Cyber Defense eMagazine February 2021 Edition

The 2021 Perspective - Challenges and 

Milestones for The VPN Industry 

2021 Predictions: Securing the API 

Economy, Identity and Rigorous Consent 

Controls 

Cyberattacks On K-12 Education 

Channeling as A Challenge 

…and much more… 

Cyber Defense eMagazine – February 2021 Edition 1 

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

CONTENTS 

Welcome to CDM’s February 2021 Issue --------------------------------------------------------------------------------- 6 

The 2021 Perspective - Challenges and Milestones for The VPN Industry ------------------------------------ 21 

By Sebastian Schaub, CEO and Co-Founder, hide.me VPN 

2021 Predictions: Securing the API Economy, Identity and Rigorous Consent Controls ------------------- 24 

By Nathanael Coffing, CSO, Cloudentity 

2021 Predictions: Addressing the Challenge of Cloud-Native App Security --------------------------------- 27 

By Ankur Singla, Founder and CEO of Volterra 

A Third Of Americans Trust Facebook With Personal Data More Than Government, Study Shows ---- 30 

By Kathryn Robinson, Privacy Expert, Privacy Tiger 

Cyberattacks On K-12 Education ---------------------------------------------------------------------------------------- 39 

By Saryu Nayyar, CEO, Gurucul 

Credit Cards, Cash and Compliance, Oh My! Eliminating Audit Fatigue in The Financial Services Sector 

---------------------------------------------------------------------------------------------------------------------------------- 42 

By Steve Horvath, Vice President, Strategy & Cloud, Telos Corporation 

Cyber Resiliency Will Become the New Normal In 2021 Combating the Rise of Ransomware ---------- 45 

By Drew Daniels, CIO and CISO, Druva 

Cyber Threats Facing Financial Institutions Amid COVID-19 ---------------------------------------------------- 48 

By Pablo Castillo, Cyber Threat Research Analyst, Constella Intelligence 

Vulnerability Patching: Why Does It Fall Short So Often? -------------------------------------------------------- 51 

By Chris Goettl, Director of Security Product Management, Ivanti 

Channeling as A Challenge ----------------------------------------------------------------------------------------------- 54 

By Milica D. Djekic 

Ransomware is Evolving – Agencies Must Prioritize Data Backup --------------------------------------------- 65 

By Nick Psaki, Principal Engineer, Office of the CTO, Pure Storage 

5G Security ------------------------------------------------------------------------------------------------------------------- 68 

By David Soldani, CTSO, Huawei Technologies 



Does Sunburst Have Your Confidential Emails and Database Data?------------------------------------------- 73 

By Randy Reiter CEO of Don’t Be Breached 

Making the Most of Virtual Cybersecurity Events for your Company and the Community--------------- 76 

By Trevor Daughney, VP, product marketing, Exabeam 

Overcoming ‘Work from Home’ Security Challenges Security Beyond the VPN ----------------------------- 80 

By Krupa Srivatsan, Director, Cybersecurity Product Marketing at Infoblox 

Redefining Digital Risk: 3 Considerations for Your Cybersecurity Strategy in 2021 ------------------------ 84 

By Karl Swannie, Founder, Echosec Systems 

Are Encrypted Communication Apps used for Crime Operations? ---------------------------------------------- 87 

By Nicole Allen, Marketing Executive, SaltDNA. 

SOCs to Turn to Security Automation to Cope with Growing Threats ----------------------------------------- 90 

By Chris Triolo, Vice President of Customer Success, FireEye 

The Best Network Protection: Go Deep or Go Broad? ------------------------------------------------------------- 93 

By Albert Zhichun Li, Chief Scientist, Stellar Cyber 

Top Tips For Securing Your DevOps Environment------------------------------------------------------------------- 95 

By George J. Newton 

Bitcoin Soars but Will Security Risks Spark Greater Regulation? ----------------------------------------------- 98 

By Marcella Arthur - VP, Global Marketing at Unbound Tech 



@MILIEFSKY 

From the 

Publisher… 

New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com 

Dear Friends, 

2021 has started out with many changes in both technical and political winds, and we in cybersecurity find 

ourselves facing new challenges. Abrupt changes in government responses to continuing COVID-related threats 

will no doubt have consequences, both intended and unintended, in workplace practices and security measures. 

For instance, as of our publication date, international travel continues to be severely restricted. For some 

destination countries, that means outbound travel will be subject to proof that the traveler has tested negative 

for COVID within 72 hours prior to boarding a flight. On the way home, a similar U.S.-imposed requirement is 

coming into play. 

Accordingly, we must concern ourselves with how that will affect online work versus face-to-face (masked face, 

that is) events. It seems unavoidable that work-from-home trends will continue and deepen, and the demands 

on cyber systems will increase. Hackers continue to come up with new and inventive ways of overcoming 

cybersecurity measures. But on the whole, cyber defenders are both creative and professional, and as a group 

we continue to fight the good fight. 

Because of the blend between home computing, work and family life, we expect corporate targeted ransomware 

to hit the homes more frequently, meaning the need for better antiransomware solutions and better antiphishing 

solutions will drive innovations and revenues in these parts of the cybersecurity landscape. Companies that we 

see riding this wave include Neustar, which we just reviewed in our consumer focused CyberSecurityMagazine, at 

https://cybersecuritymagazine.com/neushield-data-sentinel-product-review/) and KnowBe4, whom we just 

finished an awesome information packed Webinar with at https://cyberdefensewebinars.com/, available ondemand 

to replay anytime. In addition, our contributing writers provide cogent perspectives on best practices 

and effective management of cybersecurity measures. 

We consider sharing valuable information, through Cyber Defense Magazine and the related resources of Cyber 

Defense Media Group, as essential tools for cybersecurity success. 

Warmest regards, 

Gary S. Miliefsky 

Gary S.Miliefsky, CISSP®, fmDHS 

CEO, Cyber Defense Media Group 

Publisher, Cyber Defense Magazine 

P.S. When you share a story or an article or information about 

CDM, please use #CDM and @CyberDefenseMag and 

@Miliefsky – it helps spread the word about our free resources 

even more quickly 



@CYBERDEFENSEMAG 

InfoSec Knowledge is Power. We will 

always strive to provide the latest, most 

up to date FREE InfoSec information. 

From the International 

Editor-in-Chief… 

The international aspects of cybersecurity continue to develop both rapidly 

and substantively. Financial, communications, health, and digital concerns 

interact in various ways. 

One particular example is shown in new and pervasive restrictions on 

international travel. New requirements for testing have been imposed by 

health agencies without regard to the impact on business and pleasure 

travel. The risk of testing positive (even false positive, which is 

unfortunately a common occurrence) and being quarantined in a foreign 

nation for a minimum of 14 days will have a chilling effect on any 

international travel. 

It's not difficult to project how this will impact cyber-based means of 

conducting business; little, if any, doubt can remain that additional burdens 

will be placed upon communications and security resources. 

Fortunately, our cybersecurity community is already working toward 

implementing strong international security measures. Many of these 

initiatives are presented in the articles in this February issue of Cyber 

Defense Magazine. 

From the international perspective, we continue to hope that in our world 

of cybersecurity and privacy, there may be room for both national and global 

interests. 

As always, we encourage cooperation and compatibility among nations and 

international organizations on cybersecurity and privacy matters. 

To our faithful readers, we thank you, 

Pierluigi Paganini 

International Editor-in-Chief 

CYBER DEFENSE eMAGAZINE 

Published monthly by the team at Cyber Defense Media Group and 

distributed electronically via opt-in Email, HTML, PDF and Online 

Flipbook formats. 

PRESIDENT & CO-FOUNDER 

Stevin Miliefsky 

stevinv@cyberdefensemagazine.com 

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER 

Pierluigi Paganini, CEH 

Pierluigi.paganini@cyberdefensemagazine.com 

US EDITOR-IN-CHIEF 

Yan Ross, JD 

Yan.Ross@cyberdefensemediagroup.com 

ADVERTISING 

Marketing Team 

marketing@cyberdefensemagazine.com 

CONTACT US: 

Cyber Defense Magazine 

Toll Free: 1-833-844-9468 

International: +1-603-280-4451 

SKYPE: cyber.defense 

http://www.cyberdefensemagazine.com 

Copyright © 2021, Cyber Defense Magazine, a division of 

CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a) 

276 Fifth Avenue, Suite 704, New York, NY 10001 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 

PUBLISHER 

Gary S. Miliefsky, CISSP® 

Learn more about our founder & publisher at: 

http://www.cyberdefensemagazine.com/about-our-founder/ 

9 YEARS OF EXCELLENCE! 

Providing free information, best practices, tips and 

techniques on cybersecurity since 2012, Cyber Defense 

magazine is your go-to-source for Information Security. 

We’re a proud division of Cyber Defense Media Group: 

CDMG 

B2C MAGAZINE 

B2B/B2G MAGAZINE TV RADIO AWARDS 

PROFESSIONALS 

WEBINARS 



Welcome to CDM’s February 2021 Issue 

From the U.S. Editor-in-Chief 

As we enter the second month of 2021, it’s becoming apparent that the concerns and suggested 

solutions for dealing with cybersecurity challenges are taking a new focus. The breadth of articles we’ve 

received for this issue of Cyber Defense Magazine reflect both broad-based and specialized approaches 

to defending successfully against cyber exploits. 

From the Editor’s point of view, this development is both promising and encouraging. As in the past, we 

suggest that readers take a brief “walk” through the Table of Contents to select and study those articles 

which apply most directly to your particular operational needs. 

Well into our ninth year of publication, we are fortunate to be able to draw on the expertise and 

experience of so many contributors, and to share their knowledge as actionable intelligence for the 

benefit of our readers and your organizations. 

To emphasize a recurring theme, 2021 presents new and creative challenges, and the process of 

normalizing won’t return us to the old patterns of cybersecurity. But the suggestions for dealing with 

the new ones are coming to the fore in an informed and professional manner. 

With that introduction, we are pleased to present the February 2021 issue of Cyber Defense Magazine. 

Wishing you all success in your cyber security endeavors, 

Yan Ross 

US Editor-in-Chief 


About the US Editor-in-Chief 

Yan Ross, J.D., is a Cybersecurity Journalist & US Editor-in-Chief for 

Cyber Defense Magazine. He is an accredited author and educator and 

has provided editorial services for award-winning best-selling books on 

a variety of topics. He also serves as ICFE's Director of Special Projects, 

and the author of the Certified Identity Theft Risk Management Specialist 

® XV CITRMS® course. As an accredited educator for over 20 years, 

Yan addresses risk management in the areas of identity theft, privacy, 

and cyber security for consumers and organizations holding sensitive personal information. You can 

reach him via his e-mail address at yan.ross@cyberdefensemediagroup.com 































The 2021 Perspective - Challenges and Milestones for 

The VPN Industry 

By Sebastian Schaub, CEO and Co-Founder, hide.me VPN 

The worldwide VPN market is conservatively valued at over $20 Billion and is predicted to nearly double 

in value over the next couple of years or so. As we exit a tumultuous year for businesses of all shapes 

and sizes, what can we expect to see happening in the VPN market over the next 12 months? Will the 

rise in cybersecurity threats help to drive uptake of VPN services? Will COVID’s impact on an increasingly 

remote workforce also drive the need for more VPN connections? Or are there other areas that need 

consideration too? Let’s take a look here. 

VPN trust initiative (VTI) continues best practice drive 

VTI celebrated its first birthday in 2020, so what lies ahead? The VPN Trust Initiative is an industry-led 

and member-driven consortium of VPN business leaders focused on improving digital safety for 

consumers by building understanding, strengthening trust, and mitigating risk for VPN users. This group 

of like-minded companies (which we are proud to be a part of), look to create guidelines that all members 

should follow. If you consider that not all VPN services are equal, then the consortium exists to strengthen 

trust and understanding among users. 



Whilst VPNs remain relatively unknown to the ‘general’ population, and marketing efforts look to address 

this, any stories regarding certain VPN apps spying on users and stealing personal information only serve 

to weaken the cause. In this way the VTI is an effective way to demonstrate to anybody looking to choose 

a VPN, that they can have full confidence in the services offered by any one of its members. This drive 

for best practice amongst our members should be a priority as we look to cement our reputation against 

a backdrop of increasing security concerns and a general public looking for enhanced levels of digital 

safety. 

Native support for IPv6 

With the massive expansion of computers, mobile phones, and any other internet-connected devices, 

the original IP address scheme can’t cope with the demand for addresses. All of these devices need a 

numerical IP address so that they can communicate with each other. In this sense, IPv6 is the way 

forward - we believe that it’s the only way forward. So you might be surprised to learn that many VPNs 

available today do not support IPv6. We have chosen to support IPv6 and you really should be 

considering a VPN that offers native support for IPv6. Without support for IPv6, anonymity gets reduced 

and connectivity suffers and, as a user, this is exactly what you don’t want and goes against what a VPN 

should be offering. With the web transitioning to use the IPv6 protocol, you need to be future-proofing 

your browsing by choosing a VPN provider that supports IPv6. This is no longer a case of a ‘nice to have’ 

- it’s an absolute must have. 

Social Cooling 

A term coined by Tijmen Schep (technology critic and privacy designer), social cooling helps a wider 

audience understand the long-term negative side-effects of living in a data driven society. Tijmen believes 

that digital systems greatly amplify social pressure, which in turn could lead to more conformity. The 

concept of Big Data has been a media darling in recent times, but Schep’s insights provides a welcome 

balance. To this end, he uses the analogy of oil leading to global warming, and data leading to social 

cooling. It is a fascinating concept that looks at how algorithms play such a big part and the role that 

digital reputation has to play, but from a VPN perspective, perhaps privacy is the area that stands out the 

most here. 

Privacy is the right to be imperfect, even when judged by algorithms. We should be able to click on that 

link without fear, make comments without reprisal or befriend who we want without affecting our ability to 

get a job or a loan. Privacy and anonymity are the cornerstones of any decent VPN. It allows you to 

overcome blockages, geo-restrictions and ad tracking (a massive data compiler). I passionately believe 

in protecting those who wish to maintain their privacy and anonymity online. My mission will always be to 

raise awareness here, whilst all around us, data mining and the information it exposes on all of us, 

increases aggressively. 

We believe that privacy, centralisation and the power of the so-called, big 5 tech companies will play a 

central role in antitrust cases. Could we see breaking up big tech as a popular agenda item? We think 

so. 



A slice of the anti-virus pie? 

We see a movement towards VPN providers attempting to consolidate and diversify into products like 

bundled software in order to compete with the more ‘traditional’ anti-virus companies. 

About the Author 

Sebastian has been working in the internet security industry 

for over a decade. He started hide.me VPN, 9 years ago to 

make internet security and privacy accessible to everybody. 



2021 Predictions: Securing the API Economy, Identity 

and Rigorous Consent Controls 

By Nathanael Coffing, CSO, Cloudentity 

It goes without saying that 2020 was an unprecedented year and the security landscape was completely 

transformed for cybersecurity professionals. Due to COVID-19 and the U.S. presidential election, the 

tumultuous year was a perfect storm for hackers to take advantage of. The sudden shift to a remote 

workforce in March 2020 meant that security perimeters were greatly extended and sometimes nonexistent, 

enabling millions of employees to maintain productivity during the pandemic. This led to a neverseen-before 

spike in cyberattacks across all sectors; the FBI and other federal agencies issued a warning 

for all U.S. businesses, particularly hospitals and the public health sector, to be weary of ransomware 

attacks. 



Additionally, we saw explosive growth in the API economy as consumers shifted toward primarily using 

online apps for managing finances, healthcare and other important transactions on mobile devices. 

Consumers also became more aware of how companies are collecting and storing their data when using 

these types of apps. Given the major shift from in-person to digital in 2020, below are a few cybersecurity 

and enterprise tech trends that we can expect to emerge in 2021. 

1) In 2021, Identity Access and Management is no Longer Separate from Cybersecurity 

Identity Access and Management (IAM) and security are no longer separate facets of an organization 

and must be treated holistically. According to 2019 data from the OWASP Foundation, seven out of the 

top 10 security vulnerabilities for APIs are related to identity. This shows that for the technology industry 

at large, the era of managing identity outside of cybersecurity is over. API security is a foundational 

element in today’s app-driven world and all of them need stronger more granular methods of transactional 

authorization. The risk is palpable as we’ve seen from the dozens of API breaches this, if an API is poorly 

written, Object or function level authorization issues provide programmatic data leakage to an 

attacker. An example of this going wrong is Cambridge Analytica, where Facebook’s API exposed raw 

data from more than 87 million Facebook users which was then exploited by the political consulting firm. 

If organizations don't take control of their API security, we will see more large-scale data breaches in 

2021. 

2) 2021 Will Mark Huge Growth in the API Economy 

In the last few years, APIs have been elevated from a development technique to a business model driver 

and boardroom consideration. Essentially, APIs enable companies to more easily build products and 

exchange data with internal, partner and customer services. According to recent statistics, Salesforce 

generates half of its revenue through its APIs, while Expedia reportedly derives a staggering 90% of 

revenue from APIs. In 2020, the API economy boomed and in 2021, we will see an explosion of new 

applications as a result. 

Enterprises thrive on data and APIs provide a key enabler for reusing, sharing and monetizing those 

APIs, extending the reach of existing services or providing new revenue streams. Therefore, a growing 

number of large enterprises are building new services that expose legacy data stores allowing developers 

to use this data to create new APIs to drive new business initiatives. However, along with the rapid growth 

of API-centric services, there are more risks of APIs having vulnerabilities in their code. APIs should be 

treated as products and potential security flaws must be addressed at the API-level, ideally in the 

development stages. 

3) To Lean on API-centric Services to Share Data, Consent Control Must Be More Rigorous 

As we’ve seen with popular cloud document-sharing services like Google Docs and Box, API-centric 

services are relied on every day for seamlessly sharing data and being able to control who can view and 

edit certain files. Privacy is at the core of these open-data platforms, and authorization and consent are 

what ensures privacy is maintained. With modern API-centric services, consent has shifted the consumer 

mindset from “what data can I know about this app” to “what data can this app know about me,” and “what 



data can this app share about me?” Given consumer privacy regulations such as GDPR and CCPA, APIs 

must include consent controls that are much more rigorous to prevent sharing consumer data without 

proper consent. For example, third-party consumer apps like Spotify shouldn’t be able to post to 

someone’s Instagram page or other social media accounts unless they specifically allow it, even when 

these apps remain linked to one another. 

