Cyber Defense eMagazine (April 2024)

Теги: magazine cyber defense magazine

Год: 2024

Похожие

Self defense for in the individual

Gramophone (April 2024)

Dressy (April 2024)

Tread (March-April 2024)

Текст

Growth Potential for Cybersecurity Needs
In 2024 Driven By The Evolving Threat
Landscape And Increasing Security
Requirements
The Cybersecurity Landscape: Emerging
Threats & Advanced Defenses
Understanding the CISA/NSA Cloud Security
Guidance

…and much more…
Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

CONTENTS
Welcome to CDM’s April 2024 Issue --------------------------------------------------------------------------------- 7
Growth Potential for Cybersecurity Needs In 2024 Driven by The Evolving Threat Landscape and
Increasing Security Requirements------------------------------------------------------------------------------------------ 24
By Sarah Pavlak, Industry Principal, Frost & Sullivan

The Cybersecurity Landscape: Emerging Threats & Advanced Defenses --------------------------------------- 27
By Abimbola Ogunjinmi, Scholar at McClure School of Emerging Communication Technology, Ohio University

Understanding the CISA/NSA Cloud Security Guidance ------------------------------------------------------------- 32
By Matt Muir, Threat Intelligence Lead, Cado Security

Operational Technology (OT) Security: The Custodian of An Increasingly Interconnected World! ----- 35
By Sudip Saha, MD and Co-Founder, Future Market Insights

2 New Cyberthreats: The “@” Bypass & QR Codes-------------------------------------------------------------------- 41
By Rom Hendler, CEO & Co-Founder, Trustifi

Top 8 AI Benefits in Healthcare --------------------------------------------------------------------------------------------- 44
By Tereza Denkova, Marketing Specialist, Accedia JSC

A Strategic Advantage in the Cybersecurity Arms Race: Embracing Diversity and Inclusivity ----------- 49
By Roberta Faux, US Head of Cryptography and US Field CTO at Arqit

Newly Established Zero Trust Initiative Office Presents an Immense Potential for Progress ------------- 53
By Bill Diaz, Vice President of Check Point Software’s Vertical Solution Business

Why You Need a Malware Sandbox and How to Set Up One ------------------------------------------------------ 55
By Vlad Ananin, Technical Writer, ANY.RUN

Patching the Human Vulnerability: The Necessity of Security Awareness Training ------------------------- 58
By Dima Kumets, principal product manager at Huntress

Securing the Future: PCI Certifications for MPoC Vendors Paves the Way for Secure Digital
Transactions ---------------------------------------------------------------------------------------------------------------------- 61
By Albert Comas, CEO, Yazara

Cyber Security Frameworks & Standards for Modern Powerplants---------------------------------------------- 63
By Aneesh Karakkat, Staff Application Engineer, Woodward, Inc.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

DevSecOps Practices for a Secure Cloud---------------------------------------------------------------------------------- 70
By Vishakha Sadhwani, Customer Engineer, Google Cloud

Cybersecurity for Alternative Investment Firms – Key Trends to Watch in 2024 ----------------------------- 74
By Paul Ponzeka, Chief Technology Officer (CTO), Abacus Group

Data Integrity:The Key to Battling Ransomware ---------------------------------------------------------------------- 78
By Jim McGann, VP of Strategic Partnerships, Index Engines

How Enhanced Age Assurance and Content Moderation Can Protect Children From Harmful Content
Online------------------------------------------------------------------------------------------------------------------------------- 81
By Michal Karnibad, Co-CEO, VerifyMy

Energy Department Announces $70 Million in Operational Technology Zero Trust Research Grants to
Strengthen Energy Sector Against Physical and Cyber Hazards --------------------------------------------------- 84
By Mark B. Cooper, President & Founder, PKI Solutions

The Role of Behavioral and Identity Analytics in Early Threat Detection--------------------------------------- 88
By Sanjay Raja, VP of Product Solutions at Gurucul

Finance And Healthcare Regulations Require a Better Balance Of Privacy, Security, And
Accountability In The Use Of Direct Messengers ---------------------------------------------------------------------- 92
By Kurt J. Long, CEO and Co-Founder of BUNKR

Footage in Cyberspace -------------------------------------------------------------------------------------------------------- 96
By Milica D. Djekic

Honeytrap Accounts Powered by Cyber Threat Intelligence (CTI) ------------------------------------------------ 99
By Shawn Loveland, COO, Resecurity

How to Secure Your Applications Across the Software Development Lifecycle ----------------------------- 105
By Upma Singh, Seo Executive at JoomDev

How Platform Thinking Can Supercharge Identity & Access Management---------------------------------- 112
By George Symons, Vice President of Strategy for Cloud, Infrastructure and Security, Persistent Systems

Identifying & Prioritizing Risk: Growing Risks and How to Address Them ----------------------------------- 115
By Sravish Sridhar, CEO & Founder, TrustCloud

Insource or outsource, the Risk is Still Yours -------------------------------------------------------------------------- 119
By Craig Burland, CISO, Inversion6

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Navigating Alert Fatigue in Today's Cybersecurity Landscape -------------------------------------------------- 122
By Isaac Kohen, Chief Product Officer & Founder of Teramind

5 Reasons Why Cyber Risk Quantification Is Crucial for Organizations --------------------------------------- 127
By Zac Amos, Features Editor, ReHack

Exploring The Challenges Faced by Internal IT Teams In Cybersecurity Management. ------------------ 131
By Michael Cocanower, CEO, AdviserCyber

Navigating the Risks and Rewards of AI in Cybersecurity--------------------------------------------------------- 134
By Dan Faggella, Founder and Head of Research, Emerj Artificial Intelligence Research

Branded Calling and Authentication Technology: Stopping Cybercriminals in Their Tracks ------------ 137
By Scott Hambuchen, Chief Information Officer at First Orion

Putting AI in Your Corner in the Fight Against a Resurgent LockBit ------------------------------------------- 140
By Jon Marler, Cyber Evangelist, VikingCloud

Security Industry Challenges ----------------------------------------------------------------------------------------------- 143
By Milica D. Djekic

The Role Of Channel Programs In Strong Cybersecurity Ecosystems ------------------------------------------ 146
By Scott Goree, Global Vice President, Partners & Alliances, Skyhigh Security

The Transformative Role of AI in Cybersecurity: Insights and Innovations ---------------------------------- 149
By Ashraf Othman, VP Commercial Strategy Execution & Planning, CEQUENS

Unraveling SSH-Snake ------------------------------------------------------------------------------------------------------- 152
By Miguel Hernandez, Sr. Threat Research Engineer, Sysdig

Zero-Trust’s Transition from Talking Point to Implementation Has Finally Arrived ----------------------- 154
By Ran Lampert, CEO and Co-Founder of Infinipoint

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

@MILIEFSKY
From the

Publisher…
Dear Friends,
We would like to remind our contributors and supporters that the 2024 RSAC Conference will take place in San
Francisco, CA, May 6-9, 2024. We at CDMG are pleased to be in our 12th year of participation with RSA. The
theme is The Art of the Possible, and online registration is available at https://www.rsaconference.com/events/2024usa Submissions Are Now Open for RSAC Innovation Sandbox and RSAC Launch Pad. Learn More
In order to maximize the effectiveness of our publication, we provide a large range of ancillary services to support
our contributors and readers to help them enrich their infosec knowledge. CyberDefenseTV interviews and
CyberDefenseRadio
podcasts
are
rapidly
growing.
See
https://cyberdefensetv.com/
and
https://cyberdefenseradio.com/ with streaming on 21 radio platforms like Panora, iTunes and Spotify, to name a
few. Find our streams here: https://smartlink.ausha.co/cyber-defense-radio.
We also feature the CDMG Global Awards program at https://cyberdefenseawards.com/ , and the many
participating professionals who have earned this important recognition for their contributions to the cybersecurity
industry. Reflecting the expansion of cybersecurity-related activities, readers will note the addition of several new
award categories.
As always, we strive to be the best and most actionable set of resources for the CISO community in publishing
Cyber Defense Magazine and broadening the activities of Cyber Defense Media Group. With appreciation for the
support of our contributors and readers, we continue to pursue our role as the premier provider of news, opinion,
and forums in cybersecurity.

Warmest regards,

Gary S. Miliefsky, fmDHS, CISSP®
CEO/Publisher/Radio/TV Host
P.S. When you share a story or an article or
information about CDM, please use #CDM and
@CyberDefenseMag and @Miliefsky – it helps spread
the word about our free resources even more quickly

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

@CYBERDEFENSEMAG
CYBER DEFENSE eMAGAZINE
Published monthly by the team at Cyber Defense Media Group
and distributed electronically via opt-in Email, HTML, PDF and
Online Flipbook formats.

EDITOR-IN-CHIEF
Yan Ross, JD
yan.ross@cyberdefensemagazine.com
ADVERTISING
Marketing Team
marketing@cyberdefensemagazine.com
CONTACT US:
Cyber Defense Magazine
Toll Free:
1-833-844-9468
International: +1-603-280-4451
http://www.cyberdefensemagazine.com
Copyright © 2024, Cyber Defense Magazine, a division of
CYBER DEFENSE MEDIA GROUP
1717 Pennsylvania Avenue NW, Suite 1025
Washington, D.C. 20006 USA
EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide.

PUBLISHER
Gary S. Miliefsky, CISSP®
Learn more about our founder & publisher at:
https://www.cyberdefensemagazine.com/about-our-founder/

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

12 YEARS OF EXCELLENCE!
Providing free information, best practices, tips, and techniques
on cybersecurity since 2012, Cyber Defense Magazine is your
go-to-source for Information Security. We’re a proud division.
of Cyber Defense Media Group:

CYBERDEFENSEMEDIAGROUP.COM
AWARDS
MAGAZINE TV RADIO
PROFESSIONALS WIRE
WEBINARS
CYBERDEFENSECONFERENCES

Welcome to CDM’s April 2024 Issue
From the Editor-in-Chief
From the Editor’s desk, we continue to see a shift in the delicate balance between technical information
and articles which are accessible to our broader readership.
We also continue to note the changing balance between cyber job openings and qualified applicants. It
bears repeating that there are reports of hundreds of thousands of job openings for cyber professionals.
The reported shortage of qualified cyber workers has not always been accurate, especially in the overhyped availability of 6-figure starting salaries. Industry reports have begun to feature both more stringent
budget considerations and modifications to priorities, both leading to more demanding criteria for cyber
professionals, especially in starting positions.
We would also like to offer CDM as a resource to provide guidance for our readers to prepare for the
future. We address both employers and prospective employees in recommending that you read our
publication thoroughly and use the actionable information to tune up both resumes and interview topics.
The trends we see show an expected expansion of role of CISO, as well as some expansion of need for
CISOs to include services of other specialized professionals. Our readers will notice this broader
representation of disciplines of value to CISOs.
Wishing you all success in your cybersecurity endeavors,

Yan Ross
Editor-in-Chief
Cyber Defense Magazine

About the US Editor-in-Chief
Yan Ross, J.D., is a Cybersecurity Journalist & U.S. Editor-in-Chief of Cyber
Defense Magazine. He is an accredited author and educator and has
provided editorial services for award-winning best-selling books on a variety
of topics. He also serves as ICFE's Director of Special Projects, and the
author of the Certified Identity Theft Risk Management Specialist ® XV
CITRMS® course. As an accredited educator for over 20 years, Yan
addresses risk management in the areas of identity theft, privacy, and cyber
security for consumers and organizations holding sensitive personal
information.
You
can
reach
him
by
e-mail
at
yan.ross@cyberdefensemagazine.com

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

2001

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

2024

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Growth Potential for Cybersecurity Needs In 2024
Driven by The Evolving Threat Landscape and
Increasing Security Requirements
By Sarah Pavlak, Industry Principal, Frost & Sullivan

As the threat landscape continues to evolve in 2024, the sophistication of attacks will intensify the security
challenge for people, technology, and processes, the tripartite system of security needed to protect
business-critical data and infrastructure. Organizational needs have changed drastically from solely onpremises to hybrid or fully remote network access capabilities that differ among regions and industries.
Organizations increasingly recognize security features and solutions as business enablers, especially in
the post-pandemic world. Frost & Sullivan's growth opportunities for 2024 cover themes relevant to
cybersecurity, with cloud migration, threat landscape evolution, and convergence among the key trends:
•

The cybersecurity industry is undergoing a significant transformation as organizations seek more
comprehensive security solutions while reducing their IT complexity by subscribing to fewer point
solution providers. With limited visibility into one's entire digital footprint and more virtual

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

interactions, the risk of successful phishing attacks and supply chain data breaches has increased
significantly. Artificial Intelligence (AI) technology exacerbates the situation and enables
widespread, sophisticated phishing attacks, further amplifying business risks.
•

AI technology is continuing to evolve, and more vendors will embed the technology into
cybersecurity solutions to boost effectiveness and empower proactive defense against cyber
threats. AI plays a vital role in various aspects of cybersecurity, offering a multitude of impactful
use cases. Among the most effective applications are threat detection & response, automated
response, behavioral analysis, phishing detection, etc. The integration of AI into cybersecurity
ecosystems is increasingly prevalent.

•

Generative AI harnesses the power of artificial intelligence to generate new outputs that resemble
human-generated content. The generative AI model learns and enhances its outputs
automatically through trained models on vast amounts of data. Cybersecurity companies are
rushing to market by integrating generative AI tools into their existing products for contextualized
security capabilities. This technology revolutionizes cyber security with its strong capabilities to
proactively identify, defend, and mitigate security threats. Its capacity to analyze huge amounts
of data helps organizations identify potential threats and automate security tasks, including threat
hunting, generating reports, detecting anomalies, incident response, etc. Organizations
increasingly leverage machine learning and AI, including generative AI, to strengthen their
security posture and reduce administrative overhead owing to a lack of security expertise to keep
up with the fast-evolving security threats.

•

CISOs are increasingly facing challenges due to the growing complexity of their IT infrastructure
as organizations embrace digital transformation and incorporate new technology tools into their
systems. The cloud migration and multi-cloud strategy have created the need for organizations to
modernize their network and security infrastructure to reduce the complexity of fragmented and
disjointed networking and security products.

•

The accelerated migration to the cloud resulting from the pandemic has enabled businesses to
embrace their digital transformation journey, helping them transform and simplify their information
technology infrastructure and operations to drive business outcomes. Digital transformation is a
key trend in American organizations, and it is driving cloud service adoption. As a result, 2 out of
every 3 organizations (that is, 66%) in the United States state that the move to cloud-driven
services is the most important variable influencing their cybersecurity strategies, according to
Frost & Sullivan’s 2023 Voice of the Enterprise Customer survey. Reimagining business
processes and customer experiences in the digital age drives changes in market needs.

•

Work-from-home as the standard forces enterprises to adopt hybrid security models. Threats are
more sophisticated than ever, and even a minimal security breach can lead to a security incident
that compromises the entire value chain of a company. Protecting such environments requires
increasingly complex solutions that are managed by skilled cybersecurity professionals.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

•

CISOs struggle to create a robust identity posture as a results of numerous point solutions, intense
competition in the providers’ markets, and finding ways for legacy and modern systems to work
together. In addition to digital transformation that encourages the adoption of the cloud, the
popularity of concepts such as zero-trust network access (ZTNA), secure access service edge
(SASE), cyber insurance, and XDR will contribute to improvements in identity solutions and
increase its adoption.

•

Widespread use of quantum computing is part of an inevitable future that security vendors are
preparing for. Quantum computers will change the digital fabric of the internet. Organizations need
to take a comprehensive inventory of their cryptographic activity and critical assets to understand
where potential quantum threats pose material risks to the business. CISOs must prioritize
developing migration maps to new families of quantum-resistant cryptography.

About the Author
Sarah Pavlak is an Industry Principal on the Cybersecurity team at Frost &
Sullivan. She focuses on market research related to email security, endpoint
security, mobile threat defense, and network access control. Sarah also has 12
years of defense intelligence experience garnered from working for the U.S.
federal government in protective intelligence and cyber threat risk analysis roles.
Sarah can be reached at LinkedIn or security@frost.com.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

The Cybersecurity Landscape: Emerging
Threats & Advanced Defenses
Defending business against cyberattack
By Abimbola Ogunjinmi, Scholar at McClure School of Emerging Communication Technology,
Ohio University

In 2024, cyber attackers are leveraging a myriad of attack vectors to infiltrate systems, steal sensitive
data, disrupt operations, and extort organizations. These attack vectors are constantly evolving as
cybercriminals adapt their tactics to exploit vulnerabilities in emerging technologies and human behavior.
Some of the prominent attack vectors in cyber-attacks of 2024 include:
1. Ransomware as a Service (RaaS): Ransomware attacks have become increasingly prevalent,
facilitated by the availability of RaaS platforms. Cybercriminals (even a novice among them) can
easily access sophisticated ransomware tools and infrastructure, enabling them to launch
widespread and lucrative extortion campaigns. The recent development shows that ransomware
activity that used to be directed toward small and medium scale enterprises are now been directed

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

toward big corporations. According to Andy Greenberg of WIRED, 2023 ransomware attack report
showed that there were fewer cases of ransomware attack compared to 2022, however, the
amount (1.1bn dollars) paid in 2023 surpassed that of 2022(587million dollars). This indicates that
bigger corporations that could afford large amounts of ransom are now target of the bad actors.
2. Phishing and Social Engineering: Phishing remains a favored tactic among cybercriminals,
exploiting human vulnerabilities to gain unauthorized access to systems or sensitive information.
Social engineering techniques, such as spear phishing and pretexting, manipulate individuals into
disclosing confidential data or clicking on malicious links.

3. Insider Threats: Malicious activities by insiders, such as employees, contractors, or business
partners, pose a significant risk to organizations. Insider threats may involve data theft, sabotage,
or unauthorized access to sensitive information, often exploiting trusted privileges and access
rights.
4. Supply Chain Attacks: Targeting vulnerabilities in third-party vendors and partners, supply chain
attacks pose a significant threat to organizations. Cybercriminals infiltrate trusted supply chains
to gain access to sensitive data, compromise systems, and distribute malware across multiple
organizations simultaneously. Bad actors now launch attack through software, hardware, and
application from the third party.

5. Zero-Day Exploits: Zero-day exploits target previously unknown vulnerabilities in software or
hardware systems, allowing attackers to infiltrate networks and execute malicious code without
detection. These exploits are particularly dangerous as they give cybercriminals a window of
opportunity before security patches are developed and deployed.
6. IoT Device Vulnerabilities: The proliferation of Internet of Things (IoT) devices introduces new
attack vectors and broadened attack surface, as these devices often lack robust security
measures. Cyber attackers target vulnerable IoT devices to gain access to networks, launch
distributed denial-of-service (DDoS) attacks, or steal sensitive data.
7. Credential Theft: Cybercriminals exploit weak or stolen credentials to gain unauthorized access
to systems, networks, or cloud services. Techniques such as password spraying, credential
stuffing, and brute-force attacks are used to compromise user accounts and escalate privileges
within organizations.

8. Malware and Botnets: Malicious software, including trojans, worms, and botnets, is used to infect
systems, exfiltrate data, or launch coordinated attacks. Botnets enable attackers to control large
networks of compromised devices, amplifying the scale and impact of cyber attacks.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

9. Advanced Persistent Threats (APTs): APT groups, backed by nation-states or organized
cybercrime syndicates, conduct sophisticated and targeted attacks against high-value targets.
These adversaries employ advanced techniques, including reconnaissance, lateral movement,
and stealthy exfiltration, to maintain persistence and evade detection.

10. Physical Security Exploitation: Cyber-attacks may also exploit physical security vulnerabilities,
such as unsecured hardware devices, unauthorized access to data centers, or tampering with
critical infrastructure components. Physical access to systems or facilities can provide attackers
with a foothold to launch more sophisticated cyber-attacks.

Mitigation Strategy and Incident Response plan for Emerging Cyber Threats:
Protecting against the diverse range of cyber threats in 2024 requires a multifaceted and proactive
approach to cybersecurity. Here are practical steps organizations can take to mitigate the risks
associated with prominent attack vectors:
1. Implement Robust Security Awareness Training:
Educate employees about common phishing tactics, social engineering techniques, and the importance
of strong passwords. Conduct regular training sessions and phishing simulations to reinforce
cybersecurity best practices and empower employees to recognize and report suspicious activities.
Recent statistics show that social engineering accounted for more than 80% of the cyber-attacks. The
cyber-aware workforce will help in forestalling these cases.
2. Encrypt Data at Rest and in Transit:
Utilize encryption technologies to protect sensitive data both at rest and in transit, mitigating the risk of
data breaches and unauthorized access. Implement strong encryption protocols for communication
channels and data storage systems to maintain confidentiality and integrity. Encryption ensures that in
case of a breach, the data remains useless for the bad actors. In the recent time, there is a new dimension
to Ransomware which is Ransomware plus where the attacker will exfiltrate data of the victim and then
encrypt the data at rest before demanding ransom. The exfiltrated data is now used to blackmail the
victim into paying ransom. This is done by bad actors to ensure that the if victim decides to rely on data
storage backup and ignore ransom payment, the privacy issue that will emerge when the bad actor
displays exfiltrated data in the public will compel the victim to pay the ransom.
3. Enhance Access Controls and Authentication Measures:
Implement multi-factor authentication (MFA) to add an extra layer of security and prevent unauthorized
access to systems and data. Enforce the principle of least privilege, granting users only the permissions
necessary to perform their job functions.
4. Regularly Update and Patch Software:

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Establish a robust patch management process to promptly apply security updates and patches to
software, operating systems, and firmware. It is essential to ensure the currency of the technology
deployed for the organization business.
Monitor vendor advisories and security bulletins to stay informed about newly discovered vulnerabilities
and available patches. I advocated for cyberthreat intelligence sharing(CTIS) among corporation and
organizations where organizations share information about threat among each other so that individual
could work to further fortify their infrastructure.
5. Deploy Advanced Threat Detection Technologies:
Invest in AI-driven threat detection solutions and next-generation endpoint protection platforms to detect
and respond to advanced malware and zero-day exploits.
Leverage behavioral analytics and anomaly detection to identify suspicious activities and potential
security breaches in real-time.
6. Establish a Robust Incident Response Plans and Procedures:
Develop comprehensive incident response plans outlining roles, responsibilities, and procedures for
detecting, responding to, and recovering from cybersecurity incidents.
Conduct regular tabletop exercises and simulations to test the effectiveness of incident response plans
and enhance organizational preparedness.
7. Strengthen Supply Chain Security:
Vet third-party vendors and partners to ensure they adhere to robust cybersecurity standards and
practices. Establish contractual agreements that include security requirements, data protection
measures, and incident response protocols to mitigate supply chain risks. This should include software,
applications, hardware and human resources supply chain. Recently, cyber professional are found to be
offering their skill to bad actors for monetary gain. This underscore the need for proper background check
for the human resources.
8. Implement Continuous Monitoring and Threat Intelligence:
Deploy security information and event management (SIEM) systems to continuously monitor network
traffic, system logs, and security events for signs of suspicious activity.
Subscribe to threat intelligence feeds and participate in information sharing initiatives to stay abreast of
emerging threats, adversary tactics, and vulnerabilities.
9. Conduct Regular Security Assessments and Audits:
Perform regular cybersecurity assessments, penetration testing, and vulnerability scanning to identify
and remediate security weaknesses proactively.
Engage independent third-party auditors to conduct comprehensive security audits and validate
compliance with regulatory requirements and industry standards.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

10. Foster a Culture of Cybersecurity Awareness:
Promote a culture of cybersecurity awareness and accountability throughout the organization,
emphasizing the shared responsibility of all employees in protecting sensitive data and assets.
Encourage open communication channels for reporting security incidents, raising concerns, and sharing
cybersecurity insights and best practices.
11. Cyber Insurance:
Cyber insurance provides financial protection against the financial losses and liabilities associated with
cybersecurity incidents. It helps offset the costs of incident response, remediation, legal expenses, and
regulatory fines in case of a breach. This is part of cyber risk mitigation.
12. Remuneration for Cybersecurity Professional and Experts:
Competitive Salaries: Offering competitive salaries is essential for attracting and retaining top
cybersecurity talent. Cybersecurity professionals possess specialized skills and expertise that are in high
demand, making salary competitiveness crucial for recruitment and retention efforts. It also ensures that
they are satisfied and will not offer their skills to bad actors.
It's imperative for organizations to implement these discussed strategies to strengthen their cyber
defense posture in 2024 and beyond. By investing in proactive cybersecurity measures, organizations
can effectively mitigate risks, protect sensitive data, and safeguard their reputation in the face of evolving
cyber threats. It's not just about preventing attacks but also about being prepared to respond effectively
when breaches occur.

About the Author
Abimbola Ogunjinmi, Scholar at the McClure School of Emerging
Communication Technologies, Ohio University is a distinguished leader in
secure Technology infrastructure deployment. With a scholarly bias for
cybersecurity and over two decades of hands-on experience in Information
Technology and Telecommunication Infrastructure deployment, he has
established himself as a formidable figure in the field. Beginning his career
as an engineer, Abimbola has ascended to prominence through his expertise
in technology infrastructure deployment. He holds a myriad of industry
certifications from ISC2, PMI, Scrum, Cisco and EXIN. He earned certification
such as project management professional(PMP) and Scrum product owner,
Scrum Master, CCNP, CCDP, NRS, and ITIL certifications. Abimbola is a prolific contributor to both
emerging and legacy technologies, including but not limited to 5G, cyber defense technologies, AI,
wireless transmission, satellite communication, and Optical network systems.
Abimbola can be reached online at https://www.linkedin.com/in/abimbolaogunjinmi/

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Understanding the CISA/NSA Cloud Security
Guidance
A deep dive into cloud security best practices
By Matt Muir, Threat Intelligence Lead, Cado Security

For many organizations, cloud security has become a case of starting from scratch.
Companies globally have adopted cloud technologies quickly, leaning into the productivity merits that
such solutions offer. However, security considerations have all too often fallen by the wayside in favor of
operational progress, leaving firms potentially exposed to a variety of modern and evolving cloud-centric
threats.
Critically, those security best practices that worked well for years in on-prem environments don’t translate
across into cloud environments. Indeed, these new technologies require new approaches in order to
ensure effective protection.
In an attempt to improve overall awareness and understanding of common misconfigurations,
vulnerabilities and exposures, and guide organizations towards sound cloud-security practices, the
Cybersecurity Infrastructure Security Agency (CISA) and National Security Agency (NSA) have released
a five-point advice plan.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Here, we’ll look to provide an overview of these recommended best practices and mitigations aimed at
improving security in the cloud, highlighting the significant aspects and the key implications of each.

#1 – Use Secure Cloud Identity and Access Management Practices
With cloud environments posing new, unique challenges, organizations must prioritize the adoption of
proper identity protection practices and access control policies to keep their networks and data protected.
This is, in essence, cybersecurity 101. However, it has often been overlooked.
It is commonly assumed that security best practices come as standard when adopting cloud solutions,
yet that is rarely the case across the board. Therefore, companies need to take the time to ensure their
security, identity and access management controls are properly configured, considering aspects such as
multifactor authentication, PKI certificate management and other credential best practices.

#2 – Use Secure Cloud Key Management Practices
To provide access to cloud resources, cloud service providers (CSPs) typically generate and provide an
access key. If a company wants to access a server in the cloud, it needs a secure key to log in, for
example. Unfortunately, with these keys essentially being text files, it is not uncommon for developers to
accidentally commit them to a code repository.
To mitigate these issues, organizations need to embrace a key management service (KMS) that will
provide safe ways for keys to be retrieved. This might include rotating keys regularly or destroying keys
after use.

