Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

My Take

 

Will GDPR usher in a new paradigm for how companies treat consumers’ online privacy?

By Byron V. Acohido

Back in 2001, Eric Schmidt, then Google’s CEO, described the search giant’s privacy policy as “getting right up to the creepy line and not crossing it.

Well, Europe has now demarcated the creepy line – and it is well in favor of its individual citizens. The General Data Protection Regulation, or GDPR, elevates the privacy rights of individuals and imposes steep cash penalties for companies that cross the creepy line – now defined in specific detail.

Related article: Zuckerberg’s mea culpa reveals reprehensible privacy practices

Europe’s revised online privacy regulations took effect last Friday. European businesses are bracing for disruption – and U.S. companies won’t be immune to the blowback. There are more than 4,000 U.S. companies doing business in Europe, including many small and midsize businesses. All of them, from Google, Facebook and Microsoft, down to mom-and-pop wholesalers and service providers, now must comply with Europe’s new rules for respecting an individual’s online privacy.

The EU is expected to levy GDPR fines totaling more than $6 billion in the next 12 months, an estimate put out by insurance giant Marsh & McLennan. As these penalties get dished out, senior management will become very uncomfortable; they’ll be forced to assume greater responsibility for cybersecurity and privacy, and not just leave it up to the IT department.

This is all unfolding as companies globally are racing to embrace digital transformation – the leveraging of cloud services, mobile computing and the Internet of Things to boost innovation and profitability. In such a heady business environment, a regulatory hammer was necessary to give companies pause to consider the deeper implications of poorly defending their networks and taking a cavalier attitude toward sensitive personal data. …more

Can Cisco, FBI stop Russia from deploying VPNFilter to interfere with U.S. elections?

By Byron V. Acohido

KINGSTON, WA – NewsWrap 23May2018.  Cisco’s Talos cyber intelligence unit today said that it has high confidence that the Russian government is behind the campaign, dubbed VPNFilter, to launch destructive attacks on Ukraine.

Related article: How Russian bots supported Nunes memo

Talos researchers disclosed that VPNFilter has :

•Infected 500,000 routers and networking devices 54 countries.

•Is capable of stealing website credentials and monitoring industrial controls

•Can render any router or other devices it infects inoperable

•Can be used for espionage or to disrupt internet communications

Cisco appears to be working very closely with U.S law enforcement on this. The FBI also announced Wednesday that they’ve seized one of the primary domains the Russians have been using to distribute VPNFilter malware.

Safe to assume Russia has backup domains – and isn’t about to just abandon VPNFilter. So the key, going forward, is for Cisco and the FBI to stay a step ahead. It is vital to stop Russia from using VPNFilter to influence the U.S. midterm federal elections in November.

Stephenson

An assessment from Ashley Stephenson, CEO, Corero Network Security: “We often know about potential threats earlier in their lifecycle, before the actual attacks are launched. Ironically the cybersecurity community is frequently powerless to intervene before these weaponized IoTs are activated so we must continue to prepare our cyber defenses and response strategies for future attacks.” …more

Why antivirus has endured as a primary layer of defense — 30 years into the cat vs. mouse chase

By Byron V. Acohido

Antivirus software, also known as antimalware, has come a long, long way since it was born in the late 1980’s to combat then nascent computer viruses during a time when a minority of families had a home computer.

One notable company’s journey in the space started in 1987 when three young men, Peter Paško, Rudolf Hrubý, and Miroslav Trnka, built one of the earliest antivirus prototypes while working out of a house in the former Czechoslovakia. A few years later they formally launched ESET in the central European country of Slovakia in the city of Bratislava.

Related article: NSA super weapons fuel cyber attacks

ESET has endured as part of a select group of legacy antivirus companies that got started in that era. The list includes Avira, Avast, AVG, Bitdefender, F-Secure, G Data, Kaspersky, McAfee, Panda, Sophos, Symantec and Trend Micro.

It’s amazing that these companies all continue to thrive years later, long after pundits declared traditional antivirus too anachronistic to keep pace with the rise of ecommerce, cloud computing, mobile computing and now the Internet of Things. But they were wrong.

Today the “endpoint security” market, which includes antimalware, antispyware and firewalls, is as healthy as ever; research firm Marketsandmarkets estimates global spending on endpoint security will rise to $17.4 billion by 2020, up from $11.6 billion in 2015, a robust 8% per annum growth rate.

