Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

My Take

 

MY TAKE: How blockchain technology came to seed the next great techno-industrial revolution

By Byron V. Acohido

Some 20 years ago, the founders of Amazon and Google essentially set the course for how the internet would come to dominate the way we live.

Jeff Bezos of Amazon, and Larry Page and Sergey Brin of Google did more than anyone else to actualize digital commerce as we’re experiencing it today – including its dark underbelly of ever-rising threats to privacy and cybersecurity.

Related: Securing identities in a blockchain

Today we may be standing on the brink of the next great upheaval. Blockchain technology in 2019 may prove to be what the internet was in 1999.

Blockchain, also referred to as distributed ledger technology, or DLT,  is much more than just the mechanism behind Bitcoin and cryptocurrency speculation mania. DLT holds the potential to open new horizons of commerce and culture, based on a new paradigm of openness and sharing.

Some believe that this time around there won’t be a handful of tech empresarios grabbing a stranglehold on the richest digital goldmines. Instead, optimists argue, individuals will arise and grab direct control of minute aspects of their digital personas – and companies will be compelled to adapt their business models to a new ethos of sharing for a greater good.

At least that’s one Utopian scenario being widely championed by thought leaders like economist and social theorist Jeremy Rifkin, whose talk, “The Third Industrial Revolution: A Radical New Sharing Economy,” has garnered 3.5 million views on YouTube. And much of the blockchain innovation taking place today is being directed by software prodigies, like Ethereum founder Vitalik Buterin, who value openness and independence above all else.

Public blockchains and private DLTs are in a nascent stage, as stated above, approximately where the internet was in the 1990s. This time around, however, many more complexities are in play – and consensus is forming that blockchain will take us somewhere altogether different from where the internet took us.

“With the Internet, a single company could take a strategic decision and then forge ahead, but that’s not so with DLT,” says Forrester analyst Martha Bennett, whose cautious view of blockchain we’ll hear later. “Blockchains are a team sport. There needs to be major shifts in approach and corporate culture, towards collaboration among competitors, before blockchain-based networks can become the norm.”

That said, here are a few important things everyone should understand about the gelling blockchain revolution. …more

MY TAKE: How ‘credential stuffing’ and ‘account takeovers’ are leveraging Big Data, automation

By Byron V. Acohido

A pair of malicious activities have become a stunning example of digital transformation – unfortunately on the darknet.

Related: Cyber risks spinning out of IoT

Credential stuffing and account takeovers – which take full advantage of Big Data, high-velocity software, and automation – inundated the internet in massive surges in 2018 and the first half of 2019, according to multiple reports.

Credential stuffing is one of the simplest cybercriminal exploits, a favorite among hackers. Using this technique, the criminal collects your leaked credentials (usually stolen in a data breach) and then applies them to a host of other accounts, hoping they unlock more. If you’re like the majority of users out there, you reuse credentials. Hackers count on it.

A new breed of credential stuffing software programs allows people with little to no computer skills to check the log-in credentials of millions of users against hundreds of websites and online services such as Netflix and Spotify in a matter of minutes. The sophistication level of these cyberthreats is increasing, and there’s an ominous consensus gelling in the cybersecurity community that the worst is yet to come.

“We’ve observed significant growth in credential stuffing and account takeovers for several years. It’s hard to see a short-term change that would slow attempts by attackers,” Patrick Sullivan, Akamai’s senior director of security strategy, told me. “Significant changes to authentication models may be required to alter the growth trajectory of these attacks.” …more

MY TAKE: The case for assessing, quantifying risks as the first step to defending network breaches

By Byron V. Acohido

It’s clear that managed security services providers (MSSPs) have a ripe opportunity to step into the gap and help small- to medium-sized businesses (SMBs) and small- to medium-sized enterprises (SMEs) meet the daunting challenge of preserving the privacy and security of sensitive data.

Related: The case for automated threat feeds analysis

Dallas-based Critical Start is making some hay in this space — by striving to extend the roles traditionally played by MSSPs. The company has coined the phrase managed detection and response, or MDR, to more precisely convey the type of help it brings to the table.

I had the chance to meet with Randy Watkins, Critical Start’s chief technology officer at Black Hat USA 2019. Since its launch in 2012, the company has operated profitably, attracting customers mainly in Texas, Oklahoma, Louisiana and Arkansas and growing to 131 employees.

With a recent $40 million Series A equity stake from Bregal Sagemount, and fresh partnerships cemented with tech heavyweights Microsoft, Google Chronicle and Palo Alto Networks, among others, Critical Start is on a very promising trajectory. It wants to grow nationally and globally, of course.

Even more ambitiously, the company wants to lead the way in pivoting network security back to a risk-oriented approach, instead of what Watkins opines that it has all too often become: a march toward meeting controls-based checklists. We had a fascinating discussion about this. For a full drill down, give a listen to the accompanying podcast. Here are excerpts, edited for clarity and length:

LW:  What’s the difference between taking a ‘risk-oriented’ versus a ‘controlled-based’ approach to security?

Watkins: Security really is the art of handling risk. We used to enumerate the risks that exist inside of an organization, try to assign a value to the impact it would have, if that risk was exploited. And then we’d assign either mitigation or acceptance or transference of the risk, based on potential impact and the probability that it would happen. …more

MY TAKE: Peerlyst shares infosec intel; recognizes Last Watchdog as a top cybersecurity influencer

By Byron V. Acohido

Sharing intelligence for the greater good is an essential component of making Internet-centric commerce as safe and as private as it needs to be.