#3 – Implement Network Segmentation and Encryption in Cloud Environments
Traditionally, on-prem networks focused on network security, with few restrictions being required for
users that had authenticated to an organization’s network. Here, the assumption was that everything
inside a network could be trusted. However, for cloud environments, this is both outdated and dangerous.
In the modern era where the traditional security perimeter no longer exists, organizations need to
embrace zero trust. It takes a default ‘deny’ approach to security that’s rooted in the principle of continual
verification, recognizing trust as a vulnerability. Zero trust demands that every user request is reviewed
and approved to mitigate risky actions or malicious behaviours. Further, it is particularly well suited to
cloud security given the micro segmentation capabilities across networks.

#4 – Secure Data in the Cloud
With organizations storing more and more business-critical data in the cloud, preventing unauthorized
access to that data must be prioritized. Some of the most notorious cloud security incidents have involved

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

the inadvertent exposure of cloud storage services, exposing massive amounts of sensitive data. In June
of 2023, automaker Toyota reported that the data of approximately 260,000 customers was exposed
online due to a misconfigured cloud environment.
To mitigate such threats, organizations must properly audit and understand their cloud storage systems,
identifying and reducing vulnerabilities such as overly permissive users and accounts.

#5 – Mitigate Risks from Managed Service Providers in Cloud Environments
As well as auditing and improving internal security policies, enterprises must also remain cognizant of
the threats that third parties pose to their networks. Critically, supply chain attacks are on the rise, with
the SANS Institutes estimating that there is a 70% chance that a cyber security incident will be caused
by an organization’s suppliers.
While working with managed service providers can be a cost-effective way of improving security
practices, entities must exercise due diligence before committing to any key partnership. MSPs need to
access almost everything on a company’s network to perform their tasks, so you need to make sure that
they’re secure, understanding their own security practices and track record.

Conclusion
Without question, the joint advice from CISA and the NSA is timely. Indeed, it’s estimated that cloudbased attacks increased by 75% in 2023, with threat actors continually working to find new ways to exploit
the vulnerabilities that have emerged with widespread shifts from on-prem to cloud-based environments.
With cloud security still being relatively new – and often overlooked – organizations need to work to
protect themselves from the most common vulnerabilities, be it overly permissive accounts, poor cloud
key management practices, or otherwise.
The five advice pieces from the CISA and NSA are a good starting point and allow an opportunity to audit
your network and support businesses in building in best practices from the ground up.

About the Author
Matt Muir, Threat Intelligence Lead, Cado Security. Matt is a security researcher
with a passion for UNIX and UNIX-like operating systems. He previously worked
as a macOS malware analyst and his background includes experience in the areas
of digital forensics, DevOps, and operational cyber security. Matt enjoys technical
writing and has published research including pieces on TOR browser forensics, an
emerging cloud-focused botnet, and the exploitation of the Log4Shell vulnerability.
Matt can be reached at Cado Security | Cloud Forensics & Incident Response

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Operational Technology (OT) Security: The
Custodian of An Increasingly Interconnected World!
By Sudip Saha, MD and Co-Founder, Future Market Insights

Since the inception of the internet and the viruses in the 1970s-1980s, the need to secure information
has become increasingly crucial. There has been a serious spike in cyberattacks over the last few years,
which necessitated the use of advanced security solutions. However, these cyberattacks remained
almost solely within the IT realm.
Today, with the advancements of technology and heavy reliance of civilization on computers, attackers
have become much more sophisticated, thereby increasing chances of what we call ‘industrial
cyberattacks’. This has created an enormous demand for advanced operational technology security.
Operational (OT) technology security is not just a technological necessity but a cornerstone in
safeguarding of the modern industrial landscape. According to Future Market Insights, a leading market
research and competitive intelligence firm, the global operational technology security market is poised to
grow at a staggering 18.4% CAGR over the next ten years, totaling a massive valuation of US$ 119.6
billion by 2034.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Understanding Operational Technology (OT) and Significance of OT Security
The hardware and software that monitors and controls physical process devices and processes in
industrial environments is referred to as operational technology. It is widely used in several industries,
including energy, manufacturing, water, and transportation. Unlike information technology (IT), which
deals with data-centric systems, OT focuses on the control and automation of physical processes, such
as industrial control systems (ICS), machinery, and sensors.
Operational technology (OT) systems, including SCADA systems, programmable logic controllers
(PLCs), and industrial control systems (ICS), are critical for keeping critical industrial infrastructure
running smoothly. These digital technologies significantly enhance efficiency and productivity. However,
these systems are also being increasingly targeted by cyberattacks. Hackers exploit vulnerabilities in OT
systems to disrupt operations, cause physical damage, or steal sensitive data.
Protecting operational technology is not just about data security. Rather, it is about safeguarding the
physical world connected to OT systems. Thus, growing incidence of industrial cyberattacks is putting
operational technology security into the limelight.
Operational technology security protects the software and hardware systems that monitor and control
industrial infrastructure, such as manufacturing facilities and power grids. It enables industries to counter
cyberattacks, thereby acting as a watchdog in the modern interconnected world.
With industries continuously embracing the benefits of automation, connectivity, and data-driven
decision-making, the importance of securing operational technology has become more critical than ever.

Three Big Reasons Why Operational Security is No Longer an Option But a Necessity:
The Convergence of IT and OT: Long ago, operational assets were not connected to the internet. As a
result, there was no need for OT security as these assets were not exposed to web-borne threats like
ransomware attacks, malware, and hackers. Then, digital transformation initiatives and IT-OT
convergence expanded, requiring organizations to use OT security solutions.
Operational technology systems are becoming increasingly connected to IT systems. This makes them
more vulnerable to cyberattacks, thereby creating a high need for OT security, and the trend is expected
to grow further during the next ten years.
“In the modern world, the rising interconnectivity of IT and OT networks creates cybersecurity challenges
for industrial organizations to manage. As a result, businesses are increasingly turning to OT security
solutions. The sole motive behind the increasing adoption of operational technology security solutions is
to reduce complexity and close security gaps.” says a lead Future Market Insights (FMI) analyst.
Sophistication of Cyber Attacks: Thanks to ongoing technological advancements, today,
cybercriminals are creating new and more sophisticated ways to attack operational technology systems.
This is making OT security more important than ever before.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

The Potential of Cyberattacks for Physical Harm: Cyberattacks on operational systems can have
serious physical consequences, such as gas explosions, power outages, and environmental damage. To
counter this, industries are investing heavily in operational technology security solutions, which can
protect industrial control systems from unauthorized access, date breaches, and other cyber threats.

Factors Changing the Course of the OT Security Industry
#Rapid Adoption of Digitalization in Industrial Settings:
The industrial landscape is undergoing a digital revolution, with interconnected machines and systems
humming under the banner of Industry 4.0. Today, industries like manufacturing, energy, and oil & gas
are striving for novel ways to enhance their processes, drive greater throughput, and reduce costs. This
persistent desire for both increased efficiency and cost-cutting is prompting them to adopt industrial
automation and digitalization.
While digitalization offers several benefits, it also creates a wider attack surface for malicious actors to
exploit. Digitalization often involves connecting different devices through cloud services and the Internet
of Things (IoT). Each device represents a potential entry point for hackers.
Similarly, industries are adopting new technologies like machine learning and artificial intelligence. To
exploit the vulnerabilities of these technologies, attackers are developing new techniques, thereby
increasing the chances of industrial cyberattacks.
Digitalization itself is not a problem. In fact, it offers several benefits and is crucial for surviving in the
contemporary technological world. However, industries adopting it are realizing the increased risk of
cyberattacks and are taking proactive steps, like using OT security solutions, to mitigate them. Hence,
growing adoption of digitalization and other novel technologies will uplift demand for OT security in the
coming years.
With the adoption of IIoT, the IT/OT air gas is swiftly dissolving. IIoT devices allow industrial processes
to be monitored and managed from a central location, allowing industrial organizations to achieve optimal
efficiency and productivity. This, however, comes at the cost of bridging the physical network disconnect
that secured these legacy systems. Thus, OT environments now need specialized OT and IoT security
solutions.

#Rise in Industrial Cyberattacks:
Various industrial cyberattacks targeting operational technology systems that manage physical
processes in critical sectors like manufacturing and transportation have occurred over the last few
decades. However, the industrial cyber threat landscape took a new turn in 2010 with the STUXNET, the
first ICS dedicated attack that received global attention.
STUXNET, a malicious computer worm, targets supervisory control and data acquisition (SCADA)
systems. It was created to destroy the centrifuges used by Iran to enrich uranium. This cyber weapon

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

was believed to be built jointly by the United States and Israel. It was specifically created to take over
certain programmable ICSs and cause malfunctioning of equipment run by those systems.
Since then, there has been a constant rise in cyberattacks targeting industrial organizations. As per
Kaspersky’s report, malicious objects were located and tackled on 34% of industrial control system
computers in 2023’s first half. Further, with 26.8% of ICS computers affected, the second quarter
witnessed higher threats globally since 2019.
To give a sense of the size of these attacks, here are few of the major cyberattacks on industrial facilities
in recent years that caused trouble for government and non-government facilities:
•

Colonial Pipeline-Ransomware Attack (2021): In May 2021, the United States-based oil pipeline
system Colonial Pipeline suffered a ransomware cyberattack. The attack impacted the
computerized equipment managing the pipeline and halted all pipeline operations for several
days. To restore its computer network, the company (Colonial Pipeline) had to pay a ransom of
US$ 4.4 million to the hacker group DarkSide.

•

Ukraine Power Grid Hack- Trojan (2015): In December 2015, Hackers targeted the power
distributor company Prykarpattyaoblenergo in Ukraine. The finely executed cyberattack disrupted
the electricity supply of around 230000 consumers in Ukraine for up to 6 hours. The attack was
attributed to Sandworm, a Russian advanced persistent threat group.

•

Triton- Malware (2017): The safety systems of a power station in Saudi Arabia were compromised
when its Triconex industrial safety technology was targeted in December 2017.

•

Shamoon- Malware (2012): In 2012, the Sword of Justice targeted the oil giant Saudi Aramco. It
was one of the biggest cyberattacks on industrial facilities, wiping out nearly 35,000 computers in
hours.

Rising incidence of these industrial cyberattacks is prompting industries to employ OT security solutions.
This will play a key role in shaping the course of the global operational technology (OT) security industry
during the forthcoming period.
#Increasing Regulatory Compliance: Governments across the world are enforcing stringent
regulations to combat industrial cyberattacks. These regulations require industrial facilities to implement
OT security measures. This will create remunerative growth opportunities for operational technology
security providers.
#Growing Popularity of Cloud-based OT Security Solutions: The OT security industry is witnessing
a gradual shift from traditional security solutions to cloud-based OT security ones. Today, industrial
organizations are more inclined towards using cloud-based operational technology security solutions.
This is due to their advantages, like scalability, flexibility, and ease of deployment.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Similarly, managed OT security services are witnessing higher demand globally. This is because they
provide industrial organizations with the expertise and resources they need to secure their OT systems
and counter cyber threats.

Challenges in Operational Technology Security:
•

Legacy Systems: Several industrial environments still rely on outdated systems that lack built-in
security features, making them prone to cyberattacks. These systems may not be able to be
patched or updated with the latest security software, creating challenges for OT security
providers.

•

Blurring Lines Between IT and OT: The convergence of IT systems and OT systems is creating
new attack vectors. It increases the attack surface, thereby providing cybercriminals with more
entry points to exploit.

•

Limited Awareness: Many organizations do not understand the risks associated with OT
security. They underestimate the cyber threats facing their systems.

The Way Forward:
•

Investing in OT Security: Industrial organizations must prioritize investments in OT security
solutions and services. This will help them counter the risk of cyberattacks.

•

Building a Culture of Security: It is essential to build a strong security culture with organizations
for effective OT security. By implementing best practices and fostering a culture of cybersecurity,
organizations can fortify their digital backbone, ensuring resilience and reliability of critical
infrastructures,

•

Collaborations: Governments, industries, and academics need to collaborate to share
information, develop best practices, and raise awareness about operational technology security.

Conclusion:
Securing digitalized operational technology is essential for maintaining the resilience and reliability of
critical infrastructure. With industries continuously embracing the digital technologies, the importance of
OT security is expected to grow rapidly. By understanding the unique challenges and implementing
robust security measures, organizations can navigate the complex landscape of OT security and ensure
the continued safe operation of vital systems.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

The future of OT security looks bright as industrial processes become more digitized and cyber threats
become more sophisticated. Industrial organizations that invest in OT security will be better positioned to
protect their critical infrastructure and operations from cyberattacks. By treating OT security as a
watchdog, industries can safeguard their critical infrastructure and ensure smooth functioning of the
interconnected world.
Top vendors are looking to develop innovative OT security solutions like anomaly detection, network
segmentation, and vulnerability management for industrial environments. The new capabilities aim to
take security for OT environments to the next level. For instance:
•

In 2023, Palo Alto Networks introduced Zero Trust OT Security to help industrial owners secure
their operational technology environments. The new OT security solution is designed to provide
visibility and security for OT assets and networks, remote operations, and 5G connected assets.

•

In April 2023, Trustwave introduced new OT Security Maturity Diagnostic Offering to ensure the
security of industrial automation and control systems.

•

In September 2023, Mission Square launched a ransomware defense solution for industrial
control system (ICS) and operational technology (OT) networks. The new OT security solution will
allow organizations to close security gaps and prevent the spread of malicious code within
industrial environments.

About the Author
Sudip Saha, MD and Co-Founder at Future Market Insights. Sudip Saha is
the managing director and co-founder at Future Market Insights, an awardwinning market research and consulting firm. Sudip is committed to shaping
the market research industry with credible solutions and constantly makes a
buzz in the media with his thought leadership. His vast experience in market
research and project management across verticals in APAC, EMEA, and the
Americas reflects his growth-oriented approach to clients.
He is a strong believer and proponent of innovation-based solutions,
emphasizing customized solutions to meet one client's requirements at a
time. His foresightedness and visionary approach recently got him recognized as the ‘Global Icon in
Business Consulting’ at the ET Inspiring Leaders Awards 2022.
Company website: https://www.futuremarketinsights.com/

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

2 New Cyberthreats: The “@” Bypass & QR
Codes
By Rom Hendler, CEO & Co-Founder, Trustifi

One of the questions most often posed to security experts is “What new threats are you seeing in the
marketplace right now?” It’s a fine question, considering that ill-intentioned hackers are developing new
attack strategies every day—especially with accelerants like GenAI software to help them more
effectively create malware and phishing content. As a provider of email cybersecurity technology, we
have noted two very alarming trends in recent months: The use of infected QR codes to circumvent
security filters, and the use of “@” symbols in URLs to confuse security software into bypassing
dangerous links.
Here’s how hackers leverage these methods, and what companies can do to avoid their networks falling
victim.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Invasion of the @ Symbols
Trustifi’s data analysis has uncovered a hazardous tactic that has resurfaced in the threat landscape in
the beginning of 2024. Hackers introduce a series of “@” signs into a malicious URL, which “trick”
traditional security software into overlooking the code.
Here’s how: Cybercriminals will devise a malicious link, and will insert one or more @ symbols into the
URL coding for that link. Most security solutions will interpret these as harmless comments; browsers
tend to view them as ordinary links. Security software will often allow these links to bypass their filters,
assuming them to be benign.
Yet the vulnerable user is left with an infected email that links to an imposter phishing site, or other
malware. Victims are prompted to input login credentials, financial info, social security numbers, or
healthcare ID info on the false site. Consider that some of the biggest breaches in recent history are said
to have generated from the compromise of a single password, including the Colonial Pipeline fiasco.
Our scanning data recently detected an increase in the amount of superfluous @ marks in URLs, rising
from zero incidents to several per day—a startling uptick since the year began. Advanced, nextgeneration security solutions that utilize AI-based tools can be programmed to recognize and flag URLs
that have been camouflaged by @ symbols. Many security vendors aren’t even aware of this tactic yet,
so they haven’t developed a tool to defend against it. And traditional solutions that depend on IP
blacklisting of known criminal IP addresses recognize these attacks at all.

QR Codes or “Quishing”
Nefarious actors are also using QR codes to circumvent traditional security software. Malicious QR codes
are such a new concept that many victims are totally unsuspecting—and traditional cybersecurity
solutions have not developed tools to identify them. This is highly dangerous, since most cybersecurity
filters treat QR codes like harmless images.
We’ve documented the emergence of infected QR codes through scans of millions of emails for
companies in markets ranging from retail to finance and healthcare. We saw a jump of 250% from July
to September of 2023 in these “quishing” emails, incorporating unsafe QR code links. Since QR codes
are often not scanned by software solutions, the criminals harvest the victim’s data and IT technicians
don’t receive any information to help them track that malicious site so they can remediate the problem.

Combating New Threats with Powerful AI
Not enough vendors have added a metric to address these clever emerging threats. Most traditional email
security solutions (security email gateway, or “SEG”-based software) rely on the whitelisting and
blacklisting of known malicious IP addresses to screen for threats. Much of this software was developed
before these more sophisticated AI-based and even image-based threats came into being. These security
providers are struggling to address new attack techniques as they arise, with patches and updates.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Too few business owners realize that even some well-entrenched security providers with household
names don’t use the sophisticated AI tools that are required in today’s environment. Newer solutions are
often better positioned to adapt to threats, since these companies were born in the cloud and are
designed to address emerging AI-powered methods. Entrenched security software was often designed
before these more perilous threats even existed.
Businesses need to utilize next-gen cybersecurity solutions with AI-powered capabilities that can combat
AI-generated attacks. They can interpret text and recognize keywords, images including QR codes, and
phrasing that indicate a potential breach. With sophisticated AI-driven tools, solutions can even neutralize
the issue of superfluous @ signs and flag these attempts to mask an ill-intentioned URL. Administrators
and IT managers need to act fast, however, since new methods continue to evolve.

About the Author
Rom Hendler is CEO and Co-Founder of Trustifi, a cyber security firm
featuring a comprehensive suite of AI-driven email encryption solutions
delivered on a software as a service platform. Trustifi leads the market with
the easiest to use and deploy email security products providing both inbound
and outbound email security from a single vendor. Its unique, cloud-based
storage model is helping the channel rethink their approach to cyber security.
Rom has extensive C-level executive experience at Fortune 500 companies.
He was a key player in opening and operating integrated resorts around the
world with a total investment exceeding $15B
sales@trustificorp.com www.trustifi.com

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Top 8 AI Benefits in Healthcare
Revolutionizing Patient Care: Ways Artificial Intelligence is Enhancing Healthcare Efficiency and
Outcomes
By Tereza Denkova, Marketing Specialist, Accedia JSC

In recent years, Artificial Intelligence (AI) has emerged as a transformative force in healthcare, bringing
innovations that were once considered futuristic into today's medical practices.
This intersection of Artificial Intelligence (AI) and healthcare is further reshaping traditional practices and
paving the way for innovative healthcare solutions. This blogpost explores the multifaceted impact of AI
on healthcare, backed by recent data and future predictions.

Key Applications of AI in Healthcare
From enhancing communication through natural language processing (NLP) to personalizing treatment
for chronic conditions, AI's role is pivotal in advancing patient care. Research from Statista forecasts that
AI in Healthcare will reach USD 188 billion by 2030. Below we highlight in more detail these key
applications of AI in healthcare:

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

NLP and Conversational AI
NLP's role in interpreting clinical data is growing. It is essential for integrating and sharing complex
medical information, facilitating research, and developing new treatment hypotheses.
Personalized Pain Management
AI's predictive capabilities are being used to tailor pain management and treatment plans. It can analyze
how patients respond to treatments and suggest modifications for improved outcomes. This aspect of AI
is particularly significant in managing chronic conditions like musculoskeletal disorders.
Chronic Disease Management
AI systems are constantly evolving, allowing for the discovery of new treatment methods based on the
latest research. This is especially valuable in managing chronic diseases, such as diabetes, where AI
can provide continuous, remote medical care and personalized treatment plans.
Support for Caregivers
AI is offering support to caregivers, particularly in the management of chronic illnesses like dementia.
This includes providing educational resources, virtual coaching, and care plans tailored to the patient's
needs.

Benefits of AI in Healthcare
The integration of AI in healthcare is a groundbreaking advancement that is reshaping the landscape of
medical care and patient management.
We explore more in detail how AI-driven solutions developed by custom software development
companies are leading to more accurate diagnoses, efficient treatment plans, and overall improved
patient outcomes, marking a new era in healthcare where technology and medicine converge for the
greater good.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Better Diagnostics
AI in healthcare enables better diagnostics by processing extensive patient data like images and lab
results, uncovering patterns that might elude human analysis. This leads to quicker, more accurate
diagnoses and effective treatments.
AI's role in diagnostics extends to the analysis of complex data sets, such as X-rays, CT scans, and
MRIs. Machine learning (ML) techniques enable the identification of conditions like fractures, tumors, and
other anomalies with higher accuracy and speed than traditional methods. These capabilities are crucial
in fields such as oncology and neurology, where early and precise diagnosis can dramatically affect
treatment outcomes. For instance, AI in oncology is being used to detect cancer at its nascent stages
with higher accuracy than traditional methods.
Improved Surgical Accuracy
AI enhances surgical precision by providing real-time support and predictive analysis during operations.
It includes advanced methods like 3D mapping of blood vessels, replacing older techniques that used
harmful contrast dyes, and allowing for remote surgical collaboration. A notable example is the use of
robotic assistants in minimally invasive procedures, leading to shorter hospital stays and quicker
recoveries.
Robotics in Healthcare to Boost Efficiency
Robotics, integrated with AI and computer vision, is revolutionizing healthcare in diagnosis, surgery,
rehabilitation, and patient care. This technology boosts efficiency and patient outcomes. An example is
a Mexican hospital using a robot during the pandemic for patient assessments, enhancing efficiency and
reducing frontline workers' exposure.
Clinical Documentation and Administrative Efficiency
AI tools like DAX Express are revolutionizing clinical documentation. They reduce the time spent on
paperwork, allowing healthcare providers to focus more on patient care. This reduction in administrative
tasks also addresses the issue of clinician burnout, which is a growing concern in the healthcare sector.
Advancements in Clinical Laboratory Testing Accuracy
AI is transforming clinical microbiology and pathology by enhancing the accuracy and efficiency of lab
processes. This includes automated techniques in blood cultures and susceptibility testing, which
contribute to quicker, more accurate diagnosis and treatment planning.
Emergency Care Enhancement
AI applications are proving vital in emergency departments, where the burden of care is high. AI tools
help manage patient flow, prioritize care based on urgency, and assist in diagnosing acute conditions
rapidly.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Improved Diagnostics and Treatment
AI algorithms are revolutionizing diagnostics by analyzing complex medical data, enabling early and more
accurate diagnoses. They also assist in personalizing treatment plans, considering each patient's unique
medical history.
Enhancing Patient Monitoring
Wearables and other AI-integrated devices are enabling real-time monitoring of patients, especially those
with chronic conditions, improving the management of their health outside hospital settings.

A Real-Life Use Case
At the University of Iowa Hospitals and Clinics, an innovative use of AI in healthcare was implemented to
tackle the issue of surgical site infections (SSIs). The approach involved developing a data warehouse
to support predictive analytics models. This system was integrated with electronic health records (EHR)
using industry-standard and vendor-specific APIs. It functioned by monitoring individual patient risks in
real-time and evaluating the best practices based on these risks.
The predictive analytics tools were designed to be seamlessly integrated within the provider's EHR
workflow. They operated silently in the background, identifying specific points in patient care where
decision support could enhance outcomes. When necessary, the system would become visible to the
clinician within their usual EHR workflows, presenting specific risks for the patient along with potential
actions to mitigate that risk.
One key feature was the integration of the surgical site infection reduction module within the World Health
Organization Surgical Safety Checklist used during surgery. This module activated towards the end of a
surgery, where it combined real-time data from the EHR, such as the surgeon's details, case duration,
and estimated blood loss, with historical patient data. This information was then processed by a machine
learning model to calculate the infection risk and link it to specific interventions that could be taken at the
time of wound closure to reduce this risk. This process was quick and provided actionable information to
the surgical team within seconds.
The implementation of this AI-driven system led to significant improvements. Initially, the project achieved
a 58% reduction in SSIs, and after three years, this figure rose to a 74% reduction. The success of this
project highlights the potential of machine learning in systematically identifying risks and applying best
practices consistently across patients, leading to substantial improvements in patient outcomes and
healthcare efficiency.
Conclusion
The role of AI in healthcare is rapidly evolving, setting the stage for a new era in medical science. As we
move towards 2024 and beyond, AI's potential to revolutionize healthcare is undeniable, promising to
make healthcare more efficient, accurate, and patient-centric. From improving diagnostic accuracy to
personalizing patient care, AI is setting the stage for a new era in medicine. And a key to most of these

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

innovations are dedicated development teams that support the health organizations in this AI-driven
journey.

About the Author
Tereza is a Marketing Specialist at Accedia, with a key role of
communicating business opportunities driven by tailored software
innovations. Passionate about everything digital, avid baker and recent
world explorer.
Tereza can be reached online at tereza.denkova@accedia.com and at
our company website https://accedia.com//

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

A Strategic Advantage in the Cybersecurity Arms
Race: Embracing Diversity and Inclusivity
By Roberta Faux, US Head of Cryptography and US Field CTO at Arqit

Code Girls. Code Girls was the nickname for the 10,000 women who served in the US military during the
Second World War as cryptanalysts to break secret Germany and Japanese codes. They contributed
significantly to the war effort. This wasn’t an effort to create an inclusive environment but rather a shortage
of male talent to fill critical roles on the home front with a significant portion of the male population enlisted
in military service. Women, therefore, became a vital workforce for roles traditionally held by men. These
women possessed the intellectual acumen, attention to detail, and analytical skills needed for code
breaking work. Often college-educated, with backgrounds in mathematics, languages, and sciences, the
Code Girls were well-suited for the meticulous and challenging task of cryptanalysis.
The work of the Code Girls not only contributed significantly to the war effort but also marked a pivotal
moment in the history of accepting women in the workforce and in the field of cryptography. Flash forward
about 80 years to today; the world of cryptography and mathematics - foundational fields to the
cybersecurity industry - suffer from underrepresentation of women and minorities. This is due to a
complex interplay of historical, cultural, social, and educational factors. Without intentional fostering of

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

interest in STEM among underrepresented groups and the willingness to create inclusive environments,
we risk losing one of the most important battles of the 21st century.
Cybersecurity is an ever-increasing critical and complex field, constantly changing to protect against
evolving cyber threats from financial services to national security and critical infrastructure. Advanced
technologies such as artificial intelligence and quantum computing can be leveraged by both cyber
defenders as well as adversaries. Cloud, mobile and the hyper-interconnectivity of IoT adds yet additional
layers of complexity.
The cybersecurity field is facing an urgent talent shortage and must also capitalize on an inclusive
workforce to provide diverse perspectives and foster innovation. Diversity correlates with the
development of better products, services, and solutions. Many cutting-edge technological fields face
multifaceted challenges that contribute to this disparity, including cultural and racial biases, educational
gaps, and the networking nature of the tech industry. Increasing the representation of women and other
underrepresented groups in cybersecurity is essential, not just for equity, but also for the breadth of ideas
and solutions we need.

