Category: For technologists

Our technological world is advancing at dizzying speeds.

Related: The coming of a ‘bio digital twin”

Over the last decade, we have seen the introduction of 4G and 5G telecommunication service, the iPad, Instagram, and the introduction, acceptance, and adoption of cloud services from Microsoft, Google, and Amazon, as well as cloud computing.

Add in an increasing focus on data becoming a crucial enterprise asset—as well as the introduction of countless database and analytical tools, digital twins, artificial intelligence, and machine learning—and we are dealing with unprecedented technical complexities and risk.

Digital twins are just one example of a complex system, but they expose companies to a lot of risk if they are not properly implemented with a cybersecurity plan in place. Digital twins are a digital representation of reality, either in physical or process form. For example, think of digital cities, or digital infrastructure assets.

Leveraging digital twins

One might operate a plant and then use the digital twin of that plant to plan maintenance and optimization and see what would happen before they execute in reality. Another example is a city using a digital twin so that they can model floods or earthquakes. Digital twins are incredibly useful.

But think of the risks. For example, what if a bad actor accesses a digital twin of a major dam or some other critical piece of infrastructure? They might be able to find the most vulnerable spots in the physical structure to stage a terrorist attack.

Rutkowski

Or what if a competitor got the digital twin of some complex machinery that a company invented? They would have that company’s IP in hand. Clearly, it is crucial that any digital twins (or other complex systems) are secured at the highest level.

The biggest challenge is that because digital twins are central to planning, operations, maintenance, and modeling, they cannot simply be locked up with high walls built around them. That would result in a digital twin that was once perfect but is now outdated.

Access security challenges

To gain maximum value, the digital twin must be used and kept evergreen, with constant updates, for planning, operations, maintenance, and modeling. Therefore, we must keep the digital twin as open as is needed.

The first step is to determine who needs to access the digital twin. Will they need to simply look at it, or download it, or update it?

Access needs to be provided to only those who need it, in the areas of the digital twin that they need, and at the appropriate level. These levels of access will ensure that everyone can do their jobs, but not so widely that they can even accidentally edit data that they should not have access to in the first place.

Another consideration is understanding what happens if a bad actor does get into the digital twin. What will happen? Will they steal IP? Can they access industrial control systems? Will they be able to get into the SCADA systems perhaps tied to the digital twin? Will they be able to gain control of all the monitors or other remote devices (in our Internet of Things world) tied to the digital twin?

Let’s hope not, but if so, it’s essential that companies understand the risks and have a plan to address them. They need a comprehensive cybersecurity plan. Depending on their security maturity, they may also decide to outsource the risk by having a managed service host their digital twin.

Managing scenarios

Whatever the solution, it is key to develop and practice response plans to various attacks. It is far too late to figure out who to call when a digital twin has been breached and a hacker has all the company’s IP or is in the digital twin changing things.

Instead, companies should create a list of scenarios that would pose a threat to their organization and then walk through each one with key stakeholders to identify who will need to be called, how the issue will be communicated, what cyber insurance will cover, and what next steps will be followed. Each scenario then needs practice, to ensure everyone is ready should a situation arise.

While it may all sound risky, we should not shy away from adopting and leveraging complex technology like digital twins. Preparation and planning are key. The payoff and return on investment are too great to just ignore.

However, we do need to carefully consider and address the cybersecurity risks and deploy responsibly so that everyone has the trust in the technology that they need to achieve full utilization.

About the essayist: Claire Rutkowski, is the chief information officer for Bentley Systems, a supplier of software solutions to accelerate project delivery and improve asset performance.

After years of competitive jockeying, the leading tech giants have agreed to embrace a brand new open-source standard – called Matter – that will allow consumers to mix and match smart home devices and platforms.

Related: The crucial role of ‘Digital Trust’

After numerous delays and course changes, the Matter protocol, is set to roll out this fall, in time for the 2022 holiday shopping season. To start, seven types of smart home devices will be capable of adopting the Matter protocol, and thus get affixed with a Matter logo.

Matter is intended to foster interoperability of smart home devices – so a homeowner can stick with just one voice assistance platform and have the freedom to choose from a wide selection of smart devices sporting the Matter logo.

What this boils down to is that a consumer living in a smart home filled with Matter devices would no longer be forced to use Amazon’s Alexa to control some devices, while having to switch to Apple’s Siri, Google’s Assistant or Samsung’s SmartThings to operate other devices. No surprise: Amazon, Google, Apple and Samsung are the biggest names on a list of 250 companies supporting the roll out of Matter.

