Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Privacy

 

NEW TECH: DataLocker extends products, services to encrypt data on portable storage devices

By Byron V. Acohido

No matter how reliant we ultimately become on cloud storage and streaming media, it’s hard to image consumers ever fully abandoning removable storage devices.

There’s just something about putting your own two hands on a physical device, whether it’s magnetic tape, or a floppy disk, or a CD. Today, it’s more likely to be an external drive, a thumb drive or a flash memory card.

Related: Marriott reports huge data breach

Ever thought about encrypting the data held on a portable storage device? Jay Kim, co-founder and CEO DataLocker, did.

Launched as a one-man operation in 2007, DataLocker has grown into a leading manufacturer of encrypted external drives, thumb drives, flash drives and self-encrypting, recordable CDs and DVDs.

DataLocker today has 40 employees and last year moved into a larger facility in Overland Park, Kansas, with room to grow. I had the chance at RSA 2019 to visit with Shauna Park, channel manager at DataLocker, to discuss what’s new in  the encrypted portable drive space. For a full drill down please listen to the accompanying podcast. Key takeaways:

Protected backup

Even with increased adoption of cloud computing, external storage devices, like USB thumb drives and external hard drives, still have a major role in organizations of all sizes. These drives still serve a purpose, such as transporting data from one computer to another, accessing presentations outside of the office, or as an additional backup solution. …more

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

By Byron V. Acohido

Defending a company network is a dynamic, multi-faceted challenge that continues to rise in complexity, year after year after year.

Related: Why diversity in training is a good thing.

Yet there is a single point of failure common to just about all network break-ins: humans.

Social engineering, especially phishing, continues to trigger the vast majority of breach attempts. Despite billions of dollars spent on the latest, greatest antivirus suites, firewalls and intrusion detection systems, enterprises continue to suffer breaches that can be traced back to the actions of a single, unsuspecting employee.

In 2015, penetration tester Oliver Münchow was asked by a Swiss bank to come up with a better way to test and educate bank employees so that passwords never left the network perimeter. He came up with a new approach to testing and training the bank’s employees – and the basis for a new company, LucySecurity.

Lucy’s’s software allows companies to easily set-up customizable mock attacks to test employees’ readiness to avoid phishing, ransomware and other attacks with a social engineering component. I had the chance at RSA 2019 to sit down with Lucy CEO Colin Bastable, to discuss the wider context. You can listen to the full interview via the accompanying podcast. Here are key takeaways: …more

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

By Byron V. Acohido

If your company is participating in the global supply chain, either as a first-party purchaser of goods and services from other organizations, or as a third-party supplier, sooner or later you’ll encounter the NIST Cybersecurity Framework.

Related: How NIST protocols fit SMBs

The essence of the NIST CSF is showing up in the privacy regulations now being enforced in Europe, as well as in a number of U.S. states. And the protocols it lays out inform a wide range of best-practices guides put out by trade groups and proprietary parties, as well.

I had the chance at RSA 2019 to visit with George Wrenn, founder and CEO of CyberSaint Security, a cybersecurity software firm  that plays directly in this space.

Prior to launching CyberSaint, Wrenn was CSO of Schneider Electric, a supplier of technologies used in industrial control systems. While at Schneider, Wrenn participated with other volunteer professionals in helping formulate the NIST CSF.

The participation led to the idea behind CyberSaint. The company supplies a platform, called CyberStrong, that automatically manages risk and compliance assessments across many types of frameworks. This includes not just the NIST CSF, but also the newly minted NIST Risk Management Framework 2.0, and the upcoming NIST Privacy Framework. For a full drill down on the wider context, give a listen to the accompanying podcast. Here are key takeaways:

Collective wisdom

Think of NIST as Uncle Sam’s long-established standards-setting body. “They are the people who brought you 36 inches in a yard,” Wrenn observed. To come up with its cybersecurity framework, NIST assembled top experts and orchestrated a global consensus- building process that resulted in a robust set of protocols. The CSF is comprehensive and flexible; it can be tailored to fit a specific organization’s needs. And the best part is it’s available for free. …more

NEW TECH: Alcide introduces a “microservices firewall” as a dynamic ‘IaaS’ market takes shape

By Byron V. Acohido

As a tech reporter at USA TODAY, I wrote stories about how Google fractured Microsoft’s Office monopoly, and then how Google clawed ahead of Apple to dominate the global smartphone market.

Related: A path to fruition of ‘SecOps’

And now for Act 3, Google has thrown down the gauntlet at Amazon, challenging the dominant position of Amazon Web Services in the fast-emerging cloud infrastructure global market.

I recently sat down with Gadi Naor, CTO and co-founder of Alcide, to learn more about the “microservices firewall” this Tel Aviv-based security start-up is pioneering. However, in diving into what Alcide is up to, Gadi and I segued into a stimulating discussion about this latest clash of tech titans. Here are key takeaways:

Google’s Kubernetes play

First some context. Just about every large enterprise today relies on software written by far-flung  third-party developers, who specialize in creating modular “microservices” that can get mixed and matched and reused inside of software “containers.” This is how companies have begun to  scale the delivery of cool new digital services — at high velocity.