What can the industry do to better cultivate, hire, and retain talent that allows for representation
of all genders, races, socio-economic classes, and other underrepresented groups?
STEM education is critical to creating a more representative workforce in the cybersecurity space. From
both an industry and academic perspective, mentorships, internships, and inclusive programming
focused on underrepresented groups can help lower the often-high barriers to entry, from early as
elementary school through higher education.
It is necessary to recognize how diversity can help address the talent shortage in cybersecurity. This is
not just a quantitative issue but also a qualitative one, where diversity plays a crucial role. Industry needs
to understand the unique challenges faced by women and minorities in entering the emerging field of
quantum-safe security, such as the lack of established educational pathways, limited mentors, conscious
or unconscious biases and stereotypes, barriers to advancement and individual imposter syndrome.
There needs to be recognition of the importance of diverse perspectives in fostering innovation in cuttingedge technological fields, and how inclusivity can lead to the development of more effective and userfriendly security products. Concrete tactics can include: 1) inclusive job descriptions that use language
welcoming to all, for instance language that is gender-neutral; 2) reaching out to a broader range of talent
sources, such as minority-focused professional organizations, universities with diverse student bodies,
and online communities that cater to underrepresented groups in tech; 3) establishing mentorship
programs that support the professional growth of underrepresented employees; 4) fostering a workplace
culture that values and respects diversity; 5) ensuring there is diversity in leadership roles which can be
motivating and can help in retaining diverse talent; 6) adopting flexible work arrangements to
accommodate different needs; 7) committing to equal pay and benefits; 8) creating employee resource
groups for underrepresented employees to provide a platform for voices that might otherwise be
underheard; and 9) conducting regular assessments and giving feedback to understand the effectiveness
of current strategies and identifying areas for improvement.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

By implementing these strategies, the cybersecurity industry can not only enhance its talent pool but also
create a more inclusive, innovative, and effective workforce. All of these factors will certainly contribute
to a stronger, more equitable and engaged team environment that will lead to better problem solving and
more effective products and solutions. Diverse perspectives, specifically in leadership, foster innovation.
A team that is open to unique perspectives is typically more likely to consider new solutions, which, in
the ever-changing field of cybersecurity, are critical. This framework for creative problem solving and
innovation is often top-down, so starting with diverse leadership at the top is a step in the right direction.
Lastly, the industry can focus more heavily on recruiting from a broader range of backgrounds. This
doesn’t just mean more diversity in terms of gender or race, it means considering people with a range of
academic and professional backgrounds for open roles, neurodivergent individuals, individuals in the
LGBTQ+ community, people with disabilities (both visible and invisible), military veterans, older workers,
socio-economic disadvantaged groups, and Indigenous Peoples.
Strong skills in STEM are essential, and this includes the critical thinking skills that are key to solving the
complex day-to-day issues that cybersecurity professionals face. For example, my university training
began in the liberal arts - something that might be perceived as a waste of time in its application to a
technical field. Yet it was precisely my training in critical thinking, analytical research, and my
interdisciplinary interests that proved invaluable when I pivoted to a career in mathematics and computer
science. My diverse academic background became a formidable asset that allowed me to bring a new
dimension to my technical work.

What can someone who is interested in the cybersecurity field do to break-in?
Take risks and be gritty. The beauty of science is that it’s based on trial and error. In order to succeed or
find results, an individual must be willing to try, fail and adapt – many times over. Taking risks and taking
on responsibilities that help strengthen one’s ability to adapt can be a formative step in fostering a
successful career in technology.
Cultivate a growth mindset for life. Developing a growth mindset illustrates the tenacity and drive that are
crucial character traits for any successful individual across every industry. Individuals with grit and this
mindset push the boundaries of what's possible, break through glass ceilings and build a path for those
who follow. Further, these traits can aid an individual in successfully finding solutions to present and
future cybersecurity threats, drive diversity and inclusion efforts that enrich the field at large and have the
potential to lead to systemic change.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

About the Author
As the US Head of Cryptography and Field CTO for Arqit Quantum Inc.
(Nasdaq: ARQQ, ARQQW), a global cybersecurity company, Roberta. Faux
works at the forefront of cybersecurity innovation. With her extensive
cryptographic experience and expertise in cybersecurity, Roberta helps
organizations modernized cryptographic systems for hyper-scalability of
infrastructure between all endpoints regardless of how dynamic the network
architecture may be.
For over a decade, she has led commercial efforts in deep tech and nextgeneration encryption including quantum-safe encryption. She has served
as a principal investigator in post-quantum security, private AI, homomorphic encryption and reverse
engineering.
Roberta has 12 years’ experience of signals intelligence and cryptanalysis, working for the National
Security Agency/Department of Defense creating sophisticated mathematical and computational
techniques to provide analytic solutions for cyber-related problems, often in a high-risk high-payoff
environment. She holds a master’s degree from the University of Colorado, with post-graduate education
at the MIT Sloan School of Management, and Johns Hopkins University.
Roberta can be reached online at roberta.faux@arqitinc.us. To learn more about Arqit, visit:
https://arqit.uk/.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Newly Established Zero Trust Initiative Office
Presents an Immense Potential for Progress
By Bill Diaz, Vice President of Check Point Software’s Vertical Solution Business

The Cybersecurity and Infrastructure Security Agency’s (CISA) recently announced their decision to
launch a new Zero Trust Initiative Office, with Sean Connelly at the helm. This move comes at a pivotal
moment as government organizations were the second most attacked sector targeted with an astounding
average of nearly 1,600 cyberattacks every week in 2023, according to Check Point Research (CPR).
It is imperative for government agencies to adopt an innovative zero-trust model that places security at
the forefront, given the perpetually advancing nature of cyber threats.
Two years ago, the Federal Government set forth a Federal zero trust architecture (ZTA) strategy (M-2209) requiring agencies to meet specific cybersecurity standards and objectives by the end of Fiscal Year
2024. As the deadline closely approaches and with the rising complexity of cyberattacks and advances

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

in artificial intelligence, there is an opportunity to solidify these standards, guaranteeing all civilian
agencies' full commitment to implementing them. CPR's 2024 Security Report highlighted that education,
government, and healthcare remain key targets for cyberattacks. To safeguard our nation, we need to
continue improving and demanding a minimum zero-trust compliant standard of cybersecurity across all
organizations.

I strongly believe that the recently launched Zero-Trust Initiative Office holds great promise in the battle
against the next level of cyber-attacks. By embracing a broader perspective and customizing its approach
to cater to the specific operational objectives of each agency, this initiative can revolutionize cybersecurity
practices. My team at Check Point and I are excited to join forces with CISA and the founding Zero Trust
Initiative Office to drive preventative security across civilian agencies.

About the Author
William A. Diaz is a Telecom Industry Executive with over 34 yrs of Sales,
Account Management, Engineering, Operations, Delivery, Program
Management and Relationship Building experiences with Senior Level Clients
and Colleagues in both Domestic and International environments.
Mr. Diaz leads Check Point’s Vertical Solutions Business Unit consisting of
our Telco, Cable, Colo, MSSP and Public Sector (Fed/SLED) organizations.
He manages a talented group of cyber security business, sales and technical
professionals across the Canadian, United States and Latam Markets. He
focuses on selling, delivering and supporting an E2E Security portfolio consisting of Cloud, Network, End
Point, SASE and a robust set of Managed Services offerings.
Mr. Diaz has established, built, and scaled the business by 5X over the last 3.5 yrs with double digit
growth during the last 24 months.
https://www.linkedin.com/in/william-a-diaz-9627672/
Our company website https://www.checkpoint.com/

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Why You Need a Malware Sandbox and How
to Set Up One
A Short Guide to Building A Malware Sandbox
By Vlad Ananin, Technical Writer, ANY.RUN

To build a strong cybersecurity defense, proactive measures are essential. One of them is the use of a
malware sandbox. This crucial component of any organization's security arsenal offers a significant
number of advantages, while being fairly simple to set up and run.

What is a malware sandbox?
A malware sandbox is a secure and isolated environment where potentially harmful software can be
executed and analyzed without risking infection beyond it. It is used by cybersecurity professionals to
understand the behavior of malware and phishing links. Malware sandboxes can be custom-built or
turnkey solutions, and they are essential for organizations looking to protect their systems and data from
cyber threats.

Why proper defense is incomplete without a sandbox
Malware analysis sandboxes offer a critical tool for organizations to have an in-depth understanding of
threats, as they offer:

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Controlled Environment for Investigations: Malware sandboxes provide a safe and isolated space to
detonate suspicious files. This eliminates the risk of infecting critical systems or employee workstations,
allowing for thorough analysis without compromising your organization's infrastructure.
Advanced Threat Detection: Traditional security solutions might struggle with sophisticated malware.
Sandboxes go beyond static analysis, observing the malware's behavior in action. This allows for the
identification of previously unknown and evasive threats, ensuring your defenses remain effective.
Faster Incident Response: In the event of a security breach, a malware sandbox can be a valuable ally.
By analyzing the malware's behavior, you can quickly understand the extent of the attack, isolate the
threat, and implement appropriate mitigation strategies to minimize damage and prevent further spread.
Proactive Approach: Sandboxes do not just react to threats; they help you anticipate them. By studying
the behavior of common malware in advance, you gain valuable insights into the tactics and tools used
by attackers. This knowledge empowers you to proactively strengthen your security posture and ensure
proper protection of the organization’s infrastructure.
Regulatory Compliance: Many industries have standards and policies requiring robust cybersecurity
measures. Malware sandboxes demonstrate your commitment to threat detection and response, helping
you comply with these regulations and avoid potential penalties or reputational harm.

How to create a custom malware analysis sandbox
Here's how to set up a basic sandbox environment:
1. Virtual Machine: Install a virtual machine program like VMWare or VirtualBox on a dedicated
computer for optimal security. If that's not possible, you can use your main system, but be extra
cautious.
2. Resource Allocation: Modern malware is demanding. Allocate enough resources to your virtual
machine (minimum 4GB RAM, 2 CPU cores, and 80GB+ storage) to ensure it can run smoothly
without raising suspicion from the malware.

3. Mimic a Real System: Don't let malware know it's in a test environment! Install common software
like Word, Chrome, and Adobe Acrobat in the virtual machine to make it appear like a typical
user's system and avoid alerting the malware.
4. Simulate User Activity: Create a realistic usage history. Go beyond simply installing software create, open, save, and delete a few files to build logs and generate temporary files, mimicking
real user activity.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

5. Fake the Network: Malware sometimes checks for internet access. Use tools like INetSim or
FakeNet to mimic a real internet connection and capture any network requests the malware tries
to make. You can also use Wireshark to monitor these connections.
6. Analysis Arsenal: Your virtual machine is set up, but you need tools for the real fight! Install
analysis tools like debuggers (x64dbg to see what the malware does), disassemblers (Ghidra to
understand the code), traffic analyzers (Wireshark to track network activity), and process monitors
(Process Explorer to keep an eye on running programs).

Efficient and effective alternative to a custom sandbox
While building a custom sandbox can provide organizations with flexibility and control, it is timeconsuming and resource intensive. A turnkey solution like ANY.RUN can be an effective alternative.
ANY.RUN is a cloud-based sandbox with a user-friendly interface and advanced malware analysis
capabilities. Organizations can use it to launch an interactive virtual machine directly in their browser.
The service comes with all the professional tools pre-installed, making it easy to collect indicators of
compromise (IOCs), analyze network and registry activity, extract memory dumps, and even interact with
the infected system just like on a standard computer thanks to the VNC technology. The platform also
allows organizations to see how malware behavior corresponds to known TTPs in the MITRE ATT&CK
Matrix.
ANY.RUN lets users quickly launch new analysis sessions and adjust system configurations as needed,
selecting the OS, network traffic settings, and pre-installed software.
Another benefit of using ANY.RUN is its cost-effectiveness. Building and maintaining a custom sandbox
can be expensive, requiring significant resources and technical expertise. With ANY.RUN, organizations
can access a malware analysis sandbox at a fraction of the cost of building and maintaining a custom
solution.

About the Author
Vlad Ananin is a technical writer at ANY.RUN. With 5 years of experience in
covering cybersecurity and technology, he has a passion for making complex
concepts accessible to a wider audience and enjoys exploring the latest trends
and developments. Vlad can be reached online at the company website
https://any.run/

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Patching the Human Vulnerability: The
Necessity of Security Awareness Training
By Dima Kumets, principal product manager at Huntress

Security software, hardware, and cloud services have been improving in their sophistication and
capabilities—and yet breaches are still on the rise. While we could point to the growing sophistication of
bad actors, their tools, and the robust economics of cybercrime, the biggest factor is no longer tools. It’s
humans.

According to the 2023 Verizon Data Breach Investigations Report, 74% of all data breaches involve
people. Additionally, the FBI’s 2023 Internet Crime Report said that Business Email Compromise (BEC)
attacks, which inherently rely on deception rather than sophisticated encryption, caused 78x the financial
damage of ransomware. Any way we look at the numbers, humans are the weakest link in our security
stack.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

To the general public, cybersecurity risks are mostly technological. We think about viruses, malware, and
hackers using the latest exploits to steal data. But as Dr. Erik J. Huffman explains in his TED talk, this
kind of attack is unnecessary when social engineering is so much easier. He explains that humans'
instinctive fight or flight response doesn’t work in providing us with an intuitive sense of danger when
we’re reading. In cyberspace, we only have our emotional and cognitive systems to count on, which
leaves us at a disadvantage. Attackers understand this, which is why they target humans more than
technology these days. It’s like when a football quarterback throws the ball past the toughest linebackers
rather than running forward. Why would a cybercriminal go against your tough security tools when they
could bypass that by getting to the vulnerable user instead?

But to make users less vulnerable, to make them more like those tough linebackers, we need security
awareness training.

Most organizations have made investments in security awareness training, but there’s a problem with
traditional security awareness training. It doesn’t work.

Lecture-based security awareness training has been around longer than the Internet. In the early days,
it was referred to as information security training and covered topics such as policies for handling
confidential information and how to avoid viruses. While these topics have expanded and evolved, the
traditional approach hasn’t. Annual lectures with loads of facts and figures just don’t deliver real-world
results.

Bruce Schneier used a different analogy to describe this problem in his seminal 2013 blog post: health.
Educating the public on healthy lifestyles is largely an abysmal failure. People are bombarded with
information directing them to change their habits for an abstract benefit of “a healthier you.” In contrast,
Schneier points out that HIV prevention campaigns have worked because they focus on a few simple
behaviors that lead to clear and impactful benefits. That’s what we need our security training to do.

As Schneier aptly says, “We should stop trying to teach expertise and pick a few simple metaphors of
security and train people to make decisions using those metaphors.” But this goes beyond just correcting
peoples’ actions and teaching them how to make better decisions. It’s crucial to get non-technical
employees to not only internalize security best practices, but also talk about them to get what Schneier
calls “folk models of security.” So how do we do that? The answer lies in stories.

We are innate storytellers, wired to remember stories and narratives. Today, we can see this in action on
an MRI machine as demonstrated at UC Davis in 2021. By activating the hippocampus—the brain’s
memory center—stories evoke lasting impressions that help people recall lessons and put them to use
in practical situations.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

This means that, just as our ancestors shared tales of survival, modern security awareness training must
weave relatable characters, actions, and outcomes into compelling narratives. Taking the time to build
relatable characters might seem like a waste of time, but people put themselves in the shoes of characters
they can relate to, not abstract concepts. Once the stage is set, showing simple and specific actions
makes the threat feel real. Showcasing outcomes and consequences for the relatable character
demonstrates the clear benefit of defending against attacks. Combining all three leads to learners who
internalize the lessons and make better choices when faced with threats.

The second challenge is reaching Schneier’s desired state of organic discussion of cybersecurity and a
“folk model,” but non-technical people don’t naturally talk about cybersecurity around the water cooler.
We talk about hilarious jokes from our favorite sitcom, or last night’s big game. So how can we bring the
topics from security training to the water cooler? By creating security awareness training that transcends
the confines of technical jargon, integrating elements of humor, relatability, and intrigue. When we infuse
training modules with quirky characters, subtle jokes for clever learners might catch in the backgrounds,
and memorable outcomes, security programs can capture that coveted organic, water cooler chat level
and cultivate a culture of security.

Finally, there's a saying that emphasizes the importance of repetition in learning. However, it's often
misinterpreted to mean "forcing users to watch the same video once a year." This might check the
compliance check box, but think about how painful and boring that is for your users. Instead, with storydriven training, security professionals can get the benefits of repetition without the pain by using new
characters, new storylines, and new outcomes. Delivering ongoing, story-based training for employees
to engage with and talk about is the most effective way of getting security training to actually catch on.

With attacks still on the rise, and users seen as easy targets, the need for effective security awareness
training has never been clearer. By harnessing the power of storytelling in security awareness training,
organizations can bridge the gap between technical expertise and human behavior, paving the way for a
stronger and safer first line of defense.

About the Author
Dima Kumets is the Principal Product Manager of Huntress Labs Security
Awareness Training. He has over 20 years of experience in cybersecurity with
a focus on helping Managed Service Providers protect their customers. You can
often find Dima at industry events running award-winning educational sessions
and meeting with partners. Dima can be reached online at our company website
https://www.huntress.com/.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Securing the Future: PCI Certifications for MPoC Vendors
Paves the Way for Secure Digital Transactions
Empowering merchants with cutting-edge security solutions and measures in the digital payment
landscape
By Albert Comas, CEO, Yazara

In the fast-paced world where data protection and cybersecurity measures are crucial, staying ahead of
the curve is paramount. New trailblazers in SoftPOS technology and the payment acceptance industry
are just being certified as the Mobile Payments on COTS (MPoC) vendors by the Payment Card Industry
PCI Security Standards Council (PCI SSC). These momentous achievements will deliver cutting-edge
solutions that redefine the landscape of digital transactions and ensure peoples’ data is protected.
New cloud-based Software as a Service (SaaS) point-of-sale solutions stand at the forefront of
innovation, providing merchants with a secure, cost-effective, and effortless means to embrace digital
payments. With the distinction of being the first PCI MPoC-certified isolated SoftPOS SDK, these new
solutions offers increased integrity, faster integrations, and lighter security assessments, setting a new
standard for payment acceptance solutions.
The cornerstone of payment security in the SoftPOS ecosystem begins with the physical handheld device
and extends throughout the entire transaction process, encompassing the journey from the device to our
back-end host and on to the acquirer for processing. Today's modern SoftPOS solutions have been
meticulously engineered to offer the most secure methods of payment acceptance available. These

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

solutions incorporate robust security measures, including white-box cryptography, significantly enhancing
security levels, surpassing conventional POS devices.
Driven by years of global experience in the SoftPOS and payments vertical, today’s MPOC vendors are
poised to revolutionize the payments acceptance industry. By seamlessly transforming any NFC-enabled
smartphone or tablet into a sophisticated acceptance device, MPOC empowers merchants who were
previously unable to accept digital payments or sought to augment their existing POS infrastructure swiftly
and effortlessly. This innovative solution not only facilitates payment acceptance across a wide array of
NFC-enabled Android and Apple iOS devices but also seamlessly integrates with major global payment
schemes such as Visa, Mastercard, Amex, and Discover, ensuring a seamless and secure transaction
experience for both merchants and consumers alike.
The introduction of the MPoC Standard by the PCI Security Standards Council marks a significant
advancement in payment acceptance standards. Designed to enable increased flexibility and innovation
in payment acceptance solutions, the MPoC standard builds upon established frameworks like SPoC and
CPoC, ushering in a new era of secure digital transactions.
The evolving nature of security challenges in an increasingly cashless society. As the world migrates
towards digital payments, new security concerns emerge, necessitating robust solutions to safeguard
transactions. PCI's latest MPoC standard, coupled with a comprehensive certification process, addresses
these challenges head-on, instilling confidence in consumers and merchants.
MPoC certification comes at a pivotal moment, amidst a wave of momentum in recent months. With over
35 projects deployed worldwide and another 25+ in progress, MPOC's influence in the payments
acceptance arena continues to grow. Boasting an ever-expanding base of over 80,000 active devices.
In light of new directives mandating MPoC compliance for upcoming projects, MPOC certification
assumes critical importance. As international schemes prioritize security and compliance, the need for
MPoC-certified solutions becomes imperative, signaling a shift towards safer and more reliable payment
acceptance methods.

About the Author
Albert has spent his career designing innovative payment solutions. He has
over 25 years of corporate and entrepreneurial experience in the fintech world,
including as head of mPOS Team at MasterCard International, as founder of
MobilCash LC, a mobile payment pioneer, and as a Product Lead at Visa
International. In 2021, Albert joined Yazara as CEO and is focused on building
a world-class company that delivers a state-of-the-art SoftPOS payment
platform. Originally from Spain, Albert is based in New York City, has an MS
from Columbia University, an MBA from Pittsburgh State, and an Economics
Degree from the Universitat de Barcelona.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Security Frameworks & Standards for
Modern Powerplants
By Aneesh Karakkat, Staff Application Engineer, Woodward, Inc.

As the world becomes increasingly conscious of its carbon footprint, traditional methods of generating
power through hydro, fossil fuels, coal, and nuclear energy are being replaced with renewable sources.
However, this transition towards distributed energy resources powered by renewable sources has
presented significant challenges for energy distributors. To manage a highly dynamic and versatile grid
and maintain grid stability, energy distributors are relying heavily on smart grid technology and predictiv e
analytics/AI. While these technological advancements offer numerous benefits, they have also exposed
power plants to new cybersecurity threats. Cybercriminals can exploit vulnerabilities in power plants to
cause significant damage to the grid. Therefore, it is essential to prioritize cybersecurity measures to
ensure the safe operation of power plants and prevent potential attacks. This article will explore the
difficulties that organizations face when implementing security measures and provide an overview of the
major security frameworks and standards that can be utilized to address these challenges.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Implementation challenges
The implementation of cybersecurity measures in power plants is not without its challenges. One of the
major obstacles is the existence of power plants that were built in the past decade with an air-gapped
environment, with networking components that were not designed with security in mind. This has resulted
in unmanaged switches with unidentified connections across the plant networks, posing significant
challenges for securely integrating these plants with external networks. Compounding the problem is the
fact that much of the equipment still uses outdated firmware and operating systems, making it difficult to
obtain approved security patches for these systems.
Another challenge is the limited availability of IT staffing in power plants, with most IT assets and networks
being handled by the operations and maintenance staff. The team's focus is primarily on maintaining the
operational availability of the equipment, rather than on cybersecurity. However, there needs to be a
cultural shift to prioritize cybersecurity as equal in importance to operational availability. Unsecured
assets could contribute to unreliable operations and damage to equipment and assets.
These implementation challenges highlight the need for a comprehensive approach to cybersecurity that
includes the adoption of industry-standard frameworks and standards to ensure the safe operation of
power plants.

Major Cybersecurity Framework and Standards
Securing assets and networks in power plants is a significant challenge, and organizations often struggle
with where to begin. To address these challenges, various security standards and frameworks have been
developed to implement security measures and ensure the safe and secure operation of the plants. These
frameworks consolidate guidelines, best practices, risk assessments, and other measures to help
industrial plant/sector to improve their cybersecurity posture. Some of the major cybersecurity
frameworks and standards that are used in the industry include NERC, NIST, IEC 62443, CIS, and MITRE
ATT&CK. These frameworks provide a comprehensive approach to cybersecurity, offering guidelines for
risk management, security controls, and incident response. Let’s briefly go through major cyber security
frameworks and standards mainly used in the industry.

NERC CIP
The North American Electric Reliability Corporation (NERC) is a non-profit regulatory authority
responsible for ensuring the reliability and security of the power grid. To protect critical infrastructure from
cyber and security threats, NERC created the Critical Infrastructure Protection (CIP) plan. This plan
includes a set of standards and guidelines that all power generation and utility companies operating in
North America must comply with.
The CIP plan consists of 13 requirements,

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

CIP-002-5.1a

Cyber Security — BES Cyber System Categorization

CIP-003-8

Cyber Security — Security Management Controls

CIP-004-7

Cyber Security — Personnel & Training

CIP-005-7

Cyber Security — Electronic Security Perimeter(s)

CIP-006-6

Cyber Security - Physical Security of BES Cyber Systems

CIP-007-6

Cyber Security - System Security Management

CIP-008-6

Cyber Security — Incident Reporting and Response Planning

CIP-009-6

Cyber Security - Recovery Plans for BES Cyber Systems

CIP-010-4

Cyber Security — Configuration
Vulnerability Assessments

CIP-011-3

Cyber Security — Information Protection

CIP-012-1

Cyber Security – Communications between Control Centers

CIP-013-2

Cyber Security - Supply Chain Risk Management

CIP-014-3

Physical Security

Change

Management

and

All power generation and utility companies (Bulk Electric) operating in North America are required to
comply with the NERC CIP standard to protect users, assets, and grids from various cyber-attacks and
threats. The NERC CIP standard is continuously updated to address emerging security challenges, and
compliance with these standards is vital for protecting against cyber threats.

NIST
The NIST cybersecurity framework, developed by the National Institute of Standards and Technology
(NIST), is a widely recognized framework used in various industries. It provides organizations with a
consistent set of regulations, principles, and benchmarks to better understand, assess, prioritize, and
communicate their cybersecurity efforts. The framework comprises six high-level Functions, namely
Govern, Identify, Protect, Detect, Respond, and Recover. When these Functions are considered together,
they offer organizations a comprehensive view of managing cybersecurity risk.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

The NIST cybersecurity framework aims to address the lack of a standardized approach to cybersecurity
by presenting a consistent set of regulations, principles, and benchmarks that can be adopted by
organizations across different sectors. One of the exceptional aspects of this framework is its versatility,
as it can be beneficial for both organizations that are initiating their cybersecurity program and those that
already have a relatively developed program. By functioning as a high-level security management
instrument, this framework can assist in evaluating the cybersecurity risk throughout the entire
organization.

IEC 62443
The International Society of Automation (ISA) and the International Electrotechnical Commission have
jointly developed a series of standards aimed at improving the cybersecurity of industrial automation and
control systems. Known as IEC62443, this series of documents provides a structured and engineered
approach to address the cybersecurity of IACS systems. One of the primary benefits of using the IEC
62443 system is that it covers the security of Industrial Automation and Control Systems (IACS)
throughout their lifecycle.
The IEC62443 standards are typically divided into four groups based on the intended stakeholders within
the organization. The first group, General, includes documents that address topics common to the entire
series. The second group, Policies and Procedures, consists of documents related to policies and
procedures related to IACS security. The third group, System Requirements, includes documents
necessary to address system-level security requirements. Finally, the fourth group, Component
Requirements, consists of documents that specify detailed requirements related to the development of
IACS products.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

CIS
The CIS Critical Security Controls (CIS Controls) are a comprehensive set of best practices designed to
enhance cybersecurity posture. These controls consist of 18 overarching measures that prioritize
activities over device ownership and roles. The CIS Controls Version 8 includes the latest 18 security
measures that organizations can use to strengthen their cybersecurity posture.
Control 01. Inventory and Control of Enterprise Assets
Control 02. Inventory and Control of Software Assets
Control 03. Data Protection
Control 04. Secure Configuration of Enterprise Assets
and Software
Control 05. Account Management
Control 06. Access Control Management
Control 07. Continuous Vulnerability Management
Control 08. Audit Log Management
Control 09. Email and Web Browser Protections
Control 10. Malware Defenses
Control 11. Data Recovery
Control 12. Network Infrastructure Management
Control 13. Network Monitoring and Defense
Control 14. Security Awareness and Skills Training
Control 15. Service Provider Management
Control 16. Application Software Security
Control 17. Incident Response Management
Control 18. Penetration Testing

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

What sets CIS Controls apart is not just the set of measures, but also the community-driven approach
behind it. The CIS Controls were created by harnessing the experience of a community of individuals and
enterprises, who share ideas, tools, lessons, and collective action to make actual security improvements.
By utilizing these controls, organizations can strengthen their cybersecurity posture and better protect
against potential cyber threats.