The qualifying types of smart home devices, to start, include light bulbs and switches; smart plugs; smart locks; smart window coverings; garage door openers; thermostats; and HVAC controllers. If all goes smoothly, surveillance cams, smart doorbells and robot vacuums would soon follow.

DigiCert, the Lehi, Utah-based Certificate Authority and a supplier of services to manage Public Key Infrastructure, has been at the table helping develop the privacy and data security components of Matter. I had the chance to discuss the wider significance of Matter with Mike Nelson, DigiCert’s vice president of IoT security. Here’s what we discussed, edited for clarity and length.

LW: When a consumer sees a smart home device with a Matter logo this fall, what do you hope that conveys?

Nelson

Nelson: The Matter logo represents seamless interoperability for consumers, ultimately enhancing users’ experience and control. It also represents digital trust [insert the way we are defining DT] between all compliant devices from different manufacturers.

LW: What was the core security issue that had to resolve in deriving Matter?

Nelson: The security challenges present in many smart home devices include device identity, proper authentication (user and device), confidentiality of sensitive data, and integrity of software.

The Matter specification focuses on establishing a robust immutable identity for each device and requiring all participants to use security credentials (digital certificates) that are chained to secure roots of trust. This practice ensures that only trusted devices can identify and interoperate with other Matter compliant devices.

LW: How did the alliance resolve this core security issue?

Nelson: The Matter security specification has been developed collaboratively with many industry stakeholders over the last several years. The Matter specification takes a secure-by-design approach to ensure devices can be trusted throughout their lifecycle. The security specification is a layered approach with strong, easy to implement, resilient and agile security approaches.

The security specification raises the bar for IoT security and privacy through the following approaches:

•Establishing a strong device identity so only trusted devices can join a smart home

•Secured, standard software updates to ensure integrity

•Validation of every device to ensure it is authentic and certified

•Secured unicast and group communications

•Easy, secure, and flexible device commissioning

•Up-to-date info via Distributed Compliance Ledger

LW: What was the core privacy issue and how was it resolved?

Nelson: There are a number of privacy threats with smart home devices. Security cameras, smart speakers and other monitoring devices could enable a bad actor with access to eavesdrop on members of a home. Additionally, data theft could reveal sensitive information about consumers.

LW: Near term – can you paint a picture of a likely adoption scenario in 2022 and 2023? (For instance, would the alliance be happy if Matter wins over more smart home platform suppliers and device manufacturers?)

Nelson: We are seeing many CSA members participating in Matter moving quickly to achieve compliance with the specification. I believe we will see Matter-compliant devices on the shelf before the end of the year.

LW: Long run – what’s a plausible, hoped-for outcome; how does Matter connect to the progress of advanced IoT systems?

Nelson: IoT security has finally evolved to a state where manufacturers aren’t only concerned about securing their devices. Industries are begging to look at how to securely connect with devices from other manufacturers to improve the end users’ experience. Matter is leading the way with this effort and I believe we will see other industries follow. The CSA also has plans to expand Matter beyond smart home and into smart commercial buildings and potentially other industries.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Post Covid 19, attack surface management has become the focal point of defending company networks.

Related: The importance of ‘SaaS posture management’

As digital transformation continues to intensify, organizations are relying more and more on hosted cloud processing power and data storage, i.e. Platform as a Service (PaaS,) as well as business tools of every stripe, i.e. Software as a Service (SaaS.)

I had the chance to visit with Jess Burn, a Forrester principal advisor  to CISOs, about the cybersecurity ramifications.

Guest expert: Jess Burn, Principal Advisor, Forrester Research

We discussed how the challenge has become defending the cloud-edge perimeter. This entails embracing new security frameworks, like Zero Trust Network Access, as well as adopting new security tools and strategies.

This boils down to getting a comprehensive handle on all of the possible connections to sensitive cyber assets, proactively managing software vulnerabilities and detecting and responding to live attacks.

A new category of attack surface management tools and services is gaining traction and fast becoming a must-have capability. To learn more, please give the accompanying Last Watchdog Fireside Chat podcast a listen.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Cyber-attacks continue to make headlines, and wreak havoc for organizations, with no sign of abating. Having spiked during the COVID-19 pandemic, threats such as malware, ransomware, and DDoS attacks continue to accelerate.

Related: Apple tools abuse widespread

A10’s security research team recorded a significant spike in the number of potential DDoS weapons available for exploitation in 2021 and early 2022. The total number of DDoS weapons, which was previously recorded at 15 million, has grown by over 400,000 or 2.7 percent in a six-month period.

