Cyber Defense eMagazine June 2021 Edition
Cyber Defense eMagazine June Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine June Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Key Business Lessons Learned from The<br />
SolarWinds Hack<br />
Data Loss Prevention in Turbulent Times<br />
A Digital Journey: A Long and Winding Road<br />
Why Ensuring <strong>Cyber</strong> Resilience Has Never Been<br />
More Critical or More Challenging Than It Is<br />
Today<br />
…and much more…<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 1<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
CONTENTS<br />
Welcome to CDM’s <strong>June</strong> <strong>2021</strong> Issue ------------------------------------------------------------------------------------------------ 6<br />
Key Business Lessons Learned from The SolarWinds Hack ---------------------------------------------------------32<br />
By, George Waller, CEO of Strikeforce Technologies<br />
Data Loss Prevention in Turbulent Times -------------------------------------------------------------------------------35<br />
By Otavio Freire, CTO & Co-Founder at SafeGuard <strong>Cyber</strong><br />
A Digital Journey: A Long and Winding Road --------------------------------------------------------------------------39<br />
By David Jemmett, CEO and Founder, Cerberus Sentinel<br />
Why Ensuring <strong>Cyber</strong> Resilience Has Never Been More Critical or More Challenging Than It Is Today -43<br />
By Don Boxley, Co-founder and CEO, DH2i<br />
Uncovering hidden cybersecurity risks -----------------------------------------------------------------------------------46<br />
By Adam Nichols, Principal of Software Security at GRIMM<br />
The Solution to Overcoming <strong>Cyber</strong> Threats in A 5g World ---------------------------------------------------------50<br />
By Michael Abad-Santos, Senior Vice President of Business Development and Strategy, BridgeComm<br />
How An Independent Management Plane Can Secure Your Network from Anywhere --------------------53<br />
By Todd Rychecky, Vice President of Americas, Opengear<br />
Exploring the Synergies Between HIPAA Compliance and <strong>Cyber</strong>security --------------------------------------56<br />
Dr. Rachael Bailey, Healthcare IT Content Consultant at Atlantic.Net<br />
Whom Do You Give Access to Community? ----------------------------------------------------------------------------59<br />
By Milica D. Djekic<br />
Reapproaching <strong>Cyber</strong>security in A Digital First World --------------------------------------------------------------61<br />
By Paul German, CEO, Certes Networks<br />
Penetration Testing 101: A Key to Safeguarding Clients’ Data ---------------------------------------------------64<br />
By Mike Urbanovich ― Head of test automation and performance testing labs at a1qa<br />
Establishing Your ICS (Industrial Control Systems) Security Action Plan – Getting Started Guide -------68<br />
By Dirk Schrader, Global Vice President of Security Research, New Net Technologies (NNT)<br />
Improving Your Organization's Password Hygiene this World Password Day - Industry Experts -------72<br />
By Ralph Pisani, president, Exabeam<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 2<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Clean Water Shows Us Why <strong>Cyber</strong> Certifications Matter -----------------------------------------------------------79<br />
By Yaron Rosen, co-founder and president, Toka<br />
How Can You Protect the Security Perimeter When the Threat is Already Inside? --------------------------81<br />
By Jon Ford, Managing Director, Mandiant Professional Services<br />
Why We Care About <strong>Cyber</strong>security Hygiene ---------------------------------------------------------------------------85<br />
By James Opiyo, Senior Consultant Security Strategy, Kinetic By Windstream<br />
The Third-Party Remote Access Security Crisis ------------------------------------------------------------------------87<br />
By Joe Devine, CEO, SecureLink<br />
Rethinking Remote Monitoring and Management: How MSPs Can Put Security First and Better<br />
Protect Their Clients ----------------------------------------------------------------------------------------------------------90<br />
By Ryan Heidorn, Managing Partner, Steel Root<br />
See What Hackers See via the Outside-In Perspective --------------------------------------------------------------96<br />
By Alex Heid, Chief Research & Development Officer, SecurityScorecard<br />
Threat Hunting: Taking Action to Protect Data -----------------------------------------------------------------------99<br />
By Paul German, CEO, Certes Networks<br />
What Does a CSO Do and How it’s Different to CISO? ------------------------------------------------------------- 102<br />
By Anurag Gurtu, CPO, StrikeReady<br />
Two Sides of the Same Coin: Providing Access While Protecting Against Threats ------------------------- 105<br />
By David McNeely, chief technology officer, ThycoticCentrify<br />
DDoS <strong>Defense</strong>: How to Protect Yourself in <strong>2021</strong> -------------------------------------------------------------------- 108<br />
By Dr. James Stanger, Chief Technology Evangelist, CompTIA<br />
Prioritizing Disinformation Campaigns’ Role in <strong>Cyber</strong> Warfare ------------------------------------------------ 112<br />
By Dan Brahmy, CEO of Cyabra<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 3<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
@MILIEFSKY<br />
From the<br />
Publisher…<br />
New <strong>Cyber</strong><strong>Defense</strong>Magazine.com website, plus updates at <strong>Cyber</strong><strong>Defense</strong>TV.com & <strong>Cyber</strong><strong>Defense</strong>Radio.com<br />
Dear Friends,<br />
Building on the foundation of the May issue and the RSA Special <strong>Edition</strong> of <strong>Cyber</strong> <strong>Defense</strong> Magazine, we are<br />
seeing focus in the cybersecurity industry move toward resilience and sustainability in the face of the trend of<br />
more ransomware exploits.<br />
This is true not only for the prevention segment of the cyber spectrum, but also in sharing information about<br />
appropriate responses to the growing number of these attacks. In these cases, the target organization is denied<br />
access to vital data, effectively bringing normal operations to a halt.<br />
Where the activities of the target organization include provision of services and products on which critical<br />
infrastructure elements rely, the ability to recover from such an attack takes on the urgency of national security.<br />
The crossroads at which we now find ourselves is where cybersecurity and supply chain management intersect.<br />
The practice of “just in time” delivery without maintaining inventory of critical components must be addressed,<br />
not only from a manufacture and delivery perspective, but also with due regard to vulnerabilities best addressed<br />
by effective cybersecurity practices.<br />
Whether the motive of the hacker is financial or political, our best course is to come together in a cooperative<br />
manner to build cyber defenses at both the prevention and damage control phases of these pernicious attacks.<br />
Wishing you all success in your own cyber endeavors.<br />
Warmest regards,<br />
Gary S. Miliefsky<br />
Gary S.Miliefsky, CISSP®, fmDHS<br />
CEO, <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />
Publisher, <strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
P.S. When you share a story or an article or information about<br />
CDM, please use #CDM and @<strong>Cyber</strong><strong>Defense</strong>Mag and<br />
@Miliefsky – it helps spread the word about our free resources<br />
even more quickly<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 4<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
@CYBERDEFENSEMAG<br />
CYBER DEFENSE eMAGAZINE<br />
Published monthly by the team at <strong>Cyber</strong> <strong>Defense</strong> Media Group and<br />
distributed electronically via opt-in Email, HTML, PDF and Online<br />
Flipbook formats.<br />
PRESIDENT & CO-FOUNDER<br />
Stevin Miliefsky<br />
stevinv@cyberdefensemagazine.com<br />
InfoSec Knowledge is Power. We will<br />
always strive to provide the latest, most<br />
up to date FREE InfoSec information.<br />
From the International<br />
Editor-in-Chief…<br />
We live in hope that the deleterious effects of the continued spread<br />
of COVID-19 will soon abate. But from month to month, there seems<br />
to be a lack of certainty on these issues from those institutions on<br />
which we all rely.<br />
Fortunately, from an international cybersecurity point of view, we<br />
do see continued cooperation among the participants in the<br />
governmental, corporate, and international sectors.<br />
Whether it’s an issue of regulatory compliance, civil and criminal<br />
liability, or business continuity, it appears that the systems for<br />
dealing with cybersecurity challenges are holding up under the<br />
demands.<br />
INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER<br />
Pierluigi Paganini, CEH<br />
Pierluigi.paganini@cyberdefensemagazine.com<br />
US EDITOR-IN-CHIEF<br />
Yan Ross, JD<br />
Yan.Ross@cyberdefensemediagroup.com<br />
ADVERTISING<br />
Marketing Team<br />
marketing@cyberdefensemagazine.com<br />
CONTACT US:<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
Toll Free: 1-833-844-9468<br />
International: +1-603-280-4451<br />
SKYPE: cyber.defense<br />
http://www.cyberdefensemagazine.com<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of<br />
CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a)<br />
276 Fifth Avenue, Suite 704, New York, NY 10001<br />
EIN: 454-18-8465, DUNS# 078358935.<br />
All rights reserved worldwide.<br />
PUBLISHER<br />
Gary S. Miliefsky, CISSP®<br />
That’s a hopeful note for all of us operating in the international<br />
arena, since so many of our endeavors are dependent on the<br />
continued ability of these organizations to function under trying<br />
circumstances.<br />
As always, we encourage cooperation and compatibility among<br />
nations and international organizations in responding to these<br />
cybersecurity and privacy matters.<br />
To our faithful readers, we thank you,<br />
Pierluigi Paganini<br />
International Editor-in-Chief<br />
Learn more about our founder & publisher at:<br />
http://www.cyberdefensemagazine.com/about-our-founder/<br />
9 YEARS OF EXCELLENCE!<br />
Providing free information, best practices, tips and<br />
techniques on cybersecurity since 2012, <strong>Cyber</strong> <strong>Defense</strong><br />
magazine is your go-to-source for Information Security.<br />
We’re a proud division of <strong>Cyber</strong> <strong>Defense</strong> Media Group:<br />
CDMG<br />
B2C MAGAZINE<br />
B2B/B2G MAGAZINE TV RADIO AWARDS<br />
PROFESSIONALS<br />
WEBINARS<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 5<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Welcome to CDM’s <strong>June</strong> <strong>2021</strong> Issue<br />
From the U.S. Editor-in-Chief<br />
Once again, we can look to the breadth and focus of the articles submitted by cybersecurity experts to<br />
show where the greatest challenges and best responses are in the world of cybersecurity.<br />
With some two dozen articles in this month’s issue of <strong>Cyber</strong> <strong>Defense</strong> Magazine, our attention is drawn<br />
to identifying the causes, effects, and lessons we can learn from recent cyber exploits. Our contributors<br />
write from a real-world perspective, and offer valuable insights into the vulnerabilities and recovery<br />
efforts involved in the most recent high-profile cases.<br />
We’re pleased to include articles on a full spectrum of recognition of threats, preventive measures,<br />
means of assuring resilience and sustainability, and even the structural aspects of organizations with<br />
responsibility to maintain the confidentiality, accessibility, and integrity of sensitive data.<br />
As always, we strive to make <strong>Cyber</strong> <strong>Defense</strong> Magazine most valuable to our readers by keeping current<br />
on emerging trends and solutions in the world of cybersecurity. To this end, we commend your attention<br />
to the valuable actionable information provided by our expert contributors.<br />
Wishing you all success in your cybersecurity endeavors,<br />
Yan Ross<br />
U.S. Editor-in-Chief<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
About the US Editor-in-Chief<br />
Yan Ross, J.D., is a <strong>Cyber</strong>security Journalist & U.S. Editor-in-Chief of<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine. He is an accredited author and educator and<br />
has provided editorial services for award-winning best-selling books on<br />
a variety of topics. He also serves as ICFE's Director of Special Projects,<br />
and the author of the Certified Identity Theft Risk Management Specialist<br />
® XV CITRMS® course. As an accredited educator for over 20 years,<br />
Yan addresses risk management in the areas of identity theft, privacy,<br />
and cyber security for consumers and organizations holding sensitive<br />
personal information. You can reach him by e-mail at<br />
yan.ross@cyberdefensemediagroup.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 6<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 7<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 8<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 9<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 10<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 11<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 12<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 13<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 14<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 15<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 16<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 17<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 18<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 19<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 20<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 21<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 22<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 23<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 24<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 25<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 26<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 27<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 28<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 29<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 30<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 31<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Key Business Lessons Learned from The SolarWinds Hack<br />
By, George Waller, CEO of Strikeforce Technologies<br />
A full year of disruption by the global pandemic has forced businesses to adapt fast to the shifting remote<br />
work realities. This new dynamic, which has employees using their own computers and accessing<br />
company networks everywhere but the office, has created new headaches and threat vectors for security<br />
and IT professionals.<br />
There’s been a massive increase in global cyber attacks aimed at governments and corporations since<br />
the very first days of COVID-19. By now, most are familiar with the high profile SolarWinds case, a global<br />
intrusion campaign that one Microsoft executive called ‘one of the most widespread and complex events<br />
in cybersecurity history.’ The damage caused by the attack was felt by large enterprises and by the<br />
highest echelons of government alike, demonstrating the ease with which seemingly secure software<br />
systems can be hacked.<br />
Keeping internal systems secure while ensuring sensitive data and personal information isn’t breached<br />
has become a key problem that SMBs and larger enterprises are looking to solve. The current business<br />
landscape has created a perfect environment for cybercriminals to flourish, and we are now seeing<br />
hackers and nation-state actors able to conduct much more sophisticated attacks.<br />
As the work from home trend continues, the SolarWinds attack serves as a lesson for businesses, who<br />
should be looking to implement the right types of resources for building secure networks and work<br />
environments that can foster safe communication and collaboration.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 32<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Exploiting Vulnerabilities<br />
Back in September 2020, two of our customers reported a strange issue. Their employees started to get<br />
authentication requests on their phones for access to the company VPN. They reported this to their IT<br />
departments who then alerted us to the specific issue. Working with their IT departments to figure out<br />
what was happening, we initially thought that it was just a software bug. However, after further analysis<br />
of their logs, we identified that the access attempts were actually coming from Russian IP addresses.<br />
It seemed that the hackers got a hold of the usernames and passwords and were attempting to login to<br />
the company network. What was so strange about this situation is that our customers had state-of-the art<br />
intrusion detection systems that never caught the attack.<br />
Connection to the SolarWinds Attack<br />
Perplexed by this situation, we asked some colleagues in the security community and they said that a<br />
few companies had experienced similar attacks. At the time we didn't think anything of it, and then in<br />
December 2020 the SolarWinds supply chain attack happened.<br />
FireEye detailed the SolarWinds attack in a blog and attributed it to a Russian hacking group. Soon after,<br />
Volexity connected the attack to multiple incidents in late 2019 and 2020, also attributing them to a<br />
Russian hacking group. What was interesting was that Volexity claimed the hackers bypassed the Multi<br />
Factor Authentication (MFA) from Duo Security (now a part of Cisco) by getting the Duo integration secret<br />
key and thereby was able to generate a cookie that bypassed the MFA. Unfortunately, neither Duo’s<br />
system nor the myriad security systems were able to detect and prevent this.<br />
These attacks were eerily similar to the ones our customers experienced back in September, and in a<br />
few different ways. In both scenarios, the attacks were perpetrated by a sophisticated Russian hacking<br />
group (possibly the same group) that had the correct usernames and passwords. Additionally, in both<br />
attacks there was a MFA system in place which was intended to provide additional security.<br />
Best Practices to Protect Against Future Breaches<br />
While the spotlight has been on the way the hackers got in by compromising the update process using a<br />
stolen code signing certificate, the real takeaway from SolarWinds should be that hackers will always<br />
find a way to get in and businesses should focus on trying to prevent the hackers from doing damage<br />
once they are inside the network.<br />
The U.S. government has now begun making moves to strengthen its own cybersecurity measures,<br />
requiring the use of multifactor authentication and data encryption for federal agencies, and<br />
comprehensive vendor disclosure of any security issues, vulnerabilities or breaches to their users.<br />
Moving forward, businesses large and small should be thinking the same way and look to revamp their<br />
security infrastructures and ensure networks are secure and impenetrable. Enterprises must look to<br />
implement technologies that offer multi-layered protection that proactively encrypts keystrokes and<br />
prevents unwanted screenshots or audio captures. Constantly updating software is also important, as<br />
cyber criminals will always look for new ways to exploit bugs and vulnerabilities in outdated systems.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 33<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
In an increasingly insecure world where hackers are constantly looking to prey on a company’s security<br />
weaknesses, businesses must be agile and use every means necessary to protect themselves and their<br />
employees from the next inevitable global breach.<br />
About the Author<br />
George Waller, CEO of StrikeForce Technologies, is an entrepreneur<br />
and technologist with over two decades in the cybersecurity and<br />
computer industries. He played a pivotal role in introducing two<br />
leading cybersecurity technologies: out-of-band authentication and<br />
keystroke encryption to the marketplace. Today, these technologies<br />
are used in banking, health care, education, manufacturing and<br />
government sectors. For more information, please visit<br />
www.strikeforcetech.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 34<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Data Loss Prevention in Turbulent Times<br />
By Otavio Freire, CTO & Co-Founder at SafeGuard <strong>Cyber</strong><br />
Data, the saying goes, is the new oil. This probably understates the case: Not only is data at the core of<br />
the biggest businesses on earth but unlike oil, more and more of it is being created, at an exponential<br />
pace. Around 2.5 quintillion bytes of new data every day, to be precise.<br />
The most valuable forms of data exist within enterprises. Customer data, financial data, intellectual<br />
property – today, companies across industries live or die on the value and integrity of their data. A single<br />
successful phishing attack could spell disaster. However, the speed and volume at which data is<br />
transferred and exchanged, and at which digital interactions occur, presents a serious control problem.<br />
As every CISO knows, data loss prevention (DLP) is critical to protecting the organization. However, the<br />
threat surface is larger than ever – especially in the wake of a wholesale shift to virtual workspaces, and<br />
an accompanying rise in cyber attacks. What are the important things to know about the current DLP<br />
landscape? And how can organizations protect themselves?<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 35<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Dangers of Cloud Channels<br />
Most IT and security professionals know that with great data comes great risk. 59% of IT and security<br />
professionals cite data loss as “one of the risks of greatest concern in digital technologies.”<br />
One of the key factors in DLP risk is third-party cloud channels that are now a ubiquitous feature of the<br />
modern office:<br />
●<br />
●<br />
●<br />
Collaboration platforms like Microsoft Teams and Slack – used by the entire organization for daily<br />
operations.<br />
Social media platforms, like Facebook, Twitter, and LinkedIn – used by marketing teams and<br />
executives for brand building.<br />
Messaging apps, like WeChat and WhatsApp – used by sales teams, customer support, and<br />
many other teams.<br />
Here’s the challenge: these channels escape traditional security protocols. They exist outside the<br />
security perimeter, and they lack the multi-billion dollar security industry that email enjoys.<br />
Moreover, the rapid shift to virtual offices has exacerbated the situation. According to a report, about 57%<br />
of the workforce are working from home right now, and employers expect nearly 40% of employees will<br />
remain working remotely by the end of <strong>2021</strong>. Home offices are notoriously insecure. This is one reason<br />
why, over the past year, 74% of US organizations have experienced a successful phishing attack.<br />
That’s a 14% increase on the previous year.<br />
Principles for a DLP Program<br />
CISOs understand these risks. In a recent survey, we asked 600 senior enterprise IT and security<br />
professionals to see how they rate their current security and compliance risks. One of the top five primary<br />
risk concerns for executives is data loss. Furthermore, 70% are most concerned about the brand and<br />
reputation damage that such threats would bring, followed by potential risk to shareholder value (52%)<br />
and loss of revenue (42%).<br />
These statistics speak for themselves: enterprises want and need to implement data loss prevention<br />
technologies that go beyond a Band-Aid fix. Why? Because many DLP solutions and programs fail to<br />
offer “true prevention” at all. Instead, they offer the cyber version of closing the barn door once the horse<br />
has already bolted. These services often only help in finding or recovering sensitive data which, by the<br />
time it’s been found and recovered, has already made its way to the deep, dark web.<br />
To implement a DLP program that offers true prevention, enterprises need to do the following:<br />
1. Define your DLP strategy's objectives<br />
Talk to your stakeholders and gather their input to help you define your policies and objectives,<br />
and determine:<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 36<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
●<br />
●<br />
●<br />
●<br />
●<br />
Which sensitive data you hold, where they are stored, and the order of prioritization;<br />
Who accesses/is responsible for that particular data set;<br />
The acceptable uses of that data set;<br />
Where it’s allowed to go, and where it’s not;<br />
How responsibility is assumed when a violation happens.<br />
Once these are clear, charter a DLP program structure to ensure order, accountability, and<br />
stakeholder buy-in.<br />
2. Secure “prevention” technologies, not just “cures”.<br />
As I said, most data loss prevention companies don't differentiate data loss prevention from loss<br />
remediation. My advice: Find an effective DLP tool that allows you to:<br />
●<br />
●<br />
●<br />
●<br />
Gain visibility across all your cloud channels, while maintaining privacy.<br />
Implement powers of detection against cyber attacks and threats.<br />
Automate detection and quarantine of messages, attachments, and documents with<br />
sensitive data, as well as the resolution process.<br />
Limitlessly scale your DLP program to accommodate the growing amount and speed of<br />
data going through your channels.<br />
3. Educate employees and executives alike.<br />