MITRE ATT&CK
MITRE ATT&CK is a knowledge base that provides insights into adversary tactics and techniques based
on real-world observations. It is a globally accessible platform that focuses on how adversaries interact
with systems during an operation, reflecting the various phases of an adversary's attack lifecycle and the
platforms they typically target.
ATT&CK is designed to be user-friendly and is organized into a series of technology domains that reflect
the ecosystem in which an adversary operates. Currently, there are three technology domains:
Enterprise, Mobile, and Industrial Control Systems (ICS).
ATT&CK for ICS was created to address the need for better understanding, concentration, and
dissemination of knowledge about adversary behavior in the ICS technology domain. This platform helps
to bridge the gap between operational and cybersecurity engineers to build greater understanding from
both perspectives and allow for more educated defense decisions.
By utilizing ATT&CK, organizations can gain valuable insights into how adversaries operate and use this
knowledge to better protect their systems. This knowledge base also enables organizations to identify
potential vulnerabilities in their systems and proactively address them before they can be exploited by
adversaries. Overall, MITRE ATT&CK is an important tool for organizations looking to enhance their
cybersecurity posture and stay ahead of potential cyber threats.

Gearing up for smart grids
Modern plants are embracing new technologies to address global challenges and needs. However, with
the integration of these technologies, plants are exposed to new cybersecurity threats that must be
prioritized to prevent potential attacks. The implementation of cybersecurity measures in power plants
presents several challenges, but adopting industry-standard frameworks and standards can help to

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

ensure the safe and secure operation of plants. While we have discussed some of the major cybersecurity
frameworks and standards, there are many more to choose from, and it is crucial to carefully select the
framework that meets the specific needs of your organization. By doing so, plants can optimize their
cybersecurity efforts and protect against potential threats and attacks.

About the Author
Aneesh Karakkat is a highly experienced and passionate Staff Application
Engineer at Woodward Inc, with a focus on developing industrial
cybersecurity solutions for the power generation and oil and gas sectors.
He is a certified GISCP professional with a strong expertise in industrial
cybersecurity, failure analysis, and industrial networking. In addition to
developing control solutions for steam turbines, gas turbines, and
compressors, Aneesh is committed to staying up-to-date with the latest
digital technologies to help clients embrace them and address the
cybersecurity challenges facing the industry. He is dedicated to ensuring
that clients are protected against cyber threats and can operate their
systems with confidence in a rapidly evolving technological landscape.
Aneesh can be reached online at linkedin

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

DevSecOps Practices for a Secure Cloud
How to start ahead of the curve?
By Vishakha Sadhwani, Customer Engineer, Google Cloud

In today's rapidly evolving technological landscape, a strong cultural practice like DevSecOps is essential.
It empowers engineering teams to collaborate effectively, optimize workflows, ensure security and
compliance, and confidently embrace AI innovation. But what exactly does this DevSecOps jargon mean?
TL;DR - DevSecOps is a set of practices and culture that standardizes and automates security
processes and tools throughout software development and operations.
The impact of DevSecOps is significant. According to the State of Software Security Report (Cyentia
Institute & Veracode) - Organizations with the most active DevSecOps programs fix vulnerabilities
more than 11.5 times faster than average.

What role does it play?
With transformative technologies constantly emerging, software development trends can present
complex challenges for businesses seeking to innovate quickly. Digital security, encompassing both

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

applications and their underlying platforms, is a growing concern for organizations of all sizes; further
requiring to navigate strict regulatory requirements for user data protection, compliance with data privacy
standards, and safeguarding sensitive information. Balancing these security needs with the pressure to
innovate rapidly can lead to friction.
Cloud-native environments provide the flexibility essential for agile development and deployment,
accelerating the development lifecycle. By integrating DevSecOps practices, organizations adopt a
holistic life cycle approach where development, operations, security, and business stakeholders
collaborate from the outset. This means embedding security into every stage of the software development
lifecycle (SDLC), ensuring a secure and efficient development process.

Goals of DevSecOps
Enhanced Collaboration
DevSecOps aims to break down organizational silos, fostering cooperation between development,
operations, and security teams. This involves shared tools, processes, and a culture of shared
responsibility. By working together, teams across specializations can proactively identify risks and
address them swiftly.
How does it improve Security and Agility?
Developers can detect vulnerabilities and security issues early in the development process, enabling
them to ship code quickly without sacrificing security. DevOps professionals manage policies seamlessly
and integrate multiple tools, reducing duplicate efforts and ensuring consistency. Security teams focus
on automating workflows to detect and prevent risks proactively

Shift Security to the left
The concept of "shift-left" security involves prioritizing security as early as possible within the
development lifecycle. Treat security with the same importance as quality and business requirements
throughout the CI/CD DevOps process.
Given the significant shortage of security professionals - GitHub estimates developers outnumber
them 500 to 1, organizations must embrace 'shift-left' security strategies to remain competitive.
(Source:https://portswigger.net/daily-swig/githubs-nico-waisman-security-is-not-just-an-opportunity-buta-responsibility-for-us)
This approach avoids the bottlenecks and potential delays caused by traditional SDLC processes where
security testing often occurred right before a product's release.
The cloud has significantly enabled "shift-left" security, offering tooling and automation for the following:

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

•

Artifact Scanning: Integrate scanning of container images, IaC templates, and other artifacts
directly into CI/CD workflows.

•

Continuous Security Testing: Ensure artifact security during build and deployment phases with
tools like:
▪ SAST (Static Application Security Testing): Analyzes source code for
vulnerabilities.
▪ DAST (Dynamic Application Security Testing): Simulates attacks against
running applications.
▪ SCA (Software Composition Analysis): Checks for vulnerable dependencies.

•

Secure Supply Chain: Protect the supply chain through vulnerability scanning and dependency
checks.

•

Production Monitoring: Continuously monitor production environments for risks, enabling rapid
remediation through collaboration between security, development, and DevOps teams.

Foster Operational Efficiency
DevSecOps aims to streamline operations for high-quality code deployment, leading to cost savings and
reduced defects. Cloud automation enables scalable, rapid resource provisioning while minimizing the
potential for human error, ensuring consistent and predictable infrastructure deployment.
While automated tools effectively identify security issues and best-practice violations, they are most
powerful when integrated into robust DevSecOps processes and workflows. This approach drives
continuous operational efficiency, codifies institutional knowledge, fosters team collaboration, reduces
future risks, and minimizes security alerts.
The key principle: Automate Everything. This includes:
•
•
•

Infrastructure as Code (IaC): Automate infrastructure provisioning using core IaC tools.
Proactive Detection and Identification: Leverage automated cloud security tools for
comprehensive detection and identification of potential risks.
Automated Response: Integrate security tools to enable an automated, proactive response to
security incidents

Continuous Improvement
DevSecOps extends security practices beyond deployment, emphasizing continuous monitoring of
security posture and involving both development and operations teams in incident response. This
approach creates a feedback loop, fostering a culture of continuous learning and optimization. Here's
how to implement it:

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

•
•
•

Use findings to refine processes: Leverage insights from testing, monitoring, and security
incidents to improve processes and reduce future risks.
Define metrics: Track key security metrics to measure improvement over time, ensuring
accountability and visibility into the success of DevSecOps initiatives.
Proactive risk identification: Employ threat modeling techniques to proactively identify potential
threats, allowing for mitigation strategies before vulnerabilities are exploited

Start your Journey Right Away with DevSecOps
The value and benefits of this practice will position your organization for immediate and future success
on any cloud platform. You can immediately get started by:
❖ Bringing Security into your DevOps pipeline: Workshops for infrastructure and security
engineers to develop, validate, and enforce security guardrails in shifting left

❖ Implement Infrastructure as Code: Training Security Engineering teams around the
fundamentals and operational watchpoints of using IaC tooling to manage resources on cloud.

❖ Security Automation: Train Security Engineering in cloud automation to maintain security
posture (through prevention, detection and remediation)

❖ Recommendations: Identify opportunities for enhancement, improve coordination amongst
teams, the implementation of deeper security controls and alerts and more.

About the Author
Vishakha is a Customer Engineer at Google Cloud, specializing in designing
and building large-scale cloud solutions for digital native customers. She helps
businesses across industries – including Finance, AI/ML Startups, Retail, and
Cybersecurity – achieve transformative results through automation and secure
cloud deployments. She has worked with multiple cloud providers and has 7+
years of experience with various open-source tools and platforms, she’s
committed to mentoring newcomers in cloud technology. Vishakha can be
reached online at LinkedIn(https://www.linkedin.com/in/vsadhwani/) and at our
company website - https://cloud.google.com/

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Cybersecurity for Alternative Investment
Firms – Key Trends to Watch in 2024
By Paul Ponzeka, Chief Technology Officer (CTO), Abacus Group

As alternative investment firms continue their ongoing digital transformation, several cybersecurity trends
will be prominent in the coming year. Enhanced regulatory requirements around data security, privacy
and compliance will demand organisations continue to strive for a more robust cybersecurity stance.

Regulatory Demands Tighten
With increasingly stringent guidelines expected from bodies like the Securities Exchange Commission
(SEC) covering areas like infrastructure security, record-keeping for digital communications and general
cybersecurity controls, firms will face intensifying pressure to fortify their control frameworks.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

In 2024, demonstrating rigorous due diligence, risk assessments, and ongoing monitoring of vendors will
be key to meet heightened expectations. It will also be vital to have established tested and ready-toexecute plans for managing and mitigating the impacts of cyber-security incidents in place.
Firms must ensure third parties adhere to the same high security standards applied internally. Contracts
should also allocate clear responsibility for responding to and reporting incidents. Firms that fail to meet
the increasingly stringent requirements lay themselves open to potential fines and damage to their
reputations.
These demands may strain budgets and resources, but alternative investment firms will need to meet
them to retain trust with partners, customers and investors, and avoid penalties from agencies that now
prioritise cybersecurity more than ever before. In short, these organisations must proactively strengthen
their control frameworks to navigate this period of intensifying oversight.

Keeping Remote Work Secure
Securing hybrid work environments will continue to demand attention this year. Since the pandemic,
alternative investment firms and their employees have embraced the flexibility and productivity gains of
a distributed workforce.
However, this more diffuse attack surface expands risks which security controls must address. In the
coming months, firms will need to ensure remote teams and assets accessed from any location are tightly
secured, especially as threats continue evolving in sophistication.
Secure access solutions, endpoint protection, identity verification, and monitoring of high-risk user
behaviours will be vital. This includes the adoption of a Zero Trust Security framework, which operates
on the principle of “never trust, always verify,” regardless of the location of the user, device or network.
The adoption of Zero Trust has been dramatic, growing from 24% to 61% in just the last two years with
another 35% planning to implement within the next 18 months, according to Okta. Financial services firm
had even a higher adoption rate in 2023 at 71%.
Vulnerability scanning will be crucial here too. It is important in any environment, but remote work
introduces additional complexities and potential points of vulnerability, such as unsecured home
networks, personal devices, and increased reliance on cloud services. By incorporating vulnerability
scanning into their cybersecurity strategy, organisations can better protect their remote workforce and
sensitive data from cyber threats.
Comprehensive security awareness training must also adapt to an environment where sensitive
operations increasingly occur beyond the office perimeter. Employees are both your firm’s greatest asset
but could also potentially be your greatest vulnerability. Malicious actors utilising social engineering
techniques such as phishing can trick employees wherever they are into exposing your firm’s sensitive
data. An organisation that fosters a culture of continuous cybersecurity awareness leaves themselves in
a more secure position than one that doesn’t.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Going forward, securely enabling hybrid work will require innovative approaches, security awareness
training, and diligent oversight to safeguard operations and data.

Safe Use of AI
The world’s biggest trend of 2023 will evolve, but certainly not disappear in 2024. The onward march of
AI presents both challenge and opportunity. While alternative investment firms rightly see potential in AI
to boost efficiency and competitive advantage, significant barriers remain. The adoption of AI tools will
accelerate but ensuring responsible, compliant use will be difficult without proper skills and governance.
Firms understand AI's opportunities, but are uncertain how to integrate new technologies securely or
mitigate risks like data misuse. Regulatory compliance challenges are also unclear as AI remains largely
unregulated.
However, with the right training and controls, AI could enhance decision-making and operations. Those
able to navigate shortages of industry-specific expertise and establish responsible data practices will be
best positioned to harness AI's power while avoiding its pitfalls. Careful management of both opportunities
and challenges will therefore be paramount.

The Investor Dimension
Investor influence on security standards will also strengthen in 2024. Investors are increasingly aware of
cybersecurity's importance, with 71% of global asset managers highlighting it as a key concern during
fundraising due diligence. They seek more detailed information, as noted in PwC’s Global Investor Survey
2023, where around half reported having limited or no information on companies' cybersecurity
measures. This includes both quantitative and qualitative data, such as the types of technologies used,
their purposes, effectiveness, and governance.
This growing concern over cyber risks marks a significant shift in investor attitudes. They are moving
beyond basic assurances and demand in-depth, transparent information. This change represents a major
shift in the investment landscape, especially in alternative investments, leading to more rigorous security
controls and clearer communication strategies.
As alternative investment firms expand their ecosystems of third-party vendors and service providers,
robust oversight and management of external risks will be increasingly crucial. With more sensitive data
shared externally, investors will demand evidence of strong third-party controls to protect their assets.

Growing Understanding of the Threat from Inside
2024 is also likely to further reinforce the understanding within firms of the threat from within. According
to a recent report from Cybersecurity Insiders, nearly three-quarters (74%) of companies are at least
moderately vulnerable to insider threats, while the average cost of an insider threat incident in 2023

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

was $15.38 million. We would expect and welcome increasing usage of insider threat detection systems
by businesses to monitor the behaviour of users; identify anomalies and rapidly respond to them.
Coupled with this, more firms are getting the message that holding regular user access reviews is an
important best practice approach. Conducting user access evaluations assists organisations in upholding
the principle of granting the minimal necessary access to users, thereby minimising the chances of
unauthorised access and potential security breaches. It would be positive to see a continued focus on
this area from firms over the coming year.

The Promise of a New Year
The next 12 months will undoubtedly present cybersecurity difficulties for alternative investment firms as
regulatory standards tighten, work models disperse, and threats grow more advanced. However, with
foresight and strategic planning, these challenges can be transformed into opportunities for growth and
resilience.
Firms that proactively bolster their controls to adapt seamlessly to changing rules will gain competitive
advantage over laggards. Those that establish secure, productive hybrid infrastructure and build
workforce skills will attract top talent. Managing third-party risks diligently and leveraging AI responsibly
can enhance services while satisfying growing investor expectations.
For organisations that can rise to the occasion, 2024 offers the chance to cement stronger security
cultures, fortify operations, and strengthen stakeholder trust by turning cybersecurity from a source of
uncertainty into a driver of operational excellence. With vision and execution of the right strategies,
challenges are likely to give way to new opportunities.

About the Author
Paul Ponzeka is the Chief Technology Officer (CTO) of Abacus Group. Paul can
be reached at LinkedIn https://www.linkedin.com/in/paulponzeka/ and our
company website https://www.abacusgroupllc.com/

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Data Integrity: The Key to Battling Ransomware
By Jim McGann, VP of Strategic Partnerships, Index Engines

No organization is immune to ransomware. Each entity, regardless of its size or industry, must
acknowledge its vulnerability and proactively address this threat.
Despite better security protocols, more advanced endpoint detection and prevention tools, and layers of
protection, AI-armed cyber criminals are making their way in and holding data for ransom. It’s reminiscent
of the days when pirate ships were the scourge of the seas. There was an answer to curtailing the threat
then and there is an answer to it now.
First, the synergy connecting the data integrity and security functions often falls short of what is needed
to effectively combat this ever-escalating threat of ransomware across all sectors. While this disconnect
has not been a significant issue historically, the current surge in ransomware attacks has magnified its
consequences, resulting in substantial expense and disruptions throughout so many organizations.
Harvard Business School defines data integrity as “ensuring the completeness, accuracy and quality of
data as it is maintained over time and across formats. Preserving the integrity of your company’s data is
a constant process.” It is indeed.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

The current situation for most organizations is directly dependent upon the solutions available to them.
Firstly, storage vendors lack integrated security features capable of effectively countering ransomware
threats and that is leaving organizations vulnerable. Existing storage solutions often lack the necessary
resilience, particularly in the face of today's increasingly sophisticated ransomware landscape.
Secondly, organizations lack the infrastructure within their storage systems to detect ransomware attacks
in a timely manner, translating to delayed responses and widespread damage. And there’s this, the lack
of understanding for some organizations that more is needed. Thinking they have done what they can by
implementing a traditional endpoint security and having a disaster recovery plan, many organizations
have yet to seek out and execute a formal cyber recovery strategy into their operations.
The absence of a well-defined and thoroughly tested operational plan can be a real bottleneck for
collaboration between IT and security departments, and exposes organizations to heightened cyber
liability risks, resulting in increased costs and prolonged downtime. Cultivating collaboration between
storage and security functions is the message and the need, and to get there, organizations need to
address their cyber resilience to mitigate liability.
Storage vendors are constantly updating and introducing bigger and better versions of their solutions to
ensure they are protecting the data they store. They also often miss the importance of maintaining data
integrity during cyber attacks. Storage vendors that adopt advanced security measures aimed at ensuring
the integrity of data itself, will be much further down the road toward enabling successful recovery in the
aftermath of a cyber attack.

And while vendors have an important role in addressing cyber security risks, it is incumbent upon the
organizations themselves to ensure all sectors are communicating while fostering collaboration between
their IT and security departments to bolster data resiliency.
Ransomware threats transcend storage problems, posing significant challenges to security and data
protection. Improved collaboration between IT and security departments can help mitigate cyber liability
and minimize the impact of cyber attacks.
There is so much disruption to face when an organization is recovering from a ransomware attack. It’s
exacerbated by the all too common lack of communication between the IT team and the security. When
the two teams work in their individual silos, the result is typically a business that is offline for a prolonged
amount of time, and suffers from significant data loss, making a full recovery nearly impossible.
What is important now is to see and embrace this transformative shift. The first step - a reevaluation of
the lines of communication that exist between storage and security, and a redefinition of how corporate
data is safeguarded, with an emphasis on resilience in the face of potential cyber attacks.
Data integrity initiatives are essential for any organization that has data it needs to keep secure. By
prioritizing data integrity, organizations will be bringing together their storage and security needs while
ensuring data remains uncorrupted, enabling a thorough restoration with minimal data loss.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Data integrity initiatives reveal deep analytical insights capable of detecting even the most covert data
corruption, galvanizing storage, security, and data protection teams to refine and combine each of their
discipline’s strategies to minimize operational disruptions.
Addressing the evolving ransomware threat requires this comprehensive approach, integrating advanced
security measures with both primary and secondary storage platforms. Only through this kind of
integration can organizations achieve the robust cyber resiliency needed to recover, minimize data loss,
and prevent public exposure when the bad guys come knocking on the data center door.

About the Author
Jim McGann is VP of Strategic Partnerships, Index Engines. Jim is a globally
experienced marketing and business development executive instrumental in
developing key relationships and brand development at Index Engines. Jim
is experienced with both large established software firms and emerging
startups and is a frequent writer and speaker in the areas of ransomware
recovery, cyber resilience and unstructured data management.
Jim can be reached at our company website: https://www.indexengines.com

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

How Enhanced Age Assurance and Content Moderation
Can Protect Children From Harmful Content Online
By Michal Karnibad, Co-CEO, VerifyMy

Young people are consistently encountering harmful, age-restricted, and even unlawful content online.
The continued expansion of smart devices and easy, anywhere access to user-generated content (UGC)
via social networks and messaging platforms only intensifies the issue. At the tap of a button, individuals
can now come across a greater amount of adult, extreme, and illegal content than ever before.
Something clearly needs to change. Of course, we should welcome the thousands of young people,
parents, and organizations that raise awareness each year around internet best practices. Governments
are also looking to implement new laws and guidance to protect our children online. However, it will
ultimately fall on businesses to enhance their online age assurance and content moderation to ensure
they are doing their utmost to protect the young and vulnerable.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

A Risky Online Environment
Although the internet's effortless availability has provided countless advantages, the reality remains that
due to its swift and frequently uncontrolled growth, children now have unparalleled access to age-limited
and illicit content online.
The consumption of such content is not only appalling, but it also results in adverse effects on children's
long-term wellness and mental health, as well as distorting young people’s perspectives on intimacy and
acceptable conduct. Understandably, this is a leading concern for parents, with almost a half of those
with teenage children (46%) expressing their concerns about how their child's engagement with social
media could expose them to explicit materials.
Many well-known social media platforms allow individuals to establish accounts starting at 13 years old,
despite the fact that these sites can expose them to age-limited and even illegal material.
The digital world therefore needs to catch up with the offline world, and put in place effective age
assurance measures which will more effectively and efficiently prevent access to age-restricted products
and content.

AI Fueling a Surge in CSAM
An additional and equally concerning issue is the growing proliferation of child sexual abuse material
(CSAM) online. This refers to sexually explicit images or videos featuring children. In 2022, the Internet
Watch Foundation (IWF) reported that the US has the highest amount of CSAM online, accounting for
30% of the global total. The presence of CSAM across a range of websites and platforms is worsening
as a result of the widespread use of artificial intelligence software, which is enabling the creation of new
illicit content. Coupled with the photo and video functionalities of today’s smart devices, this makes it
incredibly simple for users to generate, upload, and access illegal content.
This insidious issue often goes unnoticed amidst the vast expanse of digital content. Uncovering this
problem is a Herculean challenge. Unfortunately, it is an invisible problem, and as such not enough
resources and efforts are directed towards eliminating CSAM online.

It’s Time for Effective Age Assurance and Content Moderation
In order to tackle these issues, organizations must swiftly implement and improve their age assurance
and content moderation systems. The emergence of technologies like AI has made it far easier and
practical than ever before to assess users’ age and identify and stamp out illegal content online at scale,
accurately and at a low cost.
As regulatory guidance on internet safety measures remains in development, organizations have
traditionally lacked a strong incentive to adopt these technologies. However, the welfare of our youth is
at risk. Instead of assigning blame, now is the time to introduce practical solutions that address the
challenge of safeguarding children on the Internet both when it comes to the content they see and the

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

content they’re featured in. Companies should collaborate with experts in this field, including regulators
and safety tech providers. By doing so, we can create an ecosystem of effective solutions that, when put
into action, genuinely offer protection to young people as they navigate the online world.
Numerous age verification solutions, including email address age estimation, are now available, providing
businesses with the resources to confirm their customers' ages with minimal disruption. Simultaneously,
content moderation tools allow for real-time analysis of uploaded or live-streamed content before it gets
published, delivering immediate solutions to identify and remove illegal material before it is even
published.
Additionally, adopting proactive measures like uploader and participant verification enables consent and
minimizes the risk of revenge pornography, the misuse of intimate images, exploitation, slavery, and sex
trafficking.

An Ongoing Debate: Privacy vs. Safety
Even with these tools at hand, there is still much to be done to safeguard children online and eliminate
illicit content from websites. This issue is frequently intensified by the persistent debate surrounding
safety and privacy, wherein tech companies and social media platforms emphasize the significance of
encryption in securing user data. The drawback of encryption, though, lies in its potential exploitation by
malicious individuals to disseminate and share age-restricted or illegal content online.
This debate will only gain more attention in the coming months as new legislation such as the Kids Online
Safety Act (KOSA) continues to progress. Fortunately, as new privacy-preserving authentication tools
emerge, such as email address verification, organizations will be able to mitigate this concern.
This involves spearheading the adoption of age verification and content moderation tools that promote
significant change throughout their industries. However, as more young and vulnerable users continue
to access illicit content or experience abuse online, this is the time for businesses to break these
dangerous patterns.

About the Author
Michal Karnibad, Co-CEO, VerifyMy. She is an experienced and versatile
general manager with a passion for solving complex problems to break new
ground and develop talent. Software engineer by training, Michal's experience
is multi-disciplinary. She has worked across industries from Financial
Services/ FinTech to eCommerce and Sustainability. She has worked across
continents and cultures and for large/regulated companies (HSBC, PayPal,
Citi cards) and startups in various stages, focusing on scaling these up.
Michal can be reached online at https://www.linkedin.com/in/michalkarnibad/
and at VerifyMy’s website https://verifymy.io/

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Energy Department Announces $70 Million in Operational
Technology Zero Trust Research Grants to Strengthen Energy
Sector Against Physical and Cyber Hazards
With cyberattacks on critical infrastructure increasingly threatening public safety, how can
advanced cybersecurity frameworks, like Zero Trust and enhanced digital certificates, empower
municipalities to safeguard against these evolving dangers?
By Mark B. Cooper, President & Founder, PKI Solutions

In early January, the U.S. Department of Energy announced it will make available $70 million for research
and development into technologies that would protect energy delivery infrastructure against physical and
cyber-related threats as part of an emphasis on taking care of “the operational technology side of the
house.”
The All-Hazards Energy Resilience Program funding opportunity will be managed by the DOE’s Office of
Cybersecurity, Energy Security and Emergency Response (CESER). The agency is specifically seeking
OT-related proposals that address how one might implement a zero-trust architecture in an electrical or
fuel environment.
The DOE will fund up to 25 research, development, and demonstration projects for municipal operational
technology security under the new funding opportunity ranging from $500,000 to $5,000,000. The

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

allotments will go to diverse teams from universities, nonprofit and for-profit companies, national
laboratories, state and local governments, and Tribal Nations.
The grants will support research into technologies designed to increase resilience and reduce risks to
energy delivery infrastructure from a variety of hazards, including cyber and physical threats. This new
competitive funding opportunity is anticipated to help advance next-generation innovations that will
strengthen the resilience of America’s energy systems, which include water, the power grid, electric
utilities, pipelines, and renewable energy generation sources like wind or solar.
The DOE’s zero-trust research portfolio will be pivotal to the fortification of the critical infrastructure within
the energy sector. Unlike other industries, the costs and consequences are not data, IP or social security
numbers, but human lives and safety, and many of these necessary entities within our energy systems
are lacking knowledge and resources to defend themselves possibly resulting in unquantifiable,
devastating outcomes.
The success of the DOE’s initiative will be determined by its ability to achieve a collective, fundamental
understanding of a zero-trust strategy. Within the cybersecurity framework, Digital Certificates play an
impotent role in securing the cryptographic authentication between machines, people, computers, and
something as simple as a water valve.
Digital Certificates implementations through PKI Infrastructures don’t rely on the adoption of advanced
technologies, but rather having knowledge of all operational risks to a ensure comprehensive and vigilant
implementation to avoid misconfigurations, partial deployments, and inadequate post-installation
monitoring. Like all security solutions, any oversight can leave critical systems vulnerable to sophisticated
cyber threats, undermining the integrity of our energy infrastructure.

The Solution: Building on What Works
OT environments that enable a resilient energy grid rely on foundational cryptography components like
Digital Certificates, but historically these systems have been overlooked, misunderstood, under staffed
and had implementation challenges.
Addressing this challenge will require more than just the deployment of technology; it demands a strategic
comprehension of a threat landscape and its risks and vulnerabilities. Digital certificates are a proven
cryptographic framework and stands out for its ability to secure communications and authenticate users
and devices within a zero-trust, OT environment. Equally important as the implementation is the
continuous threat monitoring, user education and real-time response mechanisms.