This includes a notable 2X increase in the number of obscure potential amplification weapons such as Apple Remote Desktop (ARD).

The war in Ukraine has seen likely state-sponsored attacks using these types of DDoS attacks. The Log4j vulnerability has predictably proved fertile ground for hackers as well, putting millions of systems at risk, with Russia accounting for more than 75 percent of Log4j scanners and helping drive. In this intensifying threat landscape, the urgency for modern DDoS defenses becomes clearer every day.

A new report by the A10 Networks security research team explores the global state of DDoS weapons and tactics. Key findings follow.

Ukraine targeted

DDoS attacks have long been a favorite tactic of bad actors for disruption. In a recent example, A10’s security research team observed significant, sustained attacks on Ukrainian government networks and commercial assets beginning February 24, 2022, the first day of the invasion.

These included targeted, large-scale attacks on a block of address associated with Kharkiv and Severodonetsk, and on the Secretariat of the Cabinet of the Ministers of Ukraine.

Nicholson

The largest of the attacks on Ukraine used amplification and reflection methods to increase their impact. The attack on the Secretariat of the Cabinet of the Ministers of Ukraine demonstrated a common strategy in which multiple requests are sent by the attacker; however,  the intended victim’s IP address is faked by the sender (spoofed) so the UDP-based services contacted will send replies to the victim’s IP.

The attacks on Kharkiv and Severodonetsk used a less common form of amplification leveraging Apple Remote Desktop (ARD) protocol on UDP port 3,283. In this case, the tactic achieved a response size of approximately 34X larger than the original request; A10 recorded two million requests to a single U.S.-based machine.

Log4j adds to the mix

The use of more obscure potential amplification weapons, such as ARD, more than doubled over the past year; the total number of amplification attack weapons worldwide reached 15 million.

On December 10, 2021, by the discovery of CVE-2021-44228, a critical vulnerability in the widely used Apache Log4j logging framework. According to NIST, the vulnerability allows attackers to carry out unauthenticated remote code executions (RCE) to install malware. Before its public disclosure, our team began scanning for affected hosts.

Within a week, activity was spiking in more than 10 countries, with three-quarters sourced from Russia. By December 20, 2021, we had detected clear signs that Log4j was being used for viral spread, with the potential to create massive botnets capable of carrying out large-scale DDoS attacks.

Zero-trust factors in

With the anticipated rise in cyber-attacks and state-sponsored cyber warfare given the ongoing Russia-Ukraine conflict, it is important for organizations to ensure that networks are not weaponized by adopting a Zero Trust framework. Central to Zero Trust is the idea of “never trust, always verify”—using continuous checks throughout the network to ensure that resources are accessed only by authorized users.

Micro-segmentation, micro-perimeters, comprehensive visibility, analytics, automation, and a well-integrated security stack complete the Zero Trust model.

When planning a Zero Trust policy for DDoS defense, a modern approach is needed. This modern set of technologies includes adaptive baselining to learn your network, threat intelligence to block known bad actors, artificial intelligence (AI) and machine learning (ML) to identify and stop zero-day threats, and automation at multiple levels to find and mitigate large, small, and stealthy DDoS attacks.

As a post-pandemic era takes shape, it’s clear that cyberattacks are here to stay—and organizations must act accordingly. Read the 2022 A10 Networks DDoS Threat Report for further insights, and steps you can take in response

About the essayist: Paul Nicholson is senior director, product marketing, at A10 Networks, a San Jose, Calif.-based supplier of security, cloud and application services. He has held technical and management positions at Intel, Pandesic and Secure Computing. 

Cybersecurity poses a risk to all businesses.

Related: Biden moves to protect critical infrastructure

Dataprot reports that 59 percent of Americans have experienced cybercrime in the past. An estimate stated that $6 trillion worth of damage was caused by cybercrime in 2022, making it vital for businesses to securely destroy data.

Deleting information from a hard disk drive (HDD) is not enough. Hackers can recover data from physical drives, even when the information has been removed. When businesses have spent years building trust with customers, it is important to take the necessary precautions to protect data and the brand’s reputation by destroying data effectively.

Limits to wiping

Deleting files isn’t enough to keep data safe. With the right tools, hackers can retrieve deleted files. Depending on the operating system, there may be built-in tools to erase data. This is a quick and convenient method but third-party utilities offer a greater level of security.

DBAN is a free tool but is limited in its abilities, as it only works on hard drives and not solid-state drives (SSD). Working independent of the operating system (OS), DBAN can wipe the entire machine. This is important for any businesses upgrading their hardware to new technology, as it allows for the safe transfer of data before it is removed from old machines.