I had the chance to discuss ESET’s evolution from traditional antivirus to a full suite of security solutions (ransomware protection, threat intelligence, encryption and the like) with Tony Anscombe, ESET’s global security evangelist, at RSA Conference 2018. For a drill down on our conversation please give the accompanying podcast a listen. A few big takeaways: …more

MY TAKE: Why DDoS attacks continue to escalate — and how businesses need to respond

By Byron V. Acohido

Law enforcement’s big win last month dismantling ‘Webstresser,’ an online shopping plaza set up to cater to anyone wishing to purchase commoditized DDoS attack services, was a stark reminder of the ever present threat posed by Distributed Denial of Service attacks.

Related video: How DDoS attacks leverage the Internet’s DNA

The threat actors running Webstresser accepted all paying customers — no questions asked.  Anybody could use Webstresser’s online payment system to rent out stressers or booters, available for hire for as little as $18 per month — and most effective at flooding targeted servers with traffic, no technical skills required.

Webstresser had more than 136,000 registered users who patronized it to launch some 4 million DDoS attacks against government agencies, banks, police and gambling sites, according to Europol. Keep in mind, Webstresser is just one colorful example of how far DDoS attacks have come.

DDoS originated a decade or more before anyone ever thought up ransomware attacks; and DDoS has advanced and expanded, approximately on par with targeted phishing and leading-edge data breach tactics.

I recently had a chance to discuss the current state of DDoS threats with Lee Chen, CEO of A10 Networks, a leading supplier of advanced DDoS detection and mitigation systems. For a full drill down on our discussion please listen to the accompanying podcast. Here are a few takeaways: …more

MY TAKE: Why the unfolding SIEMs renaissance fits hand-in-glove with ‘digital transformation’

SIEM systems have been on the comeback trail for a few years now. And now SIEMs could be on the verge of a full-blown renaissance.

Related article: Freeing SOC analysts from tedious tasks

I spoke with several vendors who are contributing to this at RSA Conference 2018. One of them  was Securonix, a supplier advanced next-generation SIEM  (security information and event  management) technology. The Addison, Tex.-based company is also a leading innovator in UEBA (user and entity based analytics) systems.

For a full drill down of my conversation with Nitin Agale, Securonix’s SVP of products, please listen to the accompanying podcast. A few takeaways from our discussion:

SIEMs’ second wind

SIEMs, you may recall, first cropped up in 2005, and, at the time, got unfairly hyped as something of a silver bullet. SIEMs are designed as a tool to collect event log data from Internet traffic, as well as corporate hardware and software assets, and then cull meaningful security intelligence from a massive volume of potential security events.

For a number of reasons, SIEMs never quite lived up to their initial promise. Now, 13 years later, we’re in the midst of a “digital transformation” that has resulted in an exponential increase in the volume of business data, much of it circulating in the cloud. …more

MY TAKE: Oracle aims to topple Amazon in cloud services — by going database-deep with security

By Byron V. Acohido

Ahoy, Jeff Bezos and Amazon. Watch out! Larry Ellison and Oracle are coming after you.

The ever feisty Ellison, 73, founder of Oracle and an America’s Cup sailing champion, recently tacted the good ship Oracle onto a new course. Last October, Ellison announced the launch of a pioneering set of automated cloud services, and boasted that these new tools will help Oracle overtake Amazon as a leading cloud services provider.

Related article: Companies need a compliance strategy

Notably, a linchpin to Oracle’s new cloud strategy is cybersecurity. Specifically, the company has come up with technology the directs machine learning anomaly detection capabilities much deeper than any other security vendor has gone heretofore – into the database layer of company networks.

I recently …more

GUEST ESSAY: Rising workplace surveillance is here to stay; here’s how it can be done responsibly

By Elizabeth Rogers

People often recite the cynical phrase that ‘privacy is dead.’  I enthusiastically disagree and believe, instead, that anonymity is dead.

One area where this is being increasingly demonstrated is in the workplace. Employee surveillance has been rising steadily in the digital age. And because it’s difficult, if not impossible, to keep ones digital work life separate from ones digital private life, the potential for abuse to happen while carrying out an employee surveillance program is real.

Related video: SXSW panel hashes over employee monitoring

However, I firmly believe that, together, we can preserve the employee privacy through clearly stated social ‘contracts’ and fair enforcement of same.

Let’s begin with the notion that employees, unless advised otherwise, have a right to privacy in the workplace. However, the scales also tip in favor of the employer to monitor threats to  the company’s intellectual property.

Unique ties

Employers and employees share a unique relationship built on trust.  When it comes to assets of the company, it is in the mutual interest of both that they stay protected.  Generally, employees will sign a contract, in the form of a Non-disclosure Agreement that yields to the …more