Five key elements to move CI cybersecurity forward are:
PKI "spotlight” innovations: New visibility gives organizations confidence in their identity and encryption
systems and will help security professionals better leverage and maintain a secure Public Key
Infrastructure (PKI). Gone are the days when you can implement a security solution and trust that it’s
secure. All security solutions, including PKI require real-time monitoring and alerting, because

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

innocent/incorrect changes can have catastrophic affects that are only discovered during scheduled pentests. In today’s hostile environment, an hour, a day, a week, or a month of insecurity (especially in the
OT space) could be the difference between a healthy water system and a questionable one.
Zero Trust Architecture: Adopting a Zero Trust framework can significantly enhance security by
assuming that threats could be present both outside and inside the network. Within the security space,
employees are your most important asset and at the same time: potentially, your most significant threat.
Zero Trust requires strict identity verification for every person and device trying to access resources on
a private network, regardless of whether they are within or outside of the network perimeter.
Advanced Threat Detection and Response: Utilizing tools and technologies for real-time monitoring
and detection of threats, as well as rapid response capabilities, is crucial. Managed Detection and
Response (MDR) services and Security Information and Event Management (SIEM) systems can play
pivotal roles in identifying and mitigating threats before they cause significant damage.
Incident Response and Crisis Management: Developing a robust incident response plan and crisis
management capabilities are critical for minimizing the impact of a cyberattack. This includes establishing
a Cyber Incident Response Team (CIRT) and conducting regular tabletop exercises to simulate attack
scenarios and refine response strategies. Like the fire drill in school, organizations need to practice their
response to the scenarios they fear the most.
Cyber Security Training: Most security classes still concentrate on proper firewall configurations.
History has proven that while firewalls are important, the perimeter of even an average organization is
too complex for any firewall to secure. All organizations need to have a few cyber security specialists on
staff. Typically, this is very specific training and is not part of an overall “security” class.

Continuous Innovation, Not “One-and-Done”
While the initiative aims to protect against current threats, the DOE should seek contributions from those
that anticipate and mitigate future vulnerabilities, ensuring the continuous and safe operation of the
energy sector. It's a call to action for municipalities, energy providers, and technology developers to
collaborate in fortifying our critical infrastructure against an ever-evolving threat landscape.
Simply implementing any technology is never a one-and-done exercise. These research grants are an
innovation driver and a necessity as threats constantly evolve, therefore education and training should
be a factor of the DOE’s overall grant strategy to maintain the strength and resilience of America’s energy
systems.
The DOE's investment highlights the agency’s risk tolerance for its stakeholders’ and the desire to
achieve real-time threat detection and the importance of maintaining the resilience of OT systems. By
encouraging the development and integration of zero-trust policies, we can confidently enhance the
security posture of our critical energy infrastructure.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

About the Author
Mark B. Cooper is the CEO and founder of PKI Solutions. He has been
known as “The PKI Guy” since his early days at Microsoft. Mark has deep
knowledge and experience in all things Public Key Infrastructure, including
Microsoft Active Directory Certificate Services, PKI design and
implementation, Internet of Things, mobile security, and encryption. PKI
Solutions provides consulting, training, professional services, and
assessments to help ensure the security of organizations now and in the
future.
Mark can be reached at info@pkisolutions.com or follow him on Twitter at
@ThePKIGuy.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

The Role of Behavioral and Identity Analytics
in Early Threat Detection
By Sanjay Raja, VP of Product Solutions at Gurucul

As threats get more advanced, it’s become crucial that security teams gather and analyze as much data
as possible to understand the context of possible attacks. The level at which an organization can do this
is often the difference between a successful attack and stopping one early in the attack chain. Behavioral
and identity analytics are at the forefront of this fight for visibility and can deliver the context needed to
understand if network activity is just unusual or malicious (whether it’s from an internal or external user).
In this article, I’m going to dive into behavioral and identity analytics, explore how the two work together,
and share some use cases.
There are lots of tools, tactics, and procedures (TTPs) that attackers use once they get inside an
organization. Their goal is to find sensitive data, get tools in place, hide activity, and then exfiltrate data
or launch some other form of attack. For example, with a ransomware attack, a threat actor might utilize
a spear phishing attack to get network access, then install malware that communicates back to an
external command and control server, and then start to move laterally to find critical assets – such as
personal data or financial data. At that point, they may choose to steal the data and sell it, before locking
down a system and demanding a ransom. But being able to identify these steps as events in a
ransomware attack can be challenging.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

While you might have tools such as endpoint, antivirus, EDR, IPS devices, a reputation service, DPI
probes, and more, the reality is that organizations are still getting attacked and breached. Why? Because
no one device can identify 100% of these attacks or give 100% visibility. And when steps of an attack are
missed, what do you do? These questions and this problem are what analytics work to solve.

Behavioral analytics looks outside the norm.
Behavioral analytics can be a powerful approach for identifying if anomalous behavior is malicious, risky,
or benign. It creates a baseline of standard behavior for users and entities within a network and looks for
deviations to that baseline, alerting to anything that could indicate a potential security threat. It collects
live data that includes user actions (such as applications used, interactions with data, keystrokes, etc.),
activity on devices attached to the network (such as servers, routers, etc.), and security events from
supported devices and platforms. It’s designed to find that abnormality and give it context in the risk or
kill chain, so organizations can bridge the gap between what they see in a security alert and what the
behaviors are.
Most analytics platforms are designed to look for malicious behaviors, but often there are gray areas that
could be accidental (i.e., a breach of policy), or they could be legitimate early signs of an attack.
Behavioral analytics delivers that context, so teams can potentially step in before a negative outcome
occurs. This could include insider threats, data exfiltration detection, privileged access misuse,
compromised account detection, compromised system or host detection, and more. Here’s a quick basic
example.
Let’s say someone is trying to log into a system with credentials and fails multiple times before being
successful. Is that indicative of a brute force attack? Possibly. But the system shows that person has
access to that system. Next that same user starts accessing unusual websites or has an unusual
connection. Behavioral analytics correlate those two factors to better understand that risk profile, flagging
it to the security team so they can get ahead of what could be early stages in a possible attack. It provides
an early warning system for a team to act on.
Behavioral analytics looks across infrastructure, systems, and applications to correlate data and
determine if it’s actually malicious behavior or perhaps just an unintentional policy breach by a user.
Understanding that granularity (or stitching together those events) so a security team can act accordingly
is crucial in reducing alerts, increasing security efficiency, and stopping attacks early in the lifecycle.

Identity is foundational in identifying anomalous behavior.
However, to validate anomalous behavior (and properly leverage behavioral analytics), you must
understand identity. It’s essentially the first piece of the puzzle in determining how valid the behavior is
in establishing a security threat. Is the user valid, are they internal, are they a partner? What systems do
they have access to and what logins, accounts, or applications are supported within those systems?
What entitlements do they have and what data can they view or access in those applications? Are they

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

authorized to copy or move data from a system? And finally, what are their roles? Do they have write
privileges to certain types of data? It’s important to know if the user is an intern or the CFO, for example.
This type of identity information needs to be gathered, unified, and look at holistically so it can be
compared with user and entity behavioral data and action can be taken. For example, there might be a
departing user, an old supply chain partner, or some other access outlier that requires them to be locked
out of the network. Or there could be a rogue account, dormant account, identity-based cross-domain
authentication issues, segregation of duties, or more.
The success of identity analytics is tied to comprehensive data gathering. Just scraping Active Directory
or O365 files shares doesn’t deliver that complete identity picture. It needs to pull from governance
systems, identity management systems, access management systems, and privilege access
management systems – across on-prem, cloud, and SaaS environments. This provides a consolidated
view of users, access privileges, entitlements, and more, which delivers a user profile that can be used
for more advanced analytics (like peer group analysis).
Visibility into identity and access rights can bring different types of user behavior anomalies into focus.
Take for example an internal user that has read access, but not write access, to sensitive documents
(they can’t copy the files). But they have an unusual amount of print queue activity and screen capture.
This could be a sign of data exfiltration.

Behavioral analytics and identify analytics can drive better threat detection.
Tying behavioral data and identity data together goes beyond threat chaining and can create powerful
insights for security teams. Doing so can validate whether the risky behavior or anomaly is beyond the
scope of what a user or entity is allowed to do based on policy. Not only does this reduce false positives,
but by connecting that hierarchical context of the individual steps, it allows the security team to go beyond
just relying on a specific malicious action in a kill chain. Let’s look at some specific use cases of combining
behavioral and identity analytics.
In the first example, a salesperson is driving and accessing their sales database via their mobile phone.
In the process they have entered their password incorrectly several times. This triggers a behavioral alert
that signals a potential brute force attack. However, by looking at identity analytics – the salesperson’s
access privileges, their role within the organization, entitlements, and even location data – the analyst
can determine it is not a threat.
Next, two individuals have similar titles and roles within an organization. However, one of those
individuals has been flagged for accessing a critical resource (even though they never interacted with
that system). This is established as an abnormal activity. Through identity analytics, analysts can
compare similar users to identify potential flaws or misconfigurations in access policies. Then the
offending user’s activity can be further investigated.
The above example can also apply to two different use cases. If the offending user being investigated is
classified as an insider threat, then the user can be monitored more actively based on company policies
and approvals. But if it is a case of stolen credentials and malicious activity, identity analytics is useful for

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

determining whether the activity is representative of current policies as a start, and then other analytics
can be used to chain together elements of a potential attack campaign.
With today’s advanced threats, identifying anomalous behavior early in the attack chain is critical to
stopping or mitigating damage. Combining behavioral and identity analytics is the key to understanding
that context and being able to home in on what the real steps are in an unfolding attack.

About the Author
Sanjay Raja, VP of Product Solutions at Gurucul. Sanjay brings over 20 years
of experience in building, marketing and selling cyber security and networking
solutions to enterprises, medium-to-small business, and managed service
providers. Previously, Sanjay was VP of Marketing at Prevailion, a cyber
intelligence startup. Sanjay has also several successful leadership roles in
Marketing, Product Strategy, Alliances and Engineering at Digital Defense
(acquired by Help Systems), Lumeta (acquired by Firemon), RSA
(Netwitness), Cisco Systems, HP Enterprise Security, Crossbeam Systems,
Arbor Networks, Top Layer Networks, Caw Networks (acquired by Spirent
Communications), Nexsi Systems, 3Com, and Cabletron Systems. Sanjay holds a B.S.EE and an MBA
from Worcester Polytechnic Institute. Sanjay is also a CISSP as well as Pragmatic Marketing certified.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Finance And Healthcare Regulations Require a Better
Balance of Privacy, Security, And Accountability In The
Use Of Direct Messengers
By Kurt J. Long, CEO and Co-Founder of BUNKR

The finance and healthcare industries have continuously leveraged the latest technology to communicate
effectively with their respective client bases. Direct messaging in particular affords the opportunity to
foster more responsive, intimate, and even trusted relationships with customers in both of these
industries.
However, the encryption strategies used by the most popular messengers have evolved very rapidly in
recent years, and in turn, complicated their use within the financial and healthcare sectors. Widely used
platforms like WhatsApp, Signal, Snapchat, and even iMessage have adopted disappearing messages,
encryption technology, and business policies that make recordkeeping — especially the kind of
recordkeeping expected by the regulatory bodies for these industries — impossible. As such, these
changes have consequently made use of these messengers a violation of industry regulations, as
evidenced by the substantial fines levied by the Securities and Exchange Commission (SEC) against
banks and broker-dealers. Within healthcare, HIPAA compliance rules have made use of these
messengers all but impossible.
The financial services and healthcare industries prescribe very specific practices for institutions to follow
in the interest of keeping their customers’ information private and secure. In the financial field, these
requirements are spelled out by the SEC and the Financial Industry Regulatory Authority (FINRA), while

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

the healthcare industry is regulated by the Department of Health and Human Services’ Office for Civil
Rights (HHS OCR) in the Health Insurance Portability and Accountability Act (HIPAA.) Given the wide
scope of these regulatory bodies, their strict requirements concerning the recordkeeping of service
provider and customer interactions are often overlooked and misunderstood. In broad terms, it’s required
that these communications are formally archived so that in the event of something going wrong —
whether it’s a lawsuit by a patient or client, a data breach, privacy compromises, or insider trading
accusations among other scenarios — the institution and appropriate regulating body are able to recreate
what was communicated between all parties. Ideally, this process allows for the truth to come to light and
an eventual solution to be produced. In this sense, these regulations provide accountability alongside
assurances of customer privacy and security. Having access to these communications allows critical
questions to be answered, such as “Did the trader and the institution act off of inside information? Are
they culpable and prosecutable?” In healthcare, an equivalent question might be “Did the nurse or
physician provide an inappropriate dosage of medication before the patient had life-changing
complications?” If there are no records of relevant communications to review, these fundamental
questions cannot be answered.
While direct messengers have always had complications surrounding their recordkeeping policies — or
lack thereof — these issues have become more pronounced in recent years. Beginning around 2019, the
most popular messengers such as WhatsApp, Signal, and to an extent iMessage took a hardened
resistance to recordkeeping. This shift resulted in finance and healthcare industry regulators being
crippled in their capacity to hold negligent actors accountable for negligibility. Furthermore, with the
widespread adoption of these messengers by the public, blatant crimes in traditional finance as well as
digital currencies were able to flourish unchecked. Direct messengers began catering to greater and
greater anonymity for users up to the point of not even requiring a phone number from users, popularized
by the instant-messaging software Tox. As a result, criminals have been able to operate fraudulently
across the healthcare, traditional finance, and digital currency spaces with more boldness than ever
before.
This emphasis on anonymity at the expense of accountability has forced industry regulators and law
enforcement to act with greater suspicion toward anyone using these types of messengers. This
hardened stance has resulted in even innocent people using these messengers getting caught up in
dragnets of investigations. Because these platforms make use of disappearing messages and do not
provide proper recordkeeping of communications, innocent users accused of illegal acts cannot provide
information regarding what was appropriate usage. Further complicating matters, regulators and law
enforcement cannot collect evidence against direct suspects even when there is probable cause and a
court order in effect.
Whether it concerns the need to investigate a healthcare lawsuit, a financial insider trading ring, or
fraudulent criminal activities in finance, the bottom line is that the policies of direct messaging platforms
have been a disaster for regulatory agencies. Their secrecy, rejection of recordkeeping, enforcement of
non-cooperative business policies, and move to end-to-end encryption have created utter digital
mayhem.
Of the major regulatory bodies, the SEC has responded most aggressively to this state of affairs. The
agency has issued upwards of billions in fines against banks, broker-dealers, and other financial services

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

firms that have allowed employees, agents, and contractors to communicate with the use of these socalled “secret messengers.” There is no sign that violators will get a reprieve from these steep fines
anytime soon. According to Bloomberg, the SEC has now issued more than $2.6 billion in fines over
issues relating to recordkeeping and off-channel communications as of March 2024.
As noted earlier, the HHS Office for Civil Rights (OCR) has a long history of enforcing HIPAA, which
requires recordkeeping and archives in all patient communications. The HHS and OCR have added
leverage as regulatory bodies, as the federal government is a big “payer” through the Centers for
Medicare & Medicaid Services and subsidiary programs such as Medicare and Medicaid. While some
new guidance has been issued with regard to communications over direct messengers, it is only a matter
of time before we see eye-popping fines against health institutions that have permitted their employees,
agents, and contractors to communicate with their patients through secret messengers.
The solution to finding a balance between privacy, security, and accountability for the financial services
and healthcare industries in using these direct messengers is fairly simple: Healthcare and financial
institutions must ban the use of secret messengers which do not support recordkeeping and archiving as
mandated by the SEC, FINRA, HHS from use by their employees, agents, and contractors. Additionally,
these institutions must provide awareness and compliance training to all parties employed or involved in
the institution’s practices. Entities operating within the financial and healthcare fields should be diligent
in only allowing the use of messengers that comply with the security, privacy, data integrity, and
recordkeeping standards of their industry.
The balance between privacy, security, and accountability is now a critical focus in finance and healthcare
through regulations that are rapidly being enforced. This enforcement has been accelerated by the rise
of post-2019 secret messengers, which have catalyzed a surge in fraud, deceit, and crimes within these
industries. This trend mirrors the broader societal impact, where these same secret messengers facilitate
an estimated $1.7 trillion in narcotics distribution, $150 billion in human and sex trafficking, and support
for anarchist activities.
The Fourth Amendment of the U.S. Constitution does provide for protection of the public against
warrantless searches, however, its true brilliance is that it also provides for the ability of the victims of
crime to seek justice through law enforcement when there is probable cause. The Fourth Amendment
also requires that searches and seizures be authorized by a warrant, ensuring that evidence is collected
in a manner that respects privacy rights and judicial oversight.
These key principles — privacy, security, and accountability — must be prioritized by private entities
utilizing direct messengers within the financial and healthcare sectors as well as the federal government
and corresponding regulatory bodies. The secrecy of these platforms has undermined users’ security,
sense of ease, and trust in the institutions whose services they’re utilizing. If providers are to successfully
navigate the complexities of communicating with customers, ensuring compliance, and protecting the
integrity of their business operations, they must be vigilant about maintaining thorough recordkeeping
practices, exchanging messages through the proper channels, and ensuring the security of their users.
While no one wants to operate under constant surveillance, the greater public and innocent parties who
get entrapped by malicious actors deserve to be able to pursue accountability from those who’ve wronged
them.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

About the Author
Kurt J. Long is Chair and Co-Founder of BUNKR. Kurt Long is a successful
entrepreneur, husband, and father. Long and his family have worked and traveled
the world together visiting over 45 countries on business and adventure. Kurt is
active in philanthropy and is the co-Chair of the Long Family Force for Good
Foundation which focuses exclusively on family mental and spiritual health. Kurt
is chair and co-founder in BUNKR whose vision is to save people time while
building trust and reducing anxiety in the world, bunkr.life

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Footage in Cyberspace
By Milica D. Djekic

About a decade ago, cyber has been considered as a union of the computers, internet and mobile
technology as nowadays that sort of the asset deals with a new terminology being an information communication technology (ICT) infrastructure which broadly corresponds to a term being a cyberspace,
so far. The ICT is a novel and deeply accepted concept that can be assumed as a digital ecosystem that
might offer a wired and wireless transmission of the information and as anything working on an electric
current will always cope with a trace among its software and hardware system. A couple of decades
back, the entire electronics technology could be analog or digital, while with the industry 4.0 and a
beginning of the digital age the majority of the technical paradigms have become digitalized giving a
space for new solutions to come and open up, first, some place for cyber technologies and more recently,
ICT infrastructure. The main challenge with those emerging products and services is a well-developed
and controlled digital forensics which gives an opportunity to catch any footage within a cyberspace
lawfully being defined as a clue or evidence in hands of the authorities and the other case management
efforts as dealing with a trace in some electric voltage system can be recognized as a valid finding on
the court leading to a final decision of any case and its investigation. Combating a high-tech criminality
is a tough task and anyone who wants to tackle such a problem must cope with skills, experiences and

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

expertise as it can be truly difficult locating all those offenders and prove what they literally done in an
illegal manner. The big concern with the cybercrime fighting is a lack and chronical need for a legal
regulation as such technological landscape changes and evolves non-stop seeking from the law
enforcement professionals to keep a step with upcoming trends and tendencies as the system by itself
should focus on constant reforms, as well as well-provided updates, trainings and educations being an
imperative in getting a competitive officer who can get at least a move ahead of the IT security threats
which are also very competitive in their business literally dictating trends in the next generation security,
so far.

Indeed, people have been connected with each other at the end of the previous century when the world
thanks to the web grid has become the global village, while in a second decade of the new millennium
the devices, not just the humans have started being interconnected relying on the internet signal opening
up a new chapter in a history of the science and technology which is the Internet of Things (IoT) being
promising, but from a security point of view, very unreliable industrial perspective, so far. Apparently, with
such a situation there must exist an appealing need for cyber defense as something which can make
lives and businesses getting better safe as those relying on such an untrusted system might be in a real
danger which brings with itself a search for a highly sophisticated cryptosystem which could impact any
kind of communication and data storage in a fashion of the end-to-end (E2E), link and combined
encryption being followed with a good decryption and getting with so much harder challenge of the perfect
secrecy and multi-stage assurance of the endpoint users and their secret information exchange. The fact
is it is possible to leave a footage within those heaps of the electronic equipment including their virtual
capacities and the good question with so could be how it is feasible to undoubtedly confirm someone’s
identity being left within an ICT asset as it is well-known that the entire new legal regulation with the case
management procedures being in compliance with those laws are needed in order to prove someone’s
activity in both physical and high-tech surrounding, so far.

The overall process of the R&D of the digital forensics tools must be in accordance to the lawful
suggestions and those making software and hardware for a legal evidence collecting procedure are
supposed to provide exactly something that can offer a valid evidence on the court as once developed
such a solution must pass an examination within the accredited government’s bodies which can issue a
certificate guaranteeing that such a tested product or service does truly what has been ordered by the
law not letting any space to some sort of the mistake or counterfeiting such reports and assessments as
in a technological manner that piece of the equipment could be totally with a small degree of the accuracy
in an engineering connotation. On the other hand, in a case of the identity confirmation it must be strictly
defined by the law what can be a valid evidence on the court regarding who has convicted a criminal
justice offense and literally, the law enforcement agencies conducting an investigation should use such
devices which could detect someone’s identity, for instance, catching someone’s presence with some
kind of the access control platforms such as computer login screen, physical approach to some facility,
crossing a border and much more as it is well-known that the identity might be determined relying on
something that can give an accurate information who that person is and the unique indicator for such a
finding is a biometrics parameter which can be included as a fingerprint footage, iris detection trace or

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

DNA collected data – all of so leading into more innovative case management which might be with a
strong correlation with the science and technology endeavors being capable to accurately assess such
an identity and consequently, applying some kind of the IDs analytics locate those offenders knowing
without any flaw that those persons are who they are and they did what they have done which can
dramatically speed up an investigation process letting much more effective evidence collecting
procedures that can lead to an arrest of the criminals and probably terror individuals which are using an
emerging technology not any longer untouchable and uncatchable to the law enforcement and
intelligence communities, so far.

About The Author
Milica D. Djekic is an Independent Researcher from Subotica, the Republic of
Serbia. She received her engineering background from the Faculty of Mechanical
Engineering, University of Belgrade. She writes for some domestic and overseas
presses and she is also the author of the books “The Internet of Things: Concept,
Applications and Security” and “The Insider’s Threats: Operational, Tactical and
Strategic Perspective” being published in 2017 and 2021 respectively with the
Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s
channel. She is the member of an ASIS International since 2017 and contributor to
the Australian Cyber Security Magazine since 2018. Milica's research efforts are
recognized with Computer Emergency Response Team for the European Union (CERT-EU), Censys
Press, BU-CERT UK and EASA European Centre for Cybersecurity in Aviation (ECCSA). Her fields of
interests are cyber defense, technology and business. Milica is a person with disability.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

Honeytrap Accounts Powered by Cyber
Threat Intelligence (CTI)
How CTI allows companies to create impactful honeytrap accounts to collect intelligence
By Shawn Loveland, COO, Resecurity

In this article, we will discuss a unique and unconventional approach to safeguarding your business, staff,
and clients with the help of dark web intelligence. We will explore a different way to use compromised
account data to help you identify additional compromised accounts and improve your security measures.

The problem statements:
Defenders: How can compromised accounts be identified on a large scale and with automated
methods, even when the accounts are unknown and not included in any intelligence feed?
Threat actors: Threat actors often possess many compromised accounts. However, they can
only make money off a small portion of these accounts. As a result, they must determine which
accounts are worth their time and effort to exploit. They usually purchase accounts in bulk

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

(thousands to millions of compromised account pairs per batch) and then use an account checker
to see which ones are worth the time and resources to victimize.

The solution statements.
Honeytrap accounts powered by CTI allow defenders to set up a cost-effective, durable, and
scalable process to detect threat actor infrastructure targeting a business before a breach occurs.
This article discusses using honeytrap accounts to identify compromised accounts that threat
actors may seek to exploit. A similar technique can also be applied to identify malware-infected
(botted) PCs and create honeytrap PCs that CTI empowers. For more information on honeytrap
PCs powered by CTI, please e-mail contact@resecurity.com

Typically, organizations obtain compromised data from sources like Resecurity’s Context and Risk.
However, most users of this data only search for accounts with matching usernames and passwords of
active accounts to take corrective measures. While this is a tried-and-true method for preventing security
breaches and other nefarious activities, this article discusses a different way to use the same data, which
will have more impact than mitigating the identified compromised accounts—often 2 to 10x the impact.
Usually, defenders create fictitious honeytrap accounts to create a detection signal. Some even go so far
as to attempt to seed these accounts on the dark web, hoping that threat actors will become aware of
them and try to use them. This technique is sometimes impactful against threat actors who have little to
no operational security (OpSec). However, the honeytraps described in this article are different.
Honeytrap accounts powered by CTI solve the fundamental problem with honeytrap accounts: How can
threat actors (from basic to advanced) be made aware of them so they will use them to create the signals
the defenders need? The compromised accounts are known to be in the threat actor’s inventory. The
defenders associated with these accounts' domains know which accounts are active and which are not.
Defenders can then create honeytrap accounts for the no longer active accounts.
This allows the
defenders to create honeytrap accounts that attackers will attempt to use as part of an attack.
If the account recently became inactive, the user to whom the account belonged will still have a
social graph of being associated with the company or service. Some threat actors use a potential
victim’s social graph to filter their compromised accounts list before running them through a
checker. This makes it more likely that the attacker will see it as worth the time and expense of
running the account through the checker.

Benefits of utilizing CTI honeytrap accounts
Account checkers are a required component of most threat actors' supply chains. They are the primary
way threat actors can identify and prioritize victims. Targeting this chokepoint disrupts the attack,
increases the attacker’s costs, lowers the potential scale of the attacker’s attacks, and lowers the velocity

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

100

of attacks. When companies implemented this recommendation, there was a significant and durable
disruption to the threat actors targeting them.
Companies that have deployed the basic implementation have successfully identified threat
actors and dark web account checking services targeting them and have identified previously
undetected compromised accounts. It is common for a company to begin to detect and identify
signals from these honeytraps within a few days, sometimes as quickly as 15 minutes. Advanced
users have used the feed of phishing e-mails sent to the honeytrap accounts to improve their
detection and prevention of phishing e-mails targeting their employees, vendors, and customers.
For the more advanced implementation, they have identified previously unknown TTPs and
recovered the toolkits threat actors would have deployed in their infrastructure.

Implementation options of honeytrap accounts
There are three levels of utilizing honeytraps: basic, advanced, and more advanced. Some of
Resecurity's customers have manually implemented the following processes, but many have automated
them. These processes include creating and maintaining the honeytraps, monitoring, collecting, and
disseminating signals, and automating mitigation of detected compromised accounts.
It is out of the scope of this article to cover the privacy, legal, and other related aspects of
implementing these honeytraps. Nevertheless, companies that want this method have
established policies and processes for using this deceptive technique.

Basic implementation
Create and deploy the honeytrap accounts and monitor for login failures of the honeytrap accounts.
Collect the available telemetry, login IP, device header, and interface on which the login attempts are
made. However, more sophisticated fingerprinting techniques exist, such as the one described by the
Electronic Frontier Foundation. They then used this collected telemetry to identify accounts being
checked and were successfully logged into, which is a high-fidelity indicator that the account is
compromised.
Creating and managing honeytrap accounts can differ depending on a company's identity
services. This article does not provide specific instructions on creating honeytrap accounts in a
company's unique environment.

Considerations:
•

Ensure your identity system logs and provides access to the telemetry for unsuccessful login
attempts for accounts that do not exist. If the system does not provide this data, the honeytrap
accounts must be recreated and disabled. (It is recommended that the account is recreated and
not reactivated to ensure the honeytrap has access (ACL) different from the original account.) To

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

101

•
•
•

avoid user confusion, determine the appropriate way to prevent the disabled honeytrap accounts
from appearing in the company directory and e-mail distribution lists.
It is important not to leak unintended signals to the threat actors. Failed login attempts must
receive the standard "incorrect password" response.
Establish proper procedures for logging failed login attempts on these honeytrap accounts.
Determine how many honeytrap accounts are required to produce the necessary telemetry.
The number of recommended honeytrap accounts for this effort varies by company.
Usually, the company starts with the lesser of (below) and then adjusts the number of
accounts to deliver the volume of signals it has determined appropriate.
▪
▪

1% to 5% of active employees, vendors, and customers’ accounts
2% to 10% of the relevant accounts on the dark web.