4) VPNs Aren’t Dead Yet, but It’s No Longer a Best Practice for Access 

With a large percentage of the workforce operating remotely for the foreseeable future, more APIs are 

being moved outside firewalls to maintain productivity from anywhere and ensure business continuity 

during the pandemic. Organizations relied heavily on VPNs (Virtual Private Networks) in 2020, but there 

are security and business risks associated with extending the edge. Given the perimeter-centric 

ramifications associated with using a VPN, enterprises are moving toward IAM solutions to solve these 

issues around remote authorization and access. Identity has become the new perimeter for users and 

services and strong authentication is the front door. Both aspects are critical for remote workers to be 

able to securely transfer and access important proprietary data. 


Nathanael Coffing is the cofounder, CSO and a board member of 

Cloudentity. He is a technology visionary with a big picture view geared 

towards simplifying and integrating disparate technologies. Nathanael 

honed his skills at Sun, Oracle and Imperva. Since then, he’s helped build 

a number of technology startups ranging from Consumer RFID to Mobile 

Applications. Nathanael can be reached online via Twitter, LinkedIn and at 

Cloudentity’s website: https://cloudentity.com/ 



2021 Predictions: Addressing the Challenge of 

Cloud-Native App Security 

By Ankur Singla, Founder and CEO of Volterra 

Organizations of all sizes are adopting cloud-native application design and deployment practices as they 

continue to digitally transform business processes. This includes the extensive use of microservices and 

APIs, as well as distributing clusters across multiple cloud providers. Unfortunately, a recent survey by 

Propeller Insights found that while most organizations today are using cloud-native apps, Kubernetes 

and microservices, they struggle to secure and connect the complex environments resulting from them. 

Cloud-native is no longer just a bold new idea for most organizations -- it’s a reality. However, DevOps 

and NetOps teams are facing some serious security and networking hurdles they did not anticipate from 

the outset. As a result, organizations struggle to get the agility and scalability they expected from their 

cloud-native environment and investment. Looking to the year ahead, the following trends will play a 

critical role in helping organizations understand and overcome their cloud-native app security challenges: 

Trend #1: API sprawl jeopardizes the security of modern applications 

As organizations continue to digitally transform business processes, they are increasingly transitioning 

from legacy applications to modern, cloud-native apps. These intricate modern apps feature far more 

APIs than their predecessors. And since these apps are built with extensive microservices, many of these 

APIs are deeply embedded and hidden. This API sprawl has created many new attack vectors. Few 

vendors address app security properly at the API level, leaving developer and security teams scrambling 



to protect these apps. Traditional API gateways were designed for app to web communication, not app 

to app communication, which is characteristic of distributed, cloud-native environments. As a result, 

developer and security teams must manually discover all APIs and enforce policies on them, a 

cumbersome and error prone process. 

In 2021, the industry will popularize a new approach for securing modern, cloud-native apps: the use of 

machine learning to automatically identify all APIs, no matter how deeply embedded or hidden, and then 

enforce policies on each one. This will eliminate the difficult task of manually identifying and enforcing 

policies for each API. 

Trend #2: Growing understanding of service meshes accelerates cloud-native transition 

In 2021, organizations will become more familiar with service mesh technology to help support successful 

cloud-native adoption. A service mesh is an infrastructure layer used for managing, securing and 

optimizing communication between microservices. It’s critical that organizations become proficient with 

the technology when transitioning to a cloud-native approach, which typically leverages microservicesbased 

app architectures. With heavy use of microservices, cloud-native apps are much more complex 

and harder to manage, connect and secure than legacy apps. Existing point products, such as load 

balancers and web app firewalls, were not built for modern apps. To properly manage communication 

between microservices in cloud-native environments, enterprises will increasingly adopt service mesh 

technology. 

Trend #3: NetOps and SecOps help DevOps shoulder the burden for cloud-native apps 

Successfully executing a process as complicated as cloud-native app adoption requires the involvement 

of many different teams. Many enterprises think they only really need developer and DevOps teams to 

drive cloud-native app adoption. As a result, they end up with unsecured, poorly performing cloud-native 

apps, if they even get that far. In 2021, DevOps teams will deploy more collaborative infrastructure 

platforms that will enable them to bring in NetOps and SecOps to help “share the load, but without delays” 

to better transition to a successful cloud-native environment. These groups will collaborate far more 

effectively and openly than they have in the past. 

Conclusion 

The growing distribution of apps across multi-cloud and edge environments is a trend that will continue 

to shape the industry over the next few years. In fact, Gartner named distributed cloud as one of its Top 

10 Strategic Technology Trends for 2021. 

While there are several challenges to supporting apps and data in these highly distributed environments, 

security will be one of the most critical considerations. Few existing solutions and approaches were 

designed for such environments, and organizations must embrace new methods to safely make this 

transition. As a starting point, they should implement machine learning capabilities to automate API 

security processes, adopt service mesh technology to manage and secure communication between 

microservices, and enforce collaboration between DevOps, NetOps, and SecOps teams to create 

successful cloud-native environments. 




Ankur is the founder and CEO of Volterra. Previously, he was the founder 

and CEO of Contrail Systems, which pioneered telco NFV and SDN 

technologies and was acquired by Juniper Networks in 2012. Contrail is 

the most widely deployed networking platform in Tier 1 telco mobile 

networks (AT&T, DT, Orange, NTT and Reliance JIO), and is used in 

many SaaS providers’ cloud deployments (Workday, Volkswagen, 

DirecTV). Prior to Contrail, Ankur was the CTO and VP Engineering at 

Aruba Networks, a global leader in wireless solutions. He holds an MS in 

Electrical Engineering from Stanford University and a BS in Electrical 

Engineering from the University of Southern California. Ankur can be 

found online at @asingla77 and at our company website 

https://volterra.io/. 



A Third Of Americans Trust Facebook With Personal Data 

More Than Government, Study Shows 

The level of trust in Facebook versus the government also varies between demographic groups. 

By Kathryn Robinson, Privacy Expert, Privacy Tiger 

In today’s ever-changing data-driven society, it’s a challenge for data regulations to keep up with the 

speed of technological advances. But as data breaches and cyberattacks increasingly threaten online 

privacy around the world, it’s now more crucial than ever for countries to strengthen cyber defenses to 

protect citizens’ data. 

While Europe sets the global data privacy standards with its General Data Protection Regulation, the US 

is still catching up. 

In America, personal data is a valuable asset, and much of it falls into the hands of big tech companies 

— like Facebook — and the government, both of which have been scrutinized in the past for questionable 

data handling practices. 

With these powerful organizations harnessing so many people’s information, it evokes the question: Who 

can Americans trust more, the government or Facebook? 



An independent study conducted by Privacy Tiger with over 1,000 US participants found this: despite 

Facebook’s fair share of data privacy issues, about 32% of Americans still trust the tech company over 

the government with their personal data. 

Trust in the US government has fluctuated over the last four decades, but the overall declining trend is 

evident. As of recent years, 83% of Americans don’t trust the government to do what’s right, according 

to a Pew Research Center study. 



This lack of trust in the government also extends to cybersecurity issues. Another Pew Research study 

found that while a majority of Americans have personally experienced a data breach, many of them don’t 

trust the government nor social media platforms to protect their data. 

Roughly half of Americans feel that their data has become less secure over the last five years. Their 

concerns are reasonable, given that the US has experienced the most cases of significant cyber attacks 

over the last decade compared to other countries, and as a result, also spends the most on data breach 

responses. 

It’s also alarming that the government is one of the sectors most susceptible to data breaches — the 

others being retail and technology — as this means the current cybersecurity measures aren’t enough to 

protect citizens’ data. 

And while many internet users are aware of the copious amounts of personal data that Facebook collects, 

not many may know that the government possesses even more. On top of storing citizens’ personal 

identification information, education history, and medical records, the government also has access to all 

the personal data that Facebook and other tech companies collect. 





This makes government data breaches all the more detrimental as it can affect millions of citizens. For 

instance, the 2015 hacking of the US Office of Personnel Management (OPM) compromised the sensitive 

personal information of over 22 million people, including federal employees and their friends and family. 

The cyberattack was the result of the OPM’s failure to “prioritize cybersecurity and adequately secure 

high value data,” stated a report by the Committee on Oversight and Reform. The damages could have 

been prevented or significantly reduced had the OPM implemented “basic, required security controls” 

after encountering initial breaches in 2014. 

The OPM isn’t the only government agency with a blemished track record. Eight other government 

agencies — including the Department of State and Department of Education — have recurring histories 

of failing to comply with national cybersecurity standards, according to a Senate Subcommittee review of 

a decade’s worth of cybersecurity audits. 

The review found that seven of the eight government agencies failed to provide adequate protection for 

personally identifiable information, and all eight agencies used outdated legacy systems and failed to 

apply security patches in a timely manner. 

And although there seems to be less public awareness when it comes to the government’s cybersecurity 

issues compared to Facebook’s privacy scandals, which are often in the limelight, the fact that a third of 

Americans would still place higher trust in the tech company speaks to their lack of faith in the governing 

bodies. 

Privacy Tiger’s study also found that the level of trust in Facebook versus the government varied between 

demographic groups. 

Boomers and Zoomers Trust Facebook the Least 

Privacy Tiger’s data revealed that older Boomers and Zoomers trusted Facebook the least, while 35-44 

year-olds trusted Facebook the most. 



The Boomers’ lack of trust in Facebook may be derived from their skepticism of social media in general, 

as a majority of older Americans feel that their personal information has become less safe in recent 

years. 

Zoomers, on the other hand, are leaving Facebook for newer social media platforms like Instagram and 

Tik Tok. The younger, tech-savvy generation is also likely to be aware of Facebook’s privacy problems, 

notably the Cambridge Analytica scandal and the record-breaking $5 billion penalty from the Federal 

Trade Commission for deceptive privacy practices. 

To re-establish trust with users young and old, Facebook would have to change its manipulative 

advertising tactics and be transparent about its data handling practices. 

Women trust Facebook more than men 

Data also showed that women were 74% more likely than men to trust Facebook over the US 

government. 



This could be because women make up the bigger Facebook demographic and engage more actively on 

social media. 

On the flip side, women’s distrust of the government could stem from the overall lack of active female 

voices in the government. As of 2020, women hold about a quarter of the seats in Congress, and less 

than a third of the statewide elective executive office positions. 

The juxtapositions between women’s prominence on social media and their underwhelming presence in 

elective office might account for why women are more likely to trust Facebook with their personal 

information over the government. 

Southerners trust government the least 

When looking at regional differences, data showed that Southerners were the least likely to trust the 

federal government with their data. 



While it’s unclear if historical events or political biases play a part in Southerners' distrust, it’s clear that 

trust in the government is fractured across the country, and Facebook is part of the problem. 

The social media platform has become a medium for the spread of misinformation and targeted political 

ads in recent years, adding instability and uncertainty to the political environment. 

The Future of Data Privacy in the US 

Overall, findings from Privacy Tiger’s study suggest that data privacy is currently not prioritized in America 

as much as it should be. Previous examples of the government’s questionable data handling practices 

also illustrate this point. 

For instance, a recent report revealed that FBI investigators used provisions in the Patriot Act to collect 

users’ website visit logs in 2019, which is faintly reminiscent of the NSA’s monitoring of citizens’ phone 

records back in 2013. 

To regain the public’s trust, both private and public institutions have to implement adequate data 

protection measures and be transparent about their data handling practices. 



Without any federal data privacy legislation, it’s up to state and sector-specific regulations to upkeep data 

privacy standards. The California Consumer Privacy Act, lauded as the “GDPR Lite,” is a good start, but 

it still doesn’t have the power to keep all US businesses in check, much less the government. 

Nevertheless, there are opportunities for change. Experts say they expect that there will be greater focus 

on cybersecurity and tech policies under the Biden administration, especially in bringing about the 

beginnings of a national data policy, and implementing a new layered approach to cybersecurity. 

Going forward, it’ll be up to government agencies and corporations to take the lead in reforming 

cybersecurity and data handling practices so they can create a safe and secure online environment for 

all citizens. 


Kathryn Robinson is a privacy expert for Privacy Tiger. She 

writes about compliance trends and best business practices for 

websites, apps, and companies in the US and EU. 



Cyberattacks On K-12 Education 

Carefully allocating limited resources lets districts get the best bang for the buck. 

By Saryu Nayyar, CEO, Gurucul 

While we read about a lot of high profile cyberattacks against large organizations, and even sophisticated 

long-term attacks by State actors against well respected security companies, the reality is that 

cybercriminals are more likely to go after “low hanging fruit” before they engage with a high profile, well 

defended, target. The “target of opportunity” mentality is easy to understand. While the reward from a 

soft target won’t net as much as the potential payout from a large organization, the effort is low, the risk 

is lower, which makes the risk vs reward equation favor the softer target. From the attacker’s perspective, 

it’s a no brainer. 

Unfortunately, that target of opportunity approach has led to organizations in K-12 Education becoming 

a common victim of ransomware, data theft, and other harassment. The increased activity against 

Education is what led the US Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State 

Information Sharing and Analysis Center (MS-ISAC) and the Federal Bureau of Investigation (FBI) to 

release a Cybersecurity advisory on December 10 th , 2020. 

Considering public K-12 education in the United States is famously under-resourced, it’s no wonder they 

are an easy target for cyberattacks. School districts frequently lack the budget and resources needed to 

adequately secure their environments. Many districts have a limited IT team who covers district offices, 

student use equipment, and schools, with only a few people on staff. In many cases they don’t have the 



udget to include a dedicated Information Security asset and, at best, add InfoSec to the stack of 

responsibilities their team has. That is, if they haven’t outsourced their entire IT infrastructure to a 

Managed Service Provider (MSP) who may, or may not, have it in their contract to handle the added 

burden of managing the district’s cybersecurity. This all combines to leave school districts especially 

vulnerable to a range of attacks. 

Some of these attacks are, on some level, understandable if not forgivable. “Zoom-bombing” a class, 

while disruptive, may be nothing more than a prank staged by a student, sibling, or school rival. It’s the 

kind of stunt some of us would have likely considered during our own school days. A DDoS, again, may 

be a poorly conceived student prank rather than part of a criminal effort to disrupt the school’s operations. 

The CISA alert covers attacks that are much more intrusive and damaging than simple pranks or minor 

disruptions. Attackers have dropped malware into school environments to disrupt systems, steal 

personal information for sale or extortion, and they have used ransomware against districts and even 

individual students. 

With the state of Public Education budgets in the United States and the stresses brought on by the shift 

to distance learning amidst a global pandemic, cybercriminal attacks against K-12 organizations count 

as kicking someone while they’re down. Not that it’s unexpected. After all, we can’t exactly expect ethical 

behavior from people who are making a living from openly criminal pursuits. What we can do, is try and 

help educational organizations defend themselves during these extraordinary times. 

With restricted budgets, educational institutions need to carefully allocate their limited resources to get 

the best bang for the buck. Whether they are using a dedicated IT organization in their district or school, 

are relying on SaaS services, or an MSP, the situation is the same. They need to meet their operational 

requirements first and foremost, providing the best education possible to their students, while still 

maintaining adequate security. 

It’s a daunting challenge, but the CISA alert has some solid advice on best practices to stay secure 

against these attacks. 

The obvious suggestions of keeping patches up to date, making sure systems are configured according 

to industry best practices, enabling Multi-Factor Authentication, auditing user accounts and systems, and 

the rest, are simply the start. Of course, organizations should already be doing all this. That we need to 

remind people in the alert speaks more to districts having limited resources than it does to them having 

a lack of knowledge, will, or intent. 

Perhaps the most effective way to use limited resources in K-12 Education is through user awareness 

and improved user training. After all, who better to educate people on how to best deal with social 

engineering, phishing, and other basic user security concepts, than professional educators? While 

Teachers are already over-worked, under paid, and under-appreciated, they are also well positioned to 

become an effective part of the solution rather than part of the threat surface. They can also effectively 

relay security awareness on to their students who may be at risk as social engineering and phishing 

targets themselves. 

There is an old saying about knowing being half the battle, and in this case a lack of knowledge is a 

serious issue. Where adding technical solutions to the security stack can be beyond the resources of a 

stressed school district, improving user education and training is a reasonably cost effective and rapid 

way to improve K-12 security. 




Saryu Nayyar is the CEO of Gurucul. She is an internationally 

recognized cybersecurity expert, author and speaker with more 

than 15 years of experience in the information security, identity 

and access management, IT risk and compliance, and security 

risk management sectors. She was named EY Entrepreneurial 

Winning Women in 2017. She has held leadership roles in 

security products and services strategy at Oracle, Simeio, Sun 

Microsystems, Vaau (acquired by Sun) and Disney, and held 

senior positions in the technology security and risk management 

practice of Ernst & Young. She is passionate about building 

disruptive technologies and has several patents pending for behavior analytics, anomaly detection and 

dynamic risk scoring inventions. 

Saryu can be reached on Twitter at @Gurucul and at https://gurucul.com/ 



Credit Cards, Cash and Compliance, Oh My! Eliminating 

Audit Fatigue in The Financial Services Sector 

By Steve Horvath, Vice President, Strategy & Cloud, Telos Corporation 

When we think of our finances, we think of them as a responsibility – a commitment to ensure payments 

are submitted on time, and our credit score is where it should be. We often don’t think of how 

cybersecurity and compliance fit into the picture, at least beyond credit card breaches or financial fraud. 

The reality is, as cybersecurity threats become increasingly more sophisticated – and the financial 

services industry seemingly more complicated – financial organizations need to put a renewed focus on 

compliance activities. According to recent research, organizations are spending over $3.5M each year 

on compliance activities. This figure increases to over $4M in the financial services sector, likely due to 

unique regulations and procedures having to do with anti-money laundering (AML), sanctions, and more. 

Additionally, the financial services sector is one of the most likely sectors (58 percent) to report they need 

to hire more staff to cover an increasing workload. The bottom line is this: in the financial services 

industry, compliance is often a full-time job. 

Compliance activities are often synonymous with the NIST Cybersecurity Framework, which consists of 

standards, guidelines, and best practices to manage cybersecurity risk. While this framework provides a 

strong foundation for addressing compliance challenges - offering a variety of resources that can be used 

to align on compliance priorities - companies need to improve their approach to compliance activities in 

the financial sector. Here are the top 4 key considerations to bear in mind as part of a holistic compliance 

strategy for financial services organizations. 



Third-party vendor risk management programs 

Third-party risk is a common concern among organizations across industries, as they are entrusting other 

contractors to perform certain business activities for them. According to a recent global survey conducted 

by Ernst & Young, 58 percent of financial services firms have implemented centralized approaches to 

third-party risk management. Additionally, 41 percent of financial services organizations may adopt a 

managed services approach to third-party risk management within the next few years. As with any 

industry, managing a vendor’s risk is key to compliance in the financial services sector. 

