Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

My Take

 

MY TAKE: Why we should all now focus on restoring stability to US-Iran relations

By Byron V. Acohido

As tensions escalate between the U.S. and Iran it’s vital not to lose sight of how we arrived at this point.

Related: We’re in the golden age of cyber spying

Mainstream news outlets are hyper focused on the events of the past six days. A Dec. 27 rocket attack on a military base in northern Iraq killed an American contractor and a number of service members. Protesters attacked the US embassy in Baghdad. President Trump then retaliated by ordering a drone strike that killed a top Iranian military leader,  Gen. Qasem Soleimani.

The open assassination of a top Middle East official has ignited a social media frenzy about how we very well may be on the brink of World War III. I very much hope cooler heads prevail.

Iran accord scuttled

A starting point for cooling things off would be for news pundits — as well as anyone who considers himself or herself a social media influencer, i.e, someone who fosters community discussions — to recall the hostile shove Trump gave Iran last May.

That’s when Trump scuttled the 2015 Iran nuclear deal – which was the result of 10 years of negotiation between Iran and the United Nations Security Council. The 2015 Iran accord, agreed to by President Obama, set limits on Iran’s nuclear programs in exchange for the lifting of nuclear-related sanctions.

For his own reasons, Trump declared the 2015 Iran accord the “worst deal ever,” and has spent the past several months proactively escalating tensions with Iran, for instance, by unilaterally imposing multiple rounds of fresh sanctions.

This, of course, pushed Iran into a corner, and, no surprise, Iran has pushed back. It’s important to keep in mind that Iran, as well as Europe and the U.S., were meeting the terms of the 2015 nuclear deal, prior to Trump scuttling the deal. …more

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

By Byron V. Acohido

I’m privileged to share news that two Last Watchdog articles were recognized in the 2019 Information Management Today MVP Awards. My primer on the going forward privacy and security implications of IoT — What Everyone Should Know About the Promise and Pitfalls of the Internet of Things — won second place in the contest’s IoT Security category.

In addition, my coverage of how the zero trust authentication movement is improving privacy and security at a fundamental level — Early Adopters Find Smart ‘Zero Trust’ Access Improves Security Without Stifling Innovation — won third place in the contest’s Hardware and Software Security category. I’ve been paying close attention to privacy and cybersecurity since 2004, first as a technology reporter …more

MY TAKE: How blockchain technology came to seed the next great techno-industrial revolution

By Byron V. Acohido

Some 20 years ago, the founders of Amazon and Google essentially set the course for how the internet would come to dominate the way we live.

Jeff Bezos of Amazon, and Larry Page and Sergey Brin of Google did more than anyone else to actualize digital commerce as we’re experiencing it today – including its dark underbelly of ever-rising threats to privacy and cybersecurity.

Related: Securing identities in a blockchain

Today we may be standing on the brink of the next great upheaval. Blockchain technology in 2019 may prove to be what the internet was in 1999.

Blockchain, also referred to as distributed ledger technology, or DLT,  is much more than just the mechanism behind Bitcoin and cryptocurrency speculation mania. DLT holds the potential to open new horizons of commerce and culture, based on a new paradigm of openness and sharing.

Some believe that this time around there won’t be a handful of tech empresarios grabbing a stranglehold on the richest digital goldmines. Instead, optimists argue, individuals will arise and grab direct control of minute aspects of their digital personas – and companies will be compelled to adapt their business models to a new ethos of sharing for a greater good.

At least that’s one Utopian scenario being widely championed by thought leaders like economist and social theorist Jeremy Rifkin, whose talk, “The Third Industrial Revolution: A Radical New Sharing Economy,” has garnered 3.5 million views on YouTube. And much of the blockchain innovation taking place today is being directed by software prodigies, like Ethereum founder Vitalik Buterin, who value openness and independence above all else.

Public blockchains and private DLTs are in a nascent stage, as stated above, approximately where the internet was in the 1990s. This time around, however, many more complexities are in play – and consensus is forming that blockchain will take us somewhere altogether different from where the internet took us.

“With the Internet, a single company could take a strategic decision and then forge ahead, but that’s not so with DLT,” says Forrester analyst Martha Bennett, whose cautious view of blockchain we’ll hear later. “Blockchains are a team sport. There needs to be major shifts in approach and corporate culture, towards collaboration among competitors, before blockchain-based networks can become the norm.”

That said, here are a few important things everyone should understand about the gelling blockchain revolution. …more

MY TAKE: How ‘credential stuffing’ and ‘account takeovers’ are leveraging Big Data, automation

By Byron V. Acohido

A pair of malicious activities have become a stunning example of digital transformation – unfortunately on the darknet.

Related: Cyber risks spinning out of IoT

Credential stuffing and account takeovers – which take full advantage of Big Data, high-velocity software, and automation – inundated the internet in massive surges in 2018 and the first half of 2019, according to multiple reports.

Credential stuffing is one of the simplest cybercriminal exploits, a favorite among hackers. Using this technique, the criminal collects your leaked credentials (usually stolen in a data breach) and then applies them to a host of other accounts, hoping they unlock more. If you’re like the majority of users out there, you reuse credentials. Hackers count on it.

A new breed of credential stuffing software programs allows people with little to no computer skills to check the log-in credentials of millions of users against hundreds of websites and online services such as Netflix and Spotify in a matter of minutes. The sophistication level of these cyberthreats is increasing, and there’s an ominous consensus gelling in the cybersecurity community that the worst is yet to come.

“We’ve observed significant growth in credential stuffing and account takeovers for several years. It’s hard to see a short-term change that would slow attempts by attackers,” Patrick Sullivan, Akamai’s senior director of security strategy, told me. “Significant changes to authentication models may be required to alter the growth trajectory of these attacks.” …more

MY TAKE: The case for assessing, quantifying risks as the first step to defending network breaches

By Byron V. Acohido

It’s clear that managed security services providers (MSSPs) have a ripe opportunity to step into the gap and help small- to medium-sized businesses (SMBs) and small- to medium-sized enterprises (SMEs) meet the daunting challenge of preserving the privacy and security of sensitive data.

Related: The case for automated threat feeds analysis

Dallas-based Critical Start is making some hay in this space — by striving to extend the roles traditionally played by MSSPs. The company has coined the phrase managed detection and response, or MDR, to more precisely convey the type of help it brings to the table.

I had the chance to meet with Randy Watkins, Critical Start’s chief technology officer at Black Hat USA 2019. Since its launch in 2012, the company has operated profitably, attracting customers mainly in Texas, Oklahoma, Louisiana and Arkansas and growing to 131 employees.

With a recent $40 million Series A equity stake from Bregal Sagemount, and fresh partnerships cemented with tech heavyweights Microsoft, Google Chronicle and Palo Alto Networks, among others, Critical Start is on a very promising trajectory. It wants to grow nationally and globally, of course.

Even more ambitiously, the company wants to lead the way in pivoting network security back to a risk-oriented approach, instead of what Watkins opines that it has all too often become: a march toward meeting controls-based checklists. We had a fascinating discussion about this. For a full drill down, give a listen to the accompanying podcast. Here are excerpts, edited for clarity and length:

LW:  What’s the difference between taking a ‘risk-oriented’ versus a ‘controlled-based’ approach to security?

Watkins: Security really is the art of handling risk. We used to enumerate the risks that exist inside of an organization, try to assign a value to the impact it would have, if that risk was exploited. And then we’d assign either mitigation or acceptance or transference of the risk, based on potential impact and the probability that it would happen. …more

MY TAKE: Peerlyst shares infosec intel; recognizes Last Watchdog as a top cybersecurity influencer

By Byron V. Acohido

Sharing intelligence for the greater good is an essential component of making Internet-centric commerce as safe and as private as it needs to be.

Related: Automating threat feed analysis

Peerlyst is another step in that direction. Started by infosec professionals, Peerlyst takes the characteristics of B2B communications we’ve become accustomed to on Twitter and LinkedIn and directs it toward cybersecurity.

By signing up for Peerlyst, company decision makers focused on mitigating cyber risks, as well as vendor experts, academics and independent researchers, are provided with a personalized feed of content based on specific interests, as well as the topics and people you follow.

One fresh resource issued this week is a new eBook: 52 Influential Cyber Security Bloggers and Speakers, a …more

MY TAKE: ‘Perimeter-less’ computing requires cyber defenses to extend deeper, further forward

By Byron V. Acohido

Threat actors are opportunistic, well-funded, highly-motivated and endlessly clever.

Therefore cybersecurity innovations must take hold both deeper inside and at the leading edges of modern business networks.

Related: Lessons learned from Capital One breach

Most of the promising new technologies I’ve had the chance to preview this year validate this notion. The best and brightest security innovators continue to roll out solutions designed to stop threat actors very deep – as deep as in CPU memory — or at the cutting edge, think cloud services, IoT and DevOps exposures.

Juniper Networks, the Sunnyvale, CA – based supplier of networking equipment, I discovered, is actually doing both. I came to this conclusion after meeting with Oliver Schuermann, Juniper’s senior director of enterprise marketing.

We met at Black Hat 2019 and Schuermann walked me through how Juniper’s security play pivots off the evolving infrastructure of a typical corporate network. For a full drill down, please give a listen to the accompanying podcast. Here are the key takeaways:

Deeper sharing

Wider threat intelligence sharing continues to advance apace. I was in the audience at Stanford in 2015 when President Obama signed an executive order urging the corporate sector to accelerate the sharing of threat feeds among themselves and with the federal government.

Since then, a number of threat intel sharing consortiums have either formed or expanded their activities. One recent example is how five midwestern universities – Indiana, Northwestern, Purdue, Rutgers and Nebraska – partnered to create a joint security operation center to gather, analyze and act on threat feeds.

Juniper gathers threat feeds via a security framework, called SecIntl, that runs off servers tied together by Juniper equipment deployed globally in corporate networks. …more