Verizon reports human error accounts for nearly 25% of all breaches. Even with an automated<br />
DLP platform, educating your stakeholders and employees on your DLP strategy ensures<br />
maximum protection and accountability.<br />
4. Do not "set and forget".<br />
Regularly schedule audits of your DLP program. Conduct red team exercises to ensure that your<br />
program is still in working condition. Continuous monitoring, evaluation, and refinement of your<br />
DLP process are essential.<br />
With these best practices, companies can greatly improve their DLP strategy and significantly reduce<br />
their digital risk surface. And in these troubled times, that is a level of security that ensures a company’s<br />
resilience.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 37<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
As the President, CTO, and Co-Founder of SafeGuard <strong>Cyber</strong>, Otavio<br />
Freire is responsible for the development and continuous innovation of<br />
SafeGuard <strong>Cyber</strong>’s enterprise platform, which enables global<br />
enterprise customers to extend cyber protection to social media and<br />
digital channels. He has rich experience in social media applications,<br />
Internet commerce, and IT serving the pharmaceutical, financial<br />
services, high-tech, and government verticals. Mr. Freire has a BS in<br />
Civil Engineering, an MS in Management Information Systems, and an<br />
MBA from the University of Virginia Darden School of Business, where<br />
he currently serves as a visiting executive lecturer. To learn more about<br />
SafeGuard <strong>Cyber</strong>, visit the website at http://www.safeguardcyber.com/.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 38<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
A Digital Journey: A Long and Winding Road<br />
How did we build the internet and not secure it?<br />
By David Jemmett, CEO and Founder, Cerberus Sentinel<br />
Many people are under the impression that the internet is essentially safe and secure. We use the internet<br />
daily for email, shopping, and social interaction. We depend on it for such essentials as our medical<br />
records, finances, homes, cars, schools, and power grid. All are reliant on the endless interconnected<br />
computer networks that we call the internet. The internet is an existential mass network that touches<br />
every aspect of our lives. The truth is that the internet is not secure, not even close. The reasons for this<br />
are multi-faceted, complex, and yet in some ways very simple to understand.<br />
We built it open<br />
The Advanced Research Projects Agency network (ARPANET), under the auspices of the U.S.<br />
Department of <strong>Defense</strong>, was originally designed as a military network to interconnect missile silos with<br />
enormous redundancy. Initially ARPANET was created in 1969 for only military use. It was expensive to<br />
operate, so it was distributed to universities that worked on government projects. Ultimately, it was<br />
transitioned to what we now call the commercial internet.<br />
This was unlike the network in China, which was initially built to contain all data by going through the<br />
government portal then distributed throughout the country to their population. The Chinese served as<br />
the data gate and guardians. The U.S. network was rolled out all over the world and was built to be an<br />
open and redundant architecture for anyone to communicate. It grew fast and changed the world.<br />
The internet also was built with the altruistic purpose to share information and open borders around the<br />
world. It was meant to connect people and information digitally, the way a nation’s highways, toll roads<br />
and streets connect us physically. In fact, in the mid-1990s, it was known as the "information<br />
superhighway."<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 39<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
It grew fast<br />
Few people understood or appreciated the potential behind the early internet. With the release of the first<br />
web pages and web browsers, people were able to buy products, and email began to replace fax<br />
machines. Soon, everyone who knew or understood what it could do wanted to connect, and they did.<br />
The thought of helping companies become secure was not a priority. Building and expanding the reach<br />
to the digital doorway of connectivity was the goal. Security was often added as an afterthought and<br />
optional, leaving many opportunities for bad actors to take advantage of an unsuspecting, naive<br />
audience. As the internet grew, many hackers went from being from being curious digital explorers to<br />
become professional criminals focused on financial or political gains.<br />
Wall Street financed the growth<br />
Since the mid-1990s, investors have poured trillions of dollars to expand the growth of the internet. As of<br />
February <strong>2021</strong>, the 10 largest internet companies have a market cap of over $4.4 trillion. Companies<br />
were financed to expand the reach of the internet into all parts of the global economy and rewarded with<br />
rich valuations. The term, “build it and they will come,” became very popular. Capitalism incented the<br />
rapid expansion until the entire economy became an Internet of Things (IOT).<br />
False perception: Little return on investment (ROI) for security<br />
Unlike other technology budget items C-level executives are asked to make, it is challenging to calculate<br />
a ROI for cybersecurity. Since it is difficult to approve a negative spend on an intangible line item, and<br />
no amount of expense can guarantee a network’s safety, it is often all too easy to put off security<br />
spending. This complacency can lead to reduced protection, increasing the likelihood of<br />
an opportunistic attack on what cyber miscreants will see as a soft target.<br />
When a company decides to invest in a cybersecurity solution, it may seem easier to go with a brand<br />
name or well-known product. Leaders today do not see cybersecurity as a risk, because it is an unknown<br />
or most times do not understand it. When executives finally realize it is a possible threat or they have<br />
been breached, they immediately reach for help and want a known entity to solve the problem. In reality,<br />
many of the most seasoned cyber professionals -- those that can best help secure their networks --<br />
operate their own relatively small consultancy and are off their radar.<br />
Missing: culture of security<br />
Few outside the relatively small world of cybersecurity truly understand the real risks or are even aware<br />
of them. Many individuals and even business leaders think that they are generally safe online. Believing<br />
that by avoiding “bad” websites and not clicking on obvious phishing emails, they are relatively secure.<br />
We have faith in our institutions and IT teams and believe they will protect us. While IT professionals are<br />
experts in their field, they often lack the training and practical experience to compete against highly<br />
motivated cyber criminals. While some IT professionals are experts at building and maintaining networks,<br />
some do not think like a criminal or how someone from the outside might enter their network. They may<br />
be experts at IT, but they may not be the most qualified to protect their environments from external<br />
threats.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 40<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Unfortunately, some in IT may miss that the networks they helped design have security flaws. Further,<br />
there is an end-user population that has spent the past two decades with little to no concern about the<br />
risks of the links they may click on or files they download.<br />
Bitcoin makes hacking profitable<br />
The proliferation of cryptocurrencies, primarily bitcoin, has made it even easier to monetize cybercrime.<br />
Previously, hackers could easily access networks and valuable intellectual property, but most were<br />
lone wolves seeing if they could “crack a network." Bitcoin makes it possible to transfer large amounts of<br />
wealth anonymously, attracting well-funded criminal organizations and statesponsored<br />
cybercriminals. With the convergence of the dramatic growth of the internet, cyber thieves<br />
have seen a way to monetize industrial hacking that has created an explosion in criminal<br />
activity. According to research conducted by <strong>Cyber</strong>security Ventures, cybersecurity experts have<br />
predicted that cybercrime will cost the global economy $6.1 trillion annually by <strong>2021</strong>.<br />
Events of 2020<br />
The global pandemic has created more awareness of the importance of cybersecurity. While it has likely<br />
been true for several years, many CEOs now realize that their company’s networks are far more important<br />
than their physical office space. The breach of SolarWinds and FireEye has increased the awareness<br />
that no single security product is going to keep a network completely secure. In fact, security products<br />
can be weaponized against their users, exploiting a false sense of security.<br />
The Talent Gap<br />
Despite the wake-up call of 2020, the human capital to manage these risks can be insufficient. Since<br />
2011, there has been a near zero-unemployment rate in cybersecurity. The 2019/2020 Official<br />
Annual <strong>Cyber</strong>security Jobs Report. Current estimates show that there are over three million open<br />
cybersecurity positions that cannot be filled. We are just beginning to train the next generation of cyber<br />
professionals. The challenge: cyber crime is expected to grow to $10.5 trillion by 2025, which would<br />
represent the largest transfer of wealth in history.<br />
The Path Forward<br />
With so much risk at stake, we need to make cybersecurity a priority. We must increase awareness of<br />
the importance of securing the very fabric of our communications and network. It is incumbent upon<br />
businesses and individuals to acknowledge that attacks occur daily. Good security hygiene needs to<br />
become de rigueur.<br />
A cyber attack in the digital world can be just as catastrophic as Pearl Harbor. This is reality, and it’s a<br />
real concern. Some believe the SolarWinds attack was just such a disaster. Regardless, it was well<br />
planned and orchestrated, but we may have not seen the full impact and damage yet done.<br />
We can and must rise to the challenge of securing the network we have entrusted with our most valuable<br />
assets. More importantly, people must be empowered with information and tools to keep themselves<br />
safe. We must create a culture of security.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 41<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
David Jemmett is the CEO and Founder of Cerberus Sentinel<br />
(OTC: CISO), an industry leader in Managed <strong>Cyber</strong>security and<br />
Compliance (MCCP) services with its exclusive MCCP+<br />
managed cybersecurity and compliance services plus culture<br />
offering. The company seeks to expand by acquiring world-class<br />
cybersecurity talent and utilizes the latest technology to create<br />
innovative solutions that protect the most demanding businesses<br />
and government organizations against continuing and emerging<br />
security threats.<br />
As an industry innovator, Jemmett has more than 20 years of<br />
executive management and technology experience with<br />
telecommunications, managed services, and consulting services.<br />
He has specialized expertise in healthcare, HIPAA, and governmental regulations, and he has been<br />
intimately involved in designing, building, re-vamping, and/or managing networks and data centers<br />
worldwide.<br />
Jemmett has spoken before both the U.S. Congress and Senate Subcommittees on Telecommunications<br />
and Internet Security, and he has shared his expertise on broadband networking technologies as guest<br />
speaker on CBS, CNN, MSNBC, and CSPAN.<br />
Jemmett can be reached online at LinkedIn: https://www.linkedin.com/in/david-jemmett/, Twitter:<br />
@cerberuscsc, and at our company website: https://www.cerberussentinel.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 42<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Why Ensuring <strong>Cyber</strong> Resilience Has Never Been More<br />
Critical or More Challenging Than It Is Today<br />
By Don Boxley, Co-founder and CEO, DH2i<br />
When it comes to optimizing Microsoft SQL Server high availability (HA) and disaster recovery (DR),<br />
there’s a strong correlation between greater database transaction processing performance, business<br />
resiliency, and profitability—particularly for workloads like those in industries like financial services,<br />
though certainly other sectors as well.<br />
The fact is that our world is connected yet fragile, which creates many challenges when it comes to<br />
database HA/DR—specifically with resilience, security, and scalability across on-premises sites, remote<br />
locations, and public clouds. Companies need a way to not only provide database resiliency within an<br />
availability zone or region, but also between zones and regions. With security concerns, enterprises must<br />
ensure data integrity with data constantly moving between isolated networks, such as availability zones<br />
and regions. And with scalability in mind, businesses need a way to both manage and scale the number<br />
of database instances in response to quickly changing behaviors and expectations.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 43<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
An Unworkable “Either-Or”<br />
The new class of cloud-based Microsoft SQL Server users needs a reliable way to take full advantage of<br />
SQL’s HA for local HA and its DR capabilities for remote data protection. But until recently, there’s been<br />
a primary challenge. If these businesses wanted to use SQL Server for both HA and DR on Linux, they<br />
had to either use a Pacemaker-based solution—which requires separate clusters for HA instances and<br />
Availability Groups and relies on virtual private networks (VPNs) for DR—or combine HA SQL Server<br />
instances with some other data replication solution—such as storage replication, block-level replication,<br />
full virtual machine replication, etc.—and VPNs for DR.<br />
This database HA/DR challenge has a big impact on SQL Server. If you think about the problems when<br />
trying to implement a SQL Server AG cluster, Pacemaker clusters, and VPNs, the description that comes<br />
to mind is “science project” architecture. It fails recovery time objective (RTO) and recovery point objective<br />
(RPO) requirements, lacks scalability, has reliability exposure due to insufficient VPN security, and is<br />
also unsustainable from a financial perspective.<br />
“Before and After” Use Case<br />
Consider a “before and after” use case for a large financial services company. The “before” scenario at<br />
the fintech firm is the one described above, with a SQL Server AG, Pacemaker clusters, and VPNs. What<br />
we find is complex and brittle local HA and DR architecture, difficult cluster management with multiple<br />
incompatible clustering technologies, and worse yet, long system-outages (RTO) with manual failover<br />
management between clusters and datacenters. What’s more, there’s high network security exposure<br />
with VPN lateral network attack surfaces, as well as the need to maintain pricey infrastructure.<br />
When the fintech company shifts gears, however, and implements multi-platform Smart Availability<br />
clustering software to run on top of SQL Server, the result is both faster transaction processing and better<br />
uptime. The key is to leverage Smart Availability software for SQL Server that can not only increase the<br />
performance of SQL Server AGs, but also simplify SQL Server workload management, respond to<br />
channel partner and end customer requirements for improved SQL Server database resilience, and offer<br />
Zero Trust security and scalability across private and public clouds as well as between on-premises and<br />
remote locations. In the case of a fintech company that needs to combine local HA and remote data<br />
protection, the organization can potentially decrease SQL Server costs by up to 50 percent.<br />
Overcoming Traditional Challenges<br />
Looking in more detail at the “after” use case in this regard, it features easy system management and<br />
evergreen infrastructure compatibility, starting with a simplified, standardized local HA and DR<br />
architecture with a single cluster. In addition to accelerated RPO via micro-tunnels for triple the SQL<br />
Server AG performance, Smart Availability software also allows for speedy (sub-15 second) RTO with<br />
easy, automatic failover management end-to-end.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 44<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
In terms of data safeguards, some of the latest Smart Availability software even includes patented SDP<br />
technology for secure multi-site, multi-cloud network communications, offering a strong network security<br />
position by eliminating the VPN lateral network attack surface. And the point many fintech IT departments<br />
will appreciate the most: it offers a high ROI and reduces costs by eliminating replication of servers and<br />
multiple clustering technologies (Windows Server Failover Cluster or Pacemaker), SQL Server licenses,<br />
and VPNs.<br />
While it’s certainly not new to have enterprise data management systems offering HA clustering, such<br />
technologies aren’t efficient in the cloud or between datacenters. New Smart Availability software<br />
addresses these challenges with its cross-cloud, hybrid IT, and datacenter to datacenter clustering<br />
technology. The software is particularly effective for Microsoft SQL Server, and allows organizations to<br />
run HA, distributed SQL Server clusters on Linux and Windows—without the complexity and performance<br />
limitations of traditional clustering, replication, and VPN technologies.<br />
About the Author<br />
Don Boxley, CEO and Co-Founder, DH2i. Don Boxley Jr<br />
is a DH2i co-founder and CEO. Prior to DH2i, Don held<br />
senior marketing roles at Hewlett-Packard where he was<br />
instrumental in sales and marketing strategies that resulted<br />
in significant revenue growth in the scale-out NAS<br />
business. Don spent more than 20 years in management<br />
positions for leading technology companies, including<br />
Hewlett-Packard, CoCreate Software, Iomega, TapeWorks<br />
Data Storage Systems and Colorado Memory Systems.<br />
Don earned his MBA from the Johnson School of<br />
Management, Cornell University.<br />
Don can be reached online at don.boxley@dh2i.com, Twitter: @dcboxley, and LinkedIn: First Name can<br />
and at our company website https://dh2i.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 45<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Uncovering hidden cybersecurity risks<br />
By Adam Nichols, Principal of Software Security at GRIMM<br />
The technology we use and depend upon has critical vulnerabilities in their software and firmware, lurking<br />
just beneath the surface of the code. Yet, our process has not changed. A week does not go by where<br />
we are not reading about a serious vulnerability in the news and subsequently scrambling to see if we<br />
are affected.<br />
This scramble, this mad dash, is a process we have all become accustomed to. The series of anxiety<br />
inducing questions start to hum around our organizations, “Are we using the affected software? Are our<br />
configurations vulnerable? Has an attack been detected? Should we apply a patch as soon as possible<br />
to prevent exploitation, but in doing so risk the side effects of adding an untested patch?”<br />
While trying to protect one’s organization from potential threats, the lifespan of the vulnerabilities in<br />
question are overlooked. If the vulnerabilities found were in recently added features, they may not have<br />
an impact on the organization if you are using stable or long-term-support software. On the other hand,<br />
if the vulnerabilities have been around for a long time, it begs the question of how they went unnoticed<br />
for so long. More importantly, how can we find these things earlier, before there is a crisis?<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 46<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Case studies<br />
Recently, the GRIMM independent security research team began to build a case of examples to display<br />
that there is an underlying risk being accepted, perhaps unknowingly, by a large number of organizations.<br />
The two examples that can be discussed publicly 1 are a Local Privilege Escalation (LPE) vulnerability in<br />
the Linux kernel and a Remote Code Execution (RCE) vulnerability in an enterprise time synchronization<br />
software product called Domain Time II. These two examples show the ability of vulnerabilities to be<br />
present in widely used products without being detected for well over a decade.<br />
The bugs that were exploited to construct the Linux LPE were originally introduced in 2006. The exploit<br />
allowed an unprivileged user to gain root access, and it affected several Linux distributions in their default<br />
configurations. The Domain Time II vulnerability allowed a network attacker to hijack the update process<br />
to trick the person applying the update to install malware. The underlying vulnerability was present at<br />
least as far back as 2007. Although the name might not be familiar, the software is used in many critical<br />
sectors, such as aerospace, defense, government, banking and securities, manufacturing, and energy.<br />
How do you uncover and/or mitigate these risks before they become an emergency?<br />
Strategies for addressing this risk<br />
There are a number of different ways organizations can attempt to address the risk of unknown<br />
vulnerabilities, each with their own strong points and limitations. It takes a combination of them for optimal<br />
coverage. Typical threat intelligence only informs you of attacks after they happen. This information may<br />
be helpful, but it will not allow you to truly get ahead of the problem.<br />
Maintaining an inventory of your environment is part of the solution, but without having a software bill of<br />
materials, there's a risk that things will be missed. For example, GitLab uses the nginx web server, so if<br />
someone only sees GitLab on the asset list, they may not realize that they are also impacted by<br />
vulnerabilities in nginx<br />
To control costs, traditional penetration tests are either scoped to be a mile wide and an inch deep, or<br />
they're very deep, but limited to one particular system. These engagements are valuable, but it's not<br />
feasible to have in depth penetration tests on every single product that an organization uses.<br />
Having your own dedicated team of security researchers can address the shortcomings of the<br />
approaches above. An internal team will have a holistic view of your security posture, including the<br />
context of what is most important to your organization along with the ability to dig in and go where their<br />
research takes them.<br />
1<br />
More examples are currently under embargo while we complete the coordinated disclosure process. These will be made<br />
public in due time.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 47<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Rise of the Information Assurance team<br />
Information assurance teams focus on the products that your organization depends on. They can work<br />
with your incident response team to see the trends specific to your industry and your organization. Senior<br />
software security researchers will provide the intuition needed to know where the vulnerabilities are likely<br />
to be present, so the efforts are focused on the components which are most likely to have the biggest<br />
hidden risk. The team should also include at least one person with threat modeling experience, who is<br />
able to quickly determine which components pose the biggest risk to your institution.<br />
Having a diverse skill set is critical to the success of information assurance teams. Their mission should<br />
be to uncover and mitigate these hidden risks. They need the freedom to operate in a way that makes<br />
the best use of their time. This likely includes integrating them with the procurement process so they can<br />
attempt to make sure things don't get worse. It means relying on their expert judgement to determine<br />
what systems they should look at, establish the order in which those systems should be investigated, and<br />
when it is time to stop looking at a single piece of a system and move on to the next one.<br />
If you are thinking that this sounds a lot like Google's Project Zero, you're right. The difference is that the<br />
project zero team is focused on products that are important to them, which likely only partially overlaps<br />
with the things that are important to you. Having a team that is working for you solves this problem.<br />
A team like this takes time to build, and it is expensive, which means it's not an option for everyone. If<br />
it's not an option in your organization, you must ask yourself how you're going to solve the problem.<br />
Some options would be to:<br />
●<br />
●<br />
●<br />
●<br />
outsource this work to an external team<br />
depend on isolation, exploit mitigations, and network defenses<br />
leverage cyber insurance<br />
simply accept the risk<br />
It's important to always acknowledge the last option: accepting risk. Risk acceptance is always an option,<br />
and it's important that it be a choice, not something that was arrived at due to inaction.<br />
Even if you have an information assurance team at your disposal, it does not mean that other efforts are<br />
no longer necessary. Partnering with external security research teams, audits, penetration testing,<br />
network isolation, sandboxing and exploit mitigations are all still valuable tools to have in your toolbelt.<br />
