Home Podcasts Videos Guest Posts Q&A My Take Bio Contact



MY TAKE: Poll shows consumers won’t patronize companies that fail to assure ‘digital trust’

By Byron V. Acohido

It’s all too easy to take for granted the amazing digital services we have at our fingertips today.

Related: Will Matter 1.0 ignite the ‘Internet of Everything’

Yet, as 2022 ends, trust in digital services is a tenuous thing. A recent survey highlights the fact that company leaders now understand that digital trust isn’t nearly what it needs to be. And the same poll also affirms that consumers will avoid patronizing companies they perceive as lacking digital trust.

DigiCert’s 2022 State of Digital Trust Survey polled 1,000 IT professional and 400 consumers and found that lack of digital trust can drive away customers and materially impact a company’s bottom line

“It’s clear that digital trust is required for organizations to instill confidence in their customers, employees and partners,” Avesta Hojjati, DigiCert’s vice president of Research and Development, told me. “Digital trust is the foundation for securing our connected world.”

I recently had the chance to visit with Hojjati. We conversed about why digital trust has become an important component of bringing the next iteration of spectacular Internet services to full fruition. And we touched on what needs to happen to raise the bar of digital trust. Here are a few key takeaways from our evocative discussion:

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

By Mark Guntrip

Over the years, bad actors have started getting more creative with their methods of attack – from pretending to be a family member or co-worker to offering fortunes and free cruises.

Related: Deploying employees as human sensors

Recent research from our team revealed that while consumers are being exposed to these kinds of attacks (31 percent of respondents reported they received these types of messages multiple times a day), they continue to disregard cyber safety guidelines.

This neglect is not only a threat to personal data, but also a threat to corporate security. As we continue to live a majority of our lives online, there are many ways that both consumers and enterprises can better protect themselves against hackers.

According to our survey, the majority of consumers (77 percent) are confident they can identify, and report suspected malicious cyber activity despite general apathy toward proactively securing their devices and personal data.

Confidence gap

This overconfidence is cause for concern for many cybersecurity professionals as humans are the number one reason for breaches (how many of your passwords are qwerty or 1234five?). When it comes to protecting themselves and their devices, few are practicing the basics:

•Only 21 percent use email security software

•Only 33 percent consistently use two-factor authentication (2FA)

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

By Nima Schei

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure.

Related: Why FIDO champions passwordless systems

Consider that some 80 percent of hacking-related breaches occur because of weak or reused passwords, and that over 90 percent of consumers continue to re-use their intrinsically weak passwords.

Underscoring this trend,  Uber was recently hacked — through its authentication system. Let’s be clear, users want a better authentication experience, one that is more secure, accurate and easier to use.

The best possible answer is coming from biometrics-based passwordless, continuous authentication.

Gaining traction

Passwordless, continuous authentication is on track to become the dominant authentication mechanism in one to two years.

Continuous authentication is a means to verify and validate user identity —  not just once, but nonstop throughout an entire online session.

GUEST ESSAY: ‘Nag attacks’ — this new phishing variant takes full advantage of notification fatigue

By Audian Paxson

One must admire the ingenuity of cybercriminals.

Related: Thwarting email attacks

A new development in phishing is the “nag attack.” The fraudster commences the social engineering by irritating the targeted victim, and then follows up with an an offer to alleviate the annoyance.

The end game, of course, is to trick an intended victim into revealing sensitive information or it could be to install malicious code. This is how keyloggers and backdoors get implanted deep inside company networks, as well as how ransomware seeps in.

Spoofed alerts

A nag attack breaks the ice with a repeated message or push notice designed to irritate. The nag might be a spoofed multifactor authentication push or system error alert – a notification message that annoying repeats on a seemingly infinite loop.

The idea of this first part of the nag attack is to annoy the targeted victim. Most of us don’t like random messages out of nowhere, much less dozens of them.

The second part of the attack is the scam. If your smartphone or computer is displaying a faked alert, then this means the criminal can contact you directly on the same channel.

GUEST ESSAY: What ‘self-sovereign-identities’ are all about — and how SSIs can foster public good

By Piyush Bhatnagar

Government assistance can be essential to individual wellbeing and economic stability. This was clear during the COVID-19 pandemic, when governments issued trillions of dollars in economic relief.

Related: Fido champions passwordless authentication

Applying for benefits can be arduous, not least because agencies need to validate applicant identity and personal identifiable information (PII). That often involves complex forms that demand applicants gather documentation and require case workers to spend weeks verifying data. The process is slow, costly, and frustrating.

It’s also ripe for fraud. As one example, the Justice Department recently charged 48 suspects in Minnesota with fraudulently receiving $240 million in pandemic aid.

The good news is that an innovative technology promises to transform identity validation is capturing the attention of government and other sectors. Self-sovereign identity (SSI) leverages distributed ledgers to verify identity and PII – quickly, conveniently, and securely.

Individual validation

Any time a resident applies for a government benefit, license, or permit, they must prove who they are and provide PII such as date of birth, place of residence, income, bank account information, and so on. The agency manually verifies the data and stores it in a government database.

FIRESIDE CHAT: Anchoring security on granular visibility, proactive management of all endpoints

By Byron V. Acohido

Endpoints are where all are the connectivity action is.

Related: Ransomware bombardments

And securing endpoints has once more become mission critical. This was the focal point of presentations at Tanium’s Converge 2022 conference which I had the privilege to attend last week at the Fairmont Austin in the Texas capital.

I had the chance to visit with Peter Constantine, Tanium’s Senior Vice President Product Management. We discussed how companies of all sizes and across all industries today rely on a dramatically scaled-up and increasingly interconnected digital ecosystem.

The attack surface of company networks has expanded exponentially, and fresh security gaps are popping up everywhere.

Guest expert: Peter Constantine, SVP Product Management, Tanium

One fundamental security tenant that must take wider hold is this: companies simply must attain and sustain granular visibility of all of their cyber assets. This is the only way to dial in security in the right measure, to the right assets and at the optimum time.

The technology and data analytics are readily available to accomplish this; and endpoints – specifically servers and user devices – represent a logical starting point.

“We have to make sure that we truly know what and where everything is and take a proactive approach to hardening security controls and reducing the attack surface,” Constantine observes. “And then there is also the need to be able to investigate and respond to the complexities that come up in this world.”

For a full drill down on Tanium’s approach to network security that incorporates granular visibility and real-time management of endpoints please give the accompanying podcast a listen.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.



MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

By Byron V. Acohido

Ever feel like your smart home has dyslexia?

Siri and Alexa are terrific at gaining intelligence with each additional voice command. And yet what these virtual assistants are starkly missing is interoperability.

Related: Why standards are so vital

Matter 1.0 is about to change that. This new home automation connectivity standard rolls out this holiday season with sky high expectations. The technology industry hopes that Matter arises as the  lingua franca for the Internet of Things.

Matter certified smart home devices will respond reliably and securely to commands from Amazon AlexaGoogle Assistant,  Apple HomeKit or Samsung SmartThings. Think of it: consumers will be able to control any Matter appliance with any iOS or Android device.

That’s just to start. Backed by a who’s who list of tech giants, Matter is designed to take us far beyond the confines of our smart dwellings. It could be the key that securely interconnects IoT systems at a much deeper level, which, in turn, would pave the way to much higher tiers of digital innovation.

I had the chance to sit down, once more, with Mike Nelson, DigiCert’s vice president of IoT security, to discuss the wider significance of this milestone standard.