Accounts that have been compromised are frequently purchased and resold on the dark
web. Moreover, various threat actors utilize the accounts on the dark web at different
stages of their lifecycle. As a result, a company should begin with a proportion based on
the age of the account on the dark web.
▪
▪
▪
▪

0-60 days: 40%
61-120 days: 30%
121-360 days: 20%
361+ days: 10%

Ongoing monitoring:
The company now has a collection of logs that identify account checkers. These logs provide a "clean
feed of dirty," as the accounts are not linked to actual employees, vendors, or customers. Every login
attempt is a threat actor or a dark web account checking service testing the account's validity. The
defenders will then use these signals to create detections to detect account checking services being used
against their services. If an account successfully logs in using the same fingerprint as an identified
checker, the company can use it as a reliable indicator that the logged-in account is compromised. The
identified compromised accounts will then flow into the company's existing workflow to mitigate
compromised accounts.

Advanced Implementation
It is typical for a threat actor who believes the account is valid but fails the account checker to use their
metadata about the account and company to create a phishing attack against the user. This
implementation requires an inbox for the honeytrap accounts to be made during the basic
implementation, or the company can redirect e-mails to the honeytraps to a central collection. This will

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

102

allow the collection of phishing e-mails that bypass the company’s spam and phishing filters. These
signals can improve the company’s spam and phishing filters to protect users from undetected phishing
e-mails.
Creating and monitoring the inboxes for the honeytrap accounts differs depending on a company's
e-mail service. Therefore, providing specific instructions on creating honeytrap inboxes for a
company's unique environment is outside the scope of this article.

Considerations:
•
•
•
•

All of the considerations of the basic implementation.
This implementation only applies to protecting employees and vendors with a company-managed
email account or consumer email services.
Confirm with your legal and privacy teams that your policies allow for monitoring email inboxes
for these types of honeytrap accounts.
Not all emails received by the honeytrap accounts are expected to be phishing emails. Some will
be from distribution lists the employee signed up for, legitimate emails intended for the employee,
and general spam emails. The company must create a process to filter out non-phishing from
phishing e-mails.

More advanced Implementation
After the basic or advanced implementation is in place, there is an opportunity for a more advanced
implementation. With the previous implementations, companies can detect compromised accounts
before threat actors use them. Defenders know in advance which username and password (and often
the device fingerprint or security tokens) the threat actor will attempt to use to access the compromised
account.
If your company has a "digital twin" of its network, it can redirect the malicious login into the digital twin.
This enables them to monitor the actor's activity in a secure environment and track the threat actor's
tactics, techniques, and procedures (TTPs) as they move around the digital twin. Many commercial and
private options are available for creating a digital twin, each with different costs, levels of complexity, and
risks. However, these honeytrap accounts allow defenders to identify and redirect threat actors into their
digital twin network for more advanced monitoring.
There are many commercial and open-source digital twin solutions available to companies, all
with their pros, cons, and overhead. For this scenario, any digital twin solution a company has
deemed appropriate for its environment can be used.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

103

Key terms:
Account Checkers: Account checkers allow a threat actor to obtain large batches of compromised user
names and passwords from the dark web, but they cannot monetize all of them. This filtering and
prioritization is necessary since a threat actor has limited capacity to victimize the user or service and
needs to quickly and efficiently determine the prioritization of who to victimize. Account checkers are a
crucial part of most attacker's processes. It is also a chokepoint in their process; the attacker has limited
alternatives if they cannot use account checkers. However, there are tips and tricks that companies can
use to detect account checkers more efficiently, which puts a significant transactional cost on the attacker.
It's important to note that a transactional cost is usually more damaging to the attacker than a fixed cost
over a cybercriminal campaign, as fixed costs quickly become insignificant to the attacker.
Chokepoint: A supply chain chokepoint is a critical product or information flow stage. Any disruption in
this stage can cause significant disruptions. Physical locations like narrow shipping straits, key ports, or
infrastructure such as bridges and tunnels can impede or halt the movement of goods. Chokepoints can
also be less tangible, such as a sole supplier of an essential component, a critical logistics provider, or a
technology platform that can cause production and distribution delays or shutdowns if compromised.
Honeytrap accounts: A honeytrap account is a fake account used to detect, deflect, or counteract
unauthorized attempts to access information systems. These accounts look real and contain attractive
information that lures cyber attackers. Once an attacker takes the bait, their activities can be monitored
and analyzed to understand their techniques, tools, and the extent of their threat.

About the Author
Shawn Loveland is the COO of Resecurity. He is an experienced
professional in the technology and cybersecurity field with over 35
years of industry expertise. He has worked for both small and large
companies and has received 15 US patents and numerous
international patents in computer security and telephony.
As the COO of Resecurity, Shawn aids Resecurity in providing
practical solutions to our clients against the current threat landscape.
He conducts proactive threat research and helps clients assess their
Cyber Threat Intelligence (CTI) programs. He also provides
customized intelligence services tailored to meet their unique needs. Before joining Resecurity, Shawn
was responsible for dark web intelligence at Microsoft.
Shawn can be reached online at (Shawn Loveland | LinkedIn) and at our company website,
www.resecurity.com

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

104

How to Secure Your Applications Across the
Software Development Lifecycle
By Upma Singh, Seo Executive at JoomDev

In today's digital age, ensuring the security of your applications is more important than ever. With cyberattacks on the rise, businesses must prioritize security across the software development lifecycle. By
implementing best practices and incorporating security measures from the beginning of the development
process, you can protect your applications from potential threats and vulnerabilities.
To secure your applications effectively across the software development lifecycle, it is crucial to
implement robust security measures at every stage of development. Integrating security practices from
the initial design phase to deployment and maintenance can significantly reduce vulnerabilities and
protect your applications from potential threats.
Some of the key steps to secure your applications include conducting regular security assessments and
testing, implementing secure coding practices, utilizing encryption techniques to safeguard sensitive
data, monitoring for suspicious activities or breaches, and ensuring timely updates and patches are
applied to address known vulnerabilities.
By following best practices for application security throughout the software development lifecycle, you
can enhance the overall resilience of your applications and mitigate risks associated with cyber threats.
Always remember that investing in security early on can save time and resources in the long run while
safeguarding your valuable assets.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

105

This was just a basic introduction to how securing your applications across the software development
lifecycle can work for you. Let’s understand this in more detail!

Understanding the Software Development Lifecycle (SDLC)

The software development lifecycle (SDLC) is a process used to design, develop, test, and deploy
software applications. It consists of several phases, including planning, design, development, testing,
deployment, and maintenance. Each phase plays a critical role in ensuring the reliability, quality, and
security of the final product.

Planning Phase
The planning phase sets the foundation for the entire mobile application development process or any
software development process. During this phase, it is essential to define the project scope,
requirements, and objectives. Security considerations should be integrated into the planning stage to
identify potential risks and vulnerabilities early on.

Design Phase
In the design phase, software architects and developers create the blueprint for the application. Security
architecture should be a key component of the design process. Implementing secure design principles,

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

106

such as least privilege and defense-in-depth, can help mitigate security risks in the later stages of
development.

Development Phase
The development phase involves writing code and building the application. Developers must follow
secure coding practices to prevent common vulnerabilities, such as buffer overflows and injection attacks.
Utilizing secure coding frameworks and conducting code reviews can help identify and address security
issues during development.

Testing Phase
Quality assurance and security testing are essential components of the software development lifecycle.
Security testing, including vulnerability assessments and penetration testing, should be conducted to
identify and remediate security weaknesses. Automated testing tools can streamline the testing process
and improve the overall security posture of the application.

Deployment Phase
The deployment phase involves releasing the application to production environments. Secure
deployment practices, such as secure configuration management and access controls, should be
implemented to prevent unauthorized access and data breaches. Continuous monitoring and threat
intelligence can help detect and respond to security incidents in real time.

Maintenance Phase
The maintenance phase involves updating and maintaining the application to address bugs,
vulnerabilities, and new feature requests. Patch management, security updates, and regular security
audits are essential to keeping the application secure and up-to-date. Implementing a secure software
development lifecycle framework can help promote a culture of security awareness and accountability
among development teams.

What is secure SDLC?
It means securing your applications across the software development lifecycle which involves
implementing a comprehensive approach to security that addresses potential risks at every stage of
development. From design and coding to testing and deployment, there are various steps you can take
to mitigate security threats and protect your applications from malicious attacks. This is what a secure
software development lifecycle is all about.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

107

What is the importance of secure SDLC?
As application security is important, that’s why secure SDLC is important. Gone are the days when the
applications were launched and later bugs were addressed. Now, developers are required to check
potential vulnerabilities at every stage. This is where integrating security in the software development
lifecycle comes into play.
By incorporating security measures from the initial planning stages to deployment and maintenance,
organizations can proactively overcome potential security vulnerabilities and reduce the risk of cyber
attacks.
Securing applications across the SDLC not only helps prevent data breaches and cyber threats but also
enhances the overall quality of the software. By identifying and addressing security issues early on,
developers can create more secure, reliable, and resilient applications that meet the highest standards
of cybersecurity. As you have read the basic concept of a secure SDLC and its importance, now the
question is how to secure your applications across the software development lifecycle.

What are the practices to secure your applications across the software development lifecycle?
Do Proper Planning and Designing
The first step in securing your applications is to incorporate security into the planning and design phase.
By conducting a thorough risk assessment and identifying potential security vulnerabilities early on, you
can proactively address security concerns and implement necessary safeguards. This includes:
•
•
•

Defining security requirements.
Creating secure architecture designs.
Establishing secure coding practices.

Follow Secure Coding Practices
One of the most critical aspects of securing your applications is ensuring that secure coding practices
are followed throughout the development process. This includes:
•
•
•

Using secure coding languages.
Implementing input validation to prevent injection attacks.
Following coding standards that prioritize security.

By writing secure code from the start, you can minimize the risk of security vulnerabilities in your
applications. This can save a lot of time and resources if you find any vulnerabilities.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

108

Code Evaluation
Code review or evaluation is the process of going over developer-written code to find possible security
flaws. This aids in the early detection and repair of security flaws during the development phase.

During Testing and Quality Assurance
Testing and quality assurance are essential components of securing your applications across the
software development lifecycle. By conducting thorough security testing, including vulnerability
assessments and penetration testing, you can identify and address security issues before they become
major threats. Additionally, implementing automated security testing tools can help streamline the testing
process and ensure that your applications are secure.

Manage Configurations Securely
The deployment of software systems with secure configurations is guaranteed by configuration
management. To lower the chance of unwanted access, this entails setting up network configurations,
access controls, and other security-related settings.

Control of Access
Only individuals with permission can access the software system thanks to access control. This entails
putting role-based access control and user authentication and authorization systems into place.

Proper Deployment and Maintenance
Once your applications are ready for deployment, it is crucial to implement secure deployment practices
to protect them from potential threats. This includes securely configuring servers, encrypting sensitive
data, and implementing strong access controls. Additionally, regular maintenance and updates are
essential to ensure that your applications remain secure and up-to-date in the face of evolving security
threats.

Use Security Testing Tools
To ensure the security of an application, it is essential to use security testing tools throughout the software
development lifecycle. These tools can help identify security vulnerabilities, weaknesses, and
misconfigurations in the application code, infrastructure, and dependencies. By conducting regular
security testing, developers can actively detect and resolve security issues before they are exploited by
malicious attackers.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

109

Conduct a Security Risk Assessment
Before embarking on the development of any application, it is essential to conduct a comprehensive
security risk assessment. This involves identifying potential security threats, vulnerabilities, and risks that
may impact the application throughout its lifecycle. By understanding the security landscape, developers
can implement appropriate security controls and protocols to safeguard the application from potential
attacks.

Educate and Train Development Teams
Securing applications across the SDLC requires a collective effort from all team members involved in the
software development process. It is essential to educate and train development teams on secure coding
practices, security protocols, and industry best practices for cybersecurity. By utilizing a culture of security
awareness, organizations can enhance the security posture of their applications and overcome potential
security risks effectively.

Security Monitoring and Incident Response
Even after an application is deployed, security monitoring and incident response are critical for detecting
and mitigating security incidents. By monitoring application logs, network traffic, and user activity,
developers can quickly identify and respond to potential security threats. In the event of a security
incident, having a robust incident response plan in place can help minimize the impact and restore the
integrity of the application.

What are the benefits of a secure software development lifecycle?
Implementing a secure SDLC offers a wide range of benefits for organizations, including:
•
•
•
•

Increased Security: By integrating security measures throughout the development process,
organizations can significantly reduce the risk of data breaches and cyber-attacks.
Cost Savings: Addressing security vulnerabilities early on in the development process is much
more cost-effective than trying to fix them after the application has been deployed.
Enhanced Reputation: Building secure applications helps to build trust with customers and
enhance the organization's reputation for security and reliability.
Compliance: Implementing a secure SDLC can help organizations meet regulatory requirements
and demonstrate compliance with industry security standards.

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

110

Conclusion
Securing your applications across the software development lifecycle is a critical aspect of protecting
your business from cyber threats. By incorporating security measures from the planning and design
phase through deployment and maintenance, you can safeguard your applications and sensitive data
from malicious attacks. Remember, security is not a one-time action, it requires ongoing vigilance and
active measures to avoid potential threats.
So, you should always remember always to prioritize security in your development process to protect
your applications from potential threats and ensure the safety of your users' data. By implementing secure
coding practices, regular security testing, and robust security monitoring, you can build applications that
are strong against cyber attacks and maintain the trust of your users.

About the Author
Upma is the Seo Executive at JoomDev. She loves to convert her ideas into
reality by developing products to make our online business successful with
her quickbase development and mobile app development company.
Joomdev (https://twitter.com/joomdev)
https://www.joomdev.com/

and at our company

Cyber Defense eMagazine – April 2024 Edition
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.

website

111

How Platform Thinking Can Supercharge
Identity & Access Management
By George Symons, Vice President of Strategy for Cloud, Infrastructure and Security, Persistent
Systems

The move to the cloud – be it applications, data, or IT systems – mirrors a consequent shift in users
operating outside the office. With the prevalence of hybrid working environments, employees, guest
users, or third-party entities seek to access applications and data from outside the enterprise's IT
boundaries. As this expands the network and the devices deployed to carry out business-critical activities,
it enables bad actors another vector to put their foot through the door.
Traditional security practices focused on securing the perimeter can no longer account for this shift. They
worked on securing the enterprise data center and providing blanket access to anyone inside the network.
This hub-and-spoke model of the traditional security practices cannot manage the security and
connectivity requirements of a digital enterprise that works on dynamic access requests, many of which
emanate from users and devices outside the enterprise for applications it cannot fully control. Whether
attacks from outside the firewall or by users inside, there needs to be protection from bad actors moving
laterally inside the data center (or cloud), gaining access to more applications and data once they are
within the perimeter.

112

Enterprises feel the need to shift focus away from the perimeter to user identities and access privileges.
This approach is called Zero Trust, and it denies access by default, requiring users to validate their
identities within context when requesting access – no matter their location.
Zero Trust builds on the foundation laid by Identity and Access Management (IAM), which will be followed
by Secure Service Edge (SSE) solutions to invoke trusted communications along with other technologies.
This practice helps enterprises move security protocols to the identity, not the network, by attaching
access controls and role-based policies to the user. However, as with any shift, operationalizing and
ensuring the currency of an IAM system requires management buy-ins, breaking through cross-functional
silos to embed security deeper into business functions, and bringing context to access policies across
applications.
IAM investments cannot be successful if enterprises approach it in isolation within either security or
operations. Because it pushes enterprises to align the application landscape with evolving security needs
and ongoing personnel changes within the organization, it must be orchestrated via a platform with
automation.
Here are three reasons why approaching IAM as a platform helps:
•

Automated Access Controls: As users continue to access applications via locations, devices,
and networks from within and outside the enterprise, it becomes necessary to define, keep
current, and enforce contextual and role-based access policies. This requires proactive
intervention during employee onboarding, offboarding, or lateral shifts within the organization.
Privileged access is a case in point, which needs to be time-based and role-defined for it to work
effectively and prevent broad access if these credentials are compromised. Most enterprises rely
on processes across multiple business functions that are difficult to enforce and often negatively
impact employee experience. Automating these access controls by integration with systems such
as HR, ITSM, and others eliminates the manual processes for updating user identity,
organizational role, and access requirements to streamline the process. Generative AI can come
in handy in defining access rules based on role and organization by utilizing conversational
prompts and parsing through corporate policy documents on previously defined access policies.
A platform-led IAM system can help security teams map user profiles with applications to
orchestrate access only to those validated for access to certain applications.

•

Sanitized Application Access: Applications can only be properly secured if they are
appropriately integrated with the IAM systems to leverage the current information on users’
access rights for that particular application. Enterprises struggle to maintain the status of
applications integrated with the IAM system in a central database, which becomes even more
complicated as applications grow in numbers and across organizations within a company. A
platform approach can bring the much-needed alignment in application access and verified
business users. This provides the updated status of application onboarding to security teams,
business unit management, and executives. With applications onboarded, incidents of
unauthorized data access are better contained, and the ability to measure the status of these
integrations with IAM systems helps meet regulatory requirements in the EU and the US.

113

•

Orchestrated Identity Proofing: Based on business criticality, applications may make use of
different forms of IAM controls, such as IGA or SSO. Enterprises will also deploy security
mechanisms such as passwords, multi-factor authentication, or biometrics. With visibility into user
identities, locations, devices, and the type of applications being accessed, an IAM platform can
be leveraged by application owners to integrate applications and identify proofing mechanisms
as per the business use case, ensuring streamlined enforcement of access policies without
compromising on employee experience.

Toward a Future-Ready Cybersecurity Posture
Stolen identities comprise the highest number of enterprise security breaches, mostly due to employees
doing something they should not or unwittingly falling prey to bad actors. IAM compels enterprises to
rethink their security models. It is the first step toward achieving a future-ready cybersecurity posture,
safeguarding enterprise data and applications by tying access to user identities, especially in a distributed
IT environment for an increasingly mobile workforce.

About the Author
George Symons is VP of Strategy for the Cloud, Infrastructure and Security
practice at Persistent Systems. He came to Persistent through the
acquisition of Sureline Systems, a supplier of cloud migration and disaster
recovery software where he served as the COO. George has worked with
both software and hardware vendors throughout his career and he has a
proven track record of driving growth. He has held executive roles in product
management, engineering, marketing, strategy and overall executive
management in both small organizations and large public companies. In the
past 20 years the organizations he has worked for have focused on
enterprise IT solutions around infrastructure, storage, and security. Key roles include CTO for information
management at EMC; CTO for Legato Systems; CEO roles at 3 startups in backup recovery, storage and
hyperconverged systems; COO at Xiotech; CSO at Nexsan; as well as various product management and
product marketing roles at Sun Microsystems.
George Symons can be
https://www.persistent.com/

reached

online

and

our

company

website

114

Identifying & Prioritizing Risk: Growing Risks
and How to Address Them
By Sravish Sridhar, CEO & Founder, TrustCloud

No matter the industry or business, risks are always evolving and need to be continuously considered
and evaluated accordingly. When it comes to cybersecurity risks, organizations can pick their poison in
terms of what to worry about most. Companies are now more likely to be hit by a ransomware attack than
not, while the cost of cyber crime is estimated to hit $10.5 trillion annually in 2024.
Businesses from SMBs to enterprises are challenged to find the budget, expertise, and resources to
manage modern cybersecurity concerns. As cyber risks continue to skyrocket, organizations need to
know how to identify, prioritize, and address today’s top cyber risks.

115

Identifying Today’s Top Cyber Risks
As we move through 2024, current market trends are increasing unique risk elements. Staying in the
know on the top cyber risks is critical to then be able to prioritize and address these risks. The cyber risks
growing in prevalence include:

•

Customer and Contractual Risks: Churn, along with the potential impact of cyber incidents on
customers is a big concern for organizations. It’s essential to have a clear line of sight into what
risks impact which customers.

•

Increased Ransomware Attacks: As just mentioned, an organization being hit by a ransomware
attack is more likely than not now, and this trend is only growing.

•

Open Source Libraries: Open source software is everywhere and continues to grow in
popularity. It’s a key business tool, often leveraged to streamline operations. But one vulnerability
in open source code can spread quickly, leaving organizations using that code vulnerable.

•

Loss of Institutional Knowledge: Given the number of lay-offs and turnover, critical
organizational knowledge is sometimes getting lost or shifted, and is no longer properly cared for
or protected.

•

Uncertain Market Conditions: Current global economic conditions are slowing growth, which
adds pressure to already constrained security budgets. Cutbacks in key areas could put an
organization’s security at risk.

•

Social Engineering: As organizations continue to operate remotely, social engineering grows as
a risk. One wrong click can grant a malicious actor access and cause chaos, as we’ve seen
happen again and again.

•

Digital Supply Chain: As businesses continue to digitally transform, there is increased risk of
attacks on software vendors and third parties across the digital supply chain.

•

Artificial Intelligence: As AI continues to see rapid adoption and brings unique benefits to
businesses, it also comes with risks:
o Privacy: AI can expose company information via improper employee use.
o Malicious attacks: AI is being leveraged as a tool to support cyber attacks including data
poisoning, malware, and breaches.

116

•

Smoke Alarm Fatigue: Too many security and data tools raise alerts and warnings without a
clear way to determine what is causing an issue or business disruption, creating complexity
around prioritizing next steps.

Prioritizing Risks
Many companies rely on a qualitative risk assessment framework, which can make it difficult to prioritize
risks or understand their potential impact on the overall business. With so many alerts and no clear
indication of the impact or potential for disruption for each alert, it can be hard to know what to do first,
second, and so on. Additionally, organizations often rely on a point in time approach to evaluate risk. But
risk will not wait until your next assessment before it materializes.
Instead, a quantitative, bottoms up approach to risk evaluation can vastly improve how risks are
prioritized. This approach will take the following into consideration:
1. What’s my business objective, priority, and focus?
2. What parts of my business would this risk impact, and how important are those parts and/or
teams?
3. How many customers would be impacted and what’s the financial contract value of that impact?
4. How many systems or partners would be impacted along with contractual violations for this risk?
5. How likely is this risk to become a reality?

Once you assign a metric to each risk, it becomes much easier to prioritize them and create remediation
plans.

Addressing & Remediating Risks
An effective remediation plan starts with risk identification. Part two is what should be done about the
risk.
For risks it’s important to:
1. Establish clear ownership and accountability
2. Produce a comprehensive set of organizational controls or systems to reduce risks
3. Create a treatment plan with budget analysis for your risks

So, first off, identify your risks. Then prioritize them. Then build a treatment plan and approach, and use
that to justify the budget required to remediate high priority risks. This quantitative approach articulates
the business impact of risks, allowing prioritization to become clearer and for leadership to understand
why a risk is important and needs to be addressed before tackling the next task.

117

About the Author
Sravish is a successful 3-time startup founder with an entrepreneurial passion
to build and support companies that bring meaningful innovation and change
to society. Four career accomplishments bring him the most joy - 1) Graduating
debt-free from the University of Texas at Austin after putting himself through
college, 2) Building a piece of software that was used by 3.5 million, 3)
Investors, customers, and people from each startup he’s founded have chosen
to support and work with him in subsequent startups, and 4) Every startup he
helped start returned capital to investors and employees, and the software still
runs in production today. Sravish is currently Founder and CEO at TrustCloud, enabling businesses to
build trust with instant compliance verification.

118

Insource or outsource, the Risk is Still Yours
By Craig Burland, CISO, Inversion6

In an era where cyber threats loom larger and more sophisticated by the day, businesses are increasingly
turning to outsourced cybersecurity solutions in hopes of fortifying their defenses. The allure is
understandable: state-of-the-art cybersecurity suites promise comprehensive protection, managed by
experts, without the need for an in-house team. However, this shift towards outsourcing masks a critical
misunderstanding about the nature of risk management in cybersecurity. Simply put, outsourcing
cybersecurity functions doesn't equate to transferring the risk associated with cyber threats. The
organization's name is the one that will headline the breach, not the outsourced service provider. The
damage — be it financial, reputational, or regulatory — is a burden the organization must bear.

The Illusion of Transferred Risk
The misconception lies in the belief that once cybersecurity is outsourced, so too is the accountability for
breaches or data leaks. This could not be further from the truth. In the event of a cybersecurity incident,

119

stakeholders, customers, and regulatory bodies will not distinguish between the internal and external
cybersecurity arrangements. Not long ago, organizations rushed to the cloud, shuttering data centers
and embracing SaaS, only to learn the reality of the Shared Responsibility Model and the truth of financial
governance.
Much like the decision to outsource finance or human resources — two critical functions within any
organization – the ultimate responsibility for any fallout remains firmly in the hands of the organization.
Outsourcing payroll, for instance, does not absolve the organization of inaccuracies in employee
paychecks. Similarly, entrusting recruitment to external agencies does not negate the company's
responsibility to ensure fair hiring practices. In both cases, the principle is clear: outsourcing a function
does not transfer the accountability for that function. Cybersecurity must be viewed through the same
lens.

Retained Risk and Compliance Commitments
The heart of the matter is that accountability for risk, especially in the realm of cybersecurity, is not
something that can be outsourced. Transferred using cyber insurance, yes, but outsourced, no. Cyber
threats are dynamic and multifaceted, requiring continuous monitoring, adaptation, and management.
Outsourcing can augment an organization's cybersecurity capabilities, but it cannot replace the need for
an overarching vision and strategy that is owned and enacted by the organization itself.
Moreover, compliance commitments remain squarely on the shoulders of the organization. Regulations
such as the General Data Protection Regulation (GDPR) in the European Union or the California
Consumer Privacy Act (CCPA) in the United States impose strict requirements on data protection and
privacy. These legal obligations do not diminish with the decision to outsource; the organization must
ensure that its service providers are compliant, but ultimately, it is the organization that regulators will
hold accountable.

Knowledge, Oversight, and Partnership
Outsourcing cybersecurity does not diminish the need for knowledge retention and robust internal
oversight. On the contrary, it necessitates a more pronounced focus on governance, risk management,
and compliance (GRC) practices. Organizations must not only select their partners carefully but also
maintain a proactive stance in overseeing these partnerships. This includes regular assessments of the
service provider's practices, incident response planning, and clear communication channels for the
escalation of issues. This cannot be done from a position of ignorance. Asking the right questions,
assessing the answers, and considering alternatives is a fundamental part of governance.
The relationship with a cybersecurity service provider should be viewed as a partnership rather than an
abdication of responsibility. This partnership requires a collaborative approach to cybersecurity, where
both parties work together to identify, mitigate, and respond to threats. It also demands transparency and
openness, with regular reporting and information sharing being paramount.

120

Educating and Engaging Stakeholders
A critical aspect of managing outsourced cybersecurity effectively is educating and engaging
stakeholders about their role in the cybersecurity posture of the organization. Employees, for instance,
remain the first line of defense against many types of cyber threats, such as phishing attacks. Training
and awareness programs are as crucial as ever, emphasizing that cybersecurity is a collective
responsibility.