Understanding the shortcomings of each tool is the key to validate that they are being layered in a way<br />
that keeps your organization protected.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 48<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Adam Nichols is the Principal of Software Security at GRIMM. He<br />
oversees all of the application security assessments, threat modeling<br />
engagements, and is involved with most of the projects involving<br />
controls testing. It's not uncommon for him to be involved at the<br />
technical level, helping with exploit development, and ensuring that all<br />
the critical code is covered.<br />
Adam also oversees the Private Vulnerability Disclosure (PVD)<br />
program, which finds 0-days and provides subscribers an early warning<br />
so they can get mitigations rolled out before the information becomes<br />
public.<br />
Adam can be reached online at adam@grimm-co.com or via the company website at http://www.grimmco.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 49<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Solution to Overcoming <strong>Cyber</strong> Threats in A 5g World<br />
Optical Wireless Communciations (Owc) Will Be Key For Maximizing Security<br />
By Michael Abad-Santos, Senior Vice President of Business Development and Strategy,<br />
BridgeComm<br />
Nearly 6 billion Internet of Things (IoT) devices were in service worldwide at the end of 2020, according<br />
to Gartner. But mobile operators aren’t the only ones chasing that opportunity. Hackers are, too.<br />
Each additional IoT device creates another potential back door for hackers to steal identities, financial<br />
records and other confidential information, or take control of vehicles and critical infrastructure such as<br />
public water supplies. All of these cyber attacks have been around for years, but there are several<br />
reasons why 5G significantly increases the opportunities and vulnerabilities:<br />
• 5G is more than just an evolutionary step, like 4G was for 3G. It’s a fundamentally different<br />
architecture based on virtualized, highly distributed, software-defined infrastructure. All of this<br />
creates a steep learning curve for both operators and their vendors. It’s inevitable that they’ll<br />
overlook many of the cyberattack vectors that the 5G architecture enables.<br />
• Private networks will be even more common in 5G than they are in 4G. Owned by factories and<br />
other enterprises, private 5G networks are potential back doors into operator networks. For<br />
example, a hacker could target an enterprise network not to attack the IoT devices that use it, but<br />
rather as a route into the mobile operator’s 5G network and the IoT endpoints, smartphones and<br />
other devices that use it.<br />
• 5G relies heavily on application programming interface (APIs) to support service functions. This<br />
architecture lays the foundation for API-enabled hacks like the one used to target SolarWinds.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 50<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
With 3G and 4G, mobile operators and vendors touted cellular as being inherently more secure than Wi-<br />
Fi, which hackers had learned how to eavesdrop on to harvest data traffic. But this creates a false sense<br />
of security — one that carries over to 5G, too. As long as the standard for wireless communications is<br />
radio frequency (RF), the IoT network signal can be intercepted and potentially decrypted to obtain<br />
sensitive information.<br />
OWC is inherently more secure than RF. One reason is because an RF signal is delivered to both<br />
intended and unintended recipients. Some unauthorized recipients may have the ability to decrypt that<br />
data.<br />
By comparison, a laser is focused on the intended recipient, making it extremely difficult for unintended<br />
users to detect that signal, let alone eavesdrop on the voice, video or data that it carries. This inherent<br />
security is a major reason why government agencies such as the U.S. Department of <strong>Defense</strong> and many<br />
commercial users are so interested in optic wireless as an alternative to RF.<br />
Another key benefit is speed. For example, optical communications systems that support over 100 GB<br />
per second in point-to-point links have been developed.<br />
OWC’s security and speed do not come with a hefty price premium, either. Overall, from a size, weight,<br />
power, and cost perspective, an OWC solution will be less expensive than its RF equivalent. One of the<br />
main advantages of OWC is that its operating spectrum is currently un-regulated, and thus there is no<br />
cost for utilizing the particular spectrum. The acquisition cost of 5G spectrum on the other hand can be<br />
quite costly as evidenced by the recent FCC Auction 107, which closed at a staggering $80.9 billion for<br />
use of the 3.7-3.98 GHz band. As seen in the evolution of electronics technology, it is expected that not<br />
only do the next generation of capabilities come cheaper on a unit basis (e.g., cost per bit), but must<br />
come down geometrically. OWC equipment will do just that as its ability to do 10 to 100 gigabits will be<br />
very efficient.<br />
Optical wireless also can complement 5G. One example is providing fronthaul or backhaul to cell sites in<br />
rural communities and other remote areas where fiber and copper are unavailable or prohibitively<br />
expensive to build out and RF would not support high enough throughput to support the traffic. For both<br />
public and private 5G networks — regardless of location — optical wireless connectivity also provides a<br />
way to address vulnerabilities on the backhaul or fronthaul.<br />
In these scenarios, optical wireless serves as a powerful new layer of security for 5G networks — and all<br />
of the IoT applications running over them. Considering all of the emerging threat vectors that mobile<br />
operators, private network owners and end users will have to contend with in a 5G world, optical wireless<br />
is in the right place at the right time.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 51<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Michael Abad-Santos is senior vice president of business<br />
development and strategy at BridgeComm, bringing more than<br />
20 years of experience in the telecommunications and satellite<br />
industries with a focus on the government market sectors, both<br />
domestic and international. Prior to BridgeComm, Michael<br />
served as chief commercial officer at satellite communications<br />
solutions provider Trustcomm, Inc. before joining LeoSat<br />
Enterprises as senior vice president, Americas, overseeing<br />
commercial activities, strategy development and execution in<br />
the Americas region as well as government activities<br />
worldwide. In addition to helping secure pre-series A<br />
investments of $20 million, he helped secure two strategic<br />
investment partners and more than $2B million in pre-launch<br />
memorandums of understanding (MOUs) for commercial<br />
services.<br />
Michael also held various leadership roles at Inmarsat over a 10-year period, including serving as senior<br />
vice president of its global government division. A sought-after subject matter expert and speaker, he has<br />
presented at industry-leading events including SpaceCom, ITEXPO and MILCOM among others and is<br />
a consultant at the Software Engineering Institute at Carnegie Mellon University working with Department<br />
of <strong>Defense</strong> leadership on the intersection of software engineering and space and weapons systems<br />
development.<br />
Michael can be reached online on LinkedIn and at our company website http://www.bridgecomminc.com/.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 52<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Don’t Wait, Automate<br />
How An Independent Management Plane Can Secure<br />
Your Network from Anywhere<br />
By Todd Rychecky, Vice President of Americas, Opengear<br />
Whether you’re an international e-commerce company, the local corner flower shop, or anything in<br />
between, in this perpetually connected world, your network is your business. If that network goes down,<br />
a business’s ability to communicate and transact goes down with it. While the CEO of that international<br />
company probably ends up on TV the next day trying to explain why the company’s numbers are off, the<br />
rest of us mostly just feel powerless and frustrated, but a network outage affects every business in some<br />
way. The good news is that there’s an equally simple and effective solution no matter the size of your<br />
business or your network – the independent management plane.<br />
The concept of an independent management plane is based on a relatively simple premise – don’t use<br />
your network to manage your network. In the past, it was known as out-of-band management, but as<br />
automation has continued to evolve, it has become all the more important – and all the more feasible –<br />
to create a truly independent platform for managing remote networks – a platform that will also help you<br />
create increased security and avoid dreaded truck rolls.<br />
Most of the time, when we hear about some monolithic company’s network going down, it's usually some<br />
sort of configuration error. Configuration and firmware updates typically need to be made several times<br />
a month, and when an error occurs, it locks the device – and it can lock you out right along with it. That's<br />
a real problem, so you have to regain access to it at all costs.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 53<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
As much as “try turning it off and turning it back on” has become a running joke when it comes to IT<br />
support, rebooting a router is still the best way to fix it, but most on-site network teams are relatively<br />
small, and most truck rolls can cost a company upwards of $1,000 – and that’s only if that “truck” doesn’t<br />
end up being an airline ticket. Either way, it could take 10 minutes or 10 hours, but with a comprehensive<br />
independent plane management platform, you can easily remove all of that uncertainty and have your<br />
network back up and running in no time.<br />
When it comes to security, the independent management plane also provides additional peace of mind<br />
in the face of potential security breaches that have become an increasingly frequent and severe threat to<br />
organizations throughout every industry:<br />
• Since the beginning of the COVID-19 pandemic, the FBI has reported a 300 percent increase in<br />
cybercrimes.<br />
• Between January and April of 2020, could-based cyber attacks rose by 630 percent.<br />
• According to International Data Corporation, there will be 55.7 billion connected devices in the<br />
world by 2025, 75 percent of which will be connected to the Internet of Things (IoT)<br />
If all of your network’s administration or management ports are connected to the production network and<br />
an attack occurs, IT infrastructures are exposed and can be accessed. However, if the port is connected<br />
to an out-of-band management system, the LAN can’t access any administration consoles on that<br />
equipment, making it extremely secure. Since it separates management traffic and the user, engineers<br />
can lock down parts of the network, restrict access, and secure the management plane.<br />
While the idea of an independent management plane is relatively new in this particular form, part of the<br />
beauty of it is that it depends on older – but ultimately more reliable – technology. For years, network<br />
teams used Plain Old Telephone Service (POTS) lines to access routers’ serials ports, which, other than<br />
physically rebooting it on-site, is the best way to access a locked device. With the advent of 3G – and<br />
subsequently faster – cellular speeds, it’s become possible to proactively monitor and remediate those<br />
same devices because the entire platform is now IP-based, which means it can send SMS or email alerts<br />
as well.<br />
The development of 4G LTE opened up even more opportunities to create independent network<br />
resilience, especially at the edge. This versatility is even more crucial in the modern landscape, where<br />
most businesses have moved away from the traditional model – office, branch office, distribution center<br />
– and toward remote work models and Internet of Things-enabled devices. Because 4G is stronger and<br />
faster, it allows you to all of the necessary network maintenance from a separate network without<br />
sacrificing any critical edge bandwidth.<br />
The true beauty of an independent management plane is that it can also be used proactively to deploy<br />
new data centers through zero-touch provisioning. With the proper device and pre-determined<br />
configurations, racks of switches can be set up without any significant interaction with the device, whether<br />
those switches are physical or cloud-based. Most of the time, when a network goes down, it’s due to<br />
human error, which is why this type of automation is so important – not only for more efficient<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 54<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
configuration, but also for faster additional deployments. If you want to expand your business into other<br />
regions at scale, then you’re going to need a network that can expand along with you, and the best way<br />
to make that happen is through automation.<br />
When we’re at home, stretching our personal networks to the brink with multiple devices, we hardly think<br />
twice about it when that network finally goes down, almost as if it’s a relative inevitability. In enterprise,<br />
it’s essentially the same dynamic, save for one key difference – the effects of lost time and transactions.<br />
By creating and implementing and independent, automated management plane platform, your customers<br />
will be much happier – even if they never really know why – and you’ll sleep better at night.<br />
About the Author<br />
Todd Rychecky is VP of Americas for Opengear, responsible for developing<br />
and executing sales strategies, multiple business initiatives, hiring and talent<br />
development, setting performance goals and growing the business. He joined<br />
the company in 2008 and was the first sales and marketing hire. Rychecky<br />
earned a bachelor’s degree in biology from Nebraska Wesleyan University.<br />
Todd can be reached online on LinkedIn and at our company website<br />
https://opengear.com/.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 55<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Exploring the Synergies Between HIPAA Compliance and<br />
<strong>Cyber</strong>security<br />
Dr. Rachael Bailey, Healthcare IT Content Consultant at Atlantic.Net<br />
As the world finds itself in the clutch of a global pandemic, it is evident that cybercriminals are using the<br />
crisis to their advantage, coming up with novel ways to target businesses at an increasingly vulnerable<br />
time for them. Indeed, the US <strong>Cyber</strong>security and Infrastructure Security Agency (CISA) and UK National<br />
<strong>Cyber</strong> Security Centre (NCSC) issued a joint statement declaring an increase in COVID-19-related<br />
malicious activity.<br />
COVID-19 has brought many changes into our lives, such as social distancing and remote working, and<br />
these are likely to be a part of our ‘new normal’ for some time. Businesses and individuals must learn to<br />
adapt the way in which they work, in order to address the new cybersecurity risks that they face.<br />
<strong>Cyber</strong>criminals Seek To Target the Healthcare Industry<br />
With the value of patient data soaring and many healthcare organizations still using legacy systems,<br />
businesses within the healthcare vertical have become a prime target for cyberattacks during the<br />
pandemic. Compared with other industries, the healthcare sector falls behind in the deployment of new<br />
technologies, instead of relying on outdated cybersecurity infrastructure that leaves them vulnerable to<br />
malicious attacks.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 56<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Data breaches can lead to huge financial losses for the healthcare industry, as well as the consequences<br />
associated with compromised patient data. While dealing with the large-scale disruption and strain<br />
caused by COVID-19, healthcare providers have also had to face heightened cyber threats, including<br />
ransomware, malware, and phishing attacks. <strong>Cyber</strong>criminals have taken advantage of the rapid scaleup<br />
of telehealth and remote learning to wreak maximum havoc on an extremely strained healthcare system<br />
and fatigued healthcare professionals.<br />
In response, the HHS Office for Civil Rights (OCR) has released guidance standards relating to telehealth<br />
remote communications, emphasizing its discretion at enforcing Health Insurance Portability and<br />
Accountability Act (HIPAA) violation penalties on the provision of telehealth services during the pandemic.<br />
Following HIPAA Guidelines Is Not Sufficient<br />
Maintaining the integrity of protected health information (PHI) is imperative and the past year has<br />
highlighted how vital it is that healthcare organizations implement and maintain effective and robust<br />
cybersecurity measures. HIPAA legislation, passed by Congress in 1996, establishes the guidelines for<br />
protecting sensitive patient data, describing the key physical, technical and administrative safeguards<br />
that an organization should have in place. Noncompliance with HIPAA regulations can lead to hefty fines<br />
and other significant consequences for Covered Entities.<br />
HIPAA legislation contains two key rules that work in tandem to maintain the integrity of patient data - the<br />
Privacy Rule and the Security Rule. The Privacy Rule focuses on an individual's right to protect the<br />
confidentiality of their information in any form, while the Security Rule is concerned solely with the<br />
protection of electronic PHI. This means that the Security Rule covers the implementation of effective<br />
cybersecurity measures, however, the guidance that it provides is open to interpretation.<br />
Healthcare Entities and their Business Associates are required to abide by the necessary HIPAA<br />
guidelines to ensure regulatory compliance, however, as the cyber threat landscape rapidly evolves,<br />
compliance with established HIPAA laws may no longer be enough.<br />
The healthcare industry is expanding at a rapid pace, and so too are the regulatory and compliance<br />
requirements. After navigating through the intricacies of HIPAA compliance, healthcare organizations<br />
may assume that their infrastructure is secure against cyberattacks, but this is simply not the case. Full<br />
HIPAA compliance does not guarantee adequate cybersecurity and further measures should not be<br />
overlooked. In order to create a safe and secure infrastructure for the collection and storage of PHI,<br />
healthcare organizations must focus on the synergistic relationship between HIPAA compliance and<br />
<strong>Cyber</strong>security, exploring how the two concepts can support and empower one another.<br />
Why Does HIPAA Need <strong>Cyber</strong>security?<br />
As HIPAA regulations predate emerging cybersecurity threats, we must consider how they address the<br />
risk of a data breach. HIPAA legislation does not offer healthcare providers a comprehensive plan<br />
detailing how compliance should be achieved, this means that the level of compliance can vary greatly<br />
between organizations. Without paying close attention to security risks, organizations can leave<br />
themselves vulnerable to attack.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 57<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
In February 2016, the OCR published a crosswalk, connecting the HIPAA Security Rule with the National<br />
Institute of Standards and Technology’s (NIST) <strong>Cyber</strong>security Framework. This document maps the<br />
overlaps between the two frameworks and as the Security Rule offers flexible and scalable guidance,<br />
aligning it with the NIST <strong>Cyber</strong>security Framework allows Covered Entities to identify and correct<br />
vulnerabilities in their cybersecurity. By complying with NIST’s <strong>Cyber</strong>security Framework and<br />
implementing the necessary HIPAA safeguards, healthcare organizations can protect themselves from<br />
even the most serious data breaches and subsequent consequences, while ensuring HIPAA compliance.<br />
Moving forwards, the events of 2020 look set to change the way we approach data security and we can<br />
anticipate reforms being made to legislation in <strong>2021</strong>. The HHS has already hinted change may be on the<br />
horizon for the Privacy Rule, perhaps plans for the Security Rule are also being considered.<br />
The last major overhaul to HIPAA legislation was in 2013, with the Final Omnibus Rule. This rule<br />
introduced many of the privacy and security recommendations of HITECH. However, much has changed<br />
to the cybersecurity landscape since 2013, and the threats facing healthcare organizations today are far<br />
more advanced. Considering ransomware, the onslaught of this malware happened well after 2013. So<br />
it is conceivable why some people are calling for a major shakeup.<br />
Looking at the healthcare technology trends, cybersecurity will remain a key focus of the healthcare<br />
industry over the coming year, as we learn from our experiences during the pandemic and look to better<br />
protect our valuable patient data, including big data analytics as this becomes more commonplace. It<br />
remains to be seen whether the OCR will take this opportunity to update HIPAA regulations, taking into<br />
account the evolution in cyberattacks that were not accounted for when the law was enacted.<br />
About the Author<br />
Dr. Rachael Bailey, Healthcare IT Content Consultant at Atlantic.Net.<br />
A graduate of the University of Chester and postgraduate of the University<br />
of Liverpool, with a Ph.D. in Gastroenterology and Cell Biology and a Firstclass<br />
degree in Biomedical Sciences. An experienced and passionate<br />
medical writer and an expert in writing scientific documents, regulatoryrelated<br />
documents, and articles discussing US Healthcare and<br />
Compliance.<br />
Rachael can be reached online at website https://www.atlantic.net/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 58<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Whom Do You Give Access to Community?<br />
By Milica D. Djekic<br />
The community is a very broad term including the social, business and organizational aspects of some<br />
group. By community we mean the members of some network that are correlated with each other through<br />
a certain set of rules and interactions. In the best case, those parts of the group work for a benefit of their<br />
community and anyone being damaging about the union can be recognized as an insider threat. The<br />
appealing stuff is any insider threat cell can generate the new inner risk making the community being<br />
harmful about itself as well as anyone else in its surrounding. In the practice, there are some best<br />
practices in preventing, managing and responding to the insider risks, but the ongoing situation<br />
demonstrates that we still need to learn how to tackle that concern. Today’s threats are well-implemented<br />
into all segments of our activities and it’s only the matter of time when some of them will become the<br />
inner risk to all. That’s nothing new for a defense community as the similar scenario has been noticed<br />
during the history. Every novel epoch will bring the new challenges and some responses from the past<br />
can be modified and adjusted to the current situations. The worst-case scenario with the insider threats<br />
is they can generate the new risks literally multiplying themselves as a virus trying to infect everyone in<br />
the group or wider. This topic is especially concerning in the area of transnational crime and terrorism as<br />
those malicious actors can try to spread their grids nearly anywhere. In other words, they can be like a<br />
spider attempting to catch any naive fly believing there is nothing critical about such a transparent, but<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 59<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
powerful net. One by one anyone can be compromised or caught with the endless world of criminalities,<br />
so far.<br />
From that perspective, it seems the most concerning thing to insider risk is to get an access to community<br />
as once implemented into some environment it can begin to develop its net of threats to everyone being<br />
inside or anyhow connected to that unit. That is primarily sensitive in case of the terrorist cells for a reason<br />
those groups are capable to approach the community members relying on propaganda, psychological<br />
operations and brainwashing programs that can be shared through the cyberspace or in the other means.<br />
The content being sent through such a matter is created to sound carelessly and benignly, but the actors<br />
hiding behind could be the real monsters. In other words, the point is to access some community leaving<br />
its members in belief nothing dangerous is happening and once the people get convinced there is no<br />
reason for fear they will put their weapon down giving the keys of their heart to someone being ready to<br />
break it into the pieces. The experience shows the common targets of those campaigns are the members<br />
of the general population and if the terrorists want to conquer the world they could attempt to rule over<br />
our minds using their carefully prepared psychological operations. The fact is the human mental system<br />
is the ultimate governor of the entire body, soul and psyche, so once attacked it can get in the hands of<br />
bad guys and in such a case the entire life path can be directed as those malicious actors wish. The body<br />
