds attack made API supply chain security a front-page story in 2020. Major breaches in Parler, Microsoft Exchange Server, Experian, and LinkedIn increased the intensity of concern about API supply chain attacks in 2021. The Log4j vulnerability reported at the end 2021 heightened concern even more. According to Gartner, 45 percent of organizations worldwide have experienced attacks on their software supply chain in 2022, a threefold increase from 2021.

Given all of this newfound concern for API supply chain security, where are the tools for solving this problem? The current tools are inadequate, brittle, statically rule-based, and require much manual intervention and processing. Every week, we see a new pitch for an API supply chain security startup.

GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly

By Lyle Solomon

What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role.

Related: The coming of bio-digital twins

Unlike many younger users online, they may have accumulated savings over their lives — and those nest eggs are a major target for hackers. Now add psychological variables to the mix of assets worth stealing.

Perhaps elderly folks who haven’t spent a lot of time online are easier to deceive. And, let’s be honest, the deceptive writing phishing assaults and other cyber threats today employ are skilled enough to fool even the most trained, internet-savvy experts.

Ever present threats

Some of our elderly may be concerned that any hint of weakness will convince their relatives that they can no longer live alone. Thus hackers rely on them not revealing they’ve been duped. That said, here are what I consider to be the Top 5 online threats seniors face today:

•Computer tech support scams. These scams take advantage of seniors’ lack of computer and cybersecurity knowledge. A pop-up message or blank screen typically appears on a computer or phone, informing you that your system has been compromised and requires repair.

GUEST ESSAY – The role of automation in keeping software from malicious, unintended usage

By Dan Chernov

Writing a code can be compared to writing a letter.

Related: Political apps promote division

When we write a letter, we write it in the language we speak — and the one that the recipient understands. When writing a code, the developer does it in a language that the computer understands, that is, a programing language.  With this language, the developer describes a program scenario that determines what the program is required to do, and under what circumstances.

If we make mistakes or typos in the text of the letter, its content becomes distorted. Our intentions or requests can get misinterpreted. The same thing happens when the developer makes errors in the code, resulting in inadvertent vulnerabilities.

Then the operating scenarios of the system become different from those originally intended by the software developer. As a result, the system can be brought into a non-standard condition, which was not provided for by the software developer. Thus, an attacker can manipulate these non-standard conditions for their own purposes.

As an example, let’s take SQL injection, one of the most well-known methods of hacking online applications. Suppose we have an online service, an online bank, for instance. We enter our login and password to sign in.  In a SQL injection attack the intruder inserts malicious code into the lines that are sent to the server for analysis and execution. With a user account, the attacker can bring the system into an abnormal condition and get access to other users’ accounts.

GUEST ESSAY: A Memorial Day call to upskill more veterans for in-demand cybersecurity roles

By Jack Koziol

It’s no secret that cybersecurity roles are in high demand. Today there are more than 500,000 open cybersecurity roles in the U.S., leaving organizations vulnerable to cyber threats.

Related: Deploying employees as threat sensors

Meanwhile, 200,000 well-trained and technically skilled military service members are discharged each year.

These individuals have many transferable skills that would make cybersecurity a prosperous civilian career. Yet, there’s still work to be done to make this path more accessible and known among the veteran and transitioning military community.

Fundamentally, cybersecurity professionals identify weaknesses and design systems and processes to protect any organization — government agencies, private companies — from cyberattacks. Veterans have the characteristics that make them ideal for these roles. They’re exceptional at working in high-pressure environments, managing confidential information, solving complex problems and responding systematically.

Better still, cybersecurity jobs offer the individuals who have served our country a fulfilling career. Cybersecurity jobs are always available and offer many options for people who want to work remotely or move around the country for family or career reasons. Plus — they tend to pay well too. The average salary is $116,000 annually plus benefits.

GUEST ESSAY: Why organizations need to prepare for cyber attacks fueled by quantum computers

By Skip Sanzeri

In today’s times, we are more aware of cyberattacks as these have become front-page news. We most recently witnessed this as Russia invaded Ukraine. Cyberattacks were used as the first salvo before any bullet or missile was fired.

Related: The role of post-quantum encryption

We live in an increasingly digitized world where digital footprints are left behind, leaving evidence of nearly everything we do. This enables our adversaries to gain extremely valuable information and to steal, disrupt or even harm with simple keystrokes on a distant computer.

Quantum computers pose yet another looming threat since it has been mathematically proven that quantum computers with enough power will crack all the world’s public encryption. When these computers come online, any company or federal agency that is not upgraded to post-quantum cybersecurity will leave its data vulnerable to attackers. Even worse, data that is being stolen today is sitting on servers in other countries waiting to be decrypted by quantum computers.

Why Now?

It is now more important than ever for companies to share cyberattack and ransomware data with the government to ensure that we can defend and prepare much better than before.

On March 15, 2022, a new bipartisan legislation cyber incident reporting law called the “Cyber Incident Reporting for Critical Infrastructure Act” was passed by Congress and signed by President Joe Biden which requires critical infrastructure leaders in commercial enterprises and government to report cyber incidents to the Department of Homeland Security (DHS) cyber and infrastructure security agency (CISA).