Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

My Take

 

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

By Byron V. Acohido

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth?

Related: Pursuing a biological digital twin

A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

Last August, NTT, the Tokyo-based technology giant, unveiled its Health and Wellbeing initiative – an ambitious effort to guide corporate, political and community leaders onto a more enlightened path. NTT, in short, has set out to usher in a new era of human wellness.

Towards this end it has begun sharing videos, whitepapers and reports designed to rally decision makers from all quarters to a common cause. The blue-sky mission is to bring modern data mining and machine learning technologies to bear delivering personalized services that ameliorate not just physical ailments, but also mental and even emotional ones.

That’s a sizable fish to fry. I had a lively discussion with Craig Hinkley, CEO of NTT Application Security, about the thinking behind this crusade. I came away encouraged that some smart folks are striving to pull us in a well-considered direction. For a full drill down, please give the accompanying podcast a listen. Here are a few key takeaways:

A new starting point

Modern medicine has advanced leaps and bounds in my lifetime when it comes to diagnosing and treating severe illnesses. Even so, for a variety of reasons, healthcare sectors in the U.S. and other jurisdictions have abjectly failed over the past 20 years leveraging Big Data to innovate personalized healthcare services.

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

By Byron V. Acohido

APIs are putting business networks at an acute, unprecedented level of risk – a dynamic that has yet to be fully acknowledged by businesses.

Related: ‘SASE’ framework extends security to the network edge

That said, APIs are certain to get a lot more attention by security teams — and board members concerned about cyber risk mitigation — in 2022. This is so because a confluence of developments in 2021 has put API security in the spotlight, where it needs to be.

APIs have emerged as a go-to tool used by threat actors in the early phases of sophisticated, multi-stage network attacks. Upon gaining a toehold on a targeted device or server, attackers now quickly turn their attention to locating and manipulating available APIs.

“Threat actors have become aware that APIs represent a ton of exposed opportunity,” says Mike Spanbauer, security evangelist at Juniper Networks, a Sunnyvale, Calif.-based supplier of networking technology.

Over the past year, I’ve had several deep conversations parsing how APIs have emerged as a two-edged sword: APIs accelerate digital transformation, but they also vastly expand the attack surface of modern business networks.

ROUNDTABLE: What happened in privacy and cybersecurity in 2021 — and what’s coming in 2022

By Byron V. Acohido

In 2021, we endured the fallout of a seemingly endless parade of privacy controversies and milestone cyber attacks.

Related: The dire need to security-proof APIs

The Solar Winds hack demonstrated supply chain exposures; the attempted poisoning of a Tampa suburb’s water supply highlighted public utilities at risk; and the Colonial Winds ransomware attack signaled cyber extortionist rings continuing to run rampant.

On the privacy front, California beefed up its consumer data privacy regulations even as Facebook and Apple publicly feuded over how each of these tech giants abuse of consumer privacy and loosey handle sensitive data.

Meanwhile, President Biden issued a cybersecurity executive order finally putting the federal government’s regulatory stamp on foundational cyber hygiene practices many organizations should have already been doing, yet continue to gift short shrift.

Last Watchdog sought commentary from technology thought leaders about lessons learned in 2021– and any guidance they might have to offer heading into 2022.

SHARED INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

By Byron V. Acohido

Application Programming Interface. APIs. Where would we be without them?

Related: Supply-chain exposures on the rise

APIs are the snippets of code that interconnect the underlying components of all the digital services we can’t seem to live without. Indeed, APIs have opened new horizons of cloud services, mobile computing and IoT infrastructure, with much more to come.

Yet, in bringing us here, APIs have also spawned a vast new tier of security holes. API vulnerabilities are ubiquitous and multiplying; they’re turning up everywhere. Yet, API security risks haven’t gotten the attention they deserve. It has become clear that API security needs to be prioritized as companies strive to mitigate modern-day cyber exposures.

Consider that as agile software development proliferates, fresh APIs get flung into service to build and update cool new apps. Since APIs are explicitly used to connect data and services between applications, each fresh batch of APIs and API updates are like a beacon to malicious actors.

Organizations don’t even know how many APIs they have, much less how those APIs are exposing sensitive data. Thus security-proofing APIs has become a huge challenge. APIs are like snowflakes: each one is unique. Therefore, every API vulnerability is necessarily unique. Attackers have taken to poking and prodding APIs to find inadvertent and overlooked flaws; even better yet, from a hacker’s point of view, many properly designed APIs are discovered to be easy to  manipulate — to gain access and to steal sensitive data.

Meanwhile, the best security tooling money can buy was never designed to deal with this phenomenon.

MY TAKE: lastwatchdog.com receives recognition as a Top 10 cybersecurity webzine in 2021

By Byron V. Acohido

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures.

Related article: The road to a Pulitzer

While I no longer concern myself with seeking professional recognition for my work, it’s, of course, always terrific to receive peer validation that we’re steering a good course.

That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics. The recognition comes from Cyber Security Hub, a website sponsored by IQPC Digital. We’ve been named one of the Top 10 cybersecurity webzines in 2021.

Here is their very gracious description of what Last Watchdog is all about:

“Founder, contributor and executive editor of the forward-thinking Last Watchdog webzine, Byron V. Acohido is a Pulitzer-winning journalist and web producer. Visit Last Watchdog to view videos, surf cyber news, gain informative analysis and read guest essays from leading lights in the cybersecurity community. Expect content that is always accurate and fair, with recent posts exploring the monitoring of complex modern networks, telecom data breaches that expose vast numbers of mobile users, efforts to make software products safer and ransomware attacks on global supply chains.”

MY TAKE: Can Project Wildland’s egalitarian platform make Google, Facebook obsolete?

By Byron V. Acohido

Most of the people I know professionally and personally don’t spend a lot of time contemplating the true price we pay for the amazing digital services we’ve all become addicted to.

Related: Blockchain’s role in the next industrial revolution

I’ll use myself as a prime example. My professional and social life revolve around free and inexpensive information feeds and digital tools supplied by Google, Microsoft, Amazon, LinkedIn, Facebook and Twitter.

I’m productive. Yet, I’m certainly not immune to the clutter and skewed perspectives these tech giants throw at me on an hourly basis — as they focus myopically on monetizing my digital footprints. I don’t know what I’d do without my tech tools, but I also have a foreboding sense that I spend way too much with them.

Technologically speaking, we are where we are because a handful of tech giants figured out how to collect, store and monetize user data in a singular fashion. Each operates a closed platform designed to voraciously gather, store and monetize user data.

Q&A: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

By Byron V. Acohido

Surfshark wants to help individual citizens take very direct control of their online privacy and security.

Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One.

Related: Turning humans into malware detectors

This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.

It’s notable that this is happening at a time when Microsoft, Apple and Google are going the opposite direction – by natively embedding more consumer-grade security services into their popular operating systems, like Windows, Mac, IoS and Android. And let’s not forget the longstanding, multi-billion market of antivirus software subscriptions directed at consumers.

The consumer anti-virus vendors have been generating massive subscription revenue for two decades; though this market is mature and in a consolidation phase, it is not going to disappear anytime soon, as suggested by  NortonLifeLock’s $8 billion buyout of Avast.

Last year I agreed to serve a one-year term on Surfshark’s advisory board. I accepted because I appreciated Surfshark’s emphasis on privacy and security — and saw it as a way to learn more about the consumer cybersecurity market.