cannot live without mind and anyone knowing that will aim the center of everything. If the source of our<br />
strength is disabled the rest of our functioning will be conquered.<br />
As anyone will realize the main problem here is the access. The current situation in the world will suggest<br />
that everyone has become dependable on cyber technologies and that life habit is the greatest source of<br />
our weakness as such an innovation can be used in order to transfer the inadequate content to end users<br />
and literally feed them with so frightening products, so far.<br />
About The Author<br />
Milica D. Djekic is an Independent Researcher from Subotica, the<br />
Republic of Serbia. She received her engineering background from<br />
the Faculty of Mechanical Engineering, University of Belgrade. She<br />
writes for some domestic and overseas presses and she is also the<br />
author of the book “The Internet of Things: Concept, Applications<br />
and Security” being published in 2017 with the Lambert Academic<br />
Publishing. Milica is also a speaker with the BrightTALK expert’s<br />
channel. She is the member of an ASIS International since 2017 and<br />
contributor to the Australian <strong>Cyber</strong> Security Magazine since 2018.<br />
Milica's research efforts are recognized with Computer Emergency<br />
Response Team for the European Union (CERT-EU), Censys<br />
Press, BU-CERT UK and EASA European Centre for <strong>Cyber</strong>security<br />
in Aviation (ECCSA). Her fields of interests are cyber defense,<br />
technology and business. Milica is a person with disability.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 60<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Reapproaching <strong>Cyber</strong>security in A Digital First World<br />
By Paul German, CEO, Certes Networks<br />
For too long now, organizations have been focusing on protecting their network, when in fact they should<br />
have been protecting their data. The reality that the security industry discusses network security, but data<br />
breaches, shows it’s clear that something needs to change. Paul German, CEO, Certes Networks,<br />
outlines why the security industry has been protecting the wrong thing and what they can do to ensure<br />
their data is secure.<br />
Starting with Data Breaches<br />
Considering some of the largest data breaches the world has ever seen, it’s clear that cyber hackers<br />
consistently seem to be one step ahead of organizations that seemingly have adequate protection and<br />
technology in place. From the 2013 Adobe data breach that resulted in 153 million user records stolen,<br />
to the Equifax data breach in 2017 that disclosed the data of 147.9 million consumers, the lengthy Marriott<br />
International data breach that compromised the data from 500 million customers over four years, to the<br />
recent Solarwinds data breach at the end of 2020, over time it’s looked like no organization is spared<br />
from the damaging consequences of a cyber hack.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 61<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The media headlines refer to these attacks as ‘data breaches’, yet the default approach to data security<br />
for all these organizations has been concentrated on protecting the network - to little effect. In many<br />
cases, these data breaches have seen malicious actors access the organization’s network, sometimes<br />
for long periods of time, and then have their choice of data that’s left exposed and vulnerable.<br />
So what’s the reasoning behind maintaining this flawed approach to data protection? The fact is that<br />
current approaches mean it is simply not possible to implement the level of security that sensitive data<br />
demands when it is in transit without compromising network performance. Facing an either/or decision,<br />
companies have blindly followed the same old path of attempting to secure the network perimeter, and<br />
hoping that they won’t be subject to the same fate as so many before them.<br />
However, consider separating data security from the network through an encryption-based information<br />
assurance overlay. This means that organizations can ensure that even when malicious actors enter the<br />
network, the data will still be unreachable and illegible, keeping the integrity, validity and confidentiality<br />
of the data intact without affecting overall performance of the underlying infrastructure.<br />
Regulations and compliance<br />
Regulations such as GDPR have caused many problems for businesses globally. There are multiple data<br />
regulations businesses must comply with, but GDPR in particular highlighted how vital it is for<br />
organizations to protect their sensitive data. In the case of GDPR, organizations are not fined based on<br />
a network breach; in fact, if a cyber hacker were to enter an organization’s network but not compromise<br />
any data, the company wouldn’t actually be in breach of the regulation at all.<br />
Regulations including GDPR and others such as HIPAA, CCPA, CJIS or PCI-DSS, are focused on<br />
protecting vulnerable data, whether it’s financial, healthcare or law enforcement data. The point is: it all<br />
revolves around data, but the way in which data needs to be secured will rely on business intent. By<br />
implementing an intent-based policy, organizations can ensure their data is being handled and secured<br />
in a way that will meet business goals and deliver provable and measurable outcomes, irrespective of<br />
how the regulatory environment might evolve over time - as it inevitably will.<br />
Preventing data breaches<br />
The growth in digitization means that there is now more data available to waiting malicious actors, and<br />
sensitive data is becoming increasingly valuable across all business sectors.<br />
To ensure the continued security of valuable, sensitive data, a change in mindset is required when it<br />
comes to any cyber security investment. A CISO must consider essential questions, for example: Will<br />
this technology protect my data as it moves throughout the network? Will this solution keep data safe,<br />
even if criminals are able to hack into the network? Will this strategy ensure the business is compliant<br />
with regulations concerning data security, and that if a network breach does occur, the business won’t<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 62<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
isk having to pay any fines? The answer to these questions must be yes in order for any CISO to trust<br />
that their IT policy is effective and their data is safe.<br />
Moreover, with such a significant volume of data to secure, real-time monitoring of the organization’s<br />
information assurance posture is vital in order to efficiently and quickly react to an issue, and remediate<br />
it. With real-time, contextual meta-data, any non-compliant traffic flows or policy changes can be swiftly<br />
detected on a continuous basis to ensure the security posture is not affected. This means that a data<br />
breach would not follow in the wake of a network breach, which is inevitable.<br />
Removing the misdirected focus on protecting an organization’s network by implementing an information<br />
assurance approach that is concerned with securing data, is the best way that the security industry can<br />
move away from the damaging data breaches of the past. There really is no reason for these data<br />
breaches to frequently feature in the media headlines; the technology needed to keep data secure is<br />
ready and waiting for the industry to take advantage of. In order to avoid suffering the same fate as many<br />
organizations who have not protected their data, companies must secure their most valuable asset - in<br />
order to protect themselves and their reputation.<br />
About the Author<br />
Paul German is the CEO of Certes Networks. Paul is an experienced sales<br />
focused CEO with over 20 years of experience in selling, marketing,<br />
implementing and supporting networking and security technologies. He<br />
joined Certes in January 2015 where he initially led the EMEA region growing<br />
revenues 50% and establishing key relationships selling into multiple vertical<br />
markets, on which further success will be scaled. Paul prides himself with<br />
building great teams, knowing the right team will ultimately make the<br />
company successful. With Paul’s broad background in sales and marketing,<br />
operations, technology management, design and development he is able to<br />
bring teams together and lead successfully, establishing a solid foundation<br />
for future growth. Paul German can be reached online at Twitter:<br />
@pwgerman, LinkedIn: Paul German and at our company website https://certesnetworks.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 63<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Penetration Testing 101: A Key to Safeguarding Clients’<br />
Data<br />
How can companies identify vulnerabilities, protect digital assets, and prevent reputational or<br />
money losses? Focus more on cybersecurity with penetration testing at the forefront.<br />
By Mike Urbanovich ― Head of test automation and performance testing labs at a1qa<br />
Have you ever thought about how much a single error can cost? Let’s say, we are talking of a data<br />
breach. According to the latest report, its average price comprised $8.64 million in the USA<br />
alone, which dates back to 2020. Despite the industry your organization belongs to, DDoS attacks,<br />
Trojan-infected botnets, clickjacking, or other malicious hacks can easily place your business at a risk<br />
of severe reputational damage.<br />
In the age of cybercrime provoked by the COVID-19 pandemic and a consequent global shift to<br />
online, various types of cyber threats have been on the rise, thereby forcing companies to perform<br />
uncomfortable justifications. For instance, last January, Microsoft customer support database was<br />
exposed providing personal data of almost 300 million users, while in April the credentials of half a<br />
million Zoom accounts were available for sale on the darknet.<br />
To keep the intruders at bay and continue with business as usual, companies may reconsider their<br />
development strategies and choose penetration testing. In the article, I'll focus more on its concept,<br />
value, and types to help organizations enrich their QA strategies.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 64<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Penetration testing essence<br />
Being one of the most sought-after QA types nowadays, penetration testing serves to uncover security<br />
vulnerabilities, safeguard sensitive clients’ data, and minimize any application risks, which directly<br />
increases brand image and boosts client retention rates.<br />
Unlike ethical hacking, certified specialists perform these verifications, smoothly spot diverse solution<br />
weaknesses, and will never behave in a way “black-hat” hackers act, probing companies’ systems and<br />
applying obtained data for criminal gain.<br />
Penetration testing role for business: 4 major benefits<br />
So, what are the major perks of implementing ongoing penetration testing? There are at<br />
least four advantages that may change business workflows for the better:<br />
1. Prevent any damage to public image or loss of money. In addition to reputational damage led<br />
by an extensive decrease in customer base, companies may lose tremendous sums of<br />
money by paying multi-thousand ransoms for the attackers to keep the business.<br />
2. Enable business resilience. Serious hacks of malicious users can briskly lead to dissolving any<br />
activities. Without timely detecting and troubleshooting existing security<br />
loopholes, organizations may experience a continuous exposure to high-level risks.<br />
3. Save a great deal of time that could be otherwise spent on recuperation. Recovery<br />
procedure after being subjected to a cyberattack is a time- and effort-consuming process fraught with<br />
challenges like a significant decrease in operational capabilities for many months thereafter.<br />
4. Attain compliance with strict regulations. International standards may impose monthly penalties in<br />
case of inconsistency with set requirements. In addition, PCI DSS states that it’s vital to<br />
fulfill penetration testing both annually and after any considerable changes introduced to the<br />
system.<br />
When to conduct penetration testing?<br />
Unfortunately, organizations remember to carry out this activity when it’s too late, and a breach has<br />
already occurred, thereby extending a virus within a company or stealing highly sensitive data.<br />
To prevent this devastating scenario from taking place, broad-minded companies involve penetration<br />
testing experts each time they plan to release an application, introduce substantial modifications, apply<br />
new security patches, or pass the analysis scheduled by the demands of diverse international<br />
regulations.<br />
3 approaches to performing penetration testing<br />
Depending on whether the QA engineers possess a profound knowledge of the solution under test or<br />
have to explore this data on their own, let’s determine 3 techniques used to fulfill these verifications and<br />
boost organizational security:<br />
1. Black-box testing. In the scope of quality assurance activities, the engineer has no or little data<br />
on the client’s software and has to discover the ways of entering system infrastructure. It allows<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 65<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
simulating real-life attacks carried out by intruders and spotting vulnerabilities that can be leveraged<br />
outside the network.<br />
2. White-box testing. Contrary to the technique discussed above, the tester has a 360-degree<br />
access to system information such as the source code and the environment and is able to conduct<br />
an all-inclusive security analysis using code analyzers and debuggers to determine both internal and<br />
external exposures.<br />
3. Gray-box testing. Finally, the penetration testing engineer may have limited data about the<br />
business’ software, like design and architecture documentation, and behave on behalf of a<br />
cybercriminal with a long-standing access to the system.<br />
Top 5 penetration testing types<br />
Unfortunately, all security risks are hard to envisage. Still, businesses may keep them to a minimum by<br />
timely applying QA to determine weak points in the system with the help of a realistic, in-depth<br />
analysis that penetration testing provides. Therefore, I suggest delving deeper into its types below.<br />
1. Network services<br />
Carried out both locally and remotely, it detects security flaws in the organization’s<br />
network infrastructure by covering high-priority aspects such as servers or workstations. In the scope of<br />
assuring quality, the engineers make sure that a company would manage to withstand a<br />
number of widespread attacks including SSH, DNS, database, proxy server hacks, and more. Since the<br />
network is an essential part of any organization and is responsible for business continuity, it’s wise to<br />
perform external and internal penetration tests.<br />
2. Web application<br />
This time- and effort-consuming penetration test helps define vulnerabilities in web<br />
applications, browsers, and multiple components like APIs by identifying every part of<br />
the apps leveraged by users. Performed professionally, it traces the most pervasive application weak<br />
points ― from bad session management to issues in code.<br />
3. Social engineering<br />
Generally, the core objective of cybercriminals is to deceive users by making them intentionally provide<br />
the desired sensitive data like credentials. Amid the COVID-19 outbreak, this verification plays first fiddle<br />
due to the boost in phishing schemes. To define security bottlenecks, the engineers utilize social<br />
engineering attacks such as phishing, scareware, tailgating, and others.<br />
4. Wireless<br />
In this case, the QA team seeks any kinds of weak points that can be used within the extensive chain of<br />
all the devices ― from laptops to smartphones ― connected to the corporate Wi-Fi. Accordingly, QA<br />
teams frequently run these tests onsite to be within the range of the signal. Wireless penetration<br />
testing means a great deal since without regular quality assurance, the intruders obtain unauthorized<br />
access to the organization’s network by applying diverse Wi-Fi hacking tools.<br />
5. Physical<br />
These kinds of tests often lack the appropriate focus, which is a big mistake. By making use<br />
of divergent security loopholes, the attackers can sneak into a server room and take control of a<br />
network. To prevent such a case, it’s vital to spot vulnerabilities in sensors and locks in advance.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 66<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
In a nutshell<br />
Brand reputation and meeting the increasingly high competition intimately depend on an overall level of<br />
robustness within an organization. The earlier it focuses on timely cybersecurity testing, the less likely it<br />
faces severe consequences of the hacks performed by malicious attackers.<br />
Good security practices with diverse types of penetration testing at the helm enable a risk-based<br />
approach to ensuring high protection against a sophisticated intruder.<br />
About the Author<br />
Mike Urbanovich is a Head of test automation and performance testing<br />
labs staffed with more than 180 QA engineers at a1qa ― a software<br />
testing company. Through 9 years of vast experience in quality<br />
assurance, he has performed multiple roles, including a QA software<br />
engineer and a QA manager.<br />
Currently, Mike is responsible for high-level team coordination, projects<br />
management, accounts management, and coaching. A huge technical<br />
background in the field and advanced communication skills help<br />
him successfully support the range of projects for the Fortune 500 list<br />
clients representing diverse industries and coordinate technical and nontechnical<br />
specialists.<br />
Mike can be reached at our company website https://www.a1qa.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 67<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Establishing Your ICS (Industrial Control Systems)<br />
Security Action Plan – Getting Started Guide<br />
Understand what action you need to take to get your ICS Security strategy off and running<br />
By Dirk Schrader, Global Vice President of Security Research, New Net Technologies<br />
(NNT)<br />
Major trends in Industry 4.0, Smart Factories, or Digitalization promise significant benefits to those<br />
following them. According to a recent Gartner analysis, 60% of all organizations trying to reap these<br />
benefits are still in the very early stage of becoming aware of the needs and issues related to ICS Security.<br />
As such, there is now a requirement to develop a cyber security plan for Operational Technology<br />
(sometimes also named cyber-physical systems). This post tries to address that need and related issues<br />
in a structured manner using the familiar PDCA cycle approach. The reason for doing so is quite simple<br />
and – in fact – the first important thing to accept: ICS Security is never done, never is there a ‘mission<br />
accomplished’. The basic elements of Industrial Control, of Operational Technology, the threats to it, the<br />
way an organization uses its cyber-physical assets to generate its added value, all these elements are<br />
constantly changing and evolving. Therefore, your ICS Security is a cyclical management task. A task<br />
that can be structured, mapped, and executed as the following sections describe.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 68<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Plan<br />
Planning for ICS Security needs to start with an understanding of the different objectives held by those<br />
responsible for the safety and security of Operational Technology, and of those concerned with<br />
Information Technology, as well as their differing priorities and the implications of these. Make operational<br />
and cyber resilience a common task and goal for all.<br />
The security priorities along which OT and IT are organized quite often are the root cause for<br />
misconceptions, misunderstandings, and incomplete guidelines. As a kind of worst case, the attempt to<br />
force IT rules on OT devices can be devastating (try to roll out a patch to an embedded device providing<br />
a real-time control function for an industrial furnace in a Chemical Plant just because it is Patch Tuesday).<br />
OT focusses on control and availability as the top priorities and confidentiality as the least, in contrast to<br />
the known C-I-A triad of priorities, holding confidentiality as paramount.<br />
Similarly, there needs to be regular information exchanges among all stakeholders about new threats,<br />
new processes, new or changed assets and applications. The key aspect of these regular reviews is to<br />
share an understanding of any changes to the business as a whole. A new production line improving the<br />
efficiency of a plant can be rendered vulnerable if its connections to the maintenance provider is unknown<br />
or undocumented.<br />
In addition, establish guidance for the ‘emergency case’ that reflects tasks and responsibilities for<br />
systems, assets, and processes. Communication chains and loops will have to be prepared as well.<br />
Do<br />
With the planning and preparation in mind, get some threat & vulnerability intelligence in place. Use<br />
CISA’s ICS alerts and advisories (you can find them here as well) and other additional sources about<br />
vulnerabilities discovered, whether in IT or in OT devices. This intelligence will help you with the daily<br />
task of what to look out for. Share experience with industry peers and your supply-chain and learn from<br />
them by participating in regular exchanges.<br />
Depending on your infrastructure, you can use a good vulnerability scanner to detect any existence of<br />
vulnerabilities listed in the a.m. threat intelligence sources. Caution is advised when doing so, as for some<br />
OT equipment network scanning is not suitable. Use this combined knowledge (vulnerabilities and threat<br />
intel) to establish a Secure Baseline configuration for devices, where the latest firmware / software is<br />
installed with any recommended patches.<br />
Generate shared internal knowledge about all assets, whether IT or OT, involved in the business<br />
processes of your organization, how they interact and communicate. Find out which one depends on<br />
others or provides vital output to other OT machinery so to identify about critical overlapping paths in data<br />
flow and material flow. Again, this knowledge of essential communication paths should also become part<br />
of the Secure Baseline, with only approved network-accessible ports permitted for each class of device.<br />
Map out the communication network, with an overlay of the business process. If it is not possible for all,<br />
do it for the critical ones, those that have to be kept running – even if degraded – for the company to<br />
continue to generate its output of products and or services. Assign checkpoints to that map and what<br />
should be verified at each of these points.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 69<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Based on that map and these checkpoints, do some demarcation. Zoning will help you to contain<br />
malicious activities. For example, use fire zones or anything similar established in the physical world of<br />
production as a way to map cut-off points for a certain area.<br />
These checkpoints (which are likely firewalls or L3 switches) as well as the many assets and devices in<br />
your OT and IT environment are then part of the Check sequence, that is to monitor them for changes<br />
from that overall baseline and secure configuration you established.<br />
Check<br />
Uncontrolled changes are the main cause for cyber incidents, regardless of whether the malicious change<br />
happens in the OT world or in the IT space. The ability to detect any change, as provided in the DO cycle,<br />
will allow to run automated checks. Pre-approved and ideally pre-tested changes should go through that<br />
check without raising any alarm, unless there are any deviations from what was expected. Unplanned<br />
changes will be verified against known good and bad samples to identify malicious or suspicious events,<br />
which are then followed through in the security workflow established in the PLAN phase. Changes in IT<br />
occur frequently in contrast to changes to OT equipment, which are less frequent, but conversely the<br />
impact of a malicious change can have real-life consequences. Make sure that changes on critical assets<br />
and on critical processes are accounted for. Operating from a Secure Baseline makes the detection of<br />
unplanned integrity changes much clearer and allows the process to be automated using system integrity<br />
monitoring technology.<br />
Any unknown device showing up in your monitoring is a change that needs to be acted upon, as that<br />
indicates a gap in the PLAN and DO phase.<br />
Act / Adjust<br />
The automated monitoring will allow you to act upon any gaps identified going through the PLAN stage<br />
again, now including the previously unknown elements. It also enables you to make the necessary<br />
adjustments when major changes to an existing production process or new business processes or even<br />
new business models are introduced. Update your plans and maps, including your Secure Baseline with<br />
any changes to software, patches, or network ports, then adjust your incident handling where needed,<br />
and start the cycle again.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 70<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Dirk Schrader is the Global Vice President of Security Research at<br />
New Net Technologies (NNT). A native of Germany, Dirk Schrader<br />