The legacy ‘on-premises’ data centers enterprises installed 10 to 20 years ago are inadequate to  support this new approach. Thus, digital infrastructure is being shifted to “serverless” cloud computing services, with AWS blazing the trail and Microsoft Azure and Google Cloud in hot pursuit.

Microservices and containers have been around for a long while, to be sure. Google, for instance, has long made use of the equivalent of microservices and containers, internally, to scale the development and deployment of the leading-edge software it uses to run its businesses. …more

GUEST ESSAY: Why there’s no such thing as anonymity it this digital age

By Goddy Ray

Unless you decide to go Henry David Thoreau and shun civilization altogether, you can’t — and won’t — stop generating data, which sooner or later can be traced back to you.

Related: The Facebook factor

A few weeks back I interviewed a white hat hacker. After the interview, I told him that his examples gave me paranoia. He laughed and responded, “There’s no such thing as anonymous data; it all depends on how determined the other party is.”

App developers, credit card, telecommunication companies, and others use the term “anonymous data” because it sells. But anonymous data really doesn’t exist anymore

Every step online is recorded and stored – our interactions with devices, geolocation, voter registration, time stamps, etc. Machine learning (ML) is currently the leading technique to re-identify any data. Specifically-designed algorithms make pattern-recognition much faster and more efficient. Sometimes the accuracy of identifying is 90% and more.

De-anonymization

Actually, 63% of the population can be identified just by the combination of their gender, date of birth, and zip code.

“Anonymous” or “aggregated” large datasets are often released publicly. As a result, the development of de-anonymization tools is becoming increasingly more advanced. Here are a  few unexpected examples of supposedly anonymous data reversal: …more

MY TAKE: Microsoft’s Active Directory lurks as a hackers’ gateway in enterprise networks

By Byron V. Acohido

Many of our online activities and behaviors rely on trust. From the consumer side, for example, we trust that the business is legitimate and will take care of the sensitive personal information we share with them. But that level of trust goes much deeper on the organizational side.

Related: The case for ‘zero-trust’ authentication

Employees are given credentials that allow them authorized access to corporate networks and databases. IT leadership has to trust that those credentials are used properly.

That need for trust also make credentials one of the most difficult areas to secure. When someone is using the right user name and password combination to gain access, it is very difficult to tell if the user is legitimate or a bad guy. It is why credential theft has become a lucrative attack vector for cybercriminals, with credential stuffing attacks compromising billions of accounts last year.

Credential theft has led to a rise in attacks on tool that’s pervasively used in companies running Microsoft Windows-based networks. That tool is Active Directory. And because Active Directory is an almost universally-used tool in enterprise settings, it has, quite naturally, emerged as a favorite target of threat actors.

I had the chance to sit down with Rod Simmons, vice president of product strategy at STEALTHbits Technologies, a Hawthorne, NJ-based supplier of systems to protect sensitive company data, to discuss this at RSA 2019. For a full drill down, listen to the accompanying podcast. Key takeaways: …more

BEST PRACTICES: Why consumers are destined to play a big role in securing the Internet of Things

By Byron V. Acohido

There are certain things we as consumers have come to do intuitively: brushing our teeth in the morning; looking both ways before crossing a city street; buckling up when we get into a car.

Related: What needs to happen to enable driverless transportation — safely

In the not too distant future, each one of us will need to give pause, on a daily basis, to duly consider how we purchase and use Internet of Things devices and services.

This is coming. We are just getting started with the process of turning over granular control of every aspect of human society to ubiquitous digital sensors tuned to feed endless streams of data into increasingly “intelligent” machine algorithms.

The drivers of IoT-centric commerce appear to be unstoppable. And yet we are overlooking profound privacy and security ramifications. As individual consumers and citizens, we won’t be able to bury our heads in the sand much longer – the way we did when Internet commerce began to radically alter our traditional safety nets in the early part of this century. This time the stakes are too high. Here’s what to expect:

Evermore plugged in

Count on the wide deployment of IoT systems to continue at an accelerated rate. There are already more IoT devices than human beings on the planet, according to tech industry research firm Gartner. Of the 8.4 billion IoT devices in use as of 2017, half are consumer gadgets, like smart TVs, speakers, watches, baby cams and home thermostats; much of the rest is made up of things like smart electric meters and security cameras in corporate and government use.

Another tech industry consultancy, IDC, forecasts worldwide IoT spending will hit a record $745 billion in 2019, some 15.4% more than the $646 billion spent in 2018. This will be led by the manufacturing, consumer, transportation and utilities sectors.

The more data IoT systems collect and analyze, the smarter they get, and the more autonomous decisions they are capable of making. Enterprises are all too eager to tap into the resultant operating efficiencies.

…more