Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Privacy

 

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

By Balraj Dhillon

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience.

Related: Hackers relentlessly target healthcare providers

However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. This data is managed by different entities, such as primary care facilities, acute care facilities and within associated applications that collect, store and track health data, creating numerous exposure vulnerabilities.

There are many reasons for the vulnerable state of healthcare data. One significant factor is the merger and acquisition renaissancethat the healthcare industry is undergoing, which according to a new report from Moody’s Investors Service is expected to continue.

Healthcare organizations pursue merger and acquisitions for many reasons, including improving the ability to meet patient consumerization requirements, providing more

GUEST ESSAY: Here’s what every business should know — and do — about CaaS: crime-as-a-service

By Jack Chapman

It doesn’t matter if you want to learn a new language or figure out how to fix your broken clothes dryer; the tools, tutorials, and templates you need are available online.

Related: Enlisting ‘human sensors’

Unfortunately, with crime-as-a-service, the same is true for people interested in trying their hand at cybercrime. The dark web provides virtually everything potential attackers need to make their move.

Let’s look closely at precisely what crime-as-a-service (CaaS) is, why it’s so dangerous, and how your business can defend itself.

CaaS variants

Experts define  CaaS as what happens when sophisticated hackers and criminals work together to create technology, toolkits, and methodologies geared toward carrying out cyberattacks. CaaS is happening with increasing regularity. For example, an Illinois man recently faced conviction for running a website that allowed users to buy subscriptions to launch distributed denial of service (DDoS) attacks against computer networks.

GUEST ESSAY: Tapping Bitcoin’s security — to put a stop to ‘51% attacks’ of cryptocurrency exchanges

By Maxwell Sanchez

Over the past five years, cryptocurrency exchanges have been the target of increasingly damaging “51% attacks” resulting in the theft of over $30 million worth of cryptocurrency to date.

Related: Wildland restores control of data to individuals

However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves.

Every blockchain uses a consensus protocol which allows all nodes on the network to agree on the current state of the blockchain. In Bitcoin, for example, a process known as “Proof-of-Work” (“PoW”) involves miners solving a difficult mathematical problem with powerful computers.

And whichever miner finds a solution adds a block to the blockchain, which contains transactions from users on the network. Each node validates the solution before accepting the block, and miners should begin working on solving the problem for the next block.

SHARED INTEL: Automating PKI certificate management alleviates outages caused by boom

By Byron V. Acohido

Our Public Key Infrastructure is booming but also under a strain that manual certificate management workflows are not keeping up with.

Related: A primer on advanced digital signatures

PKI and digital certificates were pivotal in the formation of the commercial Internet, maturing in parallel with ecommerce. With digital transformation leading to a boom in the use of digital certificates, our bedrock authentication and encryption framework is at an inflection point, where the demand and adoption of automation is set to rapidly accelerate to keep up with technology requirements.

As business networks shift into the era of cloud computing and agile software, the volume of digital certificates has swelled dramatically. This scaling up of PKI has put companies in a mad scramble.

Large enterprises now typically must manage 50,000 or more PKI certificates, placing a huge burden on manual processes. This, in turn, has triggered a surge in certificate outages: some two-thirds of 400 enterprises participating in a recent survey reported certificates expiring unexpectedly – with 25 percent experiencing five to six such outages in a recent six month period.

GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries

By Ofer Israeli

When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home.

Related: T-Mobile breach reflects rising mobile device attacks

For instance, if you’ve ever played Grand Theft Auto, you know the goal is quite simply mass destruction: Use whatever resources you have at your disposal to cause as much damage as you possibly can and just keep going.

Not familiar with Grand Theft Auto? Let’s try Super Mario Bros. then. As Mario makes his way through eight increasingly difficult worlds, each of them is protected by a castle. As Mario reaches the end of each castle, he can defeat Bowser.

This is not unlike the mindset of modern cyber attackers – they’re wreaking havoc and becoming pros at finding ways to get away with it.Living-off-the-land (LotL) attacks are providing a way for adversaries to stay under cover. Attackers use tools and features that are already available in the systems they’re targeting so they look like legitimate users — until they steal your crown jewels.

But you can fight back. There are several methods of active defense that companies can utilize to safeguard their networks, and it’s time for CISOs to start picking. To date, the main goal in mind has been to prevent attackers from breaching your defenses and making their way into the castle, but the reality is this approach is flawed.

Attackers will get in, it’s only a matter of time. Traditional network security solutions, such as firewalls, are not effective at detecting and stopping lateral attack movement – and that’s where the real damage is done. Many forms of access control and endpoint protection, such as EDR, are nothing more than a checkpoint that provides unfettered access once defeated – like Mario raising a flag after beating a level.

To take the analogy further, only after defeating Bowser does Mario … more

GUEST ESSAY: Silence on the front lines of strategic cyber assaults belies heightening tensions

By Emil Sayegh

First released in the late 1920s, the novel “All Quiet on the Western Front” was publicly burned, banned, derided and censored for its “anti-war” and “unpatriotic” messages. Set in the final weeks of World War 1, the story swings heavily on the contrast between false security and the realities of war.

Related: We’re in the golden era of cyber espionage

Today, we are talking about a different war dynamically morphing between a physical war and cyber war. President Joe Biden just told U.S. intelligence officials that he thinks a cyber breach could lead to a “shooting war” with a major global power.

While the “shooting war” has not started,  a real cyber war has been raging on the front lines of computer networks for a while and we must remain vigilant to the fact an eerie silence may be the biggest threat of all.

“All Quiet on the Western Front” was described as the most loved and hated novel about war, its messages threatened Nazi ideologies, sparking riots, mob attacks, and public demonstrations, yet it inspired an Academy Award-winning 1930 movie adaptation.

Author Erich Maria Remarque may not have foreseen its full impact, but the story is laced with imagery describing starving soldiers, the brutally indiscriminate

MY TAKE: Can Project Wildland’s egalitarian platform make Google, Facebook obsolete?

By Byron V. Acohido

Most of the people I know professionally and personally don’t spend a lot of time contemplating the true price we pay for the amazing digital services we’ve all become addicted to.

Related: Blockchain’s role in the next industrial revolution

I’ll use myself as a prime example. My professional and social life revolve around free and inexpensive information feeds and digital tools supplied by Google, Microsoft, Amazon, LinkedIn, Facebook and Twitter.

I’m productive. Yet, I’m certainly not immune to the clutter and skewed perspectives these tech giants throw at me on an hourly basis — as they focus myopically on monetizing my digital footprints. I don’t know what I’d do without my tech tools, but I also have a foreboding sense that I spend way too much with them.

Technologically speaking, we are where we are because a handful of tech giants figured out how to collect, store and monetize user data in a singular fashion. Each operates a closed platform designed to voraciously gather, store and monetize user data.