Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Privacy

 

Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices

By Byron V. Acohido

After years of competitive jockeying, the leading tech giants have agreed to embrace a brand new open-source standard – called Matter – that will allow consumers to mix and match smart home devices and platforms.

Related: The crucial role of ‘Digital Trust’

After numerous delays and course changes, the Matter protocol, is set to roll out this fall, in time for the 2022 holiday shopping season. To start, seven types of smart home devices will be capable of adopting the Matter protocol, and thus get affixed with a Matter logo.

Matter is intended to foster interoperability of smart home devices – so a homeowner can stick with just one voice assistance platform and have the freedom to choose from a wide selection of smart devices sporting the Matter logo.

What this boils down to is that a consumer living in a smart home filled with Matter devices would no longer be forced to use Amazon’s Alexa to control some devices, while having to switch to Apple’s Siri, Google’s Assistant or Samsung’s SmartThings to operate other devices. No surprise: Amazon, Google, Apple and Samsung are the biggest names on a list of 250 companies supporting the roll out of Matter.

The qualifying types of smart home devices, to start, include light bulbs and switches; smart plugs; smart locks; smart window coverings; garage door openers; thermostats; and HVAC controllers. If all goes smoothly, surveillance cams, smart doorbells and robot vacuums would soon follow.

Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs

By Byron V. Acohido

It is astounding that billions of online accounts have been breached over the past 18 years and that US consumer accounts are by far the most compromised.

Related: VPNs vs ZTNA

Now comes hard metrics quantifying the scope of this phenomenon. It’s in findings of a deep dive data analytics study led by Surfshark, a supplier of VPN services aimed at the consumer and SMB markets.

Surfshark partnered with a number of independent cybersecurity researchers to quantify the scope and pattern of data breaches over the past couple of decades. For this study, a data breach was defined as an intruder copying or leaking user data such as names, surnames, email addresses, passwords, etc. Much of the hard evidence came from correlating breached databases sitting in the open Internet.

Data scientists sorted through 27,000 leaked databases and created 5 billion combinations of data. Researchers could then sort those combinations based on specific data points, such as countries, and perform a statistical analysis of their findings.

The data analytics show:

•A total 2.3 billion U.S. accounts have been breached so far. The scale is so massive that it makes up 15 percent of all breached users globally since 2004 (the year data breaches became widespread)

•More than two thirds of American accounts are leaked with the password, putting breached users in danger of account takeover.

GUEST ESSAY: The post-pandemic challenges of securely managing employee endpoints

By Sriram Kakarala

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat.

Related: Deploying human sensors

Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say. This raises the concerns of corporate data security in remote working that still stand as a key challenge that organizations are trying to navigate, workforce productivity being the second.

Organizations need to have critical business data made available to the employees that work remotely- and this could include the devices carefully vetted and secured with corporate policies and provided by the organization, but could also include the devices that are not under the organization’s purview.

Fragmentation dilemma 

The modern employees demand flexibility and you simply can’t prevent employees from accessing work emails on their phones while they surf the beach or hike the mountains- nor does it add to your organization’s overall efficiency and productivity.

But this, along with the hugely fragmented devices and endpoints used in the virtual working environment adds to the security risks that can not only drain out the IT teams but also the CIOs to a great extent.

GUEST ESSAY: Threat hunters adopt personas, leverage AI to gather intel in the Dark Web

By Brad Liggett

The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what’s going on there.

Related: ‘IABs’ spread ransomware

Planning your roadmap, executing your projects, and keeping an eye on the barrage of ransomware headlines, it’s understandable if you and your team are feeling some anxiety.

Cyber anxiety can indeed be paralyzing, but new software solutions have the potential to become game-changers for IT departments. These automated programs will hunt the Deep & Dark Web for you, trawling through the deepest and dirtiest pools, looking for the next threat that has your name on it.

There are many facets to what I’ll call “The Underground.” It extends beyond the Deep & Dark Web to: unindexed Web forums, messaging boards, and marketplaces, encrypted messaging systems, and code repositories. It is simply impossible for a human analyst to sort through it all.

Additionally, filtering through these channels is made even more difficult due to language barriers, as well as gaining trust and access to these various forums.

GUEST ESSAY: Five steps to improving identity management — and reinforcing network security

By Jackson Shaw

The identity management market has grown to $13 billion and counting. While intuition would tell you enterprises have identity under control, that is far from reality.

Related: Taking a zero-trust approach to access management

Current events, such as the global pandemic and ‘The Great Resignation,’ which have accelerated cloud adoption, remote working environments, and the number of business applications and systems in use has complicated matters.

As a result, new solutions and features to address identity challenges have emerged. In a sense, this is a positive trend: change makers are innovating and trying to stay ahead of imminent threats.

On the other hand, there’s a good deal of snake oil on the market, making it hard for organizations to realize the value of their tech investments. Last, and perhaps most significant, many solutions don’t work together harmoniously, making it hard for employees to get work done.

When you consider these points, it’s understandable why businesses end up with too many solutions to effectively manage, or simply default to manual, inefficient processes to address identity- and security-related tasks. But for progress to happen, we must first get to the root of why this is happening.

GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly

By Lyle Solomon

What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role.

Related: The coming of bio-digital twins

Unlike many younger users online, they may have accumulated savings over their lives — and those nest eggs are a major target for hackers. Now add psychological variables to the mix of assets worth stealing.

Perhaps elderly folks who haven’t spent a lot of time online are easier to deceive. And, let’s be honest, the deceptive writing phishing assaults and other cyber threats today employ are skilled enough to fool even the most trained, internet-savvy experts.

Ever present threats

Some of our elderly may be concerned that any hint of weakness will convince their relatives that they can no longer live alone. Thus hackers rely on them not revealing they’ve been duped. That said, here are what I consider to be the Top 5 online threats seniors face today:

•Computer tech support scams. These scams take advantage of seniors’ lack of computer and cybersecurity knowledge. A pop-up message or blank screen typically appears on a computer or phone, informing you that your system has been compromised and requires repair.

RSAC insights: Concentric AI directs Google’s search techniques towards locking down data sprawl

By Byron V. Acohido

In order to extract value from the Internet, data sprawl first must get reined in. This has always been the case.

Related: Equipping SOCs for the long haul

What good is connecting applications, servers and networks across the public cloud if you’re unable to securely operationalize the datasets that these interconnected systems store and access?

Solving data sprawl has now become a focal point of cybersecurity. It’s about time. Much of the buzz as RSA Conference 2022 happens this week (June 6 – 9)in San Francisco will be around innovations to help companies make sense of data as it gets increasingly dispersed to far-flung pockets of the public cloud.

I had the chance to visit with Karthik Krishnan, CEO of San Jose, Calif.-based Concentric AI, which is in the thick of this development. Concentric got its start in 2018 to help companies solve data sprawl — from the data security and governance perspective – and has grown to 50 employees, with $22 million in venture capital backing. For a full drill down of our discussion, please give the accompanying podcast a listen. Here are a few key takeaways.

Crawling, classifying

Jeff Bezos solved data sprawl for selling books and gave us Amazon. Larry Page and Sergey Brin solved data sprawl for generalized information lookups and gave us Google.

In much the same sense, companies must now solve data sprawl associated with moving to an increasingly interconnected digital ecosystem. And addressing data security has become paramount.