Other tools, such as CCleaner, require an upgrade to the premium version in order to fully wipe data, and cannot wipe the drive hosting the OS as this is where it will be installed.

Wiping data is a good method of protection, but destroying the hard drive is the safest option. This prevents any fragments of data from being retrieved from old drives.

Mitchell

Hard drives present a security liability. With increasingly large storage capacities, they are capable of holding hundreds of thousands of sensitive data files. Just as there are tools to wipe HDD, there are tools for thieves and criminals to extract information from the HDD.

Cybercrime statistics from Dataprot states that 60 million Americans have experienced identity theft, highlighting the importance of destroying data completely.

It isn’t simply a matter of data security. A data breach will cost a company vital revenue and client trust. Business reputation is at stake, as many of the top security breaches are widely publicized and remembered many years later, such as the Yahoo hack of 2013 where 3 billion accounts were compromised. More recently, there was the 2022 Crypto.com hack which saw $18 million of Bitcoin and a further $15 million of Ethereum.

With a global study from IBM estimating that the average data breach cost in 2021 was $4.24 million, it is important to protect data and destroy the hard drive.

Destruction options

Destroying a hard drive is the most effective way of ensuring data cannot be retrieved from it. While there are a number of methods that can be used to destroy hard drives, some are more effective than others.

Drilling. Using a hand drill or a hammer to drive a nail through the hard drive will destroy the platter. However, it is a time-consuming process and often not the most effective solution for those seeking to completely destroy a hard drive.

Degaussing. For businesses with a significant turnover of old hard drives, a degausser is an effective solution. Using magnetic forces, the data in the device is scrambled and cannot be read.

Shredding. Just as shredding has proven to be an effective method for destroying sensitive data on paper, HDD and SSD shredders are specialized machines designed to cut hard drives into smaller pieces, rendering the drive and data useless. For many in high-security environments, this is one of the best solutions.

Disintegrating. Another high-security option for data destruction is disintegration. Disintegrators slice hard drives into smaller particles, ensuring that the drive cannot be reassembled.

Many businesses consider themselves to hold data security at the heart of everything that they do. Combining a complete data wipe with the destruction of the hard drive ensures data integrity while keeping clients’ trust and protecting the business’ reputation. In a time when data is constantly at risk and under siege, this is more important than ever.

About the essayist: Kyle Mitchell is the Commercial Sales Director at Whitaker Brothers, which has over 75 years of experience delivering industry-leading data destruction and security equipment solutions. 

Phishing itself is not a new or a particularly complicated threat. But the emergence of  advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises.

Related: Deploying human sensors

Phishing comes with a simple premise – lure someone to interact with a malicious link, file, or credentials-input, disguised as a legitimate email or website.

The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S. companies rising to $14.8 million in 2021, compared with $3.8 million in 2015.

Despite increased public awareness of cybersecurity risks and safe browsing practices, the impact of phishing has increased exponentially – IBM’s 2021 Cost of Data Breach Report found phishing to be the second most expensive attack vector for enterprises.

Novel tactics

This is so, in part, because growing awareness has pushed hackers to create even more sophisticated means to plunder log-in information, or to lure employees to click on a malware-infected link – AKA next-gen, or “DeepSea” phishing.

These attacks use novel and rarely seen phishing techniques, often employing several layers of deception in parallel. Take this recent phishing attempt, which was identified by Perception Point’s Incident Response team: hackers first used an irregular URL structure to evade standard email threat detection systems, and sent users through a very convincing but fake two-factor authentication.

Because web browsers consider these malicious links to be URLs, they are opened automatically, compelling email recipients to unwittingly enter suspicious websites. In one of the cases, a malicious URL led to a fake Microsoft log-in page, almost indistinguishable from the original – but for the deployment of next-gen detection techniques.

“Spear phishing,” represents another example of DeepSea methodology, whereby malicious actors “scrape” personal information (primarily from social media) about their targets to make each phishing attempt more personalized and seem more legitimate.

Current solutions

Enterprise cybersecurity traditionally prevents such attacks in two ways: staff education, giving employees the tools they need to recognize and report suspicious emails that land in their inboxes; along with cybersecurity solutions, which prevent malicious emails from reaching inboxes in the first place.

Aminov

Unfortunately, the former category is becoming less and less effective as phishing becomes more and more sophisticated, with email clones looking increasingly indistinguishable from the real thing. Regarding the latter, cybersecurity solutions that were once industry standard are often unable to keep up with the rapidly changing threat landscape. This is in part due to the increased accessibility of phishing tools, with phishing kits even available to purchase by non-coder and amateur phishermen.