brings more than 25 years of delivering IT expertise and product<br />
management at a global scale. His work focusses on advancing<br />
cyber resilience as a sophisticated, new approach to tackle cyberattacks<br />
faced by governments and organizations of all sizes for the<br />
handling of change and vulnerability as the two main issues to<br />
address in information security. Dirk has worked on cyber security<br />
projects around the globe, including more than 4 years in Dubai.<br />
With technical and support roles at the beginning of his career, his<br />
career path includes sales, marketing and product management<br />
positions at large multinational corporations, as well as small<br />
startups. He has published numerous articles in German and English about the need to address change<br />
and vulnerability to achieve cyber resilience, drawing on his experience and certifications as CISSP<br />
(ISC²) and CISM (ISACA). His recent work includes research in the area of medical devices where he<br />
found hundreds of systems unprotected in the public internet, allowing access to sensitive patient data.<br />
Dirk can be reached on Twitter @DirkSchrader_ and at our company website<br />
https://www.newnettechnologies.com/.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 71<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Improving Your Organization's Password Hygiene this<br />
World Password Day - Industry Experts<br />
By Ralph Pisani, president, Exabeam<br />
As we all know, passwords are required to access multiple tools and services that are needed to keep a<br />
business running, from logging into a computer to email accounts and vendor profiles. By juggling<br />
numerous different logins, users often fall into bad habits, such as repeating passwords, using common<br />
phrases and failing to update their passwords on a regular basis.<br />
The first Thursday in May is celebrated as World Password Day – a day to bring awareness to these bad<br />
habits and buck the trend. And this year especially as the pandemic drove companies to adopt remote<br />
working policies and individuals to increasingly socialize online--and the threat of social engineering to<br />
password security was highlighted--a 15% increase in social engineering-type attacks occurred.<br />
Now, more than ever, it’s important for businesses to ensure that their employees are educated and<br />
taking the necessary precautions around password-related security risks and best practices.<br />
This World Password Day, myself and experts from multiple tech companies have provided their tips and<br />
strategies to help secure credentials and protect businesses from the cyber attacks that have risen in<br />
recent months.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 72<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Joseph Carson, chief security scientist & advisory CISO, ThycoticCentrify<br />
“It is World Password Day, which means it is time to reflect on your current password hygiene and<br />
determine if your password choices are putting you at serious risk of becoming a victim of cybercrime.<br />
According to the UK National <strong>Cyber</strong> Security Centre (NCSC), 15% of the population uses pets' names,<br />
14% uses a family member's name, and 13% picks a notable date. In fact, the weak password problem<br />
is so severe that the UK recently proposed new internet and IoT reforms that would make using<br />
“password” as your password illegal.<br />
Passwords remain one of the biggest challenges for both consumers and businesses around the world.<br />
Thanks to the SolarWinds security incident in late 2020, we were all reminded that a poor password<br />
choice can not only impact your own organization but all connected organizations as well. This was likely<br />
one of the biggest supply chain cyberattacks in history -- all stemming from poorly-created passwords.<br />
If you are a consumer, start by using a password manager today. If you are a business leader, you should<br />
move beyond password managers straight into privileged access security. Rotating and choosing<br />
passwords is one of the biggest causes of cyber fatigue, so organizations can reward employees with<br />
privileged access security solutions that will eliminate one of their biggest work headaches and introduce<br />
security solutions that they will want to use. Privileged access security is one of the few security solutions<br />
that will transform your employee password experience into one that will make them more productive --<br />
and you’ll never need to create unique, complex passphrases for every account as privileged access<br />
management (PAM) will do that for them. It’s time to increase security and ease stress by moving<br />
passwords into the background with a modern PAM solution.”<br />
Neil Jones, cybersecurity evangelist, Egnyte<br />
“Recently, one of the largest data dumps in history, referred to as COMB (Compilation of Many<br />
Breaches), exposed an astronomical 3.2 billion passwords linked to 2.18 billion unique email addresses.<br />
This is frightening news for all of us, but it’s particularly worrisome for IT leaders. So many of them are<br />
kept up at night with a gnawing concern: How do I manage the growing risk of data breaches, with a large<br />
proportion of my employees working remotely?<br />
Remote work can lead to employees accessing unsanctioned devices, apps and networks, particularly<br />
when they experience issues with work-related IT resources. This broadens the attack surface for bad<br />
actors and leaves few checks in place for careless behavior that can result in data leaks.<br />
To commemorate World Password Day, we’d like to remind you about practical steps that you can take<br />
to protect your valuable information, while embracing today’s work-from-home environment:<br />
●<br />
●<br />
Educate your employees on password safety – Teach your users that commonplace<br />
passwords such as “123456,” “password” and their pets’ names can put your data and their<br />
personal reputations at risk. Remind users that passwords should never be shared with anyone.<br />
Institute two-factor authentication – IT administrators should require additional login<br />
credentials during the users’ authentication process, to prevent potential account breaches. This<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 73<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
●<br />
●<br />
●<br />
●<br />
can be as simple as a user providing their password, then entering an accompanying numeric<br />
code from an SMS text.<br />
Set passwords for personal devices – Personal devices are on the rise in a remote-work<br />
environment and are particularly vulnerable to data theft, so encourage your employees to<br />
password-protect them.<br />
Change your Wi-Fi password regularly – Remember that potential hackers are often working<br />
from home, just like us. If you haven’t updated your Wi-Fi password recently, do it immediately.<br />
Establish mandatory password rotations – Greatly reduce exploitation of default and easilyguessable<br />
employee credentials by making your employees change their passwords regularly.<br />
Update your account lockout requirements – Prevent brute force password attacks by<br />
immediately locking out access points after several failed login attempts.”<br />
Jon Clemenson, director, Information Security, TokenEx<br />
“Despite technology trends moving toward risk-based authentication, passwords are likely to remain in<br />
play for some time. Considering this, World Password Day provides the perfect opportunity to reiterate<br />
strong password policies that are vital to both personal and business security. <strong>Cyber</strong>criminals often reuse<br />
credentials from password dumps found online, commonly referred to as credential stuffing, to access<br />
sensitive data. That tactic combined with using simple passwords does not provide appropriate data<br />
protection. We ask users not to repurpose passwords across websites, and instead, institute lengthy and<br />
unique complex passwords whenever possible in conjunction with two-factor authentication.<br />
Further, malware and other attack methods can completely bypass passwords, which is especially<br />
concerning during remote work. Before cyber thieves can advance on your credentials, we recommend<br />
using password managers to auto generate strong passwords, or moving to biometric or physical keys<br />
for authentication, which are more secure than using passwords. For sensitive data like credit card<br />
numbers or other personal info, businesses can remove that data from systems entirely using<br />
tokenization. That way, if a hacker does access company systems, they won't steal any useful<br />
information.<br />
Finally, to rise above being a ‘low hanging fruit’ target for a malicious actor, good password hygiene<br />
practices like not sharing or reusing passwords are vital. Investing the time to take one extra step to<br />
secure your data is invaluable when compared to the fallout of a data breach.”<br />
Glenn Veil, VP, engineering, Wisetail<br />
"Passwords play a critical, ongoing role in different aspects of our lives. In our personal lives, they provide<br />
a layer of defense against fraud and identity theft. In the workplace, they defend us against a breach of<br />
sensitive company or customer data. At Wisetail, we implement policies, standards and guidelines around<br />
credential security, but the key is to create awareness and sensitivity in our employees through education<br />
and training.<br />
Here are some tips we recommend to protect yourself and your business from cyberattacks:<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 74<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
1. Educate your people on the importance of credential security and provide them with the tools to protect<br />
credentials<br />
2. Create an environment where your people are comfortable highlighting security issues or cases where<br />
practices are not being followed so you can continue to improve your credential security<br />
3. Utilize multi-factor authentication to reduce the damage that can be done by weak or exploited<br />
passwords<br />
4. According to NIST's <strong>2021</strong> security recommendations, it's important to keep your passwords long but<br />
not too complex. Theoretically, if the password is long enough, the chance of a hacker figuring out the<br />
correct sequence is low.<br />
Follow these best practices beyond World Password Day, and your entire team will play a part in creating<br />
obstacles for digital adversaries and protecting your data."<br />
Josh Odom, CTO, Pathwire<br />
"As we reflect on cyber hygiene practices for World Password Day, we recognize that for many years<br />
users were encouraged to create strong passwords using random combinations of characters that are<br />
difficult for humans to remember, but easy for computers to guess. This is the opposite of the intended<br />
purpose and often leads to inherently poor habits such as writing down passwords or reusing ones that<br />
are easier to remember. Some websites utilize a password strength meter, but this can also be tricky and<br />
lead users to making weaker passwords instead of stronger ones. While we’ve engineered these meters<br />
to score the passwords we create, they are better used against ones that a computer can create because<br />
humans are too predictable, even when we try our best not to be.<br />
To overcome these persistent password weaknesses, utilizing a password manager that generates<br />
passwords from a large set of characters to achieve a desired level of entropy is one of the best options<br />
currently for creating strong and unique passwords. Still, other options available such as security keys,<br />
authenticator apps, or any available multi-factor authentication methods beyond using just a password<br />
should be considered for security. Finally, resources like haveibeenpwned.com which check for exposed<br />
passwords, are reliable compared to inventing and using your own strength-checking algorithms."<br />
Surya Varanasi, CTO of Nexsan, a StorCentric Company:<br />
“Few would argue that creating strong passwords must remain a priority. However, even after creating a<br />
seemingly impenetrable password using every best practice possible, undiscovered threats might still be<br />
able to penetrate them and expose your environment to unnecessary risk.<br />
But if your organization has data that is too important to lose, too private to be seen and too critical to be<br />
tampered with then you must take the next step to thwart cyber-criminals. This can be accomplished by<br />
employing a strategy that enables you to unobtrusively offload data from what is likely expensive primary<br />
storage (cost savings is another bonus here) to a cost-effective storage solution that is engineered<br />
specifically to be regulatory compliant and tamper-proof from even the harshest ransomware attacks.<br />
And since backups have become the latest malware targets, the storage platform should include<br />
“unbreakable backup” meaning it includes an active data vault that creates an immutable copy, which<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 75<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
makes recovery of unaltered files fast and easy - so there’s zero operations disruption and never any<br />
need to pay ransom.”<br />
JG Heithcock, GM of Retrospect, a StorCentric Company:<br />
“A global survey conducted by Gartner found that 88% of business organizations mandated or<br />
encouraged employees to work from home (WFH) as a result of the COVID-19 pandemic. With millions<br />
of workers around the world now having to access their organization’s data remotely, data protection was<br />
put under increased pressure. For many, the answer was to employ a strong password -- oftentimes,<br />
requesting that employees do so employing a random mix of no less than 15 characters. Undeniably, this<br />
was a step that could not be ignored. Unfortunately, many learned the hard way that this was not enough<br />
to stop today’s increasingly determined and aggressive cyber-criminals. And given that research, such<br />
as that from the Harvard Business School, shows that the WFH paradigm will likely endure, it is clear that<br />
stronger measures must also be taken.<br />
The next step in the data protection and business continuity process for virtually any organization (or<br />
personally, for that matter) is an effective backup strategy. And the good news is that there is no need to<br />
reinvent the wheel here. A simple 3-2-1 backup strategy will do the trick. This means that data should be<br />
saved in at least three locations -- one on the computer, one on easy-to-access local storage and another<br />
on offsite storage. The options range from local disk, to removable media, to the cloud and even tape.<br />
And, if at least one copy is “air-gapped” meaning completely unplugged from the network, all the better.<br />
In <strong>2021</strong> and beyond, multi-layered data protection strategies - such as those employing strong passwords<br />
combined with thorough backup practices - will help to ensure you, your data and your organization<br />
remain protected in the event of a simple accident, cyber-attack or any other disaster.”<br />
Wes Spencer, CISO, Perch Security, a ConnectWise Solution<br />
“Here’s a riddle for you: what’s the one thing we all have, all hate and never remember? Yep, a password.<br />
Isn’t it ironic that in <strong>2021</strong>, we’re still using one of the most broken systems for authentication ever? Even<br />
Julius Caesar hated passwords and preferred his own cipher to communicate instead.<br />
Why is this? Well, passwords are like underwear. You see, you should never share them, never hang<br />
them on your monitor, and honestly, no one should ever see them. So how do we go about living in a<br />
password-required world? First, remember that long passwords are always better than complex ones.<br />
This is because the human brain is hardwired to be extremely poor at creating and remembering complex<br />
passwords. In fact, a long 16-digit password is far more secure than a short 8-character complex<br />
password.<br />
Second, never reuse a password. Ever. Most successful breaches occur when a stolen password from<br />
one platform is leveraged against another system that shares the same password. At Perch Security,<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 76<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
we’ve dealt with many breaches that occurred this way. It’s a true shame. The best way to avoid this is<br />
by using a reputable password manager and keeping it locked down. The password manager can handle<br />
the creation, storage and security of every password you use.<br />
Lastly, never rely on your password alone. All reputable platforms today should support multi-factor<br />
authentication. We should be religious about this.<br />
If you’ll follow these three things, your life with passwords will be much better. And perhaps one day, we’ll<br />
get rid of this pesky, broken system for good.”<br />
Ralph Pisani, president, Exabeam<br />
“World Password Day <strong>2021</strong> is more important than ever as organizations grapple with the new reality of<br />
‘work from anywhere’ and the fast adoption of the hybrid workplace trend. <strong>Cyber</strong>criminals will capitalize<br />
on any opportunity to collect credentials from unsuspecting victims. Just recently, scammers began<br />
preying on people eagerly awaiting vaccinations or plans to return to the office as a means to swipe their<br />
personal data and logins, for instance.<br />
The most common attack technique that I often see in the breach reports that I read is stolen credentials.<br />
This is a never ending battle between the security industry and cybercriminals, but there are ways<br />
organizations can protect themselves against credential theft.<br />
Through a mix of educating staff on complex password best practices, security awareness training and<br />
investing in machine learning-based security analytics tools, organizations can make it much more<br />
difficult for digital adversaries to utilize their employees’ usernames and passwords for personal gain.<br />
Behavioral analytics tools can swiftly flag when a legitimate user is exhibiting anomalous behavior<br />
indicative of compromised credentials. This approach provides greater insights to SOC analysts about<br />
both the impacted and malicious user, which results in a faster response incident time and the ability to<br />
stop adversaries in their tracks, before they can do damage.<br />
The pandemic increased the velocity of digital transformation, and cybercriminals are clearly becoming<br />
more advanced in parallel. Thus, we must stay hyper vigilant in protecting credentials this World<br />
Password Day and beyond.”<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 77<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Ralph Pisani leads the sales and marketing go-to-market<br />
functions at Exabeam. With 20 years of experience in sales and<br />
channel and business development, Ralph is widely recognized<br />
as one of the top security sales leaders in Silicon Valley. He led<br />
the Imperva worldwide sales organization from an early stage<br />
through the company’s successful IPO. Prior to Imperva, he<br />
served as vice president of Worldwide OEM Sales at<br />
SecureComputing (acquired by McAfee); and Regional vice<br />
president of Sales and vice president of Channel and Business Development for CipherTrust (acquired<br />
by SecureComputing). Ralph also has held global sales leadership roles with Sophos, Inc., HR Logic,<br />
Inc. and EMDS Consulting, Inc. Ralph has a BA in Business from Bentley University.<br />
Ralph can be reached online at @RalphRpisani and at our company website www.exabeam.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 78<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Clean Water Shows Us Why <strong>Cyber</strong> Certifications Matter<br />
By Yaron Rosen, co-founder and president, Toka<br />
In the early 20th century, as mass industrialization happened and cities developed, there were huge<br />
challenges getting the systems on which new urban centers relied safe and secure. One of them was a<br />
challenge that faced even the very first settlements: access to clean water.<br />
As new pipes were laid and water flowed through taps, new issues quickly arose around keeping the<br />
water supply safe. This resulted in standards to be set on what constituted “safe” water and the equipment<br />
needed to maintain that, including the chlorination process to disinfect water that started in Europe and<br />
quickly spread throughout the United States beginning in 1908. To run water systems, cities needed<br />
operators who knew what they were doing. States in response passed laws requiring certification to<br />
operate a water treatment facility based on specific education, training, and experience requirements.<br />
The federal government later tied funding to states with compliance with a certification program.<br />
Today, the growing infrastructure on which modern life relies is cyberspace, and its safety is a serious<br />
concern for the functioning of society. While the technology powering the internet is exponentially more<br />
complex than an early 20th-century water system, the requirements to keep it safe are the same. Like<br />
we did a century ago, we need to require cities and localities to meet basic technical requirements in their<br />
networks and employ people certified to keep the digital landscape safe. At the moment, too many cities<br />
are using outdated technology and do not have the experts necessary to defend themselves in<br />
cyberspace.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 79<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Cities today struggle to anticipate when and where they are going to be attacked, and the sophistication<br />
and scope of attacks are increasing, including devastating ransomware threats. Cities of all sizes and in<br />
all countries are at risk, as officials in places like Johannesburg and New Orleans can attest. In Baltimore,<br />
a May 2019 ransomware attack cost the city more than $6 million. We would not tolerate regular<br />
disruptions to our water and electrical systems, and cybercrime cannot become something we simply<br />
accept as a cost of doing business.<br />
That’s why national governments must provide cities and localities guidance about how to organize their<br />
local cyber strategy. Just as a national government can set standards for other essential utilities, we need<br />
countries to mandate robust expectations for cities and states in cyberspace. In the United States, without<br />
strong direction from the national-level <strong>Cyber</strong>security and Infrastructure Security Agency, states have<br />
attempted to take matters into their own hands with cyber legislation. Still, an uncoordinated approach<br />
simply means bad actors will identify the weakest link. The European Union, recognizing “an increasing<br />
risk of fragmentation” without a common framework of certificates, recently introduced a certification<br />
model for information and communications technology (ICT) products that can serve as a guide for<br />
professional certifications and baseline qualifications for anyone managing the local tech infrastructure.<br />
Yet governments and cities will need assistance determining the qualifications and technology required<br />
for their specific cyber risks. National governments need to set these standards, and use whatever<br />
mechanism they can to enforce them, from mandates to tying funding to meeting these standards.<br />
This also goes for creating a qualified cohort of cybersecurity workers. Yes, cyber training programs and<br />
boot camps are already available, but countries should implement uniform standards and require<br />
certifications for state and local employees to improve our overall preparedness. We cannot afford a<br />
patchwork of qualifications and approaches to the growing issue of cybersecurity. A huge cybersecurity<br />
skills gap already exists, with millions of new workers needed to defend organizations and institutions.<br />
To fill this gap and encourage more people to become cybersecurity experts, we must outline exactly<br />
what prospective employees need to know and where they can learn the required skills to fill government<br />
positions.<br />
Clear qualifications will make it easier for countries to update their education systems and training<br />
approaches to meet this new cyber era. A focus on improving the tools available to cities and investing<br />
in new technologies will also offer an opportunity for the private sector to contribute its expertise. If<br />
countries put in place the regulations, certification, and training requirements for cities now, just as many<br />
places have done to manage other utilities, we can all adapt to change more quickly and address the<br />
flood of new cyber threats before significant damage is done.<br />
About the Author<br />
Yaron Rosen is a former chief of the Israel <strong>Defense</strong> Forces <strong>Cyber</strong> Staff, research<br />
fellow at IDC Herzliya, and co-founder and president of Toka, a cyber capacitybuilding<br />
company. Twitter: @RosenYaron<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 80<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How Can You Protect the Security Perimeter When the<br />
Threat is Already Inside?<br />
By Jon Ford, Managing Director, Mandiant Professional Services<br />
Legitimate access rules the cyber landscape. Every adversary wants it, and every employee has it. The<br />
increasing number of malicious insider incidents is particularly troubling for organizations of all sizes<br />
because insiders are, by definition, those we trust most. Malicious insider events impact organization<br />
reputation, customer trust and investor confidence. Organizations across industries have faced the rapid<br />
rise of malicious and negligent insider threats during the pandemic, resulting in corporate and economic<br />