Conclusion
In the final analysis, the decision to insource or outsource cybersecurity functions is a strategic one, with
implications for the organization's operating cost, risk profile, and overall security posture. While
outsourcing can provide access to expertise and technologies that might be beyond an organization's
reach, it does not absolve the organization of the risk or the accountability. The adage "the risk is still
yours" serves as a crucial reminder that in the domain of cybersecurity, vigilance, oversight, and
engagement are indispensable, regardless of where the functions reside. In navigating the complex and
ever-evolving cyber landscape, organizations must remember that while they can outsource execution,
the accountability for safeguarding their assets and reputation remains in-house.

About the Author
Craig Burland is CISO of Inversion6. Craig brings decades of pertinent
industry experience to Inversion6, including his most recent role leading
information security operations for a Fortune 200 Company. He is also a
former Technical Co-Chair of the Northeast Ohio Cyber Consortium and a
former Customer Advisory Board Member for Solutionary MSSP, NTT Global
Security, and Oracle Web Center. Craig can be reached online at LinkedIn
and at our company website http://www.inversion6.com.

121

Navigating Alert Fatigue in Today's
Cybersecurity Landscape
By Isaac Kohen, Chief Product Officer & Founder of Teramind

Cybersecurity is a serious risk for companies of every size and every sector, and many business leaders
are taking notice.
According to PwC’s 2024 Global Digital Trust Insights Survey, business and tech leaders ranked digital
and tech as their top risks, outpacing natural disasters, pandemics, and inequality by a significant margin.

They are right to be concerned.
Data breaches and cyber-attacks are more costly and consequential than ever before. IBM’s 2023 Cost
of a Data Breach report found that the global average monetary expense was $4.45 million, a 15 percent

122

increase since 2020. Additionally, PwC’s research revealed that the number of companies experiencing
a breach exceeding $1 million increased by one-third in 2023, indicating that more companies are
experiencing more costly breaches than ever.
However, hackers aren’t just looking to extract financial resources from a data breach. According to the
World Economic Forum’s 2023 Global Cybersecurity Outlook report, threat actors are now “more likely
to focus on business disruption and reputational damage.”

This is bad news for business, but it’s the symptom, not the disease.
The real problem is that cybersecurity teams, the ones standing between global threat actors and a
company's data and IT infrastructure, are exhausted and burned out, leaving companies vulnerable to
cyber-attacks.

Cybersecurity Teams Are Struggling
Unsurprisingly, carrying an organization’s financial and reputational well-being on their shoulders is
overwhelming for many cybersecurity teams.
Simply put, they are making the most of their considerable talents while their teams are understaffed,
underfunded, and overwhelmed.
According to one cybersecurity industry survey, 63 percent of security professionals are experiencing
some level of burnout, and an alarming 55 percent of respondents said they are likely to switch jobs
within the next year.

There are several reasons for this burnout.
First, ISACA research found that 59 percent of cybersecurity teams are understaffed, with half of the
survey respondents indicating they have job openings for nonentry-level roles, illuminating companies’
vulnerabilities as they lack the most experienced professionals to help protect their IT infrastructure.
In total, the World Economic Forum estimates a shortfall of 2.27 million cybersecurity experts, noting that
“talent recruitment and retention continue to be a key challenge to managing cyber resilience.”
At the same time, the expectations are enormous. A Wall Street Journal CISO report found that 61
percent of CISOs say they “face excessive expectations from their employers.”
This is especially true for the number of cybersecurity alerts teams receive. While actual numbers vary
significantly, teams often receive thousands of alerts, an unmanageable deluge that often goes
unaddressed. For instance, one global survey of front-line cybersecurity professionals found that just 36
percent of alerts are actually handled.

123

Even investigating these limited breaches requires significant time. As one IBM/Morning Consult survey
found, “On average, SOC team members spend one-third of their typical workday investigating and
validating incidents that aren’t a real threat,” and most of these reviews are low-priority or false positives.
Meanwhile, cybersecurity teams are working with a modestly growing budget even as the threat quantity
and sophistication soar. A survey of CISOs found that while cybersecurity budgets expanded by 16 and
17 percent in 2020 and 2021, they grew by just 6 percent in the past year, a casualty of broad belttightening.
Oddly, more than half of organizations plan to increase security investments because they experienced
a breach, making these resources too little too late to help cybersecurity teams to do their jobs effectively.
Strategic cybersecurity investments can help make companies more cyber-resilient, but simply allocating
resources alone won’t solve the problem.

How to Support Cybersecurity Teams and Improve Outcomes
Supporting cybersecurity teams minimizes risk, maximizes potential, and promotes organization-wide
stability. Here are three ways every company can pursue that now.
#1 Recruit and Retain Top Talent
Cyber-readiness starts with a robust team of cybersecurity experts ready and equipped to take on the
latest challenges.
Businesses can attract and retain the best talent in the field by providing:
•
•
•
•

Clear, progressive career pathways
Competitive compensation
Continuous training and investment
Collaborative employee well-being initiatives.

By focusing on these key areas, companies can ensure that they're not just recruiting the best talent but
also retaining them for the long haul, fostering a sense of loyalty and dedication, which is invaluable in
cybersecurity.
#2 Adopt Automation Technologies
Human capital alone won’t solve today’s cybersecurity challenges. Adopting automation technologies
that enhance threat detection, mitigate alert volume, and accelerate recovery are key to supporting these
professionals and making businesses more resilient.

124

For example, IBM’s research found that “AI and automation had the biggest impact on speed of breach
identification and containment for studied organizations,” shortening data breach lifecycles by nearly 100
days.
Embracing automation in cybersecurity is not just about efficiency; it's about augmenting human
capabilities to create a more formidable defense. As cyber threats grow in sophistication, relying solely
on manual processes can overwhelm even the most skilled professionals.
On the other hand, automation tools can tirelessly scan for vulnerabilities, respond to breaches in realtime, and manage routine tasks, allowing experts to focus on more complex challenges.

#3 Equip Everyone to Play a Part
Ultimately, cybersecurity isn’t just the responsibility of one team. It requires the entire organization to do
its part to protect data and IT infrastructure.
This doesn’t have to be overly complicated. Since most data breaches involve a human element where
threat actors exploited stolen credentials, initiated social engineering tactics, or mishandled company
data, bolstering company-wide digital hygiene can reduce the number of alerts cybersecurity teams
receive and vulnerabilities they need to address.
Measures such as robust password management policies, continuous training on identifying cyber
threats, guidelines for device security, and recurrent sessions updating employees on emerging security
threats are paramount.
Furthermore, integrating user behavior analytics can provide insights into existing habits, pinpoint
vulnerabilities, and track improvements, enabling companies to harness the foundational elements of
cyber readiness more effectively.

Bolstering Defenses In An Era of Advanced Threats
The rising threat of cyberattacks poses a severe risk to businesses of all sizes across various sectors.
Not only are data breaches and cyber attacks growing in frequency and financial impact, but the methods
by which these attacks are carried out are also evolving, targeting business disruption and reputational
damage.
While the threat landscape intensifies, cybersecurity teams are stretched thin — facing burnout,
underfunding, and immense pressure.
To fortify defenses, companies must adopt a three-fold approach: invest in recruiting and retaining top
cybersecurity talent, harness the power of automation to augment human capabilities, and ensure that
everyone in the organization plays their role in maintaining cyber hygiene.

125

About the Author
Isaac Kohen is Chief Product Officer & Founder of Teramind, a leading global
provider of insider threat management, data loss prevention and productivity
optimization solutions powered by user behavior analytics. Serving enterprise,
government and SMBs, Teramind has provided over 10,000 organizations
around the world with actionable, data-backed workforce insights that reduce
risk, increase productivity, and streamline business operations.

126

5 Reasons Why Cyber Risk Quantification Is
Crucial for Organizations
By Zac Amos, Features Editor, ReHack

Cyber risk quantification has emerged as a pivotal strategy for businesses aiming to safeguard their
digital assets in today's rapidly evolving digital world. At its core, it’s about assigning numerical values to
cybersecurity risks. This process transforms the abstract notion of cyberthreats into concrete, quantifiable
terms.
Understanding cybersecurity risks in numerical or financial terms is crucial for organizations. It clarifies
the potential impact of these risks on the business and guides strategic decision-making. By quantifying
cyber risks, companies can allocate resources more effectively, prioritize threats and develop robust
defenses against potential cyberattacks.

127

The Significance of Cyber Risk Quantification for Organizations
Quantifying cyber risks brings unparalleled clarity to cybersecurity, supporting informed decision-making
processes. With 72% of businesses worldwide affected by ransomware attacks in 2023, the urgency for
a meticulous approach to cyberthreats becomes undeniable.
Translating cyber risks into quantifiable metrics helps organizations grasp the magnitude of potential
threats and tailor their cybersecurity investments precisely to their business objectives.
This strategic alignment ensures they spend and invest resources wisely, fortify defenses when needed
and deliver maximum value to the organization. It bridges technical risk management and strategic
business planning. It ensures every dollar companies spend on cybersecurity propels them closer to their
goals.

Enhanced Risk Management
Cyber risk quantification identifies and prioritizes high-risk areas within an organization. This approach
leads to the development of more effective risk management strategies. Companies that convert
cyberthreats and vulnerabilities into numerical data can objectively assess which risks pose the most
significant potential impact. This clarity enables them to strategically focus their resources and efforts on
mitigating the most critical threats first.
Moreover, integrating automation in cyber risk quantification enhances this process by proactively
modeling and predicting risk factors based on current trends and historical data. This predictive capability
forecasts potential vulnerabilities and recommends innovating actionable solutions tailored to the
business’s context. About 44% of cybersecurity professionals say a lack of company buy-in hinders
adoption, but it’s vital for officials to overcome this mindset for the sake of security.

Regulatory Compliance and Reporting
This process aids organizations in navigating the complex landscape of regulatory compliance by offering
quantifiable metrics for cybersecurity. Translating cyber risks into concrete, numerical values lets
businesses provide clear evidence of their cybersecurity posture and efforts.
This quantitative approach simplifies demonstrating compliance with various industry standards and
regulations, often requiring detailed reporting on risk assessment, management strategies and security
investments.
As a result, it becomes a common language between organizations and regulatory bodies, ensuring
compliance efforts are verifiable and measurable. Moreover, it allows companies to benchmark their
security practices against regulatory requirements and identify areas for improvement.

128

Strengthened Stakeholder Confidence
Clear communication of cybersecurity risks and mitigation plans is critical in building and maintaining
confidence among stakeholders, including investors, customers and partners. Organizations that
articulate their cybersecurity threats and the strategies in place to counter them demonstrate
transparency and a proactive approach to safeguarding their operations and data.
This openness is particularly vital today. The average cyberattack ransom demand soared to $7.2 million
in 2022, highlighting the severe financial implications of cyberthreats. Providing stakeholders with a clear
understanding of the risks and measures the company took to mitigate them assures them of their
commitment to security and fosters trust. This trust sustains and grows business relationships, attracts
investments and retains customer loyalty.

Competitive Advantage
Adopting cyber risk quantification offers organizations a competitive edge by showcasing a proactive
stance in managing cyber risks. At a time when cyberthreats are increasingly sophisticated and can
significantly impact business operations, demonstrating an advanced approach to cybersecurity can set
a company apart.
Quantifying cyber risks signals their commitment to protecting digital assets and their dedication to
innovation and strategic risk management. This approach resonates with customers, investors and
partners, who are increasingly mindful of cybersecurity in their decision-making processes. They can
perceive a company that can articulate its risk landscape and mitigation strategies through quantifiable
metrics as more reliable and trustworthy.

Improved Financial Planning
Translating cyber risks into financial terms aids organizations in achieving practical budget allocation and
making informed investments in cybersecurity. Quantifying the potential impact of cyberthreats in
monetary value helps them better understand the actual cost of these risks, including the potential for
financial loss.
This approach allows decision-makers to prioritize investments in cybersecurity measures that offer the
highest return on investment regarding risk reduction. The stakes are high, with the average cost of
cyberattacks exceeding $53,000 for companies with over 1,000 employees. By assigning financial values
to different cyber risks, companies can allocate their budgets more effectively and ensure they direct their
resources toward mitigating the most costly threats.

129

Leveraging Cyber Risk Quantification for Enhanced Security
Embracing the approach of quantifying cyber risks is a game changer for organizations aiming for
superior risk management and business success. It empowers decision-makers with the clarity to allocate
resources effectively and ensure cybersecurity investments directly contribute to the company’s
resilience against threats.

About the Author
Zac Amos is the Features Editor at ReHack, where he covers cybersecurity and
the tech industry. For more of his content, follow him on Twitter or LinkedIn.

130

Exploring The Challenges Faced by Internal
IT Teams In Cybersecurity Management.
By Michael Cocanower, CEO, AdviserCyber

Across all industries, IT teams are constantly viewed as the magic wand that can fix all issues. Because
of this phenomenon, IT teams are finding themselves stretched thin between the ever-growing
responsibilities of their job descriptions — from managing escalating regulatory demands to fulfilling their
essential duties.
As the digital landscape grows, one question emerges: How can IT teams navigate congested workloads
without sacrificing effectiveness in their daily obligations or managing regulation? It is important that
leadership recognizes the burdens they are putting on their internal IT teams, and the risks when doing
so.

The Burden of Expanding Regulatory Measures:
From combating identity theft to facing stricter risk management controls, internal IT teams are set to
shoulder the bulk of new regulatory burdens. But why? When it comes to regulatory enforcement, the
Securities and Exchange Commission (SEC) is in the midst of its second most active year ever.

131

Of the pending regulations that many are looking to hand over to IT are the SEC's cybersecurity rules.
They will be comprehensive, covering a broad spectrum from round-the-clock real-time surveillance to
enhanced documentation obligations, as well as new security measures and vulnerability scanning and
remediation directives. The challenge doesn’t end there. Regardless of an organization's size, navigating
through this surge of regulations, in addition to everyday IT duties, presents an overwhelming mountai n
of work for IT teams. To put it simply, handing a novice chef Gordon Ramsay's knife set doesn't guarantee
they'll win a Michelin star. Navigating through the flood of cyber threats and regulatory protocols requires
a combination of expertise and the appropriate tools.

Staffing & Tools:
Not only do internal IT groups lack training in the tools needed to deter cyber attackers, but businesses
are not recruiting enough personnel with adequate skills to adhere to these regulatory expectations.
Traditionally, these teams have concentrated on IT operations, without the specialized training or
resources needed to tackle the complexities of current cybersecurity regulations. IT professionals will
need to significantly adjust their schedules and budgets to meet new real-time monitoring demands, such
as the 24/7/365 monitoring cycle for cyber threats that can continue long past regular office hours. This
leaves IT teams in a difficult position, facing demands from new regulations that greatly exceed their
current resources and manpower. The imbalance compromises their effectiveness in defending against
emerging cyber threats and increases the risk of regulatory non-compliance, effectively putting IT
specialists' job security on the chopping block if they fail.

Supporting Your Internal IT Team:
Offering education and professional development opportunities is vital to avoid overloading IT teams and
ensuring the security of organizations. Expanding this approach to include the entire workforce is also
beneficial. Conducting regular training sessions on cybersecurity best practices, potential threats, and
compliance importance for all employees fosters a culture where cybersecurity is everyone's
responsibility, leading to a stronger defense against cyber threats and regulatory violations.
Companies can also adopt other strategies, such as implementing new technologies like Security
Information and Event Monitoring (SIEM), conducting real-time vulnerability scans, and utilizing Endpoint
Detection and Response (EDR), among various other tools. Besides evaluating the plethora of tools
available in the market to determine which are optimal for their company, IT teams must also divert time
from their ongoing tasks to learn about these new technologies and develop expertise.

Taking the Weight Off Internal IT in 2024:
Heading into 2024, internal IT teams will need to work together with company leadership to address the
crucial demand for strategic changes as they navigate the congested balance between compliance with
regulatory demands alongside their primary responsibilities as IT professionals. When hiring additional

132

staff is not an option due to budgetary constraints, to effectively manage their workload, IT teams need
to embrace a strategic, comprehensive approach that includes embracing innovation, investing in
professional development, and fostering a culture of shared cybersecurity responsibility. A strategic focus
on efficiency and adaptability will equip them to effectively tackle current challenges and ensure the longterm security and compliance of a business.

About the Author
Michael Cocanower is founder and chief executive officer of AdviserCyber, a
Phoenix-based cybersecurity consultancy serving Registered Investment
Advisers (RIAs). A graduate of Arizona State University with degrees in finance
and computer science, he has worked more than 25 years in the IT sector.
Michael, a recognized author and subject matter expert, has earned certifications
as both an Investment Adviser Certified Compliance Professional® and as a
Certified Ethical Hacker. He is frequently quoted in leading international
publications and has served on the United States Board of Directors of the
International Association of Microsoft Certified Partners and the International
Board of the same organization for many years. He also served on the Microsoft Infrastructure Partner
Advisory Council.

133

Navigating the Risks and Rewards of AI in
Cybersecurity
By Dan Faggella, Founder and Head of Research, Emerj Artificial Intelligence Research

Artificial Intelligence (AI) is revolutionizing the landscape of cybersecurity, offering both groundbreaking
solutions and unprecedented challenges. As we harness the power of AI to fortify our defenses, we must
also remain vigilant against its potential misuse in the hands of criminals.
AI’s ability to model voices and videos with minimal data is opening new avenues for social engineering.
Gone are the days when impersonating a public figure requires extensive footage. Today, scammers can
replicate a voice convincingly with just a few audio clips, enabling them to speak in the target’s voice,
deceiving victims via phone or through voicemail. Real-time deepfakes, although not yet photoreal, are
rapidly advancing and may soon enable imposters to appear and respond as someone else on video
calls. This poses a significant threat to the integrity of online communications.
The written word is also not immune to AI’s influence. Systems that craft tailored emails by analyzing a
person’s online presence are already in use for sales and marketing. These technologies can easily be

134

repurposed for malicious intent. Criminals can send hyper-customized messages that appear humancrafted, increasing the efficacy of phishing attacks. For instance, AI can write in the style of a human
user, mimicking their email patterns, creating messages that can deceive recipients into divulging
sensitive information.
To combat AI-fueled financial crimes, anomaly detection has emerged as a critical tool. By identifying
deviations from normal purchasing behavior or known patterns of fraud, AI can flag suspicious
transactions for further investigation. For example, if a user’s credit card is used to buy electronics in a
pattern consistent with known fraud schemes, AI can detect this and alert the authorities. This new
approach is not only effective in preventing credit card fraud but also in detecting anomalies in biometrics
and voice recognition, adding an extra layer of security.
Know Your Customer (KYC) and Know Your Customer’s Customer (KYCC) regulations are increasingly
relying on AI to verify identities and prevent money laundering and other illicit activities. By analyzing
connections between individuals and entities, AI can uncover hidden relationships that may indicate
criminal involvement, helping financial institutions ensure they are not inadvertently facilitating illegal
activities.
As AI continues to blur the lines between reality and digital fabrication, regulatory frameworks must adapt.
We can expect to see verification measures for online images and videos, indicating whether they are
genuine or AI-generated. This is a fundamental shift in how humans interact with information, requiring
broad changes rather than just a few new regulations.
In this context, platforms like Google need to implement “stamps” on images, providing a level of
accountability for the content that appears in search results. These stamps could indicate whether an
image is real or AI-generated. Allowing users to discern the authenticity of what they’re viewing. This
move towards accountability will likely extend beyond Google to other online platforms, ensuring users
can trust the integrity of digital content.
Legal precedents will need to address the nuances of AI impersonation, distribution of manipulated
content, and the rights of individuals in their digital representations. While some laws already exist, the
ever-expanding capabilities of AI will require a reevaluation of what constitutes illegal activity in the digital
age.
As we move forward, the integration of AI in our personal and professional lives will necessitate a shift in
societal norms. The concept of reality itself will evolve, with individuals increasingly accepting that much
of what they see and hear may be AI-generated. This acceptance will challenge our traditional notions of
privacy and authenticity. We need legal precedents for what is beyond the law - impersonating a likeness,
sexual content, etc. - but we’ll also have to accept a new kind of society where these personal universes
become normal. The future will require us to navigate a delicate balance between regulation and the
embrace of AI’s transformative potential.
AI is a double edged-sword in the realm of cybersecurity. While it offers powerful tools to combat cyber
threats, it also presents new vulnerabilities that must be addressed. As we navigate this complex
landscape, a balanced approach leveraging AI’s strengths while mitigating its risks will be crucial for
ensuring a secure digital future. We must be prepared to adapt to a new societal norm where the lines

135

between reality and digital fabrication are increasingly blurred, and platforms like Google play a crucial
role in maintaining the integrity of our digital landscape.

About the Author
Founder and Head of Research at Emerj Artificial Intelligence Research, Daniel
Faggella is an internationally recognized speaker on the use-cases and ROI of
artificial intelligence in business. Since 2015 Daniel has focused on direct market
research interviews with Fortune 500 AI leaders, AI unicorn startup founders, and
leading academics. Daniel is regularly called upon by global enterprises in
financial services and security, and has spoken for many of the largest and most
reputable organizations, including global financial services and pharmaceutical
firms, and IGOs such as the World Bank, the United Nations, INTERPOL, and more.
Dan can be reached online at https://www.linkedin.com/in/danfaggella/ and at our company website
https://emerj.com

136

Branded Calling and Authentication Technology:
Stopping Cybercriminals in Their Tracks
By Scott Hambuchen, Chief Information Officer at First Orion

As the world becomes increasingly digital and connected, cybercriminals are hard at work exploiting
digital devices to commit fraud. The mobile phone in particular has become a favorite gateway for
scammers. Regardless of the millions of scam calls that come through each year, more than half of
people still prefer receiving a phone call from a business, making the voice channel the premier choice
for businesses to communicate with their consumers. Given this, it is crucial for businesses to
authenticate and differentiate their phone calls from the fraudulent ones in order to connect with their
consumers.

Spoofing Attacks On the Rise
In 2020 alone, U.S. enterprises lost $25.6 billion due to account takeover-related scams, which often
involve scammers illegally spoofing phone numbers associated with reputable businesses to trick

137

consumers into handing over personal information. This is commonly done using Voice over Internet
Protocol (VoIP) technology, where the caller can input any desired number to be shown on the recipient's
phone.
When scammers spoof a business’s phone number to make calls, that business’s reputation is damaged,
and customer trust is diminished. A recent study found that almost 90% of people expect businesses to
protect their customers from scams by making sure their phone numbers are not illegally spoofed. With
the negative effects associated with illegal phone number spoofing becoming clearer, it’s time businesses
put trust and transparency back into the phone call.
The FCC highlights that “unfortunately, advancements in technology make it cheap and easy to make
massive numbers of robocalls and to ‘spoof’ caller ID information to hide a caller's true identity.” The ease
with which cybercriminals can spoof calls is described by cybersecurity solutions firm Kaspersky.
Kaspersky notes that “open-source software has made it possible for almost anyone to spoof calls with
little cost or technical knowledge. One of the most prevalent ways of spoofing is through VoIP.”
Phone number spoofing that transmits misleading or inaccurate caller ID information with the intent to
defraud, cause harm or wrongly obtain anything of value is prohibited by Federal Communications
Commission (FCC) rules under the Truth in Caller ID Act and is considered a cybercrime.

Protecting Phone Calls and Restoring Trust
As phone scams increasingly involve impersonating legitimate enterprises, these illegally spoofed calls
present significant reputational and bottom-line risks to businesses. However, advancements in branded
communication technologies are working to thwart phone scammers. For example, SENTRY™,
proactively blocks fraudulent spoofing of a businesses’ numbers so only legitimate calls go through to
their customers. For a prominent insurance provider, SENTRY identified and blocked illegal spoofing
attempts, constituting more than 5% of the business’s outbound calling traffic on more than half of their
phone numbers.
Branded communication solutions such as this protect the legitimacy of the phone call and reduce
enterprise cyber risk in the voice channel. Sophisticated cybercriminals are working overtime to spoof
the phone numbers of legitimate businesses across sectors to cause harm and defraud consumers. Data
from a recent report estimates that U.S. mobile subscribers received more than 100 billion scam calls
during the first six months of 2022. This projects to more than 80 million successful scam attempts
resulting in cumulative financial losses as high as $40 billion. The report also revealed that the most
spoofed entities are financial services, healthcare, insurance and government.

Business Critical Technology Safeguarding the Phone Call
Branded calling is another branded communication solution that helps businesses put trust and
transparency back into the phone call. Branded calling solutions such as INFORM® allow organizations
to display their name and logo on the recipient’s mobile device at the time of the call and in the history

138

afterward. Branded calling delivers enhanced context, encouraging consumers to confidently engage
with phone calls. Businesses dedicated to providing their customers with a branded call experience not
only protect their customers from fraud but also see improvements in CX, EX and operational excellence.
Cybercriminals count on being able to manipulate consumers into believing that spoofed communications
are legitimate. These spoofed calls continue to be a universal issue affecting consumers, phone carriers,
and businesses despite continuous intervention at the federal level to curb them. A survey found that
approximately 53% of people reported receiving more scam calls in 2022 than in 2021. The increase in
scam calls has made consumers unlikely to answer calls from phone numbers they don’t recognize.
With phone number spoofing impacting organizations in all industries, branded calling and authentication
technologies that can stop cyber criminals in their tracks is now business critical for high-call volume and
high-risk enterprises. Businesses are using these technologies as an extra layer of protection to show
that an incoming call is legitimately from them. This creates a secure experience which makes consumers
much more likely to answer and engage calls from businesses.

About the Author
Scott Hambuchen serves as First Orion’s Chief Information and
Product Officer. Prior to joining First Orion, Scott was President of
Gryphon Networks, a leading provider of telecommunication products
and services. Under his stewardship, the company expanded its core
focus to include business-building contact strategies and
multichannel contact governance. Scott also enjoyed an 18-year
career at Acxiom as a senior executive, living in London for several
years as the managing director of Acxiom’s European operations.
Scott can be reached at firstorion.com

139

Putting AI in Your Corner in the Fight Against
a Resurgent LockBit
By Jon Marler, Cyber Evangelist, VikingCloud

The cyber threat environment is expected to cost the global economy $10.5 trillion by the end of this year
as bad actors double down on ransomware-as-a-service. In the criminal underground, notorious groups
like LockBit make it possible for hackers to target thousands of businesses at the click of a button using
sophisticated AI hacking tools.
While industry pundits celebrated the recent “takedown” of LockBit, it’s clear that cybersecurity risk
remains as high as ever. The real threat doesn’t come from the criminal enterprise alone; most
businesses lack mature cybersecurity practices and effective incident response plans to put up a good
fight.
Businesses can’t rely on law enforcement alone to fight their cyber battles. Organizations – from the
largest global enterprises to the smallest merchants on Main Street – must take responsibility to keep
themselves safe with a new level of cyber defense, leveraging emerging technologies like Artificial
Intelligence (AI).

140

The LockBit “Takedown” – or Lack There-Of
LockBit has taken credit for 16% of US ransomware attacks between 2020 and 2022. The group’s
ransomware, deployed by its worldwide hacker network, takes advantage of vulnerable systems through
traditional and sophisticated attacks with a unique approach to profiting from successful strikes. LockBit
not only holds the victim’s data ransom, but also allows anyone to buy the victim’s data by paying the
ransom first. The organization has already targeted over 2,000 organizations globally and extorted over
$120 million from its victims to date.
LockBit’s news headlines took a turn when the FBI, and its law enforcement partners in the UK, seized
public-facing forums previously used to connect LockBit with other cyber criminals, U.S. servers
leveraged for stolen data transfers, and over 1,000 encryption keys that could help victims recover their
data.

This success was minimal at best.
LockBit became operational again in less than a week, exploiting ConnectWise flaws amongst others,
and boasting about remaining beyond the reach of law enforcement.
As businesses fail to patch new vulnerabilities, deploy weak endpoint protection, or forget to test software
before implementation, LockBit and other cyber criminals will continue to successfully strike. The best
way forward is to fight fire with fire – or in other words, AI.