But unfortunately, a traditional vendor evaluation often does not capture ever-evolving risks. Gartner 

reports that more than 80 percent of legal and compliance leaders indicate third-party risks were identified 

after initial onboarding and due diligence. In the same study, one chief compliance officer at a financial 

services organization revealed there is no question that third parties are redefining how their business 

competes in the new digital world. 

It’s clear that ensuring a risk management program for third-party vendors is in place is of utmost 

importance for any organization that wants to avoid undue risk and potential compliance fines. Finserv 

and other organizations can look to examples like Shared Assessments’ Third Party Risk Management 

(TPRM) Framework, which outlines fundamentals and processes to consider when building such a 

program – to include outsourcing analysis, contract management, monitoring, and more. 

Vendor evaluation 

Before establishing a third-party vendor risk management program, it’s important for financial services 

organizations to either choose NIST-compliant vendors or have some sort of compliance policies in place 

to create peace of mind that their partners are responsible and do not pose much risk. 

If you need a place to start, SecurityScorecard advises setting an assessment scope. The process 

includes determining which risk criteria pose the greatest threat. One example given is a company 

handling payment card data. This type of company faces substantial compliance risk (particularly PCI 

DSS), and should therefore include compliance to this regulation in their assessment scope. 

Proof of compliance 

When you buy a home, car, or any other large asset, a contract often serves as evidence that you are 

the owner. This concept is not so different for financial services organizations that have to provide proof 

of compliance. 

The Financial Services Sector Coordinating Council (FSSCC) explains that Profiles within the NIST 

Cybersecurity Framework can be used as an assessment tool for financial institutions to evidence 

compliance with regulatory frameworks – a “common college application for regulatory compliance,” as 

they call it. Proof of compliance within the financial services industry is especially important because 

newer areas in play must be considered, such as facial recognition checks, two-factor authentication, 

social media, and other factors. This added layer of complexity is all the more reason that financial 

organizations need to prove they are compliant. 



Employee education 

Training is the key to upskilling employees. This is arguably even more important for financial 

organizations educating staff on such a complex and ever-changing topic as compliance. These 

organizations must ensure they comply with the minimum security-related requirements associated with 

compliance and building a cyber-aware workforce will allow employees a more holistic view into how 

cybersecurity and compliance operate. 

The Financial Services Information Sharing and Analysis Center (FS-ISAC) posits that a top priority for 

organizations is employee training due to the low cost and high return. The more security-aware financial 

services employees are, the better they can understand how to approach certain situations and maintain 

compliance. 

While credit cards may have a limit, there is no limit to the number of compliance regulations that will 

undoubtedly emerge across industries in the coming years. Put into effect on May 25, 2018, the General 

Data Protection Regulation (GDPR) really set the gold standard for data protection in the EU, followed 

less than two years later by the California Consumer Privacy Act (CCPA). Both signal a trend toward 

more regulations to come. With this reality, financial services organizations need to ensure their 

compliance activities are up to snuff before they are slapped with unwanted fines. 


Steve Horvath is the Vice President of Strategy & Cloud at Telos 

Corporation. He currently serves as Vice President of Strategy 

and Cloud with a focus on long-term strategic partnerships and 

solutions spanning the company's breadth of offerings. With over 

20 years of practical experience in the information security domain, 

Steve is considered an expert in risk and compliance for 

information technology. He is a graduate of the University of 

Maryland, College Park, and maintains both Certified Information 

Systems Security Professional (CISSP) and Project Management 

Professional (PMP) certifications. Steve can be reached online at 

(https://www.linkedin.com/in/bigdogsteve/) and at 

https://www.telos.com/ 



Cyber Resiliency Will Become the New Normal In 2021 

Combating the Rise of Ransomware 

By Drew Daniels, CIO and CISO, Druva 

This past year, cyber resiliency proved to be a vital asset to ensure business continuity, and it’s one that 

will continue to take precedence in 2021. Over the last 12 months, we have witnessed cloud migrations 

continue to happen, now on an accelerated timeline on a global scale as organizations adapt to a digital 

workplace. Unfortunately, the numbers seem to indicate that only a handful of businesses were fully 

prepared to operate in the digital realm in a secure way before our world changed dramatically last year. 

The rate of ransomware attacks across industry sectors has increased exponentially and has become an 

all-too-common occurrence for businesses around the world that weren’t prepared to protect their digital 

assets. These trends are going to continue for the foreseeable future. 

Cyberattacks adopted increasingly malicious tactics in 2020, targeting some of our most vulnerable and 

essential industries during a time of crisis. As the stakes of ransomware continue to rise, last year 73 

percent of IT leaders expressed increased concerns around protecting their organizational data from 

these cyber attacks. Many are already anticipating 2021 to be even worse, with Babuk Locker becoming 

the first new form of ransomware targeted against the enterprise just days into the new year. With this 

said, the time is now for organizations to proactively address their data management and protection 

strategies in order to help significantly reduce their data risk. 



With the growing risk of ransomware threatening the enterprise, being prepared is not optional in 2021. 

To best protect organizations and individuals across the globe, it is critical for cybersecurity leaders to be 

cognizant of the latest threat, the industries that are most vulnerable to ransomware attacks and how to 

proactively defend organizational data. Most importantly, security and IT leaders need a clear plan to 

ensure a speedy and effective recovery of business networks when it inevitably is targeted. 

In 2021, it's expected cyberattackers will up the ante in the healthcare sector and laser their focus on 

extorting more stolen and sensitive patient data to gain the largest amount of profit. As the recent Ryuk 

attacks demonstrated, these hackers are intent on asserting their dominance in this industry. As these 

enterprises lead the charge to tackle one the most unprecedented situations in the last century, data 

protection will be even more critical to minimize the impact of these malicious actors. 

Today’s dynamic threat surface means organizations in the healthcare sector - and every other industry 

- must commit to getting ahead of cyber criminals as much as possible. They are relentless in their pursuit, 

but a robust data protection strategy can help blunt those efforts considerably. A strong data protection 

architecture is fundamental in ensuring that confidential and sensitive data, like personally identifiable 

information, is accounted for (know where your critical data is located) and protected against ransomware 

intrusion with features like end-to-end encryption and air-gapping. The focus in 2021 should be on 

backing up critical data and tightening data retention compliance so businesses have the opportunity to 

restore it at a future point in time, if and when required. 

Ultimately, this last year shed light on many vulnerabilities behind digital networks and infrastructures, 

and the importance of cyber resiliency for businesses to remain operable and secure. Unfortunately, as 

the value of data continues to rise, so does the profit in exploiting, exfiltrating and distributing this data. 

We should expect an evolving threat landscape in the new year, and while predicting the future is always 

uncertain, it’s undoubtedly true that mitigating the risk and exposure to these types of attacks will become 

the new normal in the year to come. 




Drew Daniels is the CIO and CISO of Druva. Drew brings a passion for 

helping companies scale global operations, success implementing 

robust security protocols, and more than 20 years of experience to 

Druva. At Druva, Drew focuses his time on efficient operations 

processes, identifying security risk and leading the technical operations 

functions. Prior to joining Druva, he was the global CSO and CIO at 

Qubole, where he led the company in achieving SOC2 Type II, ISO- 

27001 and HIPAA compliance, while also helping the company grow 

revenue by more than 5X, significantly reduced costs across all 

operational areas and achieved a number of significant milestones with 

customers and partners. 

Drew has co-authored two books on the topics of networking, security and the domain name service, and 

also works within the international community as a non-profit board member and advisor for organizations 

whose mission is to develop the next generation of technology professionals. 

First Name can be reached online at https://www.linkedin.com/in/andrewdaniels and at our company 

website https://www.druva.com/about/leadership/andrew-daniels/ 



Cyber Threats Facing Financial Institutions Amid 

COVID-19 

By Pablo Castillo, Cyber Threat Research Analyst, Constella Intelligence 

COVID-19 has accelerated security research into the cybersecurity implications of our society where 

large swaths of the population are fully remote. With constrained budgets, many organizations have made 

the difficult decision to deprioritize cybersecurity and instead allocate resources to other business 

functions that directly impact the bottom line. However, financial institutions are increasingly the target of 

cyber attacks. From February to the end of April 2020, banks faced a 238% surge in attacks, according 

to a May 2020 report. Time is clearly running out for organizations to proactively act on cyber threat 

monitoring, training and awareness for their employees – especially in the financial sector. 

In a hearing on this very issue back in June 2020, Financial Services Subcommittee Chairman Emanuel 

Cleaver (D-Mo.) noted: “In this time of suffering and hardship for so many, we are seeing criminal actors 

here and at home and around the world redoubling their efforts to target families, financial institutions, 

and even governments.” As we know, financial institutions are especially attractive to threat actors given 

their treasure troves of valuable data and the potential for lucrative gains. So, what exactly are the threats 

facing financial institutions at this time? 



Phishing 

Threat actors are taking advantage of victims who are susceptible during this uncertain time, with the 

shift in working patterns amid a lack of security discipline surrounding COVID-19 providing new entry 

vectors that risk their company's assets. The increase in phishing scams this year was so stark that the 

American Bankers Association and nearly 1,500 banks launched #BanksNeverAskThat during National 

Cybersecurity Awareness Month in October. 

My firm, Constella Intelligence, has identified an increase in CEO phishing cases specifically, in which 

the identities of CEOs were spoofed and misleading emails were directed at employees to gain access 

to confidential data or redirect bank transfers to malicious accounts. In terms of "cost-effective fraud," this 

is the most profitable type of attack for cybercriminals, along with Business Email Compromise (BEC). 

Business Email Compromise 

Financial Crimes Enforcement Network (FinCEN) published an advisory this summer outlining the various 

ways threat actors are exploiting the pandemic and singled out BEC schemes. A nefarious actor will 

convince companies – including banks and lenders – to redirect payments to new accounts, “while 

claiming the modification is due to pandemic-related changes in business operations,” according to 

FinCEN. Often, these sort of scams are preventable, but it comes down to training and awareness to 

combat these social engineering techniques. 

Exploitation of Mobile Banking 

The pandemic has certainly accelerated the adoption of digital payments, and threat actors have taken 

notice. The Internet Crime Complaint Center (IC3) stated that mobile banking usage has surged as much 

as 50% since the beginning of 2020. Cyber actors exploit these platforms, namely via app-based banking 

trojans and fraudulent apps. The simple solution for individuals to combat these threats is to remain 

vigilant for suspicious activity and verify an app is legitimate before downloading. 

Distributed Denial-of-Service (DDoS) 

We are also seeing a significant increase in DDoS attacks on all types of institutions (health, energy, 

stock trading and banking). Alarmingly, DDoS attacks can freeze the operations of many customers of 

financial institutions. Notably, in February 2020, Amazon mitigated the largest DDoS attack ever recorded 

– a whopping volume of 2.3 Tbps. Cybercriminals have noticed many offices are under siege and relying 

on virtual IT support. Kaspersky noted that DDoS attacks dramatically increased in Q2 and with the 

holiday season right around the corner, the trend is likely to continue for the remainder of the year. 

Maintaining an infrastructure for mitigation of DDoS attacks is costly; however, companies should 

consider these services are not only contracted to solve a “current” issue, but rather to be prepared for 

future attacks, similar to the use of antivirus software. 



Increased Activity on Deep and Dark Web 

In recent months, my firm has also noticed increased activity in underground markets and forums around 

the sale of stolen credentials, documentation and credit cards, and even tools to exploit physical devices 

(e.g., ATMs for carding) or communications software (e.g., "Zoom" messaging application). We also 

observed an increase in the volume of banking information for sale in underground communities. 

Looking Ahead 

Financial institutions must audit their security protocols and determine what is and isn’t working, and 

importantly, understand that most fraud incidents will not be isolated. Oftentimes, these attacks are 

harbingers of future, more sophisticated attacks that use information obtained from a previous cyber 

incident. 

Companies can prevent attacks like money laundering, account takeover and identity theft, but the key 

is two-fold: take a proactive approach to security by equipping your organization with digital risk protection 

capabilities – monitoring, detecting and uncovering identity information found in open sources on the 

surface, social, deep and dark web – and training your employees. Human error is costly. Simply put, if 

your employees do not practice proper cyber hygiene, your organization will be more vulnerable to 

cybercrime. A great place to start is understanding the signs of a scam (e.g., poor grammar, unsolicited 

inquiries regarding financial or personal information, suspicious attachments). Threat actors are 

constantly evolving, especially in the wake of the pandemic, so financial institutions and their employees 

must keep pace. 


Pablo Castillo is a Cyber Threat Research Analyst at Constella 

Intelligence – a cyber intelligence company that works in partnership 

with some of the world's largest organizations to safeguard what 

matters most and defeat digital risk. Pablo can be reached at our 

company website https://constellaintelligence.com/ 



Vulnerability Patching: Why Does It Fall Short So Often? 

Weak threat insight, SecOps competing priorities and fear of making things worse 

are key reasons 

By Chris Goettl, Director of Security Product Management, Ivanti 

It isn’t glamorous. It won’t guarantee a company staff promotion or kudos, but patching is a critical risk 

prevention function in any environment. Unfortunately, it’s a task organizations tend to push aside – until 

they’re hit with a multi-million-dollar breakdown. Ponemon recently found that 60% of security breach 

victims say they became breached due to an unpatched known vulnerability. So why, with so much risk 

in the balance, do many systems remain unpatched? Like many underperforming environments, the 

answer has many facets: practical, emotional and operational: 

Practical: In the remote working, threat-rich world that security and operations teams work in, 

patching often takes a back seat to other threat deterrence tasks like adding in new security 

access protocols or recovering offboarded assets. Operations also has many competing priorities, 

not the least of which is strategically mapping out new policies and procedures to better manage 



an expanded remote workforce and working with the C-suite on desired business outcomes going 

forward. 

Emotional: The inherent fear is that patching updates might cause workflow disruption at a time 

when organizations are already dealing with wholesale transition to a more remote/hybrid work 

environment. Security or operations personnel do not want to be the cause of a miscue – thus, in 

some instances fear paralysis takes over. 

Operational: Knowing which vulnerabilities pose the most threat so patching can be correctly 

prioritized is a major factor in patching being successful. Many organizations struggle to manage 

the variety of applications in their environments, the inconsistent frequency of release from most 

vendors, and the sheer volume of change that can cause operational impacts to users. 

Patch Smarter and Faster 

Remote working has exacerbated concerns about patching as security and operations teams are facing 

the fact that remote desktops can be rife with vulnerabilities and reside outside secure network 

perimeters. SecOps visibility into remote workers’ devices previously was not as much a priority. The 

new world environment of more devices being used remotely, devices that may not meet on-prem security 

standards, has opened the door to an increased attack surface, one with considerable gaps in effective 

patching. 

How do organizations move past these barriers to make patching a smoothly running part of SecOps and 

not another sticky subject during team meetings? Patching technologies have existed for years, yet 

companies still struggle with vulnerability remediation. It is not so much a technology challenge that 

companies face, but a challenge of process, politics, and operational impact. There are practices and 

systems that can be put into place to minimize SecOps concerns about workflow impact and most 

importantly, fine tune patching to target high-risk threats. Patching processes can also be improved so 

patching is no longer a time-consuming operational headache. Achieving this will go a long way to 

breaking down barriers. Strategy improvements include: 

Patch Reliability. No administrator responsible for patching can ever completely test the effect 

of updates on their environment. Typically, teams try to validate impact through test systems and 

user pilot groups – delaying updates to the point of escalating a threat. Advancements in patch 

performance intelligence can cut through these delays and accelerate patching based on 

crowdsourced telemetry of patch performance along with social sentiment gathered from popular 

social media outlets. This richer repository of data enables SecOps to make quicker decisions on 

where to focus testing efforts to maximize efficiency and avoid operational impacts. 

Risk-Based Prioritization. Many organizations prioritize remediation efforts based on vendor 

severity. This approach leaves many open to high-risk vulnerabilities that are actively being 

exploited – vulnerabilities the vendor may have only flagged as important. Expanding the 

knowledge base here is critical. Obtaining additional metrics of ‘known exploited’ vulnerabilities 

will give SecOps more data with which to prioritize patching based on real world risks to the 

organization. 

Automated Vulnerability Remediation. Transferring greater knowledge and prioritization into 

action – and mindful of SecOps time management – means employing a higher degree of 

automation. The only way to effectively patch and secure remote devices working in the cloud 



with any degree of efficiency is to bring more automation into the process. Automation can take 

metrics gained through machine learning and proactively detect, diagnose, and auto-remediate 

configuration drift, performance, and security vulnerabilities before they reach the threat stage. 

Patch Compliance. Service level agreements (SLAs) are important from an operational 

perspective, but in the world of vulnerability remediation they are absolutely critical. Organizations 

struggle to stay ahead of threat actors and need to track exposure of vulnerabilities more 

accurately to ensure they are reducing their window of risk. Getting a more accurate patch-level 

perspective which maps to the CVEs (common vulnerabilities and exposures) on how long the 

organization has been exposed, and what assets are outside of SLAs, is critical to reduce overall 

risk. 

Cross-Functional Conversations. SecOps is a useful phrase but in reality, the teams do start 

with different mindsets when addressing data and risk issues. The common ground from which 

they can work together to minimize threats is better, objective information on risk of vulnerabilities. 

That is why machine learning collection of threat patterns – data that can be shared – is an 

important part of improved patching. Better data will lead to more informed decisions on patch 

prioritization, giving both teams more confidence that the highest-risk threats are being acted 

upon first. 

Erasing the Barriers 

Getting rid of the practical, emotional and operational barriers to improved patching can be done. 

Employing automated vulnerability remediation eliminates the constant struggle of teams’ competing time 

and priorities. Through machine learning intelligence gathering of known exploits and crowdsourced 

telemetry, SecOps will no longer fear the results of patching. They are proceeding with a greater reliability 

due to more extensive knowledge. This improved patch reliability data delivers actionable intelligence 

automatically, so teams can act on threats faster and reduce time to patch, lowering operational impact. 


Chris Goettl is the Director of Product Management for security products at Ivanti. 

Chris has over 15 years of experience working in IT, where he supports and 

implements security solutions for Ivanti customers and guides the security 

strategy and vision for Ivanti. 