Advanced solutions

Emerging cybersecurity tools can be built with enterprise digitization and growing cloud-adoption in mind, as opposed to legacy solutions that are slow and frustratingly inflexible. These more traditional solutions are generally not cloud-native, and even if they have been refashioned to work in a cloud environment, the alterations often come with major drawbacks.

The heightened agility of emerging tech can better keep up with the rapidly evolving threat landscape, deploying techniques such as:

•Image recognition and natural language processing. These techniques can identify impersonation techniques or phishing attacks.

•Cloud native design. Advanced defensive algorithms are more dynamic, scalable, and primed for automation).

No-code services. These are easily adaptable packages of pre-written code which save R&D specialists time creating threat responses, allowing them to focus more on creative, preemptive solutions.

Adaptable SaaS solutions can allow enterprises of any shape and size to equip themselves with advanced threat protection, suited to rapidly changing business environments.

A prime example: the changing business environment, with its emphasis on remote and hybrid working, requires internet connectivity for a growing range of collaboration tools and cloud-based storage. Traditional sandboxes only scan 60 to 70 percent of the content traversing these interconnected channels – today’s enterprises must instead strive to cost-effectively vet 100 percent of incoming content — fast enough to support the companies’ business processes.

Measuring results

But there’s a catch: too many layers of protection can slow these digital systems. Jumping through numerous precautionary hoops for every single process or action will at best frustrate employees, and at worst, hinder their productivity. Thus, the goal of the modern cybersecurity company must be to empower enterprises at the sweet spot between protection and productivity.

Metrics around how many users report phishing, how many of these attacks are actual phishing, the variety of web locations where phishing occurs, and more, can help enterprises measure the efficiency of their cyber security solutions.

These numbers should drop over time, but that’s difficult  to track, particularly at large enterprises with thousands of incidents and reports. That’s why solutions that automate specific, and sometimes all of the cyber defense process – meaning these systems can natively track KPIs and save a lot of time and energy for beleaguered security operations center (SOC) teams.

Phishing is not a new threat type, but the emergence of advanced DeepSea Phishing techniques has created a new crisis for enterprises. Such is the challenging task of modern cybersecurity – white hat solutions must be as rapid, dynamic, determined, creative and unrelenting as the ever-evolving methods developed by the black hatters.

Enterprises must assume responsibility not only to provide top-notch cybersecurity education to their employees, but to invest in high-quality, quickly adaptable defense solutions as well. Fall short, and their vulnerabilities will grow as numerous as the fish in the sea.

About the essayist: Michael Aminov is  Co-Founder and Chief Architect of Perception Point, a supplier of phishing detection and remediation systems. He was formerly the Chief Architect of CyActive, which was acquired by Paypal; he is also a veteran of the Intelligence Corps of the Israel Defense Forces (IDF). He holds a BA in Computer Science from Ben-Gurion University of the Negev.

It is astounding that billions of online accounts have been breached over the past 18 years and that US consumer accounts are by far the most compromised.

Related: VPNs vs ZTNA

Now comes hard metrics quantifying the scope of this phenomenon. It’s in findings of a deep dive data analytics study led by Surfshark, a supplier of VPN services aimed at the consumer and SMB markets.

Surfshark partnered with a number of independent cybersecurity researchers to quantify the scope and pattern of data breaches over the past couple of decades. For this study, a data breach was defined as an intruder copying or leaking user data such as names, surnames, email addresses, passwords, etc. Much of the hard evidence came from correlating breached databases sitting in the open Internet.

Data scientists sorted through 27,000 leaked databases and created 5 billion combinations of data. Researchers could then sort those combinations based on specific data points, such as countries, and perform a statistical analysis of their findings.

The data analytics show:

•A total 2.3 billion U.S. accounts have been breached so far. The scale is so massive that it makes up 15 percent of all breached users globally since 2004 (the year data breaches became widespread)

•More than two thirds of American accounts are leaked with the password, putting breached users in danger of account takeover.

•Statistically, every US internet user has lost 27 data points on average to online breaches, most of them emails, passwords and usernames.

Essential security tool

Post Covid 19, these patterns are likely to become even more engrained as digitally remote work, education, healthcare and entertainment activities predominate. VPNs factor into this shift, as the burden on individual consumers to preserve privacy and secure their sensitive data is greater than ever.

VPNs have emerged as a powerful tool that consumers and SMBs have at their disposal to try to stay safe and private online in today’s risky online environment. In the enterprise space, VPNs are showing signs of becoming obsolete – to be superseded by cloud-centric Zero Trust