Beyond LockBit: The Need for Bolstering Cyber Defenses
The key to stopping criminal enterprises from being so profitable is robust cybersecurity practices and
effective incident response; however, most businesses lack the fundamentals.
Many organizations are too small and unable to hire dedicated cybersecurity experts. Some have the
resources, but they can’t find the talent. On top of it all, organizations generate such vast amounts of
cyber event data that even seasoned cybersecurity professionals risk getting lost in the online noise –
losing time and missing imminent threats.
Further, large companies often work with 10 or more cybersecurity vendors, resulting in higher costs and
more complexity. Businesses need a more centralized view of all cyber risks to bolster cyber defenses,
providing information on vulnerabilities, potential security incidents, and remediation efforts on a single
platform.
The AI cybersecurity market is expected to explode to roughly $135 billion by 2030, easing the cyber
threat detection and response burden. But companies can’t just spend money on AI and expect it to win
the fight against LockBit and others. They need the right approach – leveraging AI strategically alongside
humans to ensure their job is easier and they can catch the vulnerabilities LockBit will likely pounce on.

141

Breaking Down Barriers to Cyber Resilience with AI
Emerging technology is leveling the playing field, making cyber resilience achievable for organizations of
all sizes. While cyber criminals use AI to increase their attack cadence and sophistication, businesses
are also leveraging AI to mitigate alert fatigue and identify threat patterns and business-specific
anomalies that otherwise would have gone undetected.
According to a recent study, security professionals waste nearly 33% of their time each day investigating
and validating false cyber incidents. It is essential for AI tools to create efficiencies for security teams,
pointing them in the direction of vulnerabilities and weak points that could be imminently exploited by
ransomware groups.
As businesses struggle with the ongoing cybersecurity talent shortage, AI can be a valuable tool to cover
skills gaps, but just throwing AI at a talent shortage won’t work. In fact, many organizations currently lack
expertise in AI to use these tools effectively. Organizations should look for a cybersecurity partner with
the experience and capability to deploy AI in a way that covers these gaps.
For example, to defend against modern ransomware groups, AI can quickly identify vulnerabilities,
explain what they mean, and offer suggestions for quick resolution. AI tools should offer detail based on
the level of expertise of the individual security professional - from entry level all the way to CISO. This
helps cut through the cyber alert noise and offers actionable suggestions on what defensive actions to
take before LockBit strikes. Human collaboration with AI can streamline their daily tasks, allow them to
focus on the threats most likely to disrupt their business, and speed up incident response in the case of
an attack.
There’s no one-size-fits all approach to cyber resilience. As groups like LockBit and others uplevel their
strategies, businesses must invest in AI to boost the cybersecurity fundamentals – or risk severe financial
and reputational harm when they become the latest ransomware victim.
It’s time to make AI your organization’s best friend vs. your biggest enemy when it comes to cyber
defense. When your company’s’ sensitive information shows up on LockBit’s victim site, it’s already too
late.

About the Author
Jon Marler is the Cyber Evangelist at VikingCloud with a true passion for information
security and more than two decades of experience in security, payment and risk
management, internet software development, and telephony. Jon offers a clientoriented approach to life-cycle account management ranging from needs
assessment and system planning to solution deployment, quality assurance, systems
integration, and continuous process improvement. As a result of Jon’s long-standing
commitment to community collaboration, Jon has been volunteering with the
Electronic Transaction Association as a leader in the Fraud & Risk Committee helping
other organizations protect the electronic payments eco-system from threats on a global level.
Jon can be reached online on LinkedIn and at VikingCloud’s website https://www.vikingcloud.com/.

142

Security Industry Challenges
By Milica D. Djekic

Every single season, a certain percentage of the people are more or less seriously injured and killed on
the roads which seeks a better speed enforcement management looking for an equipment to the Police
officers such as radars, traffic cameras and detectors and much more, as well as truly developed traffic
infrastructure which could deal with the systems for a video detection of the road’s routes such as school
zones, downtown traffic or highway paths, so far. In such a sense, it is needed to make the good law
regulations which will strictly define what a violation or criminal offense on the roads is and how they
could be prevented using a much deeper speed enforcement investing into well-designed and wellplanned road’s infrastructures across the countries, regions and continents which means doing an R&D
of the devices such as speed enforcement systems that could be in compliance with the traffic safety and
security laws trying to, once made, obtain an evidence which will be a valid proof on the court in any case
of the violation and criminal justice offense. In other words, the lawmakers must deal with a strict definition
of the terms that are assumed as the evidence on the court, while an engineering team developing and
deploying such a technological solution must be with a skill to interpret the law and apparently, proceed
with such a project making something that can satisfy the legal requirements, as well as meet very high
technical and economic criteria as a solution getting on the marketplace must be an optimal one equally
offering the both – functionality and cost-effectiveness at the same glance. Indeed, the security industry
is a branch of the commerce providing a security technology and if anyone declares with the law that,
say, speed enforcement system must cope with a visual clue of the vehicle violating the rules such
engineering teams are in need to catch all those data being traffic velocity, license plate number,
recording of the car in a motion and much more – all of so being delivered to the authorities as a record

143

in some database with can, being well-connected with the other accommodated information, make a
good linkage of the findings which might serve to the lawful system to take a full control over such critical
assets avoiding unwanted causalities in a traffic, so far.

On the other hand, the situation in a cyber industry is more or less similar as anything being used to
prove a cybercrime or any violation of the Criminal Code in a cyberspace must count on a security
technology which literally in accordance to the law should accurately isolate, track and find some clues,
as well as provide those findings to a skillful and well-trained forensic detective to prepare an expert’s
reporting which will be recognized on the court as a weapon in the hands of the prosecution, so far, giving
a place to the system to truly impose some sanctions to the offender or the entire cybercrime group. The
main problem with combating the cybercrime is not every country in the world has an adequate response
to that sort of criminality and even if there is some international law enforcement collaboration across the
globe it seems such invested efforts are not sufficient in fighting against that kind of the criminal justice
offense as many areas worldwide do not have a well-developed legal regulation or at least trained staffing
which can explain what has happened in the digital environment and how far-reaching the consequences
of those actions could be and from that point of view, it seems that the hackers could deal with their own
paradise from where they can attack avoiding any sort of the punishment as those regions could be more
likely as the Gaza Strip at the present offering a chance to everyone to attack anyone in a quite
asymmetric manner. In other words, the majority of the R&D projects in a high-tech industry start as an
interpretation of some just accepted law which role is to in a vetting fashion define what is a cybercrime
and how it can be proved legally following with itself some punishments and restrictive measures which
are strictly predicted with the law.

The very beginning of the cyber security goes back in the 1970s when the first lawful acts against the
cybercrime were defined, primarily, in the United States and, lately, in the rest of the world, so far,
providing, in such a sense, an opportunity to enforce those activities, but the main challenge then and
even nowadays is how to use a technology to prove a crime being convicted using anther technology
and that’s why the engineering teams in any fraction of the security industry need to serve hard in order
to make a technological response to any criminal behavior which is, on the other hand, pretty fair as
technical systems mean accuracy or at least a sort of which can give more objective approach to the
entire investigation and lately, the court process, so far. The ultimate matter with the security industry
being correlated with the security technology is to produce something that is truly by the law opening up
a space to the Police to take advantage over those solutions in order to objectively explain some incident
and further, get its conclusion on the court literally dealing with the evidence which are measurable,
quantizable and qualifiable or, in other words, with a complete metrics that can serve in a better
trustworthiness of the entire case management leaving a minimum of the place for making a mistake and
very precisely defining some punishments and sanctions to those being guilty in front of the court and
deserving to get restricted in doing criminal justice offenses truly making harm to the society and
provoking the authorities in their notorious greed for a profit being made through the illegal actions which
could be deeply connected to the much more dangerous impacts to the communities getting a

144

transnational connotation and being extremely threatening to the common people, as well as their lives
and businesses, so far.

145

The Role of Channel Programs in Strong
Cybersecurity Ecosystems
Upleveling channel efforts to enhance overall security support available for customers.
By Scott Goree, Global Vice President, Partners & Alliances, Skyhigh Security

In 2024, companies across all industries are being challenged to accelerate their digital transformation.
They’re taking on daunting tasks like transitioning to the cloud and integrating artificial intelligence into
their workflows or products – all while keeping security and preventing data loss top of mind. This is a tall
ask, especially for small- to medium-sized businesses who may find themselves lacking the expertise,
personnel, or resources to keep abreast of the rapid changes taking place in cybersecurity. The need for
security is growing, but so is the complexity of the cyber threat landscape. For this reason, there’s a major
opportunity for security technology vendors and their channel partners to come together to support
customers in new capacities and leverage the full power of the channel for a safer cyber world.

Evolving Customer Needs
Customer needs are changing in terms of the support they require with deploying or managing their
security solutions and programs. While every company will approach their security differently depending
on factors like size, sector, budget, staff, and more, a growing number of companies are seeking external
support in setting up and implementing their security solutions and strategy. In fact, Gartner forecasts
that $90 billion will be spent on security services in 2024 (i.e., consulting, IT outsourcing, and

146

implementation and hardware support), representing 42% of total security and risk management enduser spending this year.
Companies that choose to augment or replace their in-house security team with a third-party partner like
a managed service provider (MSP) or managed security service provider (MSSP) may choose to do so
for a variety of reasons, including:
•
•
•
•
•

Tight budgets that make an on-site security team unfeasible and create a greater need for
predictable pricing
Lack of security staff or resources, or the desire to not overwhelm their internal security team
Too many competing priorities or time constraints keeping them from dedicating proper resources
to security
Shortages in skilled labor, resulting in a lack of qualified security talent
The desire to more easily scale or tailor security programs for peak flexibility

Opportunities for Vendors and Channel Partners
By building more comprehensive channel programs, vendors and partners can step up to the plate to
address these shifting needs and fill gaps in protection. Channel networks often include technology
partners, system integrators, MSPs, resellers, and others who all play a critical role in connecting
customers with the best solutions and maximizing value. In particularly robust programs, vendors supply
their partners with a vast library of tools, resources, trainings, and incentives to support customers
through more stages of the product lifecycle and allow them to specialize in functions like deploying or
managing security solutions on behalf of customers. The more routes to market that are made available
to partners, the more opportunities they have to guide customers toward optimized technology stacks
and security programs.

Win-Win-Win for All Parties
The top benefit of security channel programs is that they enrich the ecosystem of support available to
help customers protect their organizations, people, and data against evolving threats – helping them gain
greater peace of mind without overextending their teams or budgets. And when designed and executed
well, these programs can also be the gift that keeps on giving for vendors and partners.
For vendors, developing long-lasting, mutually beneficial relationships with a wide network of partners
helps ensure their product is sold and deployed to more customers. These channel partners can also
serve as active and passionate brand advocates – spreading the news of the technology’s capabilities
and educating customers on how the solution can address their most pressing challenges. Additionally,
leveraging the channel helps vendors expand into new markets, especially those they may not have as
large a sales presence in otherwise.

147

Channel partners, on the other hand, reap the most rewards from these programs when they’re able to
offer industry-leading technology and access the resources and training they need to show up for
customers in new and exciting ways. When partners are set up for success, they can more easily grow
their businesses, differentiate in the market, and increase customer loyalty and satisfaction.
Many companies today are looking to outsource some or all their security functions to reduce costs,
augment cybersecurity talent shortages, and future-proof their programs. With these trends in mind,
vendors and partners should focus on upleveling their channel efforts to go beyond basic fulfillment to
provide more services to end users, such as deployment or security management. When all parties
involved are working toward the shared goal of more comprehensive security and contributing to a larger
web of support, companies will be better protected against the threats of today and tomorrow.

About the Author
Scott Goree is the Global Channel Chief at Skyhigh Security, formerly
McAfee Enterprise. With over 20 years of experience as a channel sales
executive, Scott is a hands-on business leader with a proven record for
driving strategy, innovation, and results, from building high-performing
teams to delivering growth that outpaces corporate goals. Scott
joined Skyhigh Security from Nutanix where he was the global leader of
worldwide distribution and responsible for the company’s worldwide
channel renewal business. Prior to Nutanix, Goree was head of Global
Distribution at Pure Storage and, before that, Global Networking and
Security Channels Lead at Cisco. Scott can be reached online on
LinkedIn and at our company website http://www.skyhighsecurity.com/

148

The Transformative Role of AI in
Cybersecurity: Insights and Innovations
By Ashraf Othman, VP Commercial Strategy Execution & Planning, CEQUENS

In the early 1980s, as a young customer/maintenance engineer at IBM, I was introduced to the concepts
of corrective and preventive maintenance. These strategies aimed to prevent faults in computing systems
and address them when they occurred, by replacing defective components. This foundational
understanding underscored the importance of maintenance in the technological ecosystem, a principle
that has only grown in complexity and necessity with the advent of digital transformation.
As we progressed into the digital age, the exponential increase in data generation and the sophistication
of cyber threats demanded an evolution beyond human capabilities. This necessity produced the concept
of Predictive Maintenance, leveraging data insights to foresee and mitigate faults before they manifest.
Yet, the digital era called for an even more potent force to combat the escalating cyber threats - a force
found in generative Artificial Intelligence (AI), the game-changer altering our lives from numerous
aspects.

149

The Evolution of Cyber Threats
The journey into the digital threat landscape began with worms, trojans, and the initial instances of
phishing attacks in the early 2000s. These threats, exploiting the interconnectedness of digital systems,
inflicted significant financial damages on businesses. The evolution continued with the emergence of
Advanced Persistent Threats (APTs) - sophisticated, sustained cyber campaigns targeting specific
organizations to steal information over extended periods.
The industry's response included the introduction of various regulatory frameworks requiring compliance
with cybersecurity standards such as ISO27001, 27017, 27018, HIPAA, NIST, GDPR, and PCI/DSS. The
financial implications of compliance failures, including fines and remediation efforts, layered additional
financial burdens on organizations.

AI: A Proactive and Predictive Force in Cybersecurity
Today, the cybersecurity industry stands on the proactive and predictive stage, heavily relying on AI and
Machine Learning (ML) to preempt, identify, and neutralize threats before they manifest. Despite these
advancements, the financial impact of cybercrime continues to escalate, with billions in direct costs from
ransomware payments, system restoration, and indirect costs including lost productivity, competitive
advantage, and customer trust erosion.

The Role of AI in Cybersecurity: Before, During, and After the Threat
•

Before the Threat: AI's predictive capabilities shine as it monitors and analyzes data from millions
of sources, including network traffic, user behavior, and application logs. Operating across all time
zones, AI systems learn and monitor evolving patterns, creating a context for potential threats
before they occur.

•

During the Threat: AI's real-time threat detection capabilities become crucial. By continuously
analyzing network traffic and system activities, AI detects anomalies signifying impending cyber
attacks. This rapid detection enables immediate mitigation strategies, minimizing potential
damage and adapting to attackers' evolving tactics.

•

After the Threat: Post-incident, AI's role extends to analyzing the attack to fortify against future
breaches. It dissects the attack's lifecycle to pinpoint vulnerabilities and effective tactics used by
attackers. Additionally, AI's forensic capabilities are invaluable for tracing the origins of an attack,
aiding in legal proceedings, regulatory compliance, and enhancing future security measures.

•

Continuous Improvement Through Machine Learning: One of AI's most significant
advantages is its ability to learn from each incident, continually refining its predictive accuracy,

150

threat detection, and response strategies. This ensures that cybersecurity defenses evolve at a
pace that outstrips the threats they aim to neutralize.

CEQUENS and Global Innovators Leading the Change
In response to the escalating cyber threats, companies like CEQUENS are pioneering AI innovations to
enhance cybersecurity measures, demonstrating how targeted AI applications can preempt and
neutralize cyber threats. The adoption of AI in cybersecurity is notably gaining momentum in the MENA
region, highlighting the critical role of AI in safeguarding the digital ecosystem amid rapid digitalization.
This evolution from traditional maintenance concepts to leveraging AI in cybersecurity underscores a
transformative journey towards a more secure digital future, where AI's predictive, proactive, and forensic
capabilities are essential in combating cyber threats.

About the Author
Ashraf Othman, VP Commercial Strategy Execution & Planning CEQUENS. He
is in charge of driving the company’s vision to implement scientific methods and
best practices in CEQUENS’s sales and business development teams to achieve
sustainable business growth.
Prior to joining CEQUENS full-time, Ashraf acted as the company’s growth and
development consultant. He was also a board member for Egyptian National
Post Office subsidiary (WAVZ) and a business effectiveness coach for numerous
regional and international organizations.
Ashraf can be reached online at https://www.linkedin.com/in/ashrafahmedosman/)
and at our company website http://www.cequens.com/

151

Unraveling SSH-Snake
The New Self-Modifying Worm Threatening Networks
By Miguel Hernandez, Sr. Threat Research Engineer, Sysdig

In the ever-evolving landscape of cybersecurity, the emergence of new threats continually challenges the
resilience of network defenses. Among these, SSH-Snake, a newly publicly available network penetration
tool, has recently surfaced as a particularly insidious adversary, posing a significant risk to the integrity
and security of interconnected systems. Discovered by the Sysdig Threat Research Team in February,
SSH-Snake represents a paradigm shift in the realm of network worms, employing innovative techniques
to propagate stealthily through compromised networks.
At its core, SSH-Snake operates as a self-modifying worm, leveraging SSH credentials to infiltrate and
spread within target networks. Unlike traditional worms that rely on scripted attacks for lateral movement,
SSH-Snake exhibits a remarkable degree of sophistication in its approach. Through automated
reconnaissance, SSH-Snake systematically scans compromised systems, meticulously scouring known
credential locations and shell history files to identify pathways for further infiltration.
The hallmark of SSH-Snake's modus operandi lies in its adaptability and agility. Upon execution, the
worm dynamically modifies itself, shedding redundant elements to operate in a fileless manner—a tactic
that significantly complicates detection efforts. This ability to evolve in real-time underscores SSH-

152

Snake's resilience against traditional security measures, making it a formidable adversary for network
defenders.
A closer examination of SSH-Snake's functionality reveals its multifaceted nature. Central to its
operations is the exploitation of SSH keys, credentials that serve as the linchpin for lateral movement
within target networks. By autonomously identifying and leveraging various types of SSH keys, SSHSnake traverses through interconnected systems, gradually expanding its foothold and amplifying the
scope of its impact.
SSH-Snake also exhibits a high degree of configurability, allowing threat actors to tailor its behavior to
suit specific objectives. Through customizable parameters, such as the selection of credential discovery
strategies and target destinations, SSH-Snake offers unparalleled flexibility in its approach—a feature
that amplifies its potency as a tool for malicious actors.
Recent investigations by the Sysdig Threat Research Team have shed light on the operational dynamics
of SSH-Snake. Evidence suggests that threat actors deploy SSH-Snake in offensive operations, utilizing
command and control servers to orchestrate its propagation and harvest valuable data from compromised
systems. The prevalence of SSH-Snake among victims underscores the urgent need for robust detection
and mitigation measures to counter this emerging threat.
In response to the growing threat of SSH-Snake, real-time threat detection tools, such as open source
Falco, are indispensable assets for network defenders. Leveraging a combination of predefined detection
rules and customizable configurations, tools like Falco offer organizations a proactive defense against
SSH-Snake and similar threats, enabling swift identification and mitigation of potential breaches.
Looking ahead, the battle against SSH-Snake and tools like it requires a concerted effort from both
cybersecurity professionals and technology providers. By fostering collaboration and innovation, we can
develop more robust defenses capable of thwarting the evolving tactics of cyber adversaries. Through
continuous vigilance and adaptation, we can fortify our networks against the pervasive threat posed by
SSH-Snake and safeguard the integrity of IT infrastructure worldwide.

About the Author
Miguel Hernandez is a Sr. Threat Research Engineer at Sysdig. Over the past
decade, Miguel, a lifelong learner with a passion for innovation, has honed his
expertise in security research, leaving his mark at prominent tech companies
and fostering a spirit of collaboration through personal open-source initiatives.
Miguel has been a featured speaker at cybersecurity conferences such as HITB,
HIP, CCN-CERT, RootedCon, TheStandoff, and Codemotion. Miguel can be
reached online at Miguel.hernandez@sysdig.com, LinkedIn) and at our
company website https://sysdig.com/

153

Zero-Trust’s Transition from Talking Point to
Implementation Has Finally Arrived
Dive into the ins and outs of zero-trust security, including the recent groundbreaking
developments in the zero-trust framework, and the importance of implementing the framework
today.
By Ran Lampert, CEO and Co-Founder of Infinipoint

Worldwide spending on Identity Access Management [IAM] is projected to hit nearly $19 billion this year,
more than double 2017, and it jumped from 8th to 2nd among CISO priorities over the past year alone.
Amidst a laundry list of CISO worries and the dozens of solutions they work with, there is a growing
realization that Zero-Trust is more relevant than ever as it relies on an evergreen principal rather than a
war of attrition with bad actors. The most important time to implement zero-trust was yesterday, but the
second most important is now, thanks to a major increase in identity-access attacks, changing
regulations, new tech, and cultural shifts that make it a pressing need rather than a wait-and-see decision.
The main issue with zero trust is that while everyone talks about it, few implement it. 90% of organizations
have embraced zero trust, yet polling shows that only two percent have mature deployments in place.
Security professionals are struggling with the move from perimeter security to security from everywhere,

154

and the verifications they once relied on are not available remotely so they end up assuming security
rather than verifying security.
Companies that let threat actors in and rely on tools such as endpoint management and limited data
points before taking action cannot sustain the status quo for much longer. The time to focus on
incorporating as many data-driven signals as possible and verify before trusting is long past due for the
industry. Enterprises must embrace (and implement!) a comprehensive zero-trust framework now to save
money and produce better results.

New legislation is driving an embrace of Zero-Trust
While we like to think of innovation coming only from the private sector, the truth is that governments are
a key catalyst in spurring Zero Trust adoption. The Biden Administration’s Executive Order (EO) 14028,
for example, states that federal agencies and critical infrastructure institutions must adopt adequate
security standards, one of the most prominent of which is the zero-trust framework. The OMB
Memorandum M-22-09 adds detail and necessitates adoption by Federal agencies. Outside of the US,
governments are following suit, including Australia, which sets 2030 as a deadline for government agency
implementation of zero-trust. But it’s not just governmental shifts that make quick action a necessity.

Cultural shifts demand a new approach
The rise of remote and flexible work for all its benefits vis-a-vis commuting times has expanded attack
surfaces, and those who didn’t implement zero trust frameworks or did so incompletely have been paying
a high price. According to Verizon’s 2023 Mobile Security Index, 62% of companies had experienced a
security compromise that was at least partly attributable to remote working in the past three years. Most
organizations cannot cope because they don’t even vet the identities of their users connecting to the
network comprehensively. Worse yet, devices remain unvetted even by many who are more advanced
in Zero Trust implementation, and it’s precisely that vulnerability driving remote and hybrid work attack
surges.
Yet a more mature zero-trust approach that takes devices into account can be incredibly impactful. Add
to the mix that insurance companies’ policies further incentivize the shift by insuring only companies
implementing zero trust, and it’s a potent mix for a shakeup.

Striking a balance between ease of business and security
Passwordless has become perhaps the most popular zero-trust technology in busting the myth that
implementing the approach somehow makes business more difficult. Passwordless doesn’t just not
hinder businesses in the name of security but actually facilitates business by making the identity
verification process incredibly easy. While susceptibility to phishing, social engineering, uncontrolled
workstations or mobile access, and weak device posture is still possible with standard passwordless
providers, as evidenced by some high-profile breaches, the benefits are now clear to companies. As

155

zero-trust implementation transitions from talk to action, many companies are also finding that simply
adding more checks on access without providing a simple solution for the end users “does not fly” in the
organization (e.g., locking users out due to a critical security update) and need to make the balance
between business and security much more simple.
CISOs may have an exhaustive list of “cutting edge” solutions to “proactively neutralize” threats before
they strike, but the results of that approach are clear - it’s not working. Thanks to an innovative approach
from the government (!), cultural shifts that further expose an unsuitable status quo, an unsustainable
level of identity-access attacks, and an acceptance of zero-trust’s ability to enhance security without
impacting business, things are changing.
This is zero-trust’s defining moment, where it finally transitions from talking point to implementation.
Finally, embracing passwordless, controlling device access, verifying the device posture, and not trusting
endpoint security as a first line of defense is a winning formula that withstands AI and every other type of
technological innovation. Too many can no longer afford a war of attrition based on limited data and a
framework of trust as the default. Businesses, along with their customers, will be better off with the
deployment of zero-trust becoming a reality.

About the Author
Ran Lampert is the CEO and Co-Founder of the Infinipoint. He is a successful
leader of multiple teams at security and technology companies and startups
and vast experience from the Israeli Intelligence Corps. Ran previously led the
design and development of the AV and endpoint protection platform at Palo Alto
Networks. He then co-founded Infinipoint to support companies as they move
to passwordless authentication and device zero trust, by building the ultimate
workforce access solution. Ran can be reached online at (via LinkedIn, and
Infinipoint’s Website) and at Infinipoint’s website https://infinipoint.io/

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

CyberDefense.TV now has 200 hotseat interviews and growing…
Market leaders, innovators, CEO hot seat interviews and much more.
A division of Cyber Defense Media Group and sister to Cyber Defense Magazine.

172

Free Monthly Cyber Defense eMagazine Via Email
Enjoy our monthly electronic editions of our Magazines for FREE.
This magazine is by and for ethical information security professionals with a twist on innovative consumer
products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our
mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best
ideas, products and services in the information technology industry. Our monthly Cyber Defense eMagazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare
arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of
sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here
to sign up today and within moments, you’ll receive your first email from us with an archive of our
newsletters along with this month’s newsletter.
By signing up, you’ll always be in the loop with CDM.
Copyright (C) 2024, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.
SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a
CyberDefenseAwards.com, CyberDefenseConferences.com, CyberDefenseMagazine.com,
CyberDefenseNewswire.com, CyberDefenseProfessionals.com, CyberDefenseRadio.com,and
CyberDefenseTV.com, is a Limited Liability Corporation (LLC) originally incorporated in the United States of
America. Our Tax ID (EIN) is: 45-4188465, Cyber Defense Magazine® is a registered trademark of Cyber
Defense Media Group. EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide.
marketing@cyberdefensemagazine.com
All rights reserved worldwide. Copyright © 2024, Cyber Defense Magazine. All rights reserved. No part of this
newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,
recording, taping or by any information storage retrieval system without the writ ten permission of the publisher
except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of
the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may
no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect
the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content
and we’ll post it in the magazine for free, subject to editorial approval and layout.
Email us at
marketing@cyberdefensemagazine.com
Cyber Defense Magazine
276 Fifth Avenue, Suite 704, New York, NY 1000
EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide.
marketing@cyberdefensemagazine.com
www.cyberdefensemagazine.com
NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)
Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 04/02/2024

173

Books by our Publisher: Amazon.com: CRYPTOCONOMY®, 2nd Edition: Bitcoins, Blockchains & Bad
Guys eBook : Miliefsky, Gary: Kindle Store (with others coming soon...)
12 Years in The Making…
Thank You to our Loyal Subscribers!

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know What You Think.
It's mobile and tablet friendly and superfast. We hope you like it. In addition, we're past the five
nines of 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content
Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and
CyberDefenseMagazine.com up and running as an array of live mirror sites. We successfully
launched https://cyberdefenseconferences.com/ and our new platform
https://cyberdefensewire.com/

174

175

176

177

178