Channeling as A Challenge 

By Milica D. Djekic 

Abstract: The modern cyber systems could deal with some kinds of information leakage concerns such 

as source, routing and destination data losses. Any of them can mean that the entire infrastructure is 

under monitoring as well as risk, so it’s important to develop some sorts of inverse attack methodologies 

that can offer us the chance to appropriately respond to such kinds of breaches compromising our IT 

environment. In other words, if the proposed attack methodology means some asset is under threat we 

should cope with the best practices suggesting us to define the origin of those attacks. Once the source 

of attack is found cyber defense teams can locate those intruders and strike back in order to protect their 

assets. In the practice, there are some well-known vulnerable places in the network that can be exploited 

and in this effort; we will mainly talk about the risks to communication channels being the part of the IT 

infrastructure. Also, it’s significant to explain that the communication can be the wide term as there are 

both telecommunication and web connectivity channels. The telecommunication is basically correlated 

with the GSM, GPRS and GPS infrastructure, while the internet connection corresponds with the TCP/IP 

channel. In this article, we will pay attention to monitoring of the web infrastructure mostly taking into 

account its communication parameters. So, the risk to any communication channel is practically the same 

and if the tapping is happening anywhere it’s important to locate who does that and why. On the other 

hand, that can be interesting from an investigation perspective which will be discussed further in this 

article. 

Keywords: cyber security, communication, intelligence, defense, case, etc. 

Introduction 

The measurement science has challenged the manufacturers, industry suppliers and inventors during 

the centuries. The modern days have brought to us so many electrical and electronic solutions that serve 

in taking measurements on a regular basis. Those sorts of activities can happen in the laboratories, 

institutes and amongst the academic community providing us an opportunity to more exactly understand 



the nature and its technological outcomes. At the beginning, we can try to imagine how electricity travels 

through the circuits and why it’s important to cope with the engineering as the key pillar in understanding 

the novel technical systems. With the very beginnings of electrifications the human kind wanted to figure 

out how those natural phenomena function and that’s why so many physicists across the globe have 

researched those events and tried to formulate their laws and principles. As it’s known the electrical 

systems have relied on the postulates of the electrostatics, electro-kinematics and electrodynamics, so 

far. Those branches of the electrical engineering have been well-developed, but many have believed 

they will continue to produce the new results as time goes on. That’s what we call the progress and from 

the current perspective it’s obvious why it matters investing into so. The fact is in the nowadays electrical 

systems the charges travel through the conductors and through such a motion they form some kind of 

the electrical field. The electrical filed is the vector variable dealing with the intensity and direction. On 

the other hand, if we talk about the measurement practice occurring in some empirical research we should 

take into consideration that the flow of current is not identical to the fluid stream, so that’s why it’s 

significant to understand that the electrical charges in the conductor do not leave their circuit going to the 

probe of, say, some oscilloscope. In such a case, the measuring device is under the voltage as well and 

it will also generate some sort of electrical filed around its transmission line. So, in that manner we can 

talk about transmitting and receiving fields existing around the electrical circuit and measuring probe, 

respectively. 

In other words, the circuits deal with the emitting field, while the role of the probe is to collect or receive 

such sent information. The point is the emitting field will press that information into the probe’s field and 

on the display of the oscilloscope we will see the measuring values. In addition, in such a case we will 

cope with the superposition of the emitting and receiving vectors that will give some resulting value as 

the output. Any measuring devices are calibrated and their internal parameters are defined by the 

manufacturers, so if we cope with the stamp of the collected value we can figure out that there will be the 

ways to calculate the signal intensity and shape using the well-known mathematical equations. So, there 

are no charges leakage at all; there is only the interference between two electrical fields. Also, it’s 

interesting to mention the similar case is with the cyber technologies as there are no 0s and 1s 

dissipations at all, but rather leaving the information footage on the collecting field. The cyber systems 

can be channeled anywhere on the routing path and that can include the wirings, cablings and network 

devices such as routers, modems, servers and so on. Apparently, if the developer makes the code that 

will send the set of 1s to some location the reason for so is that electrical field dealing with the 5 V signal 

will collect the information from the interfering field and send them back via two-way communication to 

the device doing such a testing. From the practitioner’s point of view, it’s about sending the query to some 

point in the network and after the careful questioning the devices will be connected to each other and the 

signal will be transferred. In our opinion, the experts making the hardware will cope with much deeper 

understanding of those natural phenomena and they will be well-familiar with the field’s theory and its 

impacts to the ongoing technology. 

In case we try to imagine that there is the charges’ dissipation it’s logical that those electric particles 

should change their stream and that will be the obvious wastage of the signal. The fact is the signal in 

the network will be transmitted flawlessly and no one will get that such a network does some tapping, so 

far. Next, if there is the weapon to do that channeling there must be the counter-solution giving us the 

chance to detect such a presence in the IT infrastructure. Obviously, it will appear that cyber breaches, 

account tracking and much more are the quite manageable risks and the new challenge could be the 

communication channeling concern. The modern hackers are not only the skillful advanced users they 

are also good in R&D, so it’s clear they could develop some of those technologies as well as define some 

of the attack methodologies. From this perspective, it’s significant to aware the cyber industry about such 

challenges as it would provide the adequate response to any of those cybercrime scenarios. The bad 

guys must track the other people and if they cope with the insufficient skill to do so, they will pay the 

hackers to do so instead of them. In other words, it seems that’s one more useful honeypot to the good 

guys who can take advantage and through the time consuming searches catch the offenders one by one. 



So, if we know that the source, destination and routing devices and accessories in the network can be 

monitored it’s clear that all we need to do is to make some kind of the trap that will give us the chance to 

discover who is doing the tracking and from where. In sense of any sort of cyber tracking it’s obvious that 

some information will be copied and re-directed to the certain location coping with some IP address. On 

the other hand, the entire process of copying and transferring can appear as quite different from the 

perspective of the hardware engineers. Anyone in the industry doing R&D will know that it’s quite trickery 

developing the new product and from that point of view it’s needed the deep knowledge of math and 

science. 

Therefore, if such a crime is possible it should find its place into the Criminal Code and the investigators 

and forensic examiners should be trained to resolve that sort of criminality carefully investigating 

everything and collecting the evidence that can prove someone’s guiltiness on the court. In other words, 

if the communication channeling is happening and undoubtedly it’s quite feasible it exits there must be 

developed the entire set of counter-measures that will support us in being much safer in such a sense. 

Any activity in the cyberspace can leave the trace and if the tapping is not only data transfer from one 

location to another as the IT security professionals could see that it’s quite clear that the aim we should 

target is not the electrical field, but rather that two-way information exchange channel that will respond 

with the returning messages and definitely leave the footage in the network as the returning electrical 

charges will make some differences in the routing path affecting the previous state of the electricity in the 

conductor carrying the entire information on. Moreover, when the signal travels through the network 

nothing will remain the same as the electrical particles and their fields will make the differences. 

Network Monitoring Systems 

The purpose of the network monitoring tools is to gather data regarding web traffic and the other kinds of 

the network information sharing. The point is quite similar as with the laboratory experimental probes that 

will be connected to the piece of equipment in order to read the signal. In other words, the network 

monitoring system will read the traffic within some part of the network or route. Such asset can collect 

the network packets being the sets of 0s and 1s – apparently, transferring them to many different 

locations. So, if we imagine the network as some sort of the print board we can figure out that our network 

monitoring “probes” can access nearly any part of such an infrastructure. In the practice, the packets of 

the information can be cryptographically protected and on the marketplace there are some solutions that 

can overcome such a barrier. Basically, the network surveillance tools are capable to send the request 

to the targeted point in the network through one route of the two-way communication and consequently, 

they will get the response via another communication channel. The common tools can monitor the activity 

of the network devices and apparently, the entire path on. The majority of the commercial solutions can 

use the crypto-algorithms in order to decrypt once collected traffic. The fact is the hackers can have the 

both – software and hardware skill, so they will not rely on the commercial products but rather cope with 

their own research developing the quite scary cyber weapons. The point is those skillful guys could work 

under the program of some opponent government or the entire terrorist regions being the huge threat to 

the international security. For such a reason, it’s clear why the global collaboration in intelligence and 

defense sector matters and why it’s important to work hard to make the trust-based relations. 

The good question being addressed to the hardware engineers is how network monitoring system works 

and if we make such a remark to the brilliant developer we will not get the full answer as there are still 

open concerns that can be explained by the micro-electronics and material science experts. In other 

words, some of points seeking the answer here are still beyond our current understanding, so we will try 

to discuss the stuffs that are fully or somewhat clear to us. The imperative is to engage so many 

professionals and researchers to give some feedback as well as provide some comprehensive answers. 

In other words, the topic is technical, but still multidisciplinary so it’s good talking about so as the entire 

community would be aware of. In the essence, it’s clear that the network monitoring is also about some 



kind of the communication streaming as the bits of information can go to one or many locations causing 

the troubles to everyone. It appears that makes the task to the investigators being much more difficult as 

the information leakage can be adjusted to go the computers that will not issue the straightforward 

request. In other words, it’s possible to send the request from one computer and receive the packets of 

data somewhere else on the web, so that’s how the clever cyber foxes will camouflage their path. The 

idea is to trick the authorities and make them miss to examine everything deeply for a reason they are 

not aware of such feasible cybercrime schemes. 

Probably the best method to analyze the channeling offenses is to do that through the network monitoring 

software. That tool will leave the footage about its activity in the cyberspace and no matter how smart the 

cybercrime underworld is they will not be able to hide what they do there for real. The electricity usually 

goes through conductors and semi-conductors, so even the material science researcher can figure out 

what happened in the piece of circuit as that part could be investigated at the micro level or under the 

power. Also, it’s good thinking about the idea of multi-level streaming as the request for monitoring can 

be sent from one computer, delivered back to many of them and further it can be made the new request 

that will use the next ring of machines in order to cause them being the sinks to that level of channeling. 

Right here, we have mentioned the possible criminal schemes that can appear in the practice and in our 

understanding, it’s helpful to know some details about them as the response of the investigation agencies 

could be timely, accurate and impactful, so far. The nightmare scenario is something from so could get 

in the hands of transnational crime and terrorist organizations, so the consequences are obvious. 

Signal Travels through Wire 

The internet signal travels through the wirings mainly and if we talk about wireless base stations it’s 

possible observing the TCP/IP channels through such a medium. In this chapter, we will talk about the 

signal that goes through the conductors’ and semi-conductors’ elements of the electronic circuits. It’s 

well-known that the power supply of any computing unit will use the alternating current from the local 

electrical grid, but it will convert such energy into direct current applying some sort of the AC/DC 

convertors. The majority of portable devices will get the battery with them and they will cope with the DC 

power supply once they are on the field. On the other hand, the wireless signal access points have their 

range and coverage which means they can throw the signal at some distance covering the certain number 

of devices needing such a communication. Also, the wireless systems will emit the electromagnetic 

waves with the digital information being packed there, while the wire solutions cope with the electrical 

impulses going through some material. In addition, it’s well-known that the digital systems are the 

switching ones and the best way to make 0s and 1s is to periodically close and open the switches. The 

similar case is with the wireless internet that will also use some sort of relay to produce the digital 

component of the electromagnetic waves. The experts for telecommunications are well-familiar with so 

and they can explain how vulnerable anything traveling through the air can be for a reason someone 

getting the developed equipment can interfere with everything including the radio waves that are not 

necessarily cryptographically protected. In other words, the network monitoring tools are not suitable for 

the wire systems only, but they can make some impact in case of the wireless solutions. 

The most common way to gather the network traffic is via the network devices. Those sorts of equipment 

are usually the routers, modems and hops being present in the network. On the other hand, it can appear 

as somewhat confusing to claim that the network monitoring tools are just wire-oriented as it is possible 

to collect the wireless signal from the air. That signal is well-protected with some encryption and the 

experience will show that the majority of such cryptography is still vulnerable to the hacker’s attacks. The 

trick is so similar as in the case of the wire-based system as in the case of the wireless web the cyber 

attack can go through the devices being capable to emit the electromagnetic waves and collect once 

stamped information from the local surroundings. In other words, whatever we choose as the transmitting 

medium being the cable or the air the impacts could be more or less the same – concerning to many of 



us. Indeed, it was necessary to distinguish the wire and wireless systems in this section, so some 

empirical researches could suggest us that the wireless systems can be detected using a wide spectrum 

of radio frequency searching devices. Such search can be time consuming, but as the entire 

telecommunications cope with the ground and air communications it’s clear that some of the local 

infrastructure can serve in search which literally can take a plenty of time. 

In other words, if the attack methodology in case of the wireless communication is put under the 

investigation the good question is how those operations could be detected. The adequate answer to that 

question is through scanning. Apparently, anyone using any kind of communication and in this case we 

will talk about the wireless web will need to leave his IP address to such a network if he wants to pull out 

anything from that grid. So, if we need to see what someone online does we also need to be online. 

Therefore, it’s feasible to scan the entire range of the access point in order to determine who has used 

that infrastructure for some kind of cyber operations. It’s quite obvious that such a portable device has 

used the IP address belonging to such an access point, but it’s also possible it will get its own IP address 

coming from its mobile internet connectivity. The entire cyber industry still needs to learn as we will be 

capable to develop the solutions that can be advantaging for many and mostly for the good guys doing 

the investigation. To be honest, the impact of poor cyber defense is far more reaching and if we do not 

figure out how important is to have developed the good cyber security capacities today – tomorrow it can 

be too late! Through wire or wirelessly the signal will be registered in the cyberspace and for a reason to 

avoid the messy job we must think at least a step ahead of the threat, so far. 

Collecting Network Traffic 

The network traffic can be collected through the communication ports and that’s not only the case with 

the endpoint computers, but rather with the network devices as well. The network devices serve to 

manage the traffic via the grid and no matter how strong their firewall protections are there are always 

the ways to make a breach into such a system. The fact is the signal travels through the wire and 

wirelessly, so in both cases it’s significant to take into account how those points in the network can be 

approached. Collecting the network traffic is the challenge and it’s not only up to the bad guys how to do 

so, but mainly up to the cyber defense professionals who need to assure the network and the entire 

traffic. From a security perspective, it’s important to analyze how all those sinks of the communication 

channeling can be detected and the cybercrime groups getting found. The point is to prevent the 

cyberspace from being compromised, but it’s harder to do than to say! Further in this effort, we will 

mention some of the channeling hotspots being the places where the channeling works the best. Also, in 

this article we have talked broadly about the ways of the information transmission and it’s clear that the 

communication channel can be the quite wide term. In other words, the network traffic can be caught in 

the transmission line, local environment, air, routing devices and much more. Everything of them is the 

communication medium and in case of the TCP/IP communication it does not mean protecting the 

network from being streamed is the easy task. The old, good hacker’s methods can include some sorts 

of breaches either via accounts or through data and devices, so far. On the other hand, the 

communication channeling is the biggest challenge we have at the moment for a reason so many of the 

prevention techniques are not developed yet. Also, the good communication must be capable to cross 

all barriers including the land, air and water. So, it’s obvious how hard it was to make the global network 

being the web and produce it works quite reliably in any part of the world. 

Further, the telecommunication services such as GSM, GPRS and GPS are well-developed at the 

present and some experts will predict they could find their role in the future being some kind of the support 

to the coming technological solutions. Especially in such a case it’s important to think about the security 

as about nothing in this world is absolutely reliable. Also, any communication channel is vulnerable to the 

attacks, so if we are too dependable on the emerging technologies that can be the huge risk to everyone 

on the planet. So, if the task of the communications is to cross the barriers such as land, water and air 



it’s logical to realize that the channeling can happen anywhere and anytime. That appears as one more 

open concern and indeed, it is. Unluckily to many of us, the communication we have nowadays is not 

strictly physical for a reason it will be deeply correlated with the cyber domain. It will exist for real and it 

will be highly sophisticated, but it will be our greatest weakness for a reason it will make our lives being 

mainly virtual. It was hard to imagine during the 20 th century we will go that far away, but still remain as 

Einstein would say for his time’s science “child-like” and we would add naive in front of all the threats 

arising today. 

The fact is the global landscape has changed through the time and there was never the blessing time to 

all. The history will appear as quite turbulent, so the good portion of the defense industry has become 

interested into the technology as the driving force of the progress. To wrap up, the communications of 

today is quite reliable, but still sensitive to attackers. Streaming is possible in any sense and we would 

not be surprised if some cybercrime groups are already exploiting such vulnerabilities. What we know in 

this phase is that we need to detect the sinks of our information as they will provide us the best findings 

about the streamers we look for. The cryptography can help a bit, but not completely so there is the big 

need to follow the internet signal from its source unless destination in order to understand what sorts of 

paths it must pass on its way on. The network is about the software and hardware and it’s highly appealing 

to form the multidisciplinary teams that will deal with the better understanding of all perspectives of the 

channeling challenge. As there are the tendencies with the marketplace to cope with some trends and 

demands from the consumers the similar case is with the black market that can develop literally 

everything in order to take advantage over our weaknesses. 

Encryption Challenges 

The data being streamed could be encrypted and from a point of view of the cryptanalyst there can be 

some difficulties in converting the ciphertext into the plaintext. Any commercial and military cryptoalgorithm 

is well-studied and the main concern in opening the message can be selecting the appropriate 

cryptographic key. The encryption key is selected on one of the devices in the network and it is 

recommended it should be delivered to the destination using the different communication line. In other 

words, the encrypted message is sent to one or more destinations using one channel, while the 

cryptographic key must go through the well-protected and secure link. In the practice, there are so many 

key management techniques and in case of the multi-level encryption there are several keys in the usage. 

From a today’s perspective, the multi-level cryptography means that the plaintext is encrypted into 

ciphertext and then that ciphertext is re-encrypted into the new ciphertext and so on – depends how many 

levels of encryption we want. At this stage, there is no perfect secrecy and by some opinions that’s 

something being impossible as there are the obvious limitations of the ongoing digital systems. The 

cryptographs from the World War 2 have predicted the perfect secrecy, but nowadays we can discuss 

only the weak and strong encryption, so far. Basically, it’s hard to design the strong encryption system 

and such a project needs the participation of the multidisciplinary team of the experts. As it is known the 

cryptography can go through software or hardware and sometimes the combination of those two 

solutions. The hardware crypto-system appears as the common USB stick that can be connected to the 

computer and used to transmit the message being transformed applying some encryption rule. On the 

other hand, the software encryption can rely even on the open-source applications and it can be disabled 

conducting the typical endpoint cyber attack. In the world of the APTs, it’s clear that so many hardware 

encryption solutions could be targeted and become malfunctioned for a reason someone will just burn or 

damage that asset. On the other hand, the computers and devices working with the cryptography must 

be well-assured and if we know that our opponents will spend months and months searching the 

cyberspace looking for us it’s definitely clear that some of such searches will give the positive results to 

them. Also, we will do the same and it’s only the matter of time who will find whom the first. 



In its essential meaning, the encryption is the practice of transforming the plaintext into the ciphertext. 