espionage, data theft, digital extortion, backup destruction, accidental leaks and more. Forrester predicts<br />
that this trend is here to stay and that 33 percent of data breaches in <strong>2021</strong> will be insider threat related.<br />
At Mandiant, a part of FireEye, we have investigated a growing number of malicious insider threat<br />
incidents during the shift to remote work, especially in organizations with open trust models. For the<br />
organization, these attacks are difficult to detect and prevent without risk-aligned investments. For the<br />
malicious insider, the outcomes have a significant probability of success with a low cost to execute.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 81<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
With this knowledge, what signs should organizations monitor for to identify insider threats? How can<br />
they reduce risks and the likelihood of these attacks?<br />
Connecting the Dots: Insider Threat Origination Points<br />
Protecting an organization from malicious insiders means organizations should focus more on protecting<br />
their crown jewels than focusing on watching employees. Remember, a successful insider threat program<br />
embraces company culture and requires support from employees. An insider threat program’s goals are<br />
to mitigate organizational risk, protect intellectual property, and align to company culture. Unless<br />
resources and business needs suggest, Mandiant recommends focusing on identifying malicious insider<br />
threats investments to core areas of concern, referred to as Crown Jewels. This includes key personnel<br />
as well.<br />
Mandiant recommends establishing an intelligence-led Insider Threat Program which uses a “follow the<br />
data” or evidence-based model and assessing it annually for processes, people, and technology. A<br />
“follow-the-data” model is important for cases generated to support and withstand litigation requirements.<br />
Insider threat programs should also be poised to identify insider threat recruiting and access to protect<br />
intellectual property, mitigate organizational risk, and align to business goals and outcomes. The most<br />
successful insider threat programs are aligned with business unit investments, support continuous<br />
awareness training, and report to the Board of Directors.<br />
Within the Workforce<br />
Organizations should focus limited insider threat security resources and key personnel on identifying<br />
malicious insider threats who target business core areas of concern, also known as crown jewels or key<br />
assets. Organizations should expand their view on who malicious insiders may be beyond current or<br />
departing individual employees, in order to defend against them. It is becoming more common for<br />
malicious insider threats to arise from coordinated groups of people rather than sole individuals, which<br />
can include supply chain, third-party contractors, system administrators and insider threat security team<br />
members. Organizations need to monitor for third-party access via APIs, service accounts and<br />
maintenance systems that can present risks from both a malware and insider threat perspective.<br />
Insider threat security teams require deep technical expertise and tailored training to identify and disrupt<br />
the most significant malicious insider threats. For example, by investing in data loss prevention (DLP),<br />
user and entity behavior analytics (UEBA), and AI solutions, they will also have a better chance of<br />
detecting and blocking malicious insider activity. But, these investments must work on and off network.<br />
In addition, having a third-party conduct at least an annual insider threat security assessment can help<br />
ensure existing people, processes, and technologies are adequate and efficient, and that the organization<br />
is being evaluated against the latest threat landscapes and risks, based on current intelligence.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 82<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Best Practices for Mitigating Insider Threat Risks<br />
Despite the challenge of these evolving risks, there are best practices that organizations can employ to<br />
fortify their security posture and mitigate insider threats.<br />
How should companies mitigate those risks?<br />
1. Visibility<br />
a. Mandiant recommends organizations invest in purpose-built insider threat data loss<br />
prevention solutions which can detect, alert, and block (if necessary) malicious<br />
behavior as well as work while both being connected and disconnected to the internet.<br />
2. Least Privilege<br />
a. In both production and development networks, Mandiant recommends organizations<br />
implement user access controls across all environments on their networks to ensure<br />
users, developers, and administrators only have the necessary access to perform their<br />
assigned responsibilities.<br />
b. Limit and audit users who can create accounts in on-premise networks and cloud<br />
environments<br />
3. Logging<br />
a. Mandiant recommends logging and event aggregation sent to a Security Information<br />
and Event Management (SIEM) system. This provides a level of mitigation if a<br />
malicious insider attempts to clear logs, because separate, streamed logs to another<br />
system would be available.<br />
4. Network Segmentation<br />
a. Mandiant recommends organizations investigate their network segmentation, and limit<br />
unnecessary traffic to highly sensitive environments from lesser trusted environments.<br />
This will help prevent an insider from moving laterally or connecting from an internal<br />
network segment to a cloud environment. Additionally, all systems that do not need to<br />
be publicly facing should be segmented from public access and restricted as much as<br />
possible.<br />
5. Offboarding<br />
a. Mandiant continues to remind clients who may have to terminate employees or<br />
contractors to not give advance notice, limit communications, and remove network<br />
access immediately. This is also true if an employee voluntarily resigns or retires.<br />
Additionally, all SSH keys, PEM files, MFA, service passwords, and application<br />
passwords the individual had access to should be rotated for all environments (e.g.,<br />
developer and production), and unenrolled in the case of MFA services each time<br />
when an employee or contractor with these accesses leaves the organization.<br />
6. Assess<br />
a. Mandiant recommends organizations have an insider threat program assessment<br />
conducted with defined, key outcomes of actionable, organization-specific risk<br />
mitigation recommendations, prioritized intelligence requirements based on the<br />
current and horizon intelligence landscape, and roadmaps for all maturity levels of<br />
insider threat security programs. Assessing annually with different tools can reveal<br />
varied areas of focus and identify gaps in capabilities that could be rectified.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 83<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
By having a comprehensive view of the insider threat landscape, understanding the risk within their<br />
environments, and implementing best practices to strengthen their protections, organizations can<br />
minimize the risk of insider threats and reduce the fallout in the cases of a breach or attack.<br />
About the Author<br />
Jon Ford is the managing director of global government services and insider<br />
threat security solutions at Mandiant, a part of FireEye. He has twenty-five<br />
years of experience helping organizations become more resilient to attacks<br />
orchestrated by foreign governments, organized criminal groups, and insider<br />
threats. Connect with Jon on LinkedIn and learn more on:<br />
www.fireeye.com/mandiant<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 84<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Why We Care About <strong>Cyber</strong>security Hygiene<br />
By James Opiyo, Senior Consultant Security Strategy, Kinetic By Windstream<br />
Maintaining good cybersecurity hygiene habits is just as important as maintaining good personal hygiene<br />
habits. We must maintain high cybersecurity standards to protect our digital health from some common<br />
cyber threats.<br />
Common Threats to Our Digital Health<br />
• Malicious software (malware) designed to steal information and/or cause damage to our connected<br />
devices.<br />
• Viruses that infect connected devices and then spread across networks while giving cybercriminals<br />
access to those devices.<br />
• Ransomware malware that encrypts files on a connected device and prevents an authorized user<br />
from accessing the affected files until a ransom is paid.<br />
• Phishing scams where cybercriminals attempt to steal sensitive data (SSN, Credit Card numbers,<br />
etc.) using deceptive electronic messages via email, text messages, pop-up windows, etc. Fraudsters<br />
use these deceptive electronic messages and fake websites to lure users to disclose sensitive<br />
information. They may, for example, send a link masked to look like your bank’s legitimate web<br />
address and ask you to click on it and log in to your bank account. This will give them access to your<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 85<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
eal login credentials which they can use to log into your real bank account and steal money, personal<br />
information, etc.<br />
<strong>Cyber</strong>security Hygiene Habits to Help Mitigate Common Threats<br />
• Install reputable anti-malware and antivirus software to prevent malware attacks.<br />
• Create complex passwords that cannot be easily guessed. For example, use combinations of at least<br />
12 letters, numbers, and special characters.<br />
• Secure your Wi-Fi network with a strong password and router name. Turn off remote management<br />
of the router and ensure that the router offers WPA2 or WPA3 encryption to maintain the highest<br />
level of privacy of information sent via your network.<br />
• Change the manufacturer default passwords for all your smart devices, such as smart thermostats,<br />
smart doorbells, and smart locks. A hacker can easily download a smart device’s user manual and<br />
access its default password.<br />
• Update software and apps regularly to maintain the latest version of software patches that fix security<br />
flaws.<br />
• Permanently delete sensitive data from your computer and keep your hard drive clean.<br />
• Never click on a link, open pop-up, etc., from unknown source.<br />
Conclusion<br />
In summary, we should always install reputable anti-malware software, create strong passwords, keep<br />
our connected devices clean, and refuse requests for information from unknown sources .<br />
About the Author<br />
James Opiyo is a Senior Consultant for Security Strategy at Kinetic by<br />
Windstream. Kinetic provides premium broadband, entertainment, and<br />
security services through an enhanced fiber network and 5G fixed wireless<br />
service to consumers and small and midsize businesses primarily in rural<br />
areas in 18 states.<br />
Email: james.opiyo@windstream.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 86<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Third-Party Remote Access Security Crisis<br />
New research shows that organizations are not taking the necessary steps to reduce third-party remote<br />
access risk<br />
By Joe Devine, CEO, SecureLink<br />
It used to be that the biggest cybersecurity threat was a sticky note. These days, however, your weakest<br />
link is no longer the errant piece of paper with a password scribbled on it, but rather your trusted thirdparty<br />
vendors.<br />
Attackers have gotten smart. They’ve seen more and more companies turn to third-party vendors to<br />
quickly and efficiently scale up operations. They’ve realized that instead of targeting a single company,<br />
they can, instead, target one small third-party vendor and potentially gain access to multiple high-profile<br />
companies. They haven’t just found another backdoor, they’ve found a backdoor that leads to a number<br />
of other backdoors.<br />
Over the past year, high-profile data breaches of Marriott, YouTube, Instagram, TikTok, SpaceX and<br />
Tesla have all been linked to third-party vulnerabilities. And according to new research 51% of<br />
organizations have experienced a data breach caused by a third-party.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 87<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Not only are third-parties becoming an increasingly popular attack vector, but in a new study produced<br />
by SecureLink and the Ponemon Institute, there’s an alarming disconnect between an organization’s<br />
perceived threat to third-party access and the security measures it employs.<br />
In surveying 627 security professionals, this latest study, “A Crisis in Third-Party Remote Access<br />
Security,” found that within the past 12 months, 44% of organizations have experienced a breach with<br />
74% saying that it was the result of giving too much privileged access to third parties. What’s more, 51%<br />
say their organizations are not assessing the security and privacy practices of all third-parties before<br />
granting them access to sensitive and confidential information.<br />
The solution, thankfully, is simply to start putting resources behind vetting third-parties and implementing<br />
security measures that go beyond just inherent trust. Here are three starting points for assessing and<br />
shoring up your own third-party access security.<br />
Prioritizing Network Transparency<br />
Before implementing any changes or added measures, the first step is to assess your exposure and take<br />
inventory of your current vendor access. Of those surveyed in the report, only 46% say that they have<br />
comprehensive inventory of third parties with permitted network access. Shockingly, nearly two-thirds<br />
(63%) say they don’t have any visibility into vendor access and their network permissions.<br />
An initial inventory of vendor access can make the transition to a third-party vendor management system<br />
much more straightforward, which can significantly mitigate the risk of a third-party breach. A platform<br />
designed to manage vendor access not only offers the ability to easily see who has access and how<br />
much, but also can log who accessed your systems, when they did it, and what they did. As they say,<br />
knowing is half the battle.<br />
Zero Trust Network Access<br />
Not only is an accurate inventory of access difficult for a majority of those surveyed, but 60% say that<br />
they are unable to provide the appropriate amount of access to their vendors. More often than not, most<br />
err on the side of giving vendors too much access, and then trusting that their vendor doesn’t suffer a<br />
breach of their own. With third-party breaches on the rise, trusting your vendors to limit breaches into<br />
your own systems just isn’t enough anymore.<br />
Implementing a third-party vendor management platform, however, allows for the implementation of a<br />
much more secure Zero Trust Network Access model. Inherent trust in a vendor is replaced with multifactor<br />
verification and privileged access management. Any time a vendor needs access to your systems,<br />
they must verify who they are, and once verified, only have access to exactly what they need. Trust can<br />
be abused; verification cannot.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 88<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Evaluating Third-Party Security Practices<br />
As it stands today, third-party vendor management is not easy. Only now are companies realizing that it<br />
should be the security and technology teams, not legal and procurement departments, that are the ones<br />
responsible for managing vendor access. And when that responsibility shifts, IT departments find<br />
themselves overwhelmed — suddenly managing upwards of 500 vendors.<br />
Adopting a third-party vendor management platform can simplify the otherwise herculean task of taking<br />
inventory of third-party access, setting network permissions, and monitoring activity by consolidating into<br />
a single place. This, in turn, makes it easier to not only keep track of who has access, but also implement<br />
new security procedures.<br />
Instead of just giving a new vendor access, crossing your fingers, and hoping for the best, a third-party<br />
management solution can offer the transparency and security to know you’re protected against potential<br />
breaches.<br />
With more and more hackers targeting third-party vendors, signed contracts, strong reputations, and<br />
compliance checklists just aren’t enough anymore. Thankfully, the systems to make vendor management<br />
easier and more secure are out there — it’s now just a matter of deciding to put resources behind one.<br />
Read the report, "A Crisis in Third-party Remote Access Security", here.<br />
About the Author<br />
Joe Devine is the CEO of SecureLink, a leader in third-party remote access.<br />
Headquartered in Austin, Texas, SecureLink provides secure third-party<br />
remote access for both highly regulated enterprise organizations and<br />
technology vendors. Joe has been at the company since 2008, and previously<br />
held the role of president and chief operating officer.<br />
Joe can be reached online via LinkedIn:<br />
https://www.linkedin.com/in/joemdevine/ and at our company website:<br />
https://www.securelink.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 89<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Rethinking Remote Monitoring and Management: How<br />
MSPs Can Put Security First and Better Protect Their<br />
Clients<br />
By Ryan Heidorn, Managing Partner, Steel Root<br />
For most Managed Service Providers (MSPs), using a remote monitoring and management<br />
(RMM) platform to centrally manage their clients’ networks is a foregone conclusion – it’s generally<br />
assumed that RMM tools are necessary to deliver IT services. However, that tide may be turning as more<br />
MSPs wake up to the fact that traditional RMM platforms can introduce an increasingly unacceptable<br />
level of risk to their business and their clients.<br />
Despite repeated warnings from the U.S. government and security vendors that attackers are<br />
targeting IT service providers as a single point of entry to breach multiple organizations at once, RMM<br />
platforms have not evolved to address modern threats, and remain a ubiquitous tool among MSPs. In the<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 90<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
wake of the massive SolarWinds attack, Jacob Horne, a Managing Partner at DEFCERT and former NSA<br />
intelligence analyst, warns that President Biden’s recent Executive Order on Improving the Nation’s<br />
<strong>Cyber</strong>security should serve as a wake-up call for MSPs.<br />
“If SUNBURST had zigged instead of zagged, this order would be locked on to MSPs,” he said.<br />
“The compromised Orion DLL also existed in N-central’s probe installer [an RMM component widely used<br />
by MSPs]. The MSP community dodged a huge bullet. Although N-central wasn’t directly compromised,<br />
it was just a half step away from happening if the attackers wanted it.”<br />
Today’s threat landscape necessitates that MSPs adopt a security-first mindset to managing the<br />
privileged access they hold within customer networks. In this article, we explore alternatives for remotely<br />
managing customer environments, envision a “zero trust RMM” that incorporates contemporary security<br />
best practices, and explain how enterprise IT practices like DevOps can be leveraged by MSPs and<br />
MSSPs to build cybersecurity maturity and better protect themselves and their clients from modern<br />
threats.<br />
The Elements of a Security-First Approach<br />
Remote monitoring and management concepts and capabilities can be reengineered to enable<br />
MSPs to put security first. While MSPs themselves may not be able to make direct changes to the RMM<br />
tooling – we need vendors to prioritize security, first – but reevaluating assumptions around remote<br />
management, especially where current practices are at odds with security, is an opportunity for MSPs to<br />
level up their practices to meet modern customer requirements.<br />
1. Envisioning the Zero Trust RMM<br />
“Zero trust” has emerged as contemporary wisdom for securing modern IT infrastructure. In<br />
contract to the adage, “trust but verify,” a core concept of Zero Trust Architecture (ZTA) is to “never trust,<br />
always verify.” ZTA seeks to move cybersecurity defenses away from network-based perimeters (like<br />
firewalls, VPNs, and intrusion detection systems) to user identities and individual resources, explicitly<br />
verifying every access request in the context of available data points. This is a particularly useful design<br />
principle for MSPs managing customers that increasingly rely on cloud services and whose users, in the<br />
post-COVID world, now work from anywhere.<br />
How does the system respond when a correct password is used, but the user account logs in<br />
from Boston and then 30 minutes later from Los Angeles? Or when the correct device is logging in, but<br />
Secure Boot is disabled, or the device is jailbroken? Systems based on ZTA principles flexibly manage<br />
access requests based on an organization’s defined policy.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 91<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Debate over the term “zero trust” notwithstanding (critics of the term correctly argue that “zero” is<br />
a misnomer, and today’s implementations might be more accurately described as “policy-based adaptive<br />
risk” or similar), MSPs should look for opportunities to onboard customers into ZTA concepts and seek<br />
to apply zero trust principles like defense in depth, microsegmentation, and just-in-time access to how<br />
they manage customer environments.<br />
To enable MSPs to employ these practices when managing client environments, a future RMM,<br />
built on zero trust principles, might include features like:<br />
· Zero trust network access to client environments, with a central policy engine authorizing each<br />
connection to a client environment as a substitute for today’s unattended remote access<br />
· Conditional access rules to protect key RMM functions like remote access and remote code<br />
execution. Trying to connect to a client environment outside of an MSP’s normal business hours?<br />
Prompt for multi-factor authentication before authorizing the connection. Trying to connect from<br />
outside the U.S.? Block the connection request.<br />
· An allow listing mechanism that only runs scripts that are cryptographically signed by the MSP<br />
· Segmentation of other MSP assets from the RMM platform. Do we really want to integrate<br />
credential managers with remote access tools?<br />
Zero trust is more than just a marketing buzzphrase; it is a security philosophy that reflects the<br />
reality that users routinely access corporate data from outside the traditional corporate network, often<br />
including third-party cloud services, and increasingly on personal devices. Future iterations of RMM<br />
platforms must build these assumptions (and their attendant security considerations) into the platform.<br />
2. The Right Amount of Remote Access<br />
Perhaps the most-used feature of RMM platforms is unattended remote access (screen sharing,<br />
file transfer, remote code execution). The ability to seamlessly hop on screen with a customer to<br />
troubleshoot an IT issue is considered a fundamental capability for an MSP. Particularly among small<br />
businesses, customers “just want things to work” and don’t want to be burdened with security processes<br />
or protocol.Today’s security realities warrant pushing back on these assumptions, at least until more<br />
secure iterations of RMM platforms are available. In the interim, the following practices for managing<br />
remote access may be justified to protect an MSP’s client base, even if there are some trade-offs with<br />
convenience.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 92<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
· Rethinking Unattended Access<br />
Day-to-day desktop support in client environments should not require unattended access. What<br />
if user support were instead conducted as attended support, with the end user requesting and<br />
authorizing remote access at the time of need? By requiring user consent (that cannot be<br />
overridden by checking a box in the RMM) to connect to or execute commands on user desktop<br />
environments, the ability of an attacker to leverage an RMM platform to breach many customers<br />
at once is greatly hampered. For endpoints that truly require unattended access, MSPs could use<br />
privileged access workstations (PAWs) to connect to dedicated “jump boxes” within customer<br />
environments. By segmenting and protecting the vectors for remote access into a client<br />
environment, an MSP demonstrates their understanding that with great power comes great<br />
responsibility.<br />
· Utilizing Just-In-Time Access<br />
Minimizing the number of always-on administrator accounts is a key component of managing<br />
privileged identities. As stewards of their customers’ security posture, MSPs should insist on<br />
reducing the attack surface of always-on, unattended remote access into customer environments.<br />
As Dan Ritch explores in the Thycotic cyber security blog, The Lockdown, Just-In-Time (JIT)<br />
access seeks to authorize privileged access only when it is required, protecting against<br />
compromised administrator accounts and providing an audit trail for privileged access. A future<br />
RMM built on JIT principles should include a mechanism for the customer to review, authorize,<br />
and log requests from the MSP before granting privileged access to the environment.<br />
· Managing Single-Tenant Customer Environments<br />
Do MSPs really need consolidated access to customer environments through a single pane of<br />
