Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

My Take

 

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

By Byron V. Acohido

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up, just as they have, year-to-year, for the past 20 years.

Related: LW year-end roundtable part 2 and part 3

With that in mind, Last Watchdog invited the cybersecurity experts we’ve worked with this past year for their perspectives on  two questions that all company leaders should have top of mind:

•What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization?

•What should I be most concerned about – and focus on – in 2024?

The comments we received were uniformly insightful and helpful. Here is part one of three groupings. Parts two and three

DEEP TECH NEWS: Sophos X-Ops advances threat intelligence sharing to the next level

By Byron V. Acohido

Threat intelligence sharing has come a long way since Valentine’s Day 2015.

Related: How ‘Internet Access Brokers’ fuel ransomware

I happened to be in the audience at Stanford University when President Obama took to the stage to issue an executive order challenging the corporate sector and federal government to start collaborating as true allies.

Obama’s clarion call led to the passage of the Cybersecurity Information Sharing Act, the creation of Information Sharing and Analysis Organizations (ISAOs) and the jump-starting of several private-sector sharing consortiums.

Material progress in threat intel sharing, indeed, has been made. Yet, there remains much leeway for improvements. I had the chance to discuss this with Christopher Budd, director of Sophos X-Ops, the company’s cross-operational task force of security defenders.

Budd explained how Sophos X-Ops is designed to dismantle security silos internally, while also facilitating

STEPS FORWARD: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

By Byron V. Acohido

The IQ of our smart homes is about to level-up.

Hundreds of different types of smart devices designed to automate tasks and route control to our smart phones and wearable devices have arrived on store shelves, just in time for the holiday shopping season.

Related: Extending digital trust globally

Some of these latest, greatest digital wonders will function well together, thanks to the new Matter smart home devices standard, which was introduced one year ago.

However, there’s still a long way to go to achieve deep interoperability of interconnected services in a way that preserves privacy and is very secure. Matter is a bellwether, part of a fresh slate of technical standards and protocols taking shape that will help to ingrain digital trust and pave the way for massively-interconnected, highly-interoperable digital services.

I recently discussed the current state of tech standards with DigiCert’s  Mike Nelson, Global Vice President of Digital Trust and, Dean Coclin, Senior Director of Trust Services, at DigiCert Trust Summit 2023. We drilled down on Matter as well as another new standard,  BIMI, which stands for “brand indicators for message?identification.” BIMI essentially is a carrot-on-a-stick mechanism designed to incentivize e-mail marketers to proactively engage in suppressing email spoofing. Here are my takeaways:

Matter picks up steam

Frustration with smart home devices should be much reduced in 2024. That’s because gadgets that bear the Matter logo are more readily available than ever.  Matter-compliant thermostats, pet cams, vacuum cleaners, kitchen appliances, TVs and security systems can no

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

By Erin Kapcynski

Editor’s note: I recently had the chance to participate in a discussion about the overall state of privacy and cybersecurity with Erin Kapczynski, OneRep’s senior vice president of B2B marketing. OneRep provides a consumer service that scrubs your personal information from Google and dozens of privacy-breaching websites. Here is Erin’s Q&A column, which originally went live on OneRep’s well-done blog.)

For the first expert interview on our blog, we welcomed Pulitzer-winning investigative reporter Byron V. Acohido to share his ideas about the current cyber threat landscape, the biggest threats for businesses today, the role of AI and machine learning in cyberattacks and cyberdefence, and the most effective methods for companies to protect themselves.

Byron is the founder and editor-in-chief of The Last Watchdog on Privacy & Security. He previously chronicled the emergence of cybercrime while covering Microsoft for USA TODAY. His news analysis columns, podcasts, and videos are crafted to foster a useful understanding of complex privacy and cybersecurity developments for

STEPS FORWARD Q&A: Will ‘proactive security’ engender a shift to risk-based network protection?

By Byron V. Acohido

Something simply must be done to slow, and ultimately reverse, attack surface expansion.

Related: What Cisco’s buyout of Splunk really signals

We’re in the midst of driving towards a dramatically scaled-up and increasingly connected digital ecosystem. Companies are obsessed with leveraging cloud-hosted IT infrastructure and the speedy software development and deployment that goes along with that.

And yet it remains all too easy for malicious hackers to get deep access, steal data, spread ransomware, disrupt infrastructure and attain long run unauthorized access.

I heard a cogent assessment of the shift that must take at the Omdia Analyst Summit at Black Hat USA 2023. In a keynote address, Omdia’s Eric Parizo, managing prinicipal analyst, and Andrew Braunberg, principal analyst, unveiled an

ROUNDTABLE: CISA’s prominent role sharing threat intel could get choked off this weekend

By Byron V. Acohido

Once again, politicians are playing political football, threatening a fourth partial government shutdown in a decade.

Related: Biden’s cybersecurity strategy

As this political theater runs its course one of the many things at risk is national security, particularly on the cyber warfare front.

Given the divergent paths of the U.S. Senate and the U.S. House of representatives, federal agencies could see funding largely choked off on Sunday, resulting in the furloughing of hundreds of thousands of federal workers.

A wide range of federal government services, once more, would slow to a crawl —  everything from economic data releases to nutrition benefits for poor children. And the Cybersecurity and Infrastructure Security Agency (CISA) may be forced to send home some 80 percent of its workforce, drastically shrinking its capabilities as a catalyst for public-private sharing of fresh

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

By Byron V. Acohido

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe.

Preserving privacy for a greater good

This is to be expected. After all, government mandates combined with industry standards are the twin towers of public safety. Without them the integrity of our food supplies, the efficacy of our transportation systems and reliability of our utilities would not be what they are.

When it comes to IoT, we must arrive at specific rules of the road if we are to tap into the full potential of smart cities, autonomous transportation and advanced healthcare.

In the absence of robust, universally implemented rules of the road, cybercriminals will continue to have the upper hand and wreak even more havoc than they now do. Threat actors all-too-readily compromise, disrupt and maliciously manipulate the comparatively simple IoT systems we havein operation today.

I had an eye-opening conversation about all of this with Steve Hanna, distinguished engineer at Infineon Technologies, a global semiconductor manufacturer based in Neubiberg, Germany. We went over how governments around the world are stepping up their efforts to impose IoT security legislation and regulations designed to keep users safe.

This is happening at the same time as tech industry consortiums are