The cryptography has existed through the history and in this digital time, it’s only about how the sets of 

0s and 1s will be differently re-arranged, so far. For such a purpose, we will use the certain group of the 

rules supporting us to encrypt and lately decrypt such information. In the current world, it’s possible 

encrypting not only the entire communication channels, but mainly the files, folders and devices. That’s 

something being commercially available and it’s not the privilege of the defense sector only. So, if some 

file is encrypted so far it’s possible sending it to one or many locations using, say, the e-mail account, 

while the key for decrypting can be transferred applying the webpage. Those techniques are still quite 

expensive and there are gaining the great popularity amongst civilians particularly in the business and 

industry as so many business players want to protect their projects, intellectual property and professional 

secrets – so that’s why they use cryptography in order to take advantage on the marketplace. Also, there 

are a lot of competitors that will use the business espionage in order to steal the sensitive information 

from their competitors and in such a manner they are ready to fight so mercilessly in order to obtain the 

huge profit. 

To recapitulate this chapter, the encryption is the big deal even today. As we have suggested before 

anything going through the wire or wirelessly can be channeled and the challenge is how to open those 

information being grabbed on the land, water or in the air. Breaking the cryptography seeks time and 

effort and that’s why many doing so could deal with the serious obstacles. In other words, if any 

communication can be streamed the good question is if the strong encryption can save our data from 

being readable to our opponent. The answer is it’s worth making such an attempt. 

Packets of Information 

In the digital systems, the packet of the information is a series of the bits that cope with their length, 

capacity and interpretation depending where they are positioned. In the practice, those pieces of data 

can be encrypted or they can go through the ciphered channel. The packets of the information are sent 

from their origin and they must be received at their destination fully or in other words, they are corrupted 

and the local IT system can see that as the flaw in the communication. So, those packets of data are the 

real blood in the organism being correlated with the communications, so far. Apparently, if our 

communication is the blood systems its packets are the building blocks forming such an entity. On the 

other hand, it’s logical that the packets are not just disoriented parts of the information as they will 

precisely know where to go and which message to carry on. Basically, those smart agents can deal with 

the payload being the message that should be transferred and with the routing information that can 

provide some sort of navigation through the channel by itself. In the practice, so many network monitoring 

tools can take those packets from their route and apply some sort of the decryption in order to recognize 

their content. The fact is the skillful network administrators and analysts can use those tools, but the 

trouble is when such a solution comes into the hands of the bad actors. The developers and software 

engineers are far more familiar with the packets concept and we believe there are the heaps of useful 

open-source intelligence on the web that can support anyone’s effort to study more about such a theory, 

so far. In other words, our aim in this case is to provide the description of that paradigm in so simple 

manner, but we also want to encourage the experts from many fields to take part into such a research as 

the channeling is the challenge on its own. The issue is the entire packets of the information can be 

streamed from the communication line as the packets are the building tissue of any communication 

system being digital by its nature. In other words, the TCP/IP communication is not feasible without the 

packets of the information and in the practice; some kind of the cryptographic protection must be used. 

No matter how well we are protected the cyber criminals can go a step beyond. Also, if we talk about the 

war conditions it’s clear that the armies of some countries could use the professional defense equipment, 

so they are far more dangerous than the adolescents with the acnes. In addition, the guys serving in 

some military unit can deal with the coding skill and they cope with much more sophisticated tools than 

the guys from the criminal environment. Therefore, the Black Hats should not be underestimated for a 



eason they will be that hidden part of the ice berg that will be deeply below the surface working hard day 

by day and never stopping to launch their new and scary solutions to the surface. In other words, they 

are so dangerous machinery that will put a lot of effort to produce so serious weapons. From their point 

of view, it’s a piece of cake dealing with some packets and doing some channeling as well as message 

opening on some device. We cannot miss to say that the cybercrime underworld is well-familiar with the 

both – software and hardware engineering and as they can make a plenty of malware every single day 

they must be capable to stream the communication channel and make that content being readable to 

them. 

As we already said, the packets of information will cope with two main parameters telling them where to 

go and what to carry on. Those parameters are the routing information and the payload, respectively. 

The most sensitive part of any packet is the payload as it keeps the secret which messages should be 

transmitted. On their way through the packets of the information can pass so long distances and use the 

capacities of so many servers being the part of that routing path. Sometimes the paths could be so busy 

and in such a case the packet will be directed depending on availability of the network route. In addition, 

in this effort we have dealt with the protocols as the technical solution, so it’s important to explain that 

better. The protocols are those parts of the communication network that will allow data transfer only if 

their communication is accurate. In other words, they will exchange the set of questions and answers 

and if everything works flawlessly the communication channel will be open and the packets of the 

information will make a transfer through that transmission line. This is not only the attribute of computing 

systems, but rather the characteristics of the entire telecommunication as both solutions use the 

electricity to operate on. 

Essences of Streaming 

The channeling can happen anywhere and anytime on the data transmission line either it’s about the 

information exchange medium or the routing devices. The routing devices are sometimes called the hops 

and in case of the link cryptography those spots can be extremely sensitive to the cyber attacks as they 

need to decrypt the packet of the information in order to see where to send it the next and then re-encrypt 

so in order to maintain that communication being confidential. In other words, they will cope with so 

obvious weaknesses and if such a device is the place of decryption that’s how we can see the problem. 

The fact is those hops are the concentrators of the plaintext information and anyone being connected to 

that gadget can steal the plaintext messages. Also, if we think about the routing information the entire 

path will be more than obvious. In the coming section, we will talk about the channeling hotspots and 

from a security point of view it seems that those hops are the real hotspots. The main drawback here is 

the streamers can offer their service to much more dangerous actors such as the terrorists and such an 

irresponsible behavior can put under the risk the lives of so many innocent people. The cybercrime 

underworld will do that for profit and they are not ethical at all about choosing to whom to serve as well 

as what can happen as the outcome of their activities. The channeling of the communication is the 

modern nightmare as it can happen anytime and anywhere, so even if there is some trace being left in 

the cyberspace it’s needed to make the heaps of searches in order to get any track. The intelligence and 

defense teams working on such tasks literally need a lot of time and above all they need to cope with the 

outstanding skill in order to overcome all the obstacles being on their road on. It’s so important why it is 

so appealing talking about such things and why we need to run a plenty of research projects that will 

direct the industry to get that direction. In addition, there is the huge need for the skillful researchers in 

the defense sector as everyone would be well-updated about the new trends and tendencies in the world. 

Basically, the information can leak through the entire path and such a risk is hard to be managed. 

Apparently, we can lose data somewhere and there can pass a lot of time before we figure out who does 

that and from where. It is believed that the criminals and terrorists are only the advanced users of the 

emerging technologies, but from another perspective there is the entire black market that can develop so 

very dangerous solutions and sell them to the bad guys for the competitive profit. So, the bad guys still 



stay the advanced end users, while the cyber criminals are the lords of the entire black market industry. 

Recently, some international law enforcement agencies have reported that they have arrested the 

cybercrime groups doing the TV channel streaming and offering such contents on their entertainment 

platform. This information gives the hope as we are just aware that the modern policing and intelligence 

can detect, prevent and resolve such criminal justice cases. In other words, being through the web or the 

other communication and telecommunication channels the streaming is happening so f requently. 

To explain this better, with the communication channeling it’s not needed any longer to do some account 

tracking as there is an opportunity to catch that correspondence on its way on. In other words, if the 

President of the United States sends his e-mail to someone in his administration it is not needed to redirect 

the copies of those contents to the threat’s account simply doing the account tracking which means 

the message will be tracked in the active, storage or backup status from some server especially if there 

is the chance to make a breach into the communication channel and re-direct the copy of that e-message 

directly from its way through. The account tracking can appear as quite traceable at this moment, but the 

channeling still remains the challenge to the modern days. 

Moreover, once sent message can be caught in the air if the user relies on the wireless internet. On the 

other hand, there is the strong need for the research and investigation in this area as the arising threat 

could be put under the control. In other words, the channeling should become the manageable risk as it 

can serve as the trap to the bad guys that want to obtain everything in the illegal fashion, but we can talk 

about so once we develop the technology that will cope with the enough capacity and speed in order to 

detect and locate such a threat. Those days are not that far away! 

Channeling Hotspots 

The channeling hotspots are those points in the network where the risk of the data leakage is the most 

critical. In the practice, that is happening in the hops being the parts of the infrastructure where the traffic 

can be decrypted. Also, the most sensitive portions of the web are the communications mediums or the 

places where the signal is transmitted through. In our opinion, there is the great need for the better 

understanding how the entire grid works as the members of the defense community could gain the skill 

in working on such cases. On the other hand, the engineering community that has developed the internet 

will deal with much deeper understanding how it goes and in our experience those findings should be 

transferred to the security rings. The most dangerous stuff here is there could be some data leakage, but 

we will not be aware of so. At the moment, there are the millions of the network monitoring tools being 

active in the cyberspace and if we want to figure out who is observing the web we need to cope with 

some kind of inverse techniques that will give us the chance to detect those locations and persons. So, 

it’s all about the deep search and as we know it can be too time consuming. On the other hand, there are 

no silver bullets in the world and what is needed is to invest a lot of effort in order to resolve some 

situation. The internet is the complex and global grid and searching the web is like a doing the never 

ending job. Our enemies could be anywhere and even to gain some track can take so much time. In other 

words, the entire web infrastructure could be assumed as one huge communication channel and we will 

never know from where the information can leak out. In the emerging time of threats it’s obvious that the 

both – good and bad guys are dependable on the cyber technologies and as the IT asset is the part of 

the nation’s critical infrastructure it’s clear why it matters paying such a big attention to so. Also, the hops 

as the hotspots are the most obvious weaknesses in the communication infrastructure as they can offer 

the plaintext information on their way through. In addition, if someone is catching the wireless signal in 

the air the reason for so could be that hacker has the capacities to decrypt once transmitted traffic. In the 

practice, there are so many frequent places with the wireless access points that due to the interference 

can offer some stage of the coverage. From a different point of view, if we talk about the physical 

components of the cyberspace such as hardware, wirings, caballing and the network devices it’s logical 

that those parts of the assets could be attacked as well as they carry the web traffic, too. Basically, the 



channeling hotspots are diverse and it’s needed to ask for an opinion from the expert in the field as that 

guy is capable to at least partially remove our doubts. There are no over-smart individuals; there are only 

the technically relevant teams that can provide the quite clear and simple explanations to any our 

question. In other words, as the phishing is the ongoing challenge to many and some companies would 

want to develop the software that can recognize the bad link from the good one – for a reason that’s 

needed to reduce the cost of so expansive training that will not be sufficient to offer the appropriate skill 

to the people, so the employer will always be unconfident about what can happen the next. From that 

perspective, it’s clear why the business players will compete to assure the entire web and provide the 

solution that will resolve the problems automatically and in the less timely manner. 

On the other hand, if we analyze the network traffic and define the first hand hotspots our journey could 

begin there with the well-researched staring points that can lead us to the deeper understanding of the 

issue by its essence. Therefore, it’s needed to start from somewhere and if we try to detect what is 

happening with the current hotspots determining them as overwhelmed with the external sinks we will be 

on the good way on to push our industry actors working on the better security of the entire global grid. In 

other words, any action seeks reaction, so that’s why we must be confident that everything we need is 

with the footage in the cyberspace and if we follow that track we can obtain so many helpful findings to 

the entire criminal justice investigation. Finally, it will appear that this effort is the quite criminologyoriented 

one and that’s the fact as the novel technological challenges bring with them the new offenses 

and criminal schemes seeking from us the better dedication and commitment in any task being assigned 

to anyone of us. The point is the hackers of today can look like the curious kids getting on nerves to many 

serious people, but they are not such a severe concern as their bosses are. 

Discussion & Conclusions 

The communication channeling with the web resources is feasible and it is already happening across the 

globe. The new time’s threats must adapt if they want to survive especially in we take into account how 

merciless and harsh they are about each other as well as how chronically they are in the state of 

readiness in terms of the security community activities. The main imperative to the current defense 

agencies is to detect the sinks that will pull out the communication happening somewhere on the web. 

As we said, nothing can be resolved over night and in the practice it takes time to tackle anything. The 

role of this effort is to aware the criminal investigation rings about the ongoing concern that should also 

be taken into consideration in combating the transnational organized crime and terrorism as well. In other 

words, if we are not aware about the threat we can believe it does not exist in our community or wider at 

all. On the other hand, if we encourage the people to talk about what they believe in we can get the real 

feedback that can make us to take some steps on. First, it’s needed to confirm something as channeling 

is possible and if that is confirmed in some laboratory or the base through giving the chance to the good 

guys to play with the equipment and try to prove the data leakage they will undoubtedly gain confidence 

about how it works. In other words, if we prove the streaming in some experimental conditions we will be 

in position to ask the forensic experts to collect the evidence and in such a manner we will have the entire 

experimental case being resolved. The ultimate response should come from the cyber industry and that 

must happen in the collaboration with the security community, so far. 



About The Author 

Milica D. Djekic is an Independent Researcher from Subotica, the 

Republic of Serbia. She received her engineering background from the 

Faculty of Mechanical Engineering, University of Belgrade. She writes 

for some domestic and overseas presses and she is also the author of 

the book “The Internet of Things: Concept, Applications and Security” 

being published in 2017 with the Lambert Academic Publishing. Milica 

is also a speaker with the BrightTALK expert’s channel. She is the 

member of an ASIS International since 2017 and contributor to the 

Australian Cyber Security Magazine since 2018. Milica's research 

efforts are recognized with Computer Emergency Response Team for 

the European Union (CERT-EU), Censys Press, BU-CERT UK and 

EASA European Centre for Cybersecurity in Aviation (ECCSA). Her 

fields of interests are cyber defense, technology and business. Milica 

is a person with disability. 



Ransomware is Evolving – Agencies Must Prioritize Data 

Backup 

By Nick Psaki, Principal Engineer, Office of the CTO, Pure Storage 

The threat of ransomware is not new – but we are seeing a renewed focus since the onset of COVID-19. 

With the majority of the Federal workforce remote, the landscape is changing rapidly and threats are 

evolving. The Cybersecurity and Infrastructure Security Agency (CISA) – along with other agencies – has 

released several alerts since the beginning of the pandemic, citing new and emerging threats. 

Some of these alerts, for example, share the baseline recommendation that organizations should focus 

on routinely backing up systems, reinforcing basic cybersecurity awareness and education, and revisiting 

cyber incident response plans. 

As telework continues and bad actors become more sophisticated, agencies must shift their mindset. 

The threat of a ransomware attack necessitates not only a strong defense, but an equally strong 

response. There is no guarantee that every ransomware attack can be prevented – and data backup is 

useful only if it is accessible when it’s needed the most. Agencies need a platform with security built-in, 

as well as highly responsive backup and recovery measures to prepare for ransomware attacks that 

target the last line of defense, data backups. 

Agencies can help prevent ransomware attacks by keeping their operating system and tech stack up to 

date and investing in InfoSec training, network security audits, and vulnerability testing. They can also 

assure access to data and back up files through frequent snapshots and other data-protection methods. 



But protecting against a high-impact, low-probability event is difficult in practice. Backups may not work 

effectively or quickly enough in the event of a real threat. Many systems are not ready to restore large 

environments in a short timeframe. Failed backups, corrupted data, and slow restores hurt agencies even 

more. Evolving ransomware attacks that target backup data, backup catalogs, and even storage array 

snapshots force agencies to go through the reconfiguration of backup solutions before even recovering 

the data. 

Federal IT leaders should consider a data strategy with security built-in. Ransomware attacks place 

immense strain on existing data-protection infrastructure if it’s built on legacy architectures like disk and 

tape. Conventional security measures can safeguard agency data from natural or human-made disasters, 

data corruption, or accidental deletions, but provide less protection against ransomware. A ransomware 

attack is not a normal recovery event that might involve a few lost files or a corrupted database; potentially 

all files and databases could be encrypted. The same design that optimizes for data ingestion and spaceefficiency 

creates significant drag on recovery speed because data needs to be reconstructed after being 

widely dispersed through deduplication. A modern data platform with protection for backups built-in is 

essential. 

Agencies must evaluate their backup and recovery measures to ensure they’re sufficient. Data backups 

are often the last line of defense against ransomware attacks. Focusing on recovery performance helps 

avoid system downtime, and ultimately works to prevent a threat to mission-critical work, or a lapse in 

essential citizen services. 

Two metrics are key here: reliability and speed of backup. Backups should not require constant care and 

feeding, and they should also be simple and immutable. In this case, immutability ensures backups aren’t 

compromised by attackers even if admin credentials have been compromised. Advanced protection can 

also come in the form of automated snapshots that prevent backups from being deleted. 

We also must evolve our expectations around backup and restore speeds. Backup storage must recover 

as fast as possible. It also must be done at scale – a single database might require 10 hours to restore. 

When you consider the massive amount of data housed within an agency, you are measuring recovery 

time in months. 

Federal agencies doing mission-critical work cannot afford that amount of downtime. Rapid restore is 

essential if agencies are to protect themselves against the effects of ransomware attacks. Recovery point 

and recovery time objectives ensure that they can avoid major operational and financial impact, protect 

critical data, and stay focused on the mission. 

Rapid backup and recovery are essential – with a Modern Data Experience as the foundation. A Modern 

Data Experience is simple. Storage should be easy to set up, manage, and expand, as well as integrate 

easily with existing backup software. Of course, it must be fast – restoring data and applications quickly 

enough to actually matter. It should also be seamless. This experience can span any protocol, any tier of 

service level, and multiple clouds in a single environment. Lastly, it should sustain performance as data 

volumes increase. 

Having consistent, real-time access to data is critical for agencies – and in the event of an attack, they 

must be able to recover data at scale, as quickly as possible, when systems go down. The backups 

themselves must be both valid and usable. Modern data protection is fast, simple, and cost-effective. 

This strategy helps prevent the devastating effects of cyberattacks that could reduce productivity, cost 

millions, threaten mission-critical work, or create a lapse in essential citizen services. 




Nick Psaki is the Principal Engineer, Americas – Federal for Pure 

Storage and based in the Washington, DC area. Nick is Pure Storage’s 

senior technical resource for Federal customers, providing deep 

technical knowledge of flash storage system architectures that enable 

business and technological transformation for government enterprises. 

A 30-year veteran of the United States Army, Nick has extensive 

experience in designing, developing, deploying and operating 

information systems for data analysis, sensor integration and largescale 

server virtualization. He was the Intelligence Architectures Chief for the Army G2 (Intelligence), and 

the Technology and Integration Director for Army G2 Futures directorate. He has served in multiple 

peacekeeping and combat operations ranging from the Balkans in the 1990’s (Operation Able Sentry VI 

and Operation Joint Endeavor/Joint Guard) to Iraq and Afghanistan in the post-9/11 era. For the past 

several years, Nick has been focused on ways in which new and emerging technologies can enable more 

rapid and cost-efficient analysis of ever-growing bodies of data. 

Nick can be reached at nick.psaki@purestorage.com and at our company website: 

https://www.purestorage.com/solutions/industries/government.html 



5G Security 

Towards trustworthy products for resilient networks 

By David Soldani, CTSO, Huawei Technologies 

5G technologies will be applied to many vertical industries and support various usage scenarios, such as 

applications to internet of things (IoT), self-driving vehicles and health care, to mention a few. 

In general, most threats and challenges faced by 5G security are the same as those faced by 4G security, 

and the different security risks coming along with new services, architectures and technologies are well 

mitigated. 

Although the separation between access and core network is as clear as that in 4G, the architecture of 

5G is constantly evolving and will continue to evolve over the next decade until 6G is developed. 

Whereas the first 5G release (3GPP Release 15) predominantly addressed the immediate needs of 

enhancing the mobile broadband experience, 3GPP Release 16 (just finalized) and 3GPP Release 17 

take 5G toward the full 5G vision, balancing the needs of mobile broadband operators with expanding 

into new markets, including vertical players. 3GPP Release 18 and beyond will focus on the definition of 

new use cases, study items (SI) and work items (WI) towards 6G, which is expected to be specified by 

2030. 



3GPP Release 15 defines the 5G security 

infrastructure and further enhances 4G 

security by supporting: user plane integrity 

protection for better Air interface security; 

user privacy preservation by encrypting 

the permanent identity encryption; 

subscriber-level security policies for 

flexible security management; unified 

authentication for seamless experience for 

wireline and wireless access to 5G 

services; and enhanced roaming security 

by encrypting traffic between home and 

visiting mobile networks. It also supports 

security assurance and test methods for 

5G core network functions and base 

station (gNodeB). 

3GPP Release 16 fortifies the security architecture for wireless-wireline convergence; and supports 

security for vertical functions and authentication and key management of vertical applications, such as 

network slicing, industrial IoT (IIoT), cellular IoT (CIoT), multi-access edge computing (MEC), terrestrial 

and aerial manned and unmanned vehicles. It also supports security assurance requirements and test 

cases for data analytics, inter-working and service communication proxy functions. 

3GPP Release 17 will further evolve the user plane integrity; authentication functions; security controls 

for rouge base stations, slice enhancement, private networks, drones, and broadcast channels. Also, it 

will support security assurance requirements and test cases for additional network equipment and related 

functions. 

The Global System for Mobile Communications Association (GSMA) network element security assurance 

scheme (NESAS), jointly defined by 3GPP and GSMA, provides an industry-wide security assurance 

framework to facilitate improvements in security levels across the mobile industry. 

The NESAS defines security requirements based on 3GPP technical specifications and an assessment 

framework for secure product development and product lifecycle processes; and security evaluation 

scheme for network equipment, using the 3GPP defined security specifications and test cases, i.e., 3GPP 

security assurance specifications (SCAS). 

The NESAS is focused on the vendor aspects of the supply chain, and thus provides a security assurance 

framework to improve security levels across the all mobile industry, because it has been developed 

following established practices and schemes that provide trustworthy security assurance. 

The NESAS is widely supported by security authorities (such as ENISA in EU, ANSSI in France and BSI 

in Germany) and industry organizations, globally. 

The NESAS 1.0 release was finalized in October 2019. Ericsson, Nokia and Huawei openly support 

NESAS as a unified cyber security certification framework for mobile network equipment, and more than 

ten operators have requested NESAS compliance, before deploying 5G equipment in their countries. 



On 24 August 2020, the GSMA announced 

that the world’s leading mobile network 

equipment vendors, Ericsson, Huawei, Nokia 

and ZTE, had successfully completed an 

assessment of their product development and 

life cycle management processes using the 

GSMA’s NESAS. In particular, Huawei has 

passed the auditing process for LTE eNodeB 

and 5G gNodeB product lines, and 5G Core 

product line. Also, last month, the Huawei 5G 

gNodeB and LTE eNodeB passed the 3GPP’s 

security assurance specifications testing. 

The NESAS 1.0 framework was approved in 

October 2019 and comprises a number of 

technical specifications that meet the basic requirements of the EU Cyber Security Act. The NESAS 

specifications will be further improved by the end of this year to meet higher security assurance levels in 

compliance with the EU Cyber Security Act. This will take into account the best industry standards and 

security practices. 

Trustworthy products and resilient networks cannot be achieved without the full participation of all the 

elements in the trust chain for a network. We need a layered defense, where controls of various types 

and kinds overlap each other in coverage, and that’s how a defense-in-depth 5G security strategy should 

be implemented. 

An example of defense-in-depth approach for 5G security deployment requires the support of: 

• All 3GPP SCAS requirements, and fundamental security control enhancements, such as: user 

plane (UP) integrity protection, UP security policy, roaming security, user privacy preservation 

(encryption of international mobile subscriber identity), unified authentication and enhanced 

encryption algorithms. 

• Equipment security, for example: 3-plane isolation, data security, host intrusion detection and 

Trusted Execution Environment (TEE). 

• Sub-solutions to Radio Access Network (RAN) security (e.g. rouge base station detection, 

secure transmission), MEC security (MEC platform hardening, MEC security operations, e2e 

encrypted local network), Core Network security (multi-layer isolation and hardening, disaster and 

elastic recovery), Network Slicing security (slice isolation, encryption and protection, differentiated 

slice security) and Massive Connectivity security (signaling domain anti-DDoS and date domain 

anti-DDoS). 

• Security management, which includes an Element Management System (EMS) layer, for 

situational awareness, anomaly detection, trusted integrity measurements, certificate 

management, log auditing, and Network Element (NE) vulnerability management; and an end-toend 

Security Operation Centre (SOC), for security situational awareness, AI-based threat analysis 

and detection, security orchestration and Network Element (NE) vulnerability management. 

5G security requires collaboration in terms of standards, devices, and deployment. All parties in the 

industry chain need to take their own security responsibilities. In order to mitigate the related cyber 

security risks: 



• Suppliers must prioritize cyber security sufficiently (e.g. respect laws, regulations, standards, 

certify their products, and ensure quality in their supply chains); 

• Telecoms operators are responsible for assessing risks and taking appropriate measures to 

ensure compliance, security and resilience of their networks; 

• Service providers and customers are responsible for the implementation, deployment, support 

and activation of all appropriate security mechanisms of service applications and information 

(data); 

• Regulators are responsible for guaranteeing that Telco providers take appropriate measures to 

safeguard the general security and resilience of their networks and services; 

• Governments have the responsibility of taking the necessary measures to ensure the protection 

of the national security interests and the enforcement of conformance programs and independent 

product testing and certification; and 

• Standardization development organizations must ensure that there are proper specifications 

and standards for security assurance and best practices in place, such as the GSMA NESAS. 

The mobile industry needs a globally trusted 

and mutually recognized security assurance 

scheme. All stakeholders are invited to adopt 

and contribute to the GSMA NESAS, which is 

a security assurance scheme with shared and 

tailored specifications. Industry players, 

governments, security agencies and regulators 

are recommended to adopt the GSMA NESAS 

for testing and evaluating telecoms equipment. 

The NESAS is a customized, authoritative, 

unified, efficient and constantly evolving 

security assurance scheme for the mobile 

industry, and could be a part of certification 

and accreditation processes against a 

predetermined set of security standards and 

policies for security authorization in any 

country. 




David Soldani is the CTSO of Huawei Technologies (Australia). He 

received a Master of Science (M.Sc.) degree in Engineering with full 

marks and magna cum laude approbatur from the University of 

Florence, Italy, in 1994; and a Doctor of Science (D.Sc.) degree in 

Technology with distinction from Helsinki University of Technology, 

Finland, in 2006. In 2014, 2016 and 2018 he was appointed Visiting 

Professor, Industry Professor, and Adjunct Professor at University of 

Surrey, UK, University of Technology Sydney (UTS), Australia, and 

University of New South Wales (UNSW), respectively. D. Soldani is 

currently at Huawei Technologies, serving as Chief Technology and 

Cyber Security Office (CTSO) in Australia, Huawei ICT Security Expert 

within the ASIA Pacific Region, and Chairman of the IMDA 5G task 

force, in Singapore. Prior to that he was Head of 5G Technology, e2e, 

global, at Nokia; and Head of Central Research Institute (CRI) and VP 

Strategic Research and Innovation in Europe, at Huawei European Research Centre (ERC). David can 

be reached online at https://www.linkedin.com/in/dr-david-soldani/ 



Does Sunburst Have Your Confidential Emails and 

Database Data? 

By Randy Reiter CEO of Don’t Be Breached 

So far three malware strains have been identified in the SolarWinds supply chain attack. They are the 

SUNBURST, SUPERNOVA and TEARDROP malware strains. 

Russian hackers used the malware to potentially gain access to 18,000 government and private networks 

via the Solarwinds Orion network management product. Initially it was believed that only a few dozen of 

the networks were gained access to by the hackers. Further investigative work by security firms, Amazon 

and Microsoft now points to 250 federal agencies and large corporations the hackers may have gained 

access to. 

These malware strains went undetected for nine months. The malware was present as a Trojan horse in 

Solarwinds software updates from March through June 2020. It is quite shocking that government and 

private sector networks were so vulnerable; and did not detect the malware over a nine month period 

until December, 2020. 

The Commerce Department, Energy Department, Homeland Security Department, National Security 

Administration, State Department, Treasury Department, National Institute of Health, parts of the 

Pentagon were government targets of the hacker data breach. In the private sector Cisco, Intel, Microsoft, 



VMWare and others have stated they were impacted by the breach. The DOJ stated that hackers 

accessed its Microsoft Office 365 email server. 

In some of the attacks, the hackers used the administrator privileges granted to SolarWinds product with 

Microsoft´s Azure cloud platform that stores customer data to gain additional access to confidential emails 

and documents. 

Also email service provider Mimecast reported that Russian hackers were able to obtain a Mimecast digital 

certificate to access its customers Microsoft 365 office services. The techniques and tools used by the 

hackers were similar to what the Solarwinds hackers used. Mimecast was a user of the Solarwinds Orion 

product. They no longer use the Solarwinds product. 

This data breach has been described as the IT security equivalent of a Pearl Harbor. The extent of the 

confidential email and database data stolen from Government Agencies and American Fortune 500 

companies may never fully be known. 

How to Stop the Theft of Confidential Database Data and Emails? 

Confidential database data includes: email correspondence (and documents), credit card, tax ID, 

medical, social media, corporate, manufacturing, law enforcement, defense, homeland security and 

public utility data. This data is almost always stored in DB2, Informix, MariaDB, MySQL, Oracle, 

PostgreSQL, SAP ASE and SQL Server databases. Once inside the security perimeter (e.g. via a Zero 

Day attack) a hacker or rogue insider can use commonly installed database utilities to steal confidential 

database data. 

Non-intrusive network sniffing technology can capture and analyze the normal database query and SQL 

activity from a network tap or proxy server with no impact on the database server. This SQL activity is 

very predictable. Database servers servicing 10,000 end-users typically process daily 2,000 to 10,000 

unique query or SQL commands that run millions of times a day. Logging into the monitored networks, 

servers and databases is NOT required for data breach prevention. 

Advanced SQL Behavioral Analysis of Database Query and SQL Activity Prevents Data Breaches 

Advanced SQL Behavioral Analysis of the database SQL activity can learn what the normal database 

activity is. Then from a network tap or proxy server the database query and SQL activity can be nonintrusively 

monitored in real-time and non-normal SQL activity immediately identified. These approaches 

are inexpensive to setup. Now non-normal database SQL activity from hackers or rogue insiders can be 

detected in a few milli seconds. The hacker or rogue insider database session can be immediately 

terminated and the Security Team notified so that confidential database data is not stolen by nation state 

hackers, ransomed or sold on the Dark Web. 

Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum 

amount of data queried plus the IP addresses all queries were submitted from for each of the 2,000 to 

10,000 unique SQL queries sent to a database. This type of data breach protection can detect never 

before observed query activity, queries sent from a never observed IP address and queries sending more 

data to an IP address than the query has ever sent before. This allows real-time detection of hackers and 

rogue Insiders attempting to steal confidential database data. Once detected the security team can be 

notified within a few milli-seconds so that an embarrassing and costly Data Breach is prevented. 




Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools company. 

He is the architect of the Database Cyber Security Guard product, a database 

Data Breach prevention product for Informix, MariaDB, Microsoft SQL Server, 

MySQL, Oracle and SAP Sybase databases. He has a Master’s Degree in 

Computer Science and has worked extensively over the past 25 years with realtime 

network sniffing and database security. Randy can be reached online at 

rreiter@DontBeBreached.com, www.DontBeBreached.com and 

www.SqlPower.com/Cyber-Attacks. 



Making the Most of Virtual Cybersecurity Events for your 

Company and the Community 

By Trevor Daughney, VP, product marketing, Exabeam 

With the pandemic and shutdown orders still in full effect in many regions worldwide, moving in-person 

events to virtual experiences is the reality we’re currently being dealt across all industries. Despite this, 

it’s easy to understand some of the pushback and downfall of moving to virtual platforms – it’s difficult to 

replicate the sincerity of an in-person formal conversation, and being stuck behind a webcam for hours 

on end has its drawbacks. 

But according to the Event Marketing 2020: Benchmarks and Trends report, the majority (85%) of leaders 

and executives have identified events as critical for their company’s success. 

Thus, it remains imperative for the cybersecurity community to continue holding events virtually to aid in 

learning about best practices, hearing about upcoming product features and roadmaps, and to exchange 

ideas by networking with peers about their shared experiences -- virtual or not. 

Virtual conferences don’t allow attendees to remove themselves from their everyday routines and fully 

immerse. However, while these online events will never be able to completely reproduce the experience 

of being on the ground at RSA Conference, Black Hat or DEF CON, to name a few, there are countless 

benefits given our current circumstances. 



Global Reach and Accessibility 

Planners are always trying to increase their events’ reach to engage more people. With virtual events, 

that’s never been simpler. You can easily promote your event by sharing the link to your website and 

social media channels. People from across the world can join instantly without thinking about travel or 

asking to get permission and a budget to do so. Hosting a virtual event allows planners to grow their 

audience and get everyone to participate, no matter where they live. 

The online environment allows delegates to connect with speakers, exhibitors and other attendees with 

a few mouse clicks. No more running through crowded exhibition halls only to miss the person you most 

wanted to see. 

It could even offer new opportunities for interaction. A large majority of attendees at events do so for the 

networking opportunities and hallway conversations that take place. Those may be difficult to replicate 

virtually, but there are other ways you can help participants interact. Whether these interactions occur via 

a live chat with the company CEO or a high-profile keynote speaker, there are alternatives to make those 

conversations happen virtually like direct messages, side chat rooms, session Q&As and more. 

For example, for Exabeam’s newly virtual user and partner event, Spotlight20, we were able to triple 

attendance from the prior year thanks to moving the show online. People from all over the globe were 

able to join despite travel restrictions and bans – ranging from attendees in Asia tuning in in the middle 

of their night to someone right up the street that may not have had the means of transportation that day. 

At the end of the day, this is better as it allows for more people from various cultures to be involved and 

share their experiences and ideas. 

Ease of Communication 

We’ve all been to in-person events in the past, and the truth is that they can become quite chaotic. 

Meetings need to be arranged, and you may have multiple booths, demos and speaking sessions that 

you want to attend during your time at the show. But while you may set out with a gigantic to-do list that 

you plan to conquer, there will always be that one session or one meeting that got away because you 

simply couldn’t find the time. 

Because virtual events tend to be faster-paced since attendees don’t have to move from session to 

session or booth to booth, it can be easier to help foster a community and make connections with other 

attendees and speakers than an in-person event. And since everything is online, attendees can easily 

record important information, like people’s names, titles, etc., right on their tablet or computer -- think of 

it as the new business card. 

Benefits for Security Professionals 

Part of the impulse behind moving to these virtual events is the drive to at least attempt to maintain some 

sense of community among cybersecurity professionals, who depend heavily on user conferences for 

the opportunity to exchange information and create professional bonds. The security industry is 



constantly shifting, and no week looks the same. This makes spending time with colleagues and learning 

about the best practices of the moment is imperative to keeping the world secure. 

With virtual events being widely more accessible, it allows for more security experts to attend and share 

the latest threat knowledge with the audience. This knowledge is extremely valuable to be able to help 

teams stay up to date with the latest tactics, techniques and procedures (TTPs) and listen to creative 

ways others are applying the latest security technologies like security analytics and automation to their 

enterprises. 

For most organizations, many employees are limited by the number of events they are allowed to travel 

to attend as well. With the move to a virtual setting, more employees will be able to join and contribute to 

the spreading of their own beneficial ideas that might not have been possible otherwise. And the benefit 

of simply keeping in touch while the world is isolated cannot be overstated either – not just for the 

spreading of information, but for security pros mental health stability. 

Cost Savings 

According to Bizzabo, the majority (93%) of event professionals plan to invest in virtual events moving 

forward, so our new reality will likely be the standard for the foreseeable future. Event planners are 

constantly looking to save money, with shrinking budgets. Moving your events to virtual experiences will 

help save on staff, the cost of the physical venue location, setup and takedown, booking hotel space for 

attendees, costs for travel, meals and so much more. The most substantial cost that planners need to 

worry about for a virtual conference is for the meeting platform of choice. In many instances, those costs 

are already in the budget for platforms like Zoom for the enterprise’s day-to-day meetings – meaning they 

won’t require an additional spend. 

This allows more organizations to offer free events, with the option of charging for specialized sessions 

– making everything more financially accessible for the average attendee. 

For enterprise events, it’s also common for employees of the attending organizations to utilize a travel 

stipend for workshops and other business-related events. This is a cost that becomes quite expensive 

depending on the number of employees, and that’s even more true if the stipend provides for meals, car 

rental, hotels, flights and more. Virtual events negate all of these costs since your employees can attend 

from the comfort of home. Thus, it’s a win-win for the event organizer and attendees. 

Overall, interest in virtual events has most certainly spiked since the onset of the pandemic and the 

realization of it being long-lasting. The benefits laid out can be applied to the world of meetings and 

events long after the end of social distancing requirements and travel bans. If you're new to getting into 

this space, consider the benefits of holding virtual conferences to benefit your company's growth and 

networking. You're bound to discover a new way to expand and reach your audience. 




Trevor Daughney is Vice President of Product Marketing at 

Exabeam. Trevor is a marketing executive with a track record of 

building high performing teams to take enterprise cybersecurity 

SaaS and software technology and turn them into successful 

global businesses. Prior to Exabeam, he led enterprise product 

marketing at McAfee, Ping Identity and Symantec. Trevor 

approaches marketing with a global mindset, and builds on his 

experiences living and working in the US, Canada and Asia. He 

has an MBA from the University of California, Berkeley. 

Trevor can be reached online on Twitter at @tdaughney and at 

our company website www.exabeam.com 



Overcoming ‘Work from Home’ Security Challenges 

Security Beyond the VPN 

By Krupa Srivatsan, Director, Cybersecurity Product Marketing at Infoblox 

With the remote working trend on the rise due to the COVID-19 pandemic, many IT managers and 

corporate leaders have naturally been concerned about the challenges of securing employee’s access 

to the corporate network. 

Given the precipitous nature of the pandemic, organizations have had very little time to prepare for such 

large-scale remote work, let alone think about how to secure ‘work from home’ users. These remote 

workers still need to access enterprise applications in the cloud, and work with and store corporate data 

on their devices. 

Think Outside the Perimeter – Security Challenges of Working from Home 

Security teams now have to think about how to continue to protect corporate resources and data, when 

most of their employees are not within the corporate perimeter. The existing security stack within the 

corporate network is no longer sufficient to protect these teleworkers. In addition, teleworking exposes a 

much broader attack surface as workers use BYOD devices and mobile devices that share home and 

public Wi-Fi networks, often with a much larger variety of internet of things (IoT) devices than found in a 



typical work environment. Public Wi-Fi networks present a higher probability that authentication and 

credentials may be accidentally compromised. 

To take advantage of the chaotic nature of these times, bad actors and hackers have been busy launching 

coronavirus themed cyber-attacks and weaponizing well-known websites that try to provide useful, timely 

information for the general public. COVID-19 has become the subject line of choice for phishing/spearphishing 

campaigns that seek to take advantage of the heightened level of fear and concern. 

Let’s take a look at some rising threats that we could encounter. 

Rising Threat #1 – Coronavirus Related Malware Campaigns 

During March last year, our cyber intelligence unit noted that LokiBot infostealer joined the list of malware 

campaigns being distributed by cybercriminals taking advantage of the fear and interest in the spread of 

Coronavirus (COVID-19). We observed two malicious spam email campaigns distributing LokiBot under 

the guise of providing information on the Coronavirus impact to supply chains. 

LokiBot has become popular with cybercriminals as an information stealer that collects credentials and 

security tokens from infected machines. LokiBot targets multiple applications, including but not limited to 

Mozilla Firefox, Google Chrome, Thunderbird, as well as FTP. 

The email messages of the primary campaign had two subject lines, one of which alleged to be a supply 

chain update in the context of Coronavirus (COVID-19). The other subject had a more typical payment 

transfer theme. Both sets of messages had attached files with the same filename that delivered the 

malicious code. 

Rising Threat #2 – Lookalike Domains 

Another threat that could be on the rise is Lookalike Domains. Cybercriminals are moving to lookalike 

domains to fool victims in their efforts to impersonate the target organization or brand. Often phishing 

websites feature domains that impersonate the real brand. These are crafted by cybercriminals to 

resemble the legitimate brand’s domain. Character substitution is a popular technique employed by 

cybercriminals with the goal of manipulating users into exposing credit cards, passwords, and other 

sensitive data. 

Researchers also found that cybercriminals are using valid Transport Layer Security (TLS) certificates 

which is an attempt to make the lookalike domains appear legitimate. In late 2019, researchers note that 

there were more than 100,000 lookalike domains impersonating legitimate retailers. Industries that can 

be heavily impacted by these types of attacks are retail and banking, where users typically enter their 

credentials to execute a transaction. 



Rising Threat #3 – Data Exfiltration 

Your work from home users are still accessing, interacting with and storing corporate data on their 

devices, as part of their day to day business operations. But they are now doing it outside the corporate 

perimeter. That data, even if stored on company-provided devices, could be exposed to theft. DNS 

tunneling or data exfiltration is an attacker technique that uses malware to gather sensitive data from a 

compromised system. It packages up the data into small chunks and embeds them within a string of 

DNS queries. The DNS queries carrying the data are then delivered to a server hosted by the attacker 

on the Internet, where the stolen data can be easily reassembled. 

Rising Threat #4 – Non-Compliant Website Access 

While this is not technically an attack or a malicious campaign launched by bad actors, companies could 

still be faced with the problem of their work from users accessing websites and destinations not in 

compliance with their policy during working hours using corporate provided devices. This could include 

websites related to social media, violence and adult content. While it’s second nature for employees 

working in the office to know that such access is not appropriate or compliant, at home those same 

employees may have more of a lax attitude. 

Virtual Private Networks (VPNs) have been touted by some as a solution to the challenge of securing 

employee’s access to the corporate network. VPNs encrypt a user’s web traffic and send it through a 

private connection to the corporate network, allowing employees to access corporate data and 

applications with some measure of security and privacy. 

Today, however, due to the proliferation of cloud-based applications like Office 365, SFDC, Google Drive, 

and others, it is uncommon for organizations to rely solely on VPN-based access to corporate resources. 

Instead, VPN is usually used to access just a small subset of internal corporate platforms, leaving remote 

users unprotected when accessing these cloud-based applications, and exposed to threats on the 

internet. 

Furthermore, VPNs may not provide the level of security that’s necessary in today’s threat environment. 

Malicious cyber actors are finding and targeting vulnerabilities in VPNs as employees increasingly use 

them for telework amid the pandemic. And since VPNs are considered 24/7 infrastructure—that is they 

are always on to facilitate secure connection to the enterprise network—organizations are less likely to 

keep them updated with the latest patches. Finally, since many VPN providers charge by the user, many 

organizations may have a limited number of VPN connections available, meaning that any additional 

employees can no longer telework or securely access corporate data. 

In this environment, one of the best and most cost-effective ways enterprises can secure such a largescale 

tele-workforce is by using DNS as a first line of defense. Every connection to the internet goes 

through DNS—those working from home are typically using either public DNS or DNS provided by their 

internet service provider, both of which seldom do security enforcement on DNS. Companies are 



increasingly interested in implementing secure DNS services that can quickly start protecting their remote 

workforce. 

A recommendation is to use secure DNS services that can extend enterprise-level security to teleworking 

employees, their devices, and corporate networks, no matter where they are located. 


Krupa has 20 plus years of experience in technology in various 

roles including software development, product management and 

product marketing. Currently, as Director of Product Marketing at 

Infoblox, she is responsible for messaging, positioning and bringing 

to market Infoblox’s security solutions that optimize operations and 

provide foundational security against known and zero-day threats. 

She has an MBA from University of California, Haas School of 

Business and a Computer Science Engineering degree 

Krupa can be reached online at (ksrivatsan@infoblox.com) and at 

our company website https://www.infoblox.com/ 



Redefining Digital Risk: 3 Considerations for Your 

Cybersecurity Strategy in 2021 

As we enter a new era of interconnected cybersecurity threats, companies and organizations would be 

wise to overhaul their entire view of the online landscape in order to be fully prepared, writes Karl 

Swannie, Founder of Echosec. 

By Karl Swannie, Founder, Echosec Systems 

The coronavirus pandemic has forced rapid change across every level of an enterprise, and cybersecurity 

is no exception. Security teams have quickly learned that real-world events and online risk are highly 

interconnected. 

As digital risk diversifies, cybersecurity has also become more relevant across many business roles, not 

just IT. It not only encompasses organized cybercrime but also cyber-enabled threats such as targeted 

misinformation or physical risks to individuals and assets. 

As threats become more integrated, many organizations have failed to adapt their security strategy 

accordingly. An incident may be delegated as a cybersecurity issue even if it has organization-wide 

consequences. Risks can also be overlooked without considering connections between the wide variety 

of social media, deep web and dark web networks that are now relevant for security teams. 

With all this in mind, the question becomes how can CISOs and IT managers move forward better 

equipped for a more integrated threat landscape? 



Approach cybersecurity as an org-wide strategy 

Far too often, digital risks are treated as an IT problem rather than a business priority. Increased digital 

transformation means that online risks impact all business areas and have greater, longer-lasting effects 

on revenue and operations as a whole. According to IBM’s 2020 Cost of a Data Breach report, 

organizations incur $1.52M, on average, in lost revenue per breach. 

And these business impacts aren’t just due to increased cybercrime like phishing and ransomware— 

cyber-enabled threats are implicating a variety of business operations. 

For example, damaging viral content or misinformation, evidence of theft or internal threats, and physical 

security risks are all facilitated by and discoverable through online sources. This information is now 

valuable for cybersecurity and marketing, compliance, and physical security teams, to name a few. 

So how can CISOs and IT managers tackle digital risks more holistically? 

For one, security teams should rethink their toolkit. While threat intelligence tooling is valuable for 

cybersecurity personnel, security teams should consider software that is also accessible for non-technical 

teams like compliance who require digital risk data. 

Security officers must also communicate digital risks to executives and board members as business 

risks—how do online threats, from data disclosure to theft, translate to lost business in dollar value? This 

will ensure that digital risk is clearly understood through the lens of business impact and prioritized by 

leadership accordingly. 

Prioritize breadth of data 

As digital risk covers a greater diversity of use cases, more online spaces are relevant for detecting risk 

and defending your organization. Beyond standard threat intelligence sources—like technical feeds and 

the dark web—security teams now need to consider a broader set of sources. 

These could include mainstream and fringe social media sites (which tend to emerge quickly), deep web 

forums, and messaging apps. For example, platforms like 8kun or Telegram could host compromised 

information or other targeted risks, but may not be standard data sources in a security team’s toolkit. 

Any one of these sources is not necessarily valuable on its own. However, access to a combination of 

social, deep, and dark web data alongside technical cyber threat intelligence can help security teams 

follow breadcrumbs more comprehensively across the web. 

Security teams require multiple threat intelligence solutions to do their jobs effectively. But tools that 

prioritize data diversity (rather than focusing only on the dark web or social media, for example) can 

streamline toolkits, save analysts time, and provide more valuable context. 

Rethink how you conceptualize the internet 

These considerations point nicely to a third shift: integrating not only cybersecurity strategies and data 

sources but also our understanding of the internet. 

Adversaries are not segregated to distinct web spaces—and neither should threat intelligence strategies. 

The internet has long been conceptualized as fragmented surface, deep, and dark web networks (so 



vividly imprinted in our brains by iceberg diagrams). But from a threat intelligence perspective, the internet 

looks more like an interwoven network of breadcrumbs traversing all web spaces. 

Why does this matter? 

Whether or not we want to believe it, a fragmented understanding of the internet can influence 

cybersecurity strategies and how tools are adopted and developed. 

Cybersecurity teams should reconsider how their approach may overlook the interdependence of online 

networks. Tools and methodologies that represent their connections more accurately should also be 

prioritized. This could look like including a wider variety of data sources or adopting more robust pivoting 

and data visualization features. 

With or without a pandemic, digital transformation is urging some significant changes in cybersecurity. 

As the threat landscape scales and diversifies online, the lines dividing enterprise departments in their 

response—and the lines dividing online spaces where threats originate—are becoming more blurred. 

These changes must be considered to approach digital risk more holistically as an organization, helping 

security personnel stay ahead of threats and minimize or avoid related damages. 


Karl Swannie is the Founder of Echosec Systems. Founded 

in 2013, Echosec Systems is an advanced threat intelligence 

technology provider that monitors data across mainstream 

social media, decentralized social networks, messaging apps 

and the dark web. Headquartered in Victoria, British 

Columbia, Echosec Systems has created a range of unique 

software solutions to provide organizations with an all-in-one 

toolkit to create an easy to understand, comprehensive 

picture of potential threats online, without the risk of drowning 

in data. Karl can be reached through LinkedIn and at 

Echosec.net. 



Are Encrypted Communication Apps used for Crime 

Operations? 

By Nicole Allen, Marketing Executive, SaltDNA. 

Police have successfully infiltrated some of the biggest criminal markets on the dark web - but it’s pushing 

criminals into using encrypted apps which the police struggle to crack. Criminals are increasingly using 

encrypted apps to peddle unsavourished and illegal content. 

An investigation by the BBC's File on 4 radio programme found that these encrypted apps take over from 

the dark web, as the venue of choice for criminal content exchanges. Dark web drug traffickers take 

to popular encryption apps to sell their items, sometimes using street vandalism to promote user profiles, 

and computer bots to communicate with customers. Traditionally, law enforcement has been able to 

request lawful interception of telco networks, which involves a wiretap listening into the device and 

capturing that data. The challenge with end-to-end encryption, of course, is that they can request that 

data, but the data will come back scrambled. 

Shifts to illegal electronic transactions 

Originally transactions would have been carried out face to face. However, there has been a shift towards 

electronic transactions. The shift follows a crackdown on illegal electronic transactions, coupled with the 

advent of security in applications to keep consumers anonymous. Cyber analysts have noticed this 

growing phenomenon in the criminal underworld, distinguishing the inventive methods used by gangs to 

escape police surveillance. 



Hackers who have breached networks through a particular app clarified how programmed bots are used 

to connect with consumers – for ease as well as to defer liability. To market the services to prospective 

clients, the researcher posted photographs of the channel titles spray-painted on walls outside transit 

hubs and other public locations. 

The use of "death drops" to deliver the product is another big shift in the way these drug traffickers work. 

Many dealers now have scrapped their old ways of face-to-face meetings, which avoids the risk of 

tracking or intercepting drugs through the postal system. They now place goods in locations that are 

publicly accessible, such as beaches, until the address is sent to the buyer only after the order has been 

completed. Semi-anonymous tokens such as bitcoin allow the transfers to be smoother in comparison to 

their previous dealings. 

The drop gangs were first identified to function in Ukraine, but have since been found in Russia, the 

Balkans and much of Central and Eastern Europe. Europol Special Advisor Rik Ferguson points to endto-end 

encryption and restricted identification checks which make gangs attractive for apps like Telegram. 

Given the prevalence of drop gangs and the authorities' difficulty in monitoring and preventing 

them, security analysts caution that it will be risky to push applications. 

The challenge for Law Enforcement 

The proliferation of new apps is what’s proving most challenging to law enforcement. It’s staying ahead, 

it’s knowing what is the next platform that they have to be on and we live in unprecedented times. We 

live in a world now where countries are used to - for many hundreds of years certainly, possibly thousands 

- having national sovereignty and having jurisdiction over what goes on in their country. However, the 

internet isn’t built like that and the apps that run on the internet are global in nature. It is a human, ethical 

and philosophical challenge as much as it is a legal one. 

However, the months before July 2020 police managed to secretly take over a global phone network for 

organised crime. Police were able to monitor a hundred million encrypted messages sent via Encrochat, 

a network used by career criminals in order to discuss drug deals, murders and extortion plots. 

Only now is the operation's incredible scope coming into focus: it constitutes one of the biggest law 

enforcement infiltrations ever utilised by offenders in a messaging network, with Encrochat members 

extending across Europe and around the world. The messages "have given insight into an unprecedented 

large number of serious crimes, including large, international drug shipments and drug labs, murders, 

thrashing robberies, extortions, robberies, grave assaults and hostage takings. International drug and 

money laundering corridors have become crystal clear," Dutch law enforcement said. 

Encrochat claims on one of its associated websites that it is a "end-to-end encryption tool" that can 

"guarantee privacy," and that chatting with Encrochat is "the online equivalent of a daily conversation 

between two individuals in an empty room" for "worry free communication." Already other firms that have 

been found to be advertising to old clients of Encrochat as other encrypted telecommunications 

companies are trying to fill the void left by Encrochat. 



How SaltDNA’s platform prevents crime operations 

With a focus on secure enterprise communications, SaltDNA's opinion on providing encryption services 

to private citizens is irrelevant. SaltDNA is not a consumer offering, and will only provide access to our 

solution to qualified, reputable enterprises and organisations. 

SaltDNA also does not allow users to join the system without an invite. All users require an invite to gain 

access to the SaltDNA app and the organisation will go through a selection process in order to prevent 

criminals from using the app and to ensure the users legitimacy. Once the user(s) has access to the app 

they are able to have encrypted communications between mobile devices with full, centralised control for 

the enterprise. The product provides secure voice, messaging, conference calling and image/file transfer 

for busy professionals, who need to make important decisions while on the move. 

SaltDNA’s platform uses an encryption mixture using multiple encryption algorithms for maximum 

security. While encryption alone is not enough, it is still of paramount importance in an enterprise-grade 

secure mobile communications platform. SaltDNA works with a number of large government 

clients across the globe who understand the importance of having full control over their sensitive 

communications. Public leaks would damage the reputation of their organisation and in some cases may 

affect the safety of their staff and population. Mobile communications present major privacy challenges 

within government bodies. With the increase in reported hacking activities government officials have to 

ensure that they protect their communications from mobile interception and cyber attacks. Our platform 

is strengthening the security of the world's communications in order to prevent crime operations from 

happening in the first place. 

If you have any questions about this article or you are a part of an official organisation who would like to 

trial the system, please contact us on info@saltdna.com and we'd be happy to assist you in any way. 

About SaltDNA 

SaltDNA is a multi-award winning cyber security company providing a fully enterprise-managed software 

solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered 

encryption techniques to meet the highest of security standards. SaltDNA offers ‘Peace of Mind’ for 

Organisations who value their privacy, by giving them complete control and secure communications, to 

protect their trusted relationships and stay safe. SaltDNA is headquartered in Belfast, N. Ireland, for more 

information visit our website. 


Nicole Allen, Marketing Executive at SaltDNA. Nicole completed her 

university placement year with SaltDNA, as part of her degree studying 

Communication, Advertising and Marketing at University of Ulster. 

Nicole worked alongside her degree part time during her final year and 

recently started full time with the company having completed her 

placement year with SaltDNA in 2018/19. 

Nicole can be reached online at (LINKEDIN, TWITTER or by emailing 

nicole.allen@saltdna.com) and at our company website 

https://saltdna.com/. 



SOCs to Turn to Security Automation to Cope with 

Growing Threats 

Increasingly complex threats, staffing shortages and rising costs are driving investments in security 

automation 

By Chris Triolo, Vice President of Customer Success, FireEye 

The cybersecurity landscape is becoming ever more complex as the number and sophistication of threats 

continue to rise across all channels and industries. Ransomware, phishing, supply chain attacks and 

other threats have all grown dramatically over the past year. The FBI reported that complaints made to 

its Internet Crime Complaint Center (IC3) quadrupled in 2020; Interpol recently warned of an alarming 

spike in cyberattacks aimed at major corporations, government agencies and critical infrastructure. No 

organization is safe from threats. 

These mounting cybersecurity challenges are further complicated by the fact that organizations of all 

sizes are facing a shortage of skilled security professionals who are now tasked with securing increasingly 

distributed, cloud-based environments as much of the world works from home due to the COVID-19 

pandemic. 

In response to these factors, security operations centers (SOCs) play a critical role in helping 

organizations strive to protect their networks, endpoints and sensitive data from cyber threats. In a recent 

Ponemon Institute report surveying more than 600 IT security professionals that FireEye partnered on, a 

full 80 percent said that their SOC is essential or very important to their organization. Yet, despite the 

growing recognition of the importance of the SOC, organizations are not getting the results they expect. 

The report found that 51 percent of respondents believe the return on investment (ROI) of their SOC is 

getting worse, not better. Increasingly complex security management, high staff turnover and growing 

operational costs are adding to the perception that SOCs are not delivering enough value. To make their 

SOCs more efficient and cost effective, as well as to strengthen their cybersecurity posture, organizations 



are turning to new technologies like extended detection and response (XDR) to help their SOC analysts 

gain better visibility across networks, triage incidents and automate remediation. 

Key Challenges Facing Today’s SOC 

Sudden Shift to Remote Work 

The most significant challenges facing SOCs have changed over the last year. The COVID-19 

pandemic not only brought increased cybersecurity threats, but also changed the very way that 

SOCs must operate. As shelter-in-place orders swept the nation and people in many industries 

began working from home, security professionals were suddenly tasked with securing a newlyremote 

and dispersed environment. More than half of the respondents (51 percent) in the 

Ponemon survey say the impact on their performance has been significant. Security teams are 

struggling to secure their remote employees and access points to the organizational network, 

especially when high-profile security vulnerabilities have been discovered in popular collaboration 

platforms that businesses are now reliant upon. As a result, more SOCs are deploying incident 

response and remediation solutions (45 percent of respondents in 2020 compared to just 39 

percent in 2019) in an effort to help their analysts more efficiently handle threats once they’ve 

been identified. 

High Stress, Job Dissatisfaction 

The increasing complexity of the cybersecurity landscape, heavy workloads and the need to be 

on-call around the clock is taking its toll on SOC analysts in the form of stress and dissatisfaction 

with their work. Seventy-five percent of respondents in the Ponemon survey agreed that the highstress 

environment of the SOC is causing analysts to burn out quickly. With the global 

cybersecurity industry already facing a shortage of 4 million trained workers, organizations cannot 

afford to lose their skilled security professionals. Many are trying hard to keep their SOC analysts 

by raising salaries. The average salary has increased over the last year from $102,000 to 

$111,000 and nearly half (46 percent) of respondents say they expect salaries will increase again 

in 2021. Yet, only 38 percent of the surveyed IT security professionals believe they will still be 

able to hire the talent needed for their SOCs in 2021. 

Increasing Operational Costs 

Perhaps the most important factor contributing to the perception that SOCs are not delivering 

sufficient ROI are ever-rising operational costs. Organizations surveyed are spending an average 

of $2.7 million per year on security engineering. However, only 51 percent rate their security 

engineering efforts as effective or very effective. Meanwhile, the average cost of paying for a 

managed security service provider (MSSP) to monitor their security through a SOC also increased 

to $5.3 million in 2020, compared to $4.4 million just a year prior. With a 20 percent year-overyear 

increase in this operational cost alone, it’s no wonder organizations are looking for ways to 

gain efficiencies. 

Improving SOC Performance Through Automation 

In order to address these challenges and gain more value from their SOCs, organizations are increasing 

investments in emerging security automation tools like Extended Detection and Response (XDR). These 



solutions can provide SOC analysts with greater visibility across their endpoints and networks for 

improved threat detection, while also helping triage alerts and automating the response and remediation 

process. By reducing alert overload and eliminating some of the manual, mundane tasks, these 

technologies can help reduce security engineering costs, boost SOC performance and alleviate some of 

the workload from overburdened analysts. 

The cybersecurity landscape is rapidly evolving and threats will only continue to rise. Even after the 

COVID-19 pandemic is behind us, many organizations will continue to operate with a more remote and 

dispersed workforce that is increasingly reliant on cloud technologies. The SOC will continue to be 

critically important in this new reality to help protect organizations from threats. Through investments in 

security automation technologies, organizations can improve the performance and ROI of their SOCs 

while helping keep their analysts happy and loyal. 


Chris Triolo is the Vice President of Customer Success at 

FireEye. Chris’ security expertise includes building world-class 

professional services organizations as VP of Professional 

Services at ForeScout and Global VP of Professional Services 

and Support for HP Software Enterprise Security Products (ESP). 

Chris’ depth in security operations and leadership includes a long 

tenure at Northrop Grumman TASC supporting various 

Department of Defense and government customers including Air 

Force Space Command (AFS PC) Space Warfare Center, United 

States Space Command (USSPACECOM) Computer Network 

Attack and Defense, Air Force Information Warfare Center 

(AFIWC), and others. 

Chris can be reached online at our company website https://www.fireeye.com/. 



The Best Network Protection: Go Deep or Go Broad? 

By Albert Zhichun Li, Chief Scientist, Stellar Cyber 

Almost since the beginning of network security, vendors and practitioners have wrestled with choices 

between going deep and going broad for their security solutions. Mostly, the choice varies between 

predominantly one or the other. Going deep typically means careful monitoring and analysis of certain 

types of threats or behaviors at the cost of not examining a much broader range of activity. Solutions that 

are broader may lack the clarity and fidelity to make fast, accurate alerting. They also may miss important 

indicators. 

The battle to protect data, systems, users and networks has been far from easy. Today, a more interesting 

headline might announce when a data breach has not occurred. The odds are heavily in favor of 

attackers to penetrate a network and have free rein to engage in theft or damage. These high-value 

attacks are human-run and employ multiple approaches over a period of time. The now commonly 

acknowledged north, south, east and west type of activities work for an attacker to systematically, and 

sometimes serendipitously, accomplish their mission. One step, such as reconnaissance through some 

kind of scanning, will lead to a next and a next. This reality means that both depth and breadth are 

important if an organization has any hope of curtailing an attack. 

As solutions for eXtended Detection and Response (XDR)—and perhaps other categories of solutions— 

emerge, one of the more important questions they will have to face is this ongoing one between depth 

and breadth. Depth and breadth can work together to ensure higher fidelity alerts with a low number of 



false positives. The ability to understand potential attacker activity with detail as well as context can make 

all the difference in flagging something that is truly important. To be productive, activities must be 

identified that are both abnormal and malicious. 

Breadth is important since attackers use multiple tactics, largely sequentially. The ability to see the 

connectedness between events gives security groups a substantial advantage. This “seeing the forest 

for the trees” can identify something that might otherwise be missed or provide the fidelity to prevent 

“crying wolf” too many times. Breadth can also unify the strength of individual security solutions, each 

with its own area of expertise and specialization. 

Depth brings important details and may answer a number of the “who, what, where, when, how” 

questions. EDR systems, for instance, are best at understanding endpoint activity, CASB solutions are 

primed to make sense of certain cloud activities. UEBA tools help examine who did what on the network. 

Of course, it is simply not possible that one tool or system can do everything with full expertise and 

precision. This is why the idea of not only integrating but also aggregating key findings from a myriad of 

tools is so powerful. Sharing “the best of” from each system ensures that the whole is more valuable than 

sum of the parts. In this way, breadth and depth can combine and work together to minimize any tradeoffs 

of design to produce better results. 

Breadth should also work to fill any gaps between detections provided by various systems that might 

exist. Usually this means gaps in scope, but sometimes it might mean limitations or delays in what data 

is provided by a security system and when. Sensors can help fill this gap that inevitably exists. Logs may 

also provide supplemental information, but they generally cannot be depended on for timely insights and 

may be limited in what is captured. They can also be manipulated. 

Depth and breadth are good things, and vendors and practitioners should continue to build expertise in 

both areas. Still, to gain an upper hand against attackers, organizations cannot afford to choose between 

the two. Uniting these two dimensions will help even the odds. 


Dr. Albert Li is a world-renowned expert in cyber security, machine 

learning (ML), systems, networking and IoT. He is one of the few 

scientists known to heavily apply ML to security 

detection/investigation. Albert has 20 years of experience in security, 

and has been applying machine learning to security for 15 years. 

Previously, he was the head of NEC Labs’ computer security 

department, where he initiated, architected and commercialized NEC’s 

own AI-driven security platform. He has filed 48 US patents and has 

published nearly 50 seminal research papers. Dr. Li has a Ph.D. in 

system and network security from Northwestern University and a B.Sc. 

from Tsinghua University. Albert can be reached online at 

zli@stellarcyber.ai and at our company website 

http://www.stellarcyber.com. 



Top Tips For Securing Your DevOps Environment 

By George J. Newton 

As of October 2020, experts estimate that roughly 60% of the world's population is connected to the 

internet via some kind of device. As a result, security is more important than others and is something all 

developers should take seriously. 

Here we will discuss five tips that all developers should consider when it comes to securing their 

development and testing environment. 

Investing In Secured DevOps Pays Off In The Long Run 

DevOps is often a stressful process, and many developers are reluctant to add security features to the 

process out of fear it will only result in longer development times. "Adding security features to the DevOps 

lifecycle is a major concern for many developers, however. If done right, there is no reason why it should 

slow down the process," writes Corban Lester, a tech blogger at Origin writings and Brit student. 

If done right the first time, and adequately automated, most security protocols will not end up slowing 

down the DevOps cycle, and in many cases, can help speed it up. 



Control Leaky Communications 

As mentioned in the opening paragraph, around 60% of the world's population is connected to the 

internet, with the bulk of this number being made up of mobile devices. While this is great for 

communication, it means all data and information must travel over a network, which may or may not be 

secure. "The best way to avoid insecure communications is to assume the network you're using is already 

insecure," writes Jenny Bloom, a developer at 1 Day 2 write and Writemyx. 

When testing networks, it is essential to ensure that the most modern SSL/TLS protocols and trusted 

certificates are used. 

Train Staff In Proper Safety Protocols 

Most data breaches occur not because of some fault in a security system but rather the way in which 

employees use the system. To mitigate any potential issues, anyone participating in the DevOps cycle 

should be fully trained in all safety protocols and processes. 

This is another reason why some developers do not want to add security to the DevOps cycle; they fear 

that the initial employee training process is an unnecessary cost. While it is true that there are upfront 

costs associated with the training process, an alarming data breach could end up costing even more. 

Use The Same Level Of Security Necessary In The Production Phase 

Although some are skeptical about spending money on a DevOps security program, almost nobody would 

deny the necessity for a security program during the production phase. However, the security level used 

during the production life cycle should be used as a benchmark for the DevOps phase. 

Secure All Remote Access 

Often, people may need to access data, files, or test results from a remote location. This represents the 

most significant security risk, and the connection to the server may not be secure. Because of this, 

developers should require all attempts to access a server remotely be done so using a VPN, a program 

that can effectively encrypt all incoming and outgoing information. 

Limit Which Files Can Be Accessed Remotely 

When it comes to the most sensitive information, many developers limit where employees can access 

the information. For example, security protocols may not allow employees to access the most critical data 

files from a remote location. Instead, the files can only be viewed at the DevOp site. 



Continual Learning Is Necessary 

The world of cybersecurity is constantly changing, and new apps and programs are continually being 

released along with new protocols and standards. There is little point in putting in the time and effort to 

create a DevOps security program if it is not updated with the latest security tech. 

Conclusion 

As previously mentioned, many companies and developers are skeptical about implementing a DevOps 

security program. While many agree that it would be useful, not everyone is willing to make the initial 

investment. Furthermore, many believe that such a program would only serve to slow down the 

development cycle, an idea which most experts believe to be unfounded and incorrect. 

Although it may require an initial investment, a high-quality DevOps security program is important to stop 

data breaches and keep critical information out of the wrong hands. 


George J. Newton is a business development manager at 

Write my personal statement and Dissertation writing service. 

Throughout his ten years of marriage, George has perfected 

the art of the apology. He also writes for Next coursework. 



Bitcoin Soars but Will Security Risks Spark Greater 

Regulation? 

By Marcella Arthur - VP, Global Marketing at Unbound Tech 

Cryptocurrency is now the third largest payment system in the world, hot on the heels of Visa and 

Mastercard after roaring past American Express. This remarkable growth has led to Bitcoin breaking 

through the $20,000 level for the first time and even more organizations are accepting digital currency in 

their transactions as crypto hurtles towards the mainstream. 

Regrettably, entirely avoidable hacking incidents such as that which hit the major cryptocurrency 

exchange, KuCoin, in September last year have exposed a lack of basic safeguards. The KuCoin attack 

saw 150 million dollars’ worth of Bitcoin and other cryptocurrency tokens compromised. This astounding 

blunder, considering current security standards, happened when hackers found the full private keys to 

the Singapore-based exchange’s hot wallets. 

With the rise in popularity of Bitcoin and other cryptocurrencies, cryptocurrency exchanges are 

increasingly considered to be the new banks. As they store these currencies in high value, they become 



a prime target for cyber attacks. If the industry fails to self-manage this ecosystem and protect assets 

effectively, we can expect to see greater and more restrictive regulation. This poses a challenge for wider 

adoption among larger institutions and banks with strict views on risk and compliance. In order to avoid 

becoming overregulated, this mushrooming sector requires a pre-emptive, rigorous security strategy to 

keep hackers at bay. 

Protecting assets must now be the focus 

The KuCoin attack is a wakeup call for the crypto exchange platforms. Following this attack, it should be 

obvious to everyone that full cryptographic keys should never again be kept in one place. Headline 

grabbing incidents such as KuCoin are incredibly frustrating because they should be simple to avoid. The 

reality is that while entrepreneurs are great at knowing how to build companies, all too many don’t 

necessarily think about how to protect assets from a security point of view. 

Essentially, to tackle security properly it is necessary to hire the right people. For example, small start-up 

businesses/companies that don’t have a CSO because budgets are tight should hire an SaaS vendor if 

at all possible as a secure infrastructure is vital. As businesses grow and start to manage more assets 

and can afford full-time security staff, they should start to rely on professionals to secure their 

infrastructure for them, either in-house or externally. Often the problems arise when entrepreneurs 

misguidedly believe they have enough knowledge to do the security on their own. 

The industry is turning to MPC 

As the industry continues to evolve from the speculative phase into a new generation, the game is set to 

change significantly and security will have to be at its core. It is important that financial institutions work 

to raise confidence in crypto as a reliable way to transfer value. 

The time has come for the crypto industry to improve its security and set a better precedent. Otherwise 

it is likely to become over regulated. With new investors joining the market with a very different mindset 

on risk factors, they are going to vote with their money and will chose to invest in firms that can 

demonstrate regulatory compliance or have a framework to demonstrate they can do what is necessary 

to secure their investments. 

Technology solutions are available to deal with the security of assets and for any licensed or unlicensed 

financial institution there should be a long-term strategy to invest in these types of solutions so that they 

can give confidence to market participants and elevate the industry as a whole. 

One such solution is multi-party computation (MPC), a cryptographic protocol that distributes computation 

across multiple parties and ensures privacy so no individual can see the other parties’ secrets. MPC 

never keeps keys in one place and offers strong cryptographic key protection capabilities in pure 

software, allowing organizations to perform calculations on encrypted data without unencrypting it. 



MPC has so many potential use cases that an entire organization has been founded around it, The MPC 

Alliance, co-founded by Unbound Technology and Frank Weiner, Sepior, brings the industry together and 

raises awareness. Since its launch in November 2019, its membership has tripled and major global 

companies are getting involved. More vendors are offering MPC-based wallets and the market is 

becoming much more aware of it, so the conversation around MPC is set to continue and evolve. 

Protecting a burgeoning market 

There’s no doubt it is going to be a real challenge to persuade firms to make some major changes in 

order to achieve incremental improvements in their data security. However, this challenge is easily 

overcome because along with being an enhanced platform for operational security, MPC is a superior 

operation framework which can provide enough cost savings to pay for itself. 

With more and more firms realising this and starting to see the benefits of MPC for themselves they will 

be able to use its flexibility and agility to support their evolution along with the rapidly changing crypto 

currency market which will help to safeguard its future. 


Marcella Arthur is VP, Global Marketing at Unbound Technology. At the 

heart of Unbound lie sophisticated applications of Multi-Party 

Computation (MPC), developed by Unbound’s co-founders, Professor 

Yehuda Lindell and Professor Nigel Smart, world-renowned 

cryptographers. MPC offers a mathematical guarantee of security that 

fortifies Unbound’s disruptive technology. For the first time, trustcontingent 

operations are enabled anywhere, reaching far beyond the 

boundaries of physical infrastructure. 









You asked, and it’s finally here…we’ve launched CyberDefense.TV 

Hundreds of exceptional interviews and growing… 

Market leaders, innovators, CEO hot seat interviews and much more. 

A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine. 



FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL 

ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR MAGAZINES FOR FREE. 

This magazine is by and for ethical information security professionals with a twist on innovative consumer 

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our 

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best 

ideas, products and services in the information technology industry. Our monthly Cyber Defense e- 

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare 

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of 

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here 

to sign up today and within moments, you’ll receive your first email from us with an archive of our 

newsletters along with this month’s newsletter. 

By signing up, you’ll always be in the loop with CDM. 

Copyright (C) 2021, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. 

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a 

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com, 

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability 

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465, 

Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS# 

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com 

All rights reserved worldwide. Copyright © 2021, Cyber Defense Magazine. All rights reserved. No part of this 

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, 

recording, taping or by any information storage retrieval system without the written permission of the publisher 

except in the case of brief quotations embodied in critical articles and reviews. Bec ause of the dynamic nature of 

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may 

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect 

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content 

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at 



276 Fifth Avenue, Suite 704, New York, NY 1000 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 


www.cyberdefensemagazine.com 

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA) 

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 02/02/2021 

Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guysebook/dp/B07KPNS9NH 

(with others coming soon...) 



9 Years in The Making… 

Thank You to our Loyal Subscribers! 

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know 

What You Think. It's mobile and tablet friendly and superfast. We hope you 

like it. In addition, we're shooting for 7x24x365 uptime as we continue to 

scale with improved Web App Firewalls, Content Deliver Networks (CDNs) 

around the Globe, Faster and More Secure DNS 

and CyberDefenseMagazine.com up and running as an array of live mirror 

sites and our new B2C consumer magazine CyberSecurityMagazine.com. 

Millions of monthly readers and new platforms coming…starting with 

https://www.cyberdefenseprofessionals.com this month…

Cyber Defense eMagazine February 2021 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?