glass, or could they administer customer environments individually without much of a trade-off<br />
with efficiency? When it comes to the cloud, MSPs are already doing this. Today’s RMMs do not<br />
support meaningful management of cloud-native environments such as Microsoft Azure and<br />
Office 365. Emerging tools such as Microsoft 365 Lighthouse aim to bridge the gap, but MSPs<br />
may be wise to reconsider the necessity of aggregating all customer environments and seek out<br />
different styles of management.<br />
3. Modernizing IT Service Operations Through DevOps<br />
It’s not just a problem of tooling. As an industry, MSPs are overdue for an upgrade of their internal<br />
processes and practices. Observing enterprise trends in IT operations over the last 5-10 years may prove<br />
useful for breaking out of the “locked-in” mindset that RMM ecosystems can perpetuate. Specifically:<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 93<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
consider DevOps. Many MSPs are small businesses, but a shift toward thinking of themselves as an<br />
enterprise with many business units (i.e., clients) may be a helpful first step toward building operational<br />
maturity – an imperative for strong cybersecurity practices. Meeting the diverse operational, security, and<br />
compliance requirements of an MSP’s various “business units” does not have to mean sacrificing<br />
efficiency. To the contrary: for over a decade, enterprise IT teams have successfully integrated practices<br />
like DevOps to manage evolving business requirements at scale.<br />
MSPs may not be developing code or forcing agile development cycles on their helpdesk teams,<br />
but they are well acquainted with operational issues ranging from resource constraints and bottlenecks,<br />
inconsistent system administration practices, to lack of control or visibility into the execution of customer<br />
projects. Incorporating iterative, repeatable processes and paying off technical backlogs (internally and<br />
in customer environments) are goals that any MSP can get behind, and DevOps offers a roadmap to<br />
achieve them.<br />
The Phoenix Project, a 2013 “novel about IT” by Gene Kim, Kevin Behr, and George Spafford, is<br />
an excellent introduction to these concepts. Implementing DevOps begins by tracking and prioritizing<br />
work objects, identifying bottlenecks and blockers, and continually resyncing on those work items,<br />
problems, or issues. As MSPs develop a DevOps-like operational capability, they will soon find that<br />
concepts like infrastructure-as-code and configuration-as-code, widely adopted in the enterprise, have<br />
already solved some of the major gaps that exist in RMM platforms, such as how to manage single-tenant<br />
customer environments in the cloud.<br />
Future iterations of RMM could support MSPs in this evolution by enabling the management and<br />
deployment of configuration-as-code. What would it look like if a company like HashiCorp made an RMM?<br />
We imagine that it would provide strong controls around least privilege, separation of duties, JIT access,<br />
and programmatic review of privileged activity, and it would all be fully driven by APIs. That’s an RMM<br />
that the security-first MSP could confidently adopt.<br />
We Say We Need an Evolution<br />
The RMM platforms used by MSPs today are not up to the task of meeting modern cybersecurity<br />
challenges. MSP tooling and practices must evolve to keep pace with the threats facing service providers<br />
and their customers. As an industry, MSPs play a critical and privileged role in securing the U.S.<br />
economy, especially small businesses. It is time for MSPs to rise to the occasion by adopting “security<br />
first” as a core business value, even if it means challenging the status quo in process and tooling.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 94<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About The Author<br />
Ryan Heidorn is a Co-Founder and Managing Partner at Steel Root, where<br />
he leads the firm’s cybersecurity practice. Ryan’s expertise includes helping<br />
companies in the U.S. <strong>Defense</strong> Industrial Base implement and operationalize<br />
cybersecurity requirements under DFARS and CMMC. Ryan serves on the<br />
board of the National <strong>Defense</strong> Industrial Association (NDIA) New England<br />
chapter.<br />
You can be reached online at ryan@steelroot.us and at our company website<br />
http://www.steelroot.us<br />
About Steel Root<br />
Steel Root is a national leader in helping U.S. government and defense contractors meet cybersecurity<br />
and compliance requirements under CMMC, DFARS, and other federal standards. Specializing in the<br />
design and implementation of cloud-native systems purpose-built for meeting DoD compliance<br />
requirements, Steel Root provides expert guidance and managed IT services to help companies in the<br />
U.S. <strong>Defense</strong> Industrial Base build cybersecurity maturity.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 95<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
See What Hackers See via the Outside-In Perspective<br />
By Alex Heid, Chief Research & Development Officer, SecurityScorecard<br />
There is value in seeking out multiple perspectives. Even the most elite athletes have coaches and<br />
trainers observing them and telling them ways to improve their performance, and the same principle<br />
applies in the world of cybersecurity. An organization locked into a narrow view of their cybersecurity<br />
posture, confidently believing that they are secure, might miss any number of potential warning signs.<br />
Unfortunately, the consequences are far worse than those that might befall an underperforming athlete,<br />
and we continue to see them play out on an almost daily basis.<br />
Today’s cybercriminals understand both the most common cybersecurity strategies and more<br />
sophisticated approaches, and have engineered innovative new ways to circumvent these controls. And<br />
while organizations may feel assured in their cybersecurity stance, they can only assess what they can<br />
see and know about, which is often limited to a point-in-time assessment of a certain set of variables<br />
such as IP addresses on a static asset list.<br />
This lack of continuous network visibility can result in the exploitation of vulnerabilities that the<br />
organization doesn’t know exist. Now, more than ever, it is critical for organizations to seek a continuous<br />
outside-in perspective on their network security perimeters, allowing them to see their network the way<br />
attackers do.<br />
Why Now?<br />
Networks have changed. In the past, enterprises were responsible for their own security, but today’s<br />
mass adoption of cloud infrastructure has blurred the lines of who is responsible for what aspects of<br />
security.<br />
Think of it as a “fortress” model of security versus an “ecosystem” model.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 96<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
In the traditional fortress model, the enterprise has a clear perimeter and a solid understanding of what<br />
is coming into and going out of the network. Today, thanks to SaaS and cloud services, there isn’t the<br />
same visibility and the perimeter is more nebulous. What is the enterprise responsible for in this new<br />
ecosystem, and what is the service provider responsible for?<br />
External checks conducted by a trusted vendor that specializes in assessing measurement and risk<br />
represents one of the most effective ways to verify that all places data is being stored are up to par with<br />
security standards and protocols. Before the advent of the cloud, the attack surface was smaller, easier<br />
to manage, and within the digital walls of the enterprise itself. Today, the attack surface has expanded<br />
beyond the enterprise perimeter into a full digital supply chain ecosystem, making visibility more of a<br />
challenge and additional perspectives a necessity.<br />
What We Can Learn from Today’s <strong>Cyber</strong>criminals<br />
One of the preferred methodologies of today’s attackers is known as the “scan and exploit” method, which<br />
involves (as its name implies) scanning ranges and looking for vulnerabilities within applications on<br />
various protocols to exploit. In the past, the goal of such activities was to exfiltrate data, but now it is more<br />
common for attackers to encrypt that data and ransom it back to the enterprise. Ransomware attacks<br />
have risen sharply over the past several years as this strategy has continued to prove effective.<br />
It’s important to think like an attacker. An outside-in perspective can grant visibility into commonly<br />
exploited protocols, such as publicly accessible SMB ports and open RDP ports—two of the most<br />
commonly exploited protocols used in scan and exploit ransomware deployments. Organizations know<br />
that attackers will scan for these open ports—and by doing so themselves, they can head those attacks<br />
off at the pass. By conducting scans and analyses that mimic those conducted by attackers, defenders<br />
can use the information they gather to improve network defense.<br />
This level of visibility enables instantaneous, at-a-glance temperature checks on the posture of the<br />
enterprise’s entire external perimeter. If external scans conducted by security professionals are<br />
identifying potential vulnerabilities, the enterprise can be sure that the ones conducted by hackers will as<br />
well.<br />
Outside-In Visibility Enables Accurate Assessment<br />
Security standards are rising. As breaches become more common, enterprises are expected to have<br />
effective protections in place. Things like security ratings and external monitoring solutions are becoming<br />
more valuable—and not just from a security perspective, but from a perception perspective as well.<br />
Outside-in assessments of security capabilities are increasingly being used to accelerate procurement<br />
processes, either to filter out riskier candidates or confirm that they fit the necessary qualifications. Many<br />
businesses assess M&A targets in much the same way, further underscoring the importance of<br />
understanding how an organization is viewed from the outside.<br />
Today, enterprises might use an external security snapshot to gauge whether a contractor has effective<br />
security solutions in place when they apply for procurement opportunities—and vice versa. Similarly,<br />
cyber insurance providers often use external reviews as a guideline, and will likely continue to do so as<br />
a growing number of businesses turn to the burgeoning industry to protect themselves from cyber risk.<br />
As a whole, an outside-in perspective is increasingly considered an important best practice that can help<br />
provide a portrait of an enterprise’s overall health and business risk—something particularly valuable in<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 97<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
the wake of an attack like SolarWinds. If nothing else, enterprises should be aware of how their security<br />
capabilities are perceived by potential customers, clients, and partners.<br />
Leveling the Security Playing Field<br />
The recent rise in ransomware and other attacks using scan and exploit methodology has heightened<br />
the importance of network security discoveries and the identification of exploitable protocols within<br />
company topology. Organizations are—all too often—working off of incomplete or outdated asset lists<br />
that might be months old, years old, or worse. The larger the enterprise, the larger the digital footprint.<br />
Getting an outside-in perspective is the most effective way to accurately measure the size of that footprint.<br />
Ultimately, it is impossible to guard a door you don’t know is there. Getting an outside-in perspective can<br />
help identify vulnerabilities, identify IP addresses and other digital assets, and help companies find their<br />
blinds spots and plug security gaps. Attackers are conducting external scans every day. Performing their<br />
own can help today’s businesses understand what vulnerabilities those attackers are finding and deal<br />
with them accordingly.<br />
About the Author<br />
Alexander Heid serves as Chief Research & Development Officer at<br />
SecurityScorecard. Heid joined the company in <strong>June</strong> 2014 and has been<br />
instrumental in developing the company’s threat reconnaissance capabilities<br />
and building its security-centric platform. A recognized expert in the field, he<br />
frequently presents at industry conferences and is sought out by the media<br />
and analysts to discuss cybersecurity issues. Prior to joining the company,<br />
Heid held senior security roles within the financial industry, and was a senior<br />
analyst at Prolexic Technologies during the #OpAbabil DDoS campaigns. In<br />
addition, he is co¬-founder and President/CEO of HackMiami and served as<br />
chapter chair for South Florida OWASP.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 98<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Threat Hunting: Taking Action to Protect Data<br />
By Paul German, CEO, Certes Networks<br />
Any organization is at risk of a cyber threat hiding in its infrastructure. The intricate networks<br />
encompassing numerous smart and interconnected technologies make it straightforward for cyber<br />
criminals to hide, but much harder for them to be discovered.<br />
Yet, waiting for a cyber threat to make an appearance is far too risky; if left undetected, a cyber criminal<br />
could stay in an organization’s network for years - and just think of the harm that could be caused. To<br />
combat this, threat hunting is now a vital component of any cybersecurity strategy. Threat hunting<br />
involves consistently and proactively searching for the threats hiding within a network, rather than waiting<br />
for a hacker to make themselves known. This works on the assumption that a cyber hacker is always<br />
there and searching for any indications of unusual activity before it arises.<br />
How can threat hunting ensure an organization’s data is kept safe and how does the approach work in<br />
practice? Paul German, CEO, Certes Networks, outlines why a proactive approach to cybersecurity is<br />
critical at a time when the threat has never been more acute.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 99<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Proactive threat hunting<br />
The networks of today are complex, offering various different places for a cyber hacker to conceal<br />
themselves. And regrettably, it’s not uncommon for invasions to go undetected in networks for long<br />
periods of time. In fact, a 2020 report revealed that it takes organizations an average of 280 days to<br />
identify and contain a data breach, but organizations can’t afford to wait this long. In this time, a cyber<br />
hacker can be moving through the network, infiltrating systems and stealing information, making an<br />
organization’s data increasingly endangered.<br />
And the length of time can even be longer than this; in the 2018 Marriott International data breach,<br />
hackers were accessing the network for over four years before they were found, which resulted in the<br />
records of 339 million guests being exposed. The hotel chain were then victim to a second data breach<br />
last year after cyber criminals had been in the network for over one month, impacting approximately 5.2<br />
million guests.<br />
It is now more essential than ever for organizations to be able to analyse contextual data in order to make<br />
informed decisions regarding their network security policy. This is not possible without 24/7/365 managed<br />
detection and response (MDR) tools for proactive threat hunting that uses event monitoring logs,<br />
automated use case data, contextual analysis, incident alerting and response and applying tactics,<br />
techniques and procedures (TTPs) to identify issues that improve an organization’s security position.<br />
Detecting cyber criminals<br />
<strong>Cyber</strong> security analytics tools can capture data and detect evasive and malicious activity, wherever these<br />
threats are in the network in real-time. Producing fine-grained policies and applying these is one step<br />
security teams can take to proactively detect and remediate malicious activity instantly. With policy<br />
enforcement, attackers will find it very difficult attempting to make lateral ‘east-west’ movements or stay<br />
undetected in any section of the network, as the security team will have full visibility of the network and<br />
be able to protect against threats across all attack surfaces across all managed endpoints with a unified<br />
multi-layer approach. This incorporates policy generation and enforcement MDR tools that can provide<br />
significant insight into the overall reliability, impact and success of network systems, their workload and<br />
their behaviour to identify threats and proactively respond and secure valuable information..<br />
In reality, this means that security teams can take measurable steps towards controlling system access<br />
of the network environment; identifying who is in the network, who should be able to access what data<br />
and which applications, and being the first to detect indicators of compromise (IOC).<br />
Taking action<br />
If security teams want to stay ahead of cyber criminals, they should consider implementing threat hunting.<br />
Organizations no longer have to wait to be alerted of a data breach before taking action; today it is vital<br />
to have a full picture of the complete network in real-time, including extending these capabilities to<br />
teleworkers, so that unusual activity can be recognized and stopped immediately, before any damage<br />
occurs. With strong MDR tools at the center, organizations can guarantee a strong and effective security<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 100<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
posture built on anticipating the unknown, clear visibility into vulnerabilities that present the biggest threat<br />
and locating barriers that prevent successful tracking and remediation. With these tools, organizations<br />
can take action to protect and secure their sensitive data against lurking cyber criminals.<br />
About the Author<br />
Paul German is the CEO of Certes Networks. Paul is an experienced<br />
sales focused CEO with over 20 years of experience in selling,<br />
marketing, implementing and supporting networking and security<br />
technologies. He joined Certes in January 2015 where he initially led<br />
the EMEA region growing revenues 50% and establishing key<br />
relationships selling into multiple vertical markets, on which further<br />
success will be scaled. Paul prides himself with building great teams,<br />
knowing the right team will ultimately make the company successful.<br />
With Paul’s broad background in sales and marketing, operations,<br />
technology management, design and development he is able to bring<br />
teams together and lead successfully, establishing a solid foundation<br />
for future growth. Paul German can be reached online at Twitter:<br />
@pwgerman, LinkedIn: Paul German and at our company website<br />
https://certesnetworks.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 101<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
What Does a CSO Do and How it’s Different to CISO?<br />
By Anurag Gurtu, CPO, StrikeReady<br />
A CSO is an employee who is responsible for cyber, physical security and risk posture of an organization.<br />
The primary job of CSO is to protect infrastructure, assets, people, and technology. An organization's<br />
assets can be physical such as electronic devices, buildings, or shipping containers. Moreover, an asset<br />
can be digital such as trading documents, intellectual property, or software. The importance of the CSO<br />
role has increased in the last few years because of the dramatic growth in information technology.<br />
Many times, people confuse CSO for CISO, but the fact of the matter is that both of these roles are<br />
different, and here’s everything you need to know about it.<br />
CSO Vs. CSO<br />
CSO stands for chief security officer, and as mentioned, a CSO is responsible for the organization’s safety<br />
and security. Moreover, CSOs also ensure the technological and physical stability of a corporate sector.<br />
That’s why they need to understand and use different tools they need to use in order to ensure security.<br />
On the other hand, CISO stands for a chief information security officer. The primary job of CISO is to<br />
recognize and track the threats that an organization is facing, and help protect its data and information.<br />
Here are some important points regarding both of these positions that will allow you to understand these<br />
roles better.<br />
• A CSO is liable for the overall security of an organization, which includes risk<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 102<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
• Organizations depend upon CISOs to perform different tasks regarding information security.<br />
• The physical security of any firm is in the hands of the Vice President mainly, and in order to<br />
endure it, the firm refers to the experts such as CISO and CSO.<br />
CSO Roles and Duties<br />
The duties and responsibilities of a CSO can vary from sector to sector, and this variation is pronounced<br />
when comparing public and private sectors. However, the following are the general roles that CSO needs<br />
to perform.<br />
• Generally, he leads the organization's risk control operation to improve the brand name and<br />
image.<br />
• Manages the generation and implementation of security procedures, guidelines, specifications,<br />
and protocols.<br />
• Tracks the network of contractors and security managers to secure the company's properties,<br />
such as intellectual property.<br />
• Collaborates with different outside contractors in order to carry out unbiased compliance audits.<br />
• Operates with other organization’s leaders to solidify and improve protection measures.<br />
• Manages the organization’s spending to the main focus on secure financial methods and risk<br />
assessment.<br />
• Keeps in touch with state, federal, local, and other relevant government departments of law<br />
enforcement.<br />
• Investigates all types of security breaches and manages the incident response preparation.<br />
• Helps in disciplinary and legal matters, which are related to security breaches to ensure future<br />
security.<br />
CISO Roles and Duties<br />
The easiest way to properly understand the responsibilities of CISOs is to learn about their responsibilities<br />
that they need to perform on a daily basis. Here are some of the most common yet important duties that<br />
a CISO performs.<br />
• Carries out digital IT and eDiscovery forensic inquiries.<br />
• Ensures cybersecurity and privacy of information.<br />
• Supervises information as well as data security.<br />
• Manages CSIRT (Computer Security Incident Response Team) and CERT (Computer<br />
Emergency Response Team).<br />
• Ensures information control of risk.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 103<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
• Helps organizations regarding maintenance of business continuity and the recovery of disasters.<br />
• Looks after ISOC (Information Security Operations Center) or SOC (Security Operations Center)<br />
• Performs management of Access and Identification.<br />
• Regulates the information management of the organization’s financial systems.<br />
• Carries out danger and compliance governance of the organization such as GLBA, SOX, HIPAA,<br />
PCI DSS, FISMA, etcetera.<br />
Verdict<br />
An Organization can have both CSO and CISO, and both of them usually report to the organization's<br />
CEO. We hope that this information will help you to understand the difference between these roles and<br />
why both of them are vital to your organization.<br />
About the Author<br />
Anurag Gurtu is the CPO of the StrikeReady. He has over 18 years of<br />
cybersecurity experience in product management, marketing, go-tomarket,<br />
professional services and software development. For the past<br />
seven years, Gurtu has been deeply involved in various domains of AI,<br />
such as Natural Language Understanding/Generation and Machine<br />
Learning (Supervised/Unsupervised), which has helped him distill reality<br />
from fallacy and the resulting confusion that exists in cybersecurity with<br />
real-world applicability of this technology. Gurtu was fortunate enough to<br />
have experienced three company acquisitions (by Splunk, Tripwire and<br />
Sun Microsystems) and an early-stage startup that went public (FireEye).<br />
Gurtu holds an M.S. degree in Computer Networks from the University of<br />
Southern California and numerous cybersecurity certifications, including<br />
CISSP, CCNP Security and more.<br />
Anurag can be reached online at (https://twitter.com/AnuragGurtu https://www.linkedin.com/in/gurtu/ )<br />
and at our company website www.strikeready.co<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 104<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Two Sides of the Same Coin: Providing Access While<br />
Protecting Against Threats<br />
By David McNeely, chief technology officer, ThycoticCentrify<br />
In any organization, the duality of granting necessary IT or security team administrative access while<br />
trying to also protect against malicious threats creates an inherent tension for the security minded. How<br />
can you accomplish secure access for authorized IT staff while also keeping out the mischief makers<br />
who want to steal your data?<br />
Instead of granting an IT administrator unfettered access, best practices demand that all user access be<br />
routed through a reliable, untainted source. To maintain security, admins can record user activities or, at<br />
minimum, monitor them to detect suspicious activities.<br />
If we flip the conversation – or the coin, in this case – security teams can also consider the best practice<br />
of granting least privilege or least access. Organizations may find that an administrator needs access<br />
with a local admin account, but this is rare. To perform their responsibilities, access is granted to admins<br />
using a unique account assigned to them with specific privileges.<br />
Access for IT staff also needs to be easy, to ensure operational efficiency without bypassing security<br />
controls. Given the right tools, there are a range of choices that can simplify access while also increasing<br />
much-needed security. Some things for organizations to consider are choosing a native or web browser<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 105<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
client; choosing to provide login with an admin account, a shared account or their own account; or<br />
choosing a cloud SaaS service or an on-premises server gateway for access.<br />
Customize the experience using abundant options<br />
For most users, a browser-based portal is probably the best option that will satisfy most users. There are<br />
many situations where a browser interface is simply the easiest, since it doesn’t require anything on the<br />
workstation, including network connectivity. This model works extremely well for temporary access with<br />
outsourced IT, or in remote working arrangements when staff are working primarily outside the corporate<br />
firewall.<br />
IT staff may prefer to use a native remote access client under some circumstances, but the networking<br />
requirements make connectivity difficult without providing a VPN connection for the user. Normally, there<br />
are firewall boundaries around the machines in a data center and to connect by server name the user<br />
does a DNS lookup for the target they are trying to get to. However, it won’t work to establish a connection<br />
if the workstation’s native client cannot perform the DNS lookup.<br />
A safe bet is to find a solution that can act as a jump host and offer the ability to accept inbound<br />
connections. Then, find the local systems in order to enable login as well as recording those sessions.<br />
But what if an administrator wants to use a native client to Remote Desktop Protocol (RDP) vs. using a<br />
browser? Or if they want to log in as themselves and use their entitlements and privileges, or use an<br />
Alternate Admin account? They will need other options.<br />
Options are great – but are they easy?<br />
The strongest options will remove any and all obstacles to privileged access and make every option<br />
available based on the preferences of the administrator, and to enforce the security needed while<br />
simplifying access for the IT staff. In particular, two features enable the most choice:<br />
First, using a native client by itself to access a specific target without having to visit a central portal:<br />
usually there is a firewall between the native client and the target system, so IT can use a jump host to<br />
broker the connection for the user to the target. Second, look for “use-my-account” (UMA) capabilities:<br />
once the user authenticates to a cloud service, they may want to use their own account to log into a target<br />
machine.<br />
Organizations can also choose to enable a single pane of glass to work for both cloud-based PAM as<br />
well as traditional break-glass password vault scenarios. For example, should an IT administrator break<br />
glass or just log in as normal and use privilege elevation? With permissions they can do that. They don’t<br />
need anything on the machine, or they can use a browser on a laptop, workstation, or even a tablet or<br />
mobile device. Connectivity to any of the target systems is not necessary.<br />
Ultimately, empowering privileged access controls should be as simple as picking a client, picking the<br />
network connectivity, and picking an identity. Whether an organization provides privileged access tools<br />
may depend on which side of the flipped coin they land on. If not, it is almost a guarantee that IT staff will<br />
find creative ways to work around security best practices to suit their preferences.<br />
IT professionals want ease of use and access, just as business users do. To work on servers and other<br />
infrastructure, IT staff will seek the ways they are accustomed to, regardless of whether is aligns with<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 106<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
security protocols. Given the constant threat escalation of our digital world and the range of easy-to-use<br />
technology options available, there is no excuse for IT staff to circumvent privileged access management.<br />
About the Author<br />
David McNeely is Chief Strategy Officer at ThycoticCentrify, where<br />
he is focused on helping customers meet the evolving security<br />
needs of the modern enterprise, while contributing to the strategic<br />
vision of the company’s product portfolio. McNeely has been with<br />
Centrify for over 14 years prior to the merger with Thycotic,<br />
contributing to the company’s high growth via product innovation.<br />
Prior to joining Centrify, he served in a variety of product roles at<br />
AOL and Netscape Communications (acquired by AOL). David can<br />
be reached online at our company websites www.centrify.com or<br />
www.thycotic.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 107<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
DDoS <strong>Defense</strong>: How to Protect Yourself in <strong>2021</strong><br />
By Dr. James Stanger, Chief Technology Evangelist, CompTIA<br />
Distributed denial of service (DDoS) attacks are one of the most significant security threats to emerge in<br />
recent years. Because the majority of businesses rely on internet technologies to get things done, threat<br />
actors have turned to DDoS attacks more frequently than ever before. The situation is expected to<br />
become more problematic beyond <strong>2021</strong>— as the combination of technologies like IoT and 5G make<br />
DDoS attacks easier and more effective.<br />
Failure to protect your business against a DDoS attack can have severe consequences. From loss of<br />
business and profits to damaged brand reputation — this cybersecurity threat poses a significant risk to<br />
businesses of all sizes and industries. Many companies fail to adequately protect themselves against<br />
DDoS activity, which puts them at significant risk.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 108<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
In this article, we will explain what DDoS attacks are and how they work. We will also provide you with<br />
some practical tips on how to implement DDoS defense tactics that can really make a difference.<br />
DDoS Attacks Explained<br />
A DDoS attack involves directing a large amount of fake traffic to a targeted network in an attempt to<br />
overload and crash it. Specifically, a DDoS attack manipulates legitimate internet-based resources, such<br />
network time protocol (NTP), domain name system (DNS) servers and caching services, to send traffic<br />
to crash network connection devices. These network devices can include routers, switches and firewalls,<br />
as well as equipment used by internet service provider (ISP) companies. Because these targeted network<br />
resources try to process each received request as if it was legitimate, the targeted resources soon<br />
become overwhelmed by the fake traffic – and fail. As a result, the attacker effectively denies access to<br />
the organization’s entire network presence.<br />
DDoS attacks are relatively easy to execute and extremely efficient. Hackers can target internal networks,<br />
thus halting business processes for an entire company. Both small and large corporations are equally at<br />
risk. Even major brands are not safe from DDoS attacks. Smaller organizations often fall prey to DDoS<br />
attacks, because they believe they can’t afford to protect themselves.<br />
How Can You Protect Yourself Against DDoS Attacks?<br />
Modern technologies and fast global networks have made DDoS attacks easier to execute and<br />
exceptionally dangerous. The IoT (internet of things) industry is specially to blame since such devices<br />
traditionally do not have proper security embedded within them. As a result, hackers use IoT to create<br />
massive botnets that generate the huge amount of traffic needed for a DDoS attack. Threat actors have<br />
also identified how to manipulate legitimate network services to send illicit traffic.<br />
It is a common perception that all DDoS attacks involve large volumes of traffic. But in fact, most DDoS<br />
attacks are not “volumetric” by nature. The majority of attacks use relatively low volumes of malformed<br />
packets that nevertheless can crash the critical network connectivity devices for an organization. These<br />
low-volume attacks are often called protocol-based attacks, because threat actors make subtle changes<br />
to network protocol packets that make them dangerous to the devices that receive them. So, it is<br />
important to protect against both volumetric and protocol-based attacks.<br />
This is why there is no single way to protect your server against DDoS activity. Typical security solutions,<br />
such as the use of traditional firewalls, network-based intrusion detection and backups, are simply not<br />
enough to efficiently detect and mitigate this type of cyberattack. The best you can do is a combination<br />
of security software solutions and internal practices.<br />
Let’s take a look at some of the basic, yet effective, measures you can take to defend yourself against<br />
DDoS attacks.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 109<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Double up on your Bandwidth<br />
Since DDoS attacks aim to overwhelm your network with fake traffic, one logical solution is to create an<br />
alternative network connection. In other words, contract with another ISP that can provide a second<br />
network connection. It is possible to work with your alternate ISP to provide its services only under certain<br />
conditions. This will help keep costs down while still protecting against attacks.<br />
Invest in Effective Solutions<br />
It isn’t enough to improve traditional security, such as patching servers or upgrading your antivirus<br />
applications. It is more effective to implement at least some of the following solutions:<br />
• Install physical DDoS mitigation devices: DDoS traffic is often quite unique. Therefore, it is<br />
somewhat difficult to properly identify. Physical devices are often very effective at protecting small<br />
businesses from DDoS attacks because they can identify unique traffic. They can also work in<br />
concert with web application firewall (WAF) implementations.<br />
• Use a web application firewall (WAF): Usually, a WAF is good at thwarting traditional Denial of<br />
Service (DoS) attacks. The primary difference between a DoS attack and a DDoS attack is that a<br />
DoS attack targets a specific resource – usually a web server. But it is possible to use a WAF to<br />
help defend against certain types of DDoS attacks.<br />
• Use cloud scrubbing services: Often called scrubbing centers, these services are inserted<br />
between the DDoS traffic and the victim network. They can then take traffic meant for a specific<br />
network and route it to a different location. This different location is often called a “sinkhole,”<br />
because it simply buries the offending traffic.<br />
• Implement a content delivery network (CDN): Also called a content distribution network, this is<br />
a group of geographically-distributed proxy servers and networks. They are designed to provide<br />
information, and even services, from your network in case your primary network goes down. Such<br />
a network can work as a single unit to provide content quickly via multiple backbone and WAN<br />
connections, thus distributing network load. The result is that if one network becomes flooded,<br />
the CDN can deliver content from another, unaffected group of networks.<br />
Create a DDoS Response Plan<br />
Aside from hardware and software measures, you and your team also need to be prepared to act in case<br />
a DDoS attack occurs. Make sure you go over each element of your infrastructure and identify weak<br />
points and vulnerabilities when it comes to DDoS activity. Prepare processes, procedures, mitigation<br />
strategies and alerting systems as part of a comprehensive DDoS response plan.<br />
Large and small organizations alike should consider establishing a DDoS response team. This team can<br />
be composed of organizational leaders, the company CEO or owner, public relations professionals and<br />
members of the IT department. Ensure that roles are clearly defined, along with escalation procedures<br />
and practical guidelines. If you manage to detect a DDoS attack before it does any damage, odds are<br />
you will be able to prevent it altogether — provided you have the technology and training to do so.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 110<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Protect Your Business from DDoS Attacks<br />
DDoS activity is expected to become more frequent and more dangerous in the years to come. Each<br />
company that has an online component needs to be aware of this threat. Do not neglect the damage<br />
DDoS might cause to your business.<br />
The tips provided above will ensure you have a solid foundation for your anti-DDoS efforts. Even though<br />
it may seem like an unlikely event, it’s better to be prepared for DDoS attacks. A relatively small<br />
investment of time and resources can go a long way towards protecting your business from this<br />
cybersecurity threat.<br />
About the Author<br />
As CompTIA's Chief Technology Evangelist, Dr. James Stanger has<br />
worked with Information Technology (IT) subject matter experts, hiring<br />
managers, CIOs and CISOs worldwide. He has a rich 25-year history in<br />
the IT space, working in roles such as security consultant, network<br />
engineer, Linux administrator, web and database developer and<br />
certification program designer.<br />
He has consulted with organizations including Northrop Grumman, the<br />
U.S. Department of <strong>Defense</strong>, the University of Cambridge and Amazon<br />
AWS. James is a regular contributor to technical journals, including<br />
Admin Magazine, RSA and Linux Magazine. He lives and plays near the Puget Sound in Washington in<br />
the United States.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 111<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Prioritizing Disinformation Campaigns’ Role in <strong>Cyber</strong><br />
Warfare<br />
By Dan Brahmy, CEO of Cyabra<br />
With reports of cyberattacks and hacks like that of the Colonial Pipeline and SolarWinds increasing in<br />
frequency, it can be easy to forget another aspect of cyber warfare: disinformation attacks and influence<br />
campaigns. From public health crises to elections to the significance the term “fake news” has taken in<br />
American households, this type of cyber warfare poses an increasingly formidable threat to defense<br />
leaders.<br />
While the U.S. has been doing an adequate job of combatting individual attacks in the eyes of the public<br />
as they arise, defense agencies need to begin prioritizing comprehensive, thorough programs to<br />
proactively stop influence campaigns in their tracks.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 112<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Undermining Public Trust<br />
The cycle of hacks and leaks before prominent elections is almost commonplace. With French President<br />
Emmanuel Macron’s email leaks ahead of his 2017 election to the pivotal email leaks of then-presidential<br />
candidate Hillary Clinton via Wikileaks, it’s becoming less of a surprise when these leaks drop. And while<br />
it might be easier for the public to turn their eyes to these concrete examples of influence campaigns<br />
rooted in breaches, it is important not to overlook or discredit the ongoing presence of disinformation<br />
based influence campaigns.<br />
For example, in early May the Washington Post reported that former President Trump’s lawyer, Rudy.<br />
Giuliani was the target of a Russian influence campaign ahead of the 2020 election. And with no tangible<br />
hack or information dump for the public to latch onto, it can become increasingly difficult for citizens to<br />
discern exactly how and when they are being influenced by the effects of these types of campaigns,<br />
especially when this “news” is being amplified by fake accounts. Further, if the January 6, <strong>2021</strong> attack on<br />
the U.S. Capitol is indicative of public trust in elections, it’s easy to see the lasting and significant effects<br />
disinformation campaigns can have on governmental systems; and that is not even taking into account<br />
the disinformation spread by conspiracy groups and others around the attack itself.<br />
Though it is tempting to write off these attacks as one off responses to election cycles, disinformation<br />
campaigns throughout the pandemic have proved these types of attacks are anything but singular events.<br />
Both China and Russia launched disinformation campaigns to discredit trust in Western vaccines.<br />
Over the past few years, we’ve seen continued efforts on the part of Chinese diplomats to increase and<br />
amplify their social media presence, despite the state’s ban on those platforms. Beyond the posts, Twitter<br />
has identified a multitude of fake accounts retweeting and engaging with their posts, serving to not only<br />
amplify their messaging, but also create an appearance of groundswell support. Though Twitter already<br />
has and will continue to ban fake accounts as they are detected, it hasn’t succeeded in stopping bot<br />
accounts in support of the Chinese government. As the Associated Press reports, as alleged support and<br />
engagement with the original Tweets continues, there is an increased risk these propaganda posts can<br />
distort Twitter’s algorithm that boosts popular posts.<br />
Yet China’s manipulation of U.S. politics and sentiment via social media is nothing new. Typical internet<br />
denizens need to look no further than the uproar sparked by a tweet in support of Hong Kong protests by<br />
then-Houston Rockets general manager, Daryl Morey. The Wall Street Journal in partnership with<br />
researchers at Clemson University determined that following his tweet, Morey was the target of a<br />
coordinated harassment campaign. The amplification around supposed internet users’ responses served<br />
to sway American conversations around Hong Kong and China, both in political discussions, but also in<br />
matters related to the U.S. companies’ financial interests.<br />
The effects of disinformation campaigns continue to seep into the everyday life of the average internet<br />
user, resulting in gradual yet drastic effects in the country’s perception of politics, international affairs,<br />
finance and the like. The United States needs to start prioritizing these types of attacks when approaching<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 113<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
cyber warfare. Disinformation and influence campaigns are not a new cause for concern, and they do not<br />
appear to be going away anytime soon.<br />
Moving Forward<br />
With elections, public health crises and the day to day discussions of fake news, Americans rightfully<br />
continue to struggle to discern the real from the fake online and, more broadly, understand the importance<br />
of being able to do so.<br />
According to a study from Pew Research Center in September 2020, “About half of U.S. adults (53%)<br />
say they get news from social media ‘often’ or ‘sometimes.’” And though the average internet user may<br />
continue to stay on the lookout for the latest flood of suspicious posts from a distant relative, the gradual<br />
barrage of dis- and misinformation can serve to slowly wear down their resolve, desensitizing them to<br />
continued attacks from bad actors.<br />
As the defense community continues to address the role influence campaigns play in cyber warfare,<br />
utilizing and integrating technology platforms that can help detect, track and trace disinformation as it<br />
spreads will better equip government agencies to proactively identify and neutralize serious threats.<br />
Understanding how disinformation is spreading, and perhaps more importantly, who the disinformation<br />
campaign is targeting can provide crucial for an agency’s ability to effectively combat these bad actors<br />
before they have a chance to cause a significant lasting impact.<br />
About the author<br />
Dan Brahmy is the co-founder and CEO of Cyabra, a SaaS platform that<br />
measures impact and authenticity within online conversations to detect<br />
disinformation.<br />
Dan can be reached online at @TheCyabra, info@cyabra.com and at our<br />
company website http://www.cyabra.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 114<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 115<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 116<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 117<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 118<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 119<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 120<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 121<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 122<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 123<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
You asked, and it’s finally here… we’ve launched <strong>Cyber</strong><strong>Defense</strong>.TV<br />
Hundreds of exceptional interviews and growing…<br />
Market leaders, innovators, CEO hot seat interviews and much more.<br />
A new division of <strong>Cyber</strong> <strong>Defense</strong> Media Group and sister to <strong>Cyber</strong> <strong>Defense</strong> Magazine.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 124<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL<br />
ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR MAGAZINES FOR FREE.<br />
This magazine is by and for ethical information security professionals with a twist on innovative consumer<br />
products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our<br />
mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best<br />
ideas, products and services in the information technology industry. Our monthly <strong>Cyber</strong> <strong>Defense</strong> e-<br />
Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare<br />
arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of<br />
sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here<br />
to sign up today and within moments, you’ll receive your first email from us with an archive of our<br />
newsletters along with this month’s newsletter.<br />
By signing up, you’ll always be in the loop with CDM.<br />
Copyright (C) <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.<br />
SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a<br />
<strong>Cyber</strong><strong>Defense</strong>Awards.com, <strong>Cyber</strong><strong>Defense</strong>Magazine.com, <strong>Cyber</strong><strong>Defense</strong>Newswire.com,<br />
<strong>Cyber</strong><strong>Defense</strong>Professionals.com, <strong>Cyber</strong><strong>Defense</strong>Radio.com and <strong>Cyber</strong><strong>Defense</strong>TV.com, is a Limited Liability<br />
Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465,<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine® is a registered trademark of <strong>Cyber</strong> <strong>Defense</strong> Media Group. EIN: 454-18-8465, DUNS#<br />
078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com<br />
All rights reserved worldwide. Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved. No part of this<br />
newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,<br />
recording, taping or by any information storage retrieval system without the written permission of the publisher<br />
except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of<br />
the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may<br />
no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect<br />
the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content<br />
and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at<br />
marketing@cyberdefensemagazine.com<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
276 Fifth Avenue, Suite 704, New York, NY 1000<br />
EIN: 454-18-8465, DUNS# 078358935.<br />
All rights reserved worldwide.<br />
marketing@cyberdefensemagazine.com<br />
www.cyberdefensemagazine.com<br />
NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine - <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> rev. date: 06/01/<strong>2021</strong><br />
Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guysebook/dp/B07KPNS9NH<br />
(with others coming soon...)<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 125<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
9 Years in The Making…<br />
Thank You to our Loyal Subscribers!<br />
We've Completely Rebuilt <strong>Cyber</strong><strong>Defense</strong>Magazine.com - Please Let Us Know<br />
What You Think. It's mobile and tablet friendly and superfast. We hope you<br />
like it. In addition, we're shooting for 7x24x365 uptime as we continue to<br />
scale with improved Web App Firewalls, Content Deliver Networks (CDNs)<br />
around the Globe, Faster and More Secure DNS<br />
and <strong>Cyber</strong><strong>Defense</strong>Magazine.com up and running as an array of live mirror<br />
sites and our new B2C consumer magazine <strong>Cyber</strong>SecurityMagazine.com.<br />
Millions of monthly readers and new platforms coming…starting with<br />
https://www.cyberdefenseprofessionals.com this month…<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 126<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 127<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 128<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 129<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.