Related: Automating threat feed analysis

Peerlyst is another step in that direction. Started by infosec professionals, Peerlyst takes the characteristics of B2B communications we’ve become accustomed to on Twitter and LinkedIn and directs it toward cybersecurity.

By signing up for Peerlyst, company decision makers focused on mitigating cyber risks, as well as vendor experts, academics and independent researchers, are provided with a personalized feed of content based on specific interests, as well as the topics and people you follow.

One fresh resource issued this week is a new eBook: 52 Influential Cyber Security Bloggers and Speakers, a …more

MY TAKE: ‘Perimeter-less’ computing requires cyber defenses to extend deeper, further forward

By Byron V. Acohido

Threat actors are opportunistic, well-funded, highly-motivated and endlessly clever.

Therefore cybersecurity innovations must take hold both deeper inside and at the leading edges of modern business networks.

Related: Lessons learned from Capital One breach

Most of the promising new technologies I’ve had the chance to preview this year validate this notion. The best and brightest security innovators continue to roll out solutions designed to stop threat actors very deep – as deep as in CPU memory — or at the cutting edge, think cloud services, IoT and DevOps exposures.

Juniper Networks, the Sunnyvale, CA – based supplier of networking equipment, I discovered, is actually doing both. I came to this conclusion after meeting with Oliver Schuermann, Juniper’s senior director of enterprise marketing.

We met at Black Hat 2019 and Schuermann walked me through how Juniper’s security play pivots off the evolving infrastructure of a typical corporate network. For a full drill down, please give a listen to the accompanying podcast. Here are the key takeaways:

Deeper sharing

Wider threat intelligence sharing continues to advance apace. I was in the audience at Stanford in 2015 when President Obama signed an executive order urging the corporate sector to accelerate the sharing of threat feeds among themselves and with the federal government.

Since then, a number of threat intel sharing consortiums have either formed or expanded their activities. One recent example is how five midwestern universities – Indiana, Northwestern, Purdue, Rutgers and Nebraska – partnered to create a joint security operation center to gather, analyze and act on threat feeds.

Juniper gathers threat feeds via a security framework, called SecIntl, that runs off servers tied together by Juniper equipment deployed globally in corporate networks. …more

MY TAKE: Poll shows senior execs, board members grasp strategic importance of cybersecurity

By Byron V. Acohido

A singular topic has risen to the top of the agenda in executive suites and board rooms all across the planet: cybersecurity.

Related: Security, privacy fallout of IoT

A recent survey by Infosys, a tech consulting and IT services giant based in Bangalore, India, quantifies the degree to which the spotlight has landed on cybersecurity in large organizations.

Infosys polled 867 senior officials from 847 firms in a dozen industries, each with at least $500 million in annual revenue; the companies are based in the US, Europe, Australia or New Zealand. Some 83% of respondents said they viewed cybersecurity as critical to their organization, while 66% of the companies reported having implemented a well-defined cybersecurity strategy.

What jumped out at me was that 60% of C-level executives and 48% of board members indicated they actively participated in formulating cybersecurity strategy. Just five years ago a participation level like this was more of an optimistic hope, than anything else. At least that’s what I took away from a memorable fireside chat I had, back then, with the late Howard Schmidt, former White House Cybersecurity Advisor under Presidents Bush and Obama.

Last week, I had the chance to sit down with Vishal Salvi, Infosys’ chief information security officer. We met at the Infosys Americas Confluence conference in Scottsdale, AZ, and had a well-rounded discussion about the drivers behind this new board-level awareness – and the going forward implications. For a full drill down, please give a listen to the accompanying podcast. Here are a few key takeaways:

Time to execute

Salvi walked me through other survey findings illustrating how pervasively a cybersecurity consciousness has taken hold in the upper echelons of the corporate sector. According to the Infosys poll, these items are on the front burner:

•The top concerns faced by enterprises are hackers and hacktivist (84 percent), low awareness among employees (76 percent), insider threats (75 percent), and corporate espionage (75 percent)

•Challenges in building a security aware culture combined with embedding security into design affects nearly two thirds of enterprises

•Across industries, cybersecurity is consistently viewed as critical in an enterprise’s digital transformation journey. Manufacturing emerged at the top (87 percent), followed by energy and utilities (85 percent), and banking, financial services and insurance (83 percent.) …more

MY TAKE: What everyone should know about the promise and pitfalls of the Internet of Things

By Byron V. Acohido

The city of Portland, Ore. has set out to fully leverage the Internet of Things and emerge as a model “smart” city.

Related: Coming soon – driverless cars

Portland recently shelled out $1 million to launch its Traffic Sensor Safety Project, which tracks cyclists as they traverse the Rose City’s innumerable bike paths. That’s just step one of a grand plan to closely study – and proactively manage – traffic behaviors of cyclists, vehicles, pedestrians and joggers. This is all in pursuit of the high-minded goal of eliminating all accidents that result in death or serious injury.

Portland is shooting high, and it is by no means alone. Companies in utilities, transportation and manufacturing sectors are moving forward with the …more