Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

My Take

 

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

By Byron V. Acohido

Achieving “digital trust” is not going terribly well globally.

Related: How decentralized IoT boosts decarbonization

Yet, more so than ever, infusing trustworthiness into modern-day digital services has become mission critical for most businesses. Now comes survey findings that could perhaps help to move things in the right direction.

According to DigiCert’s 2024 State of Digital Trust Survey results, released today, companies proactively pursuing digital trust are seeing boosts in revenue, innovation and productivity. Conversely, organizations lagging may be flirting with disaster.

“The gap between the leaders and the laggards is growing,” says Brian Trzupek, DigiCert’s senior vice president of product. “If you factor in where we are in the world today with things like IoT, quantum computing and generative AI, we could be heading for a huge trust crisis.”

DigiCert polled some 300 IT, cybersecurity and DevOps professionals across North America, Europe and APAC. I sat down with Trzupek and Mike Nelson, DigiCert’s Global Vice President of Digital Trust, to discuss the wider implications of the survey findings. My takeaways:

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

By Byron V. Acohido

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints.

Related: The role of ‘attribute based encryption’

There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants.

That could be about to change. Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights.

I had the chance to visit with , senior scientist at NTT Research’s Cryptography & Information Security (CIS) Lab, to learn more about the progress being made on a promising concept called “privacy preserving aggregate statistics.”

MY TAKE: Rising geopolitical tensions suggest a dire need for tighter cybersecurity in 2024

By Byron V. Acohido

Russia’s asymmetrical cyber-attacks have been a well-documented, rising global concern for most of the 2000s.

Related: Cybersecurity takeaways of 2023

I recently visited with Mihoko Matsubara, Chief Cybersecurity Strategist at NTT to discuss why this worry has climbed steadily over the past few years – and is likely to intensify in 2024.

The wider context is all too easy to overlook. Infamous cyber opsattributed to Russia-backed hackers fall into a pattern that’s worth noting:

Cyber attacks on Estonia (2007) Websites of Estonian banks, media outlets and government bodies get knocked down in a dispute over a Soviet-era war memorial.

Cyber attacks on Georgia (2008, 2019) Georgian government websites get defaced; thousands of

STEPS FORWARD: How decentralizing IoT could help save the planet — by driving decarbonization

By Byron V. Acohido

The Internet of Things (IoT) is on the threshold of ascending to become the Internet of Everything (IoE.)

Related:Why tech standards matter

IoT is transitioning from an array of devices that we can control across the Internet into a realm where billions of IoE devices can communicate with each other and make unilateral decisions on our behalf.

This, of course, is the plot of endless dystopian books and movies that end with rogue machines in charge. Yet IoE, at this nascent stage, holds much promise to tilt us towards a utopia where technology helps to resolve our planet’s most intractable problems.

This was the theme of Infineon Technologies’ OktoberTech 2023 conference, which I had the privilege of attending at the Computer History Museum in the heart of Silicon Valley. I had the chance to visit with Thomas Rosteck, Infineon’s Division President of Connected Secure Systems (CSS.)

Infineon supplies semiconductors embedded in smart systems, most notably in automotive, power and IoT. What I found most commendable

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

By Byron V. Acohido

Here’s the final installment of leading technologists sharing their observations about cybersecurity developments in the year that’s coming to a close — and the year to come.

Related: LW year-end roundtable part 1 and part 2

Last Watchdog posed two questions:

•What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization?

•What should I be most concerned about – and focus on – in 2024?

Their guidance:

Snehal Antani, CEO, Horizon3.ai

Many speculated that the ransomware attack on a Toyota supply chain player in Kojima, Japan was in retaliation for Japan’s aid to Ukraine. Nearly $400 million was lost as 28 Toyota production lines shut down.

The cyber threat landscape is evolving rapidly. Generative AI is expected to supercharge the velocity and precision of attacks. Our defensive strategies must evolve. Our success will hinge on deploying AI in a way that not only matches, but anticipates and outmaneuvers, the threat actors’ evolving tactics.

Rebecca Krauthamer, Co-founder and CPO, QuSecure

As new standards for quantum-resilient cryptography come into effect, many government agencies will move toward quantum-readiness. Cryptographic inventories need finalizing and quantum safe encryption needs to be adopted for sensitive communications and data. Consumers will begin to see their favorite applications touting “quantum-secure encryption.”

CISOs will have to get quantum resilient encryption on their

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 2)

By Byron V. Acohido

Here’s part two of Last Watchdog’s year-end tête-à-tête with top cybersecurity experts. Part three to follow on Friday.

Related: LW year-end roundtable part 1 and part 3

Last Watchdog asked two questions:

•What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization?

•What should I be most concerned about – and focus on – in 2024?

Their guidance:

Brandon Colley, Principal Security Consultant, Trimarc Security

Some 10-year-old vulnerabilities are still wildly prevalent. “Kerberoasting” and “Golden Ticket” attacks were both introduced in 2014 and yet enterprises continue to have hundreds of accounts configured with unconstrained delegation.

In 2024 we’ll see more of the same. As we shift to hybrid workloads, identity is becoming more complex. Instead of arguing about MFA strength, VPN vendor, or nation-state treat actors, let’s finish our conversation about using dedicated administrator accounts and unique passwords.

Or Shoshani, CEO and founder, Stream Security 

As 2023 ends, we’re already seeing businesses adopting technology to diagnose and detect threats to their cloud infrastructure before they occur. In the coming year, we also expect to see organizations work to close the disconnect between their DevOps and security teams.

By empowering these teams to work more cohesively, companies will have an easier time ensuring that applications and data are protected from security threats and vulnerabilities. DevOps and security teams must work together

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

By Byron V. Acohido

Notable progress was made in 2023 in the quest to elevate Digital Trust.

Related: Why IoT standards matter

Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be.

We’re not yet at a level of Digital Trust needed to bring the next generation of connected IT into full fruition – and the target keeps moving. This is because the hyper interconnected, highly interoperable buildings, transportation systems and utilities of the near future must necessarily spew forth trillions of new digital connections.

And each new digital connection must be trustworthy. Therein lies the monumental challenge of achieving the level of  Digital Trust needed to carry us forward. And at this moment, wild cards – especially generative AI and quantum computing — are adding to the complexity of that challenge.

I had the opportunity to sit down with DigiCert’s Jason Sabin, Chief Technology Officer and Avesta Hojjati, Vice President of Engineering to chew this over. We met at DigiCert Trust Summit 2023.

We drilled down on a few significant developments expected to play out in 2024 and beyond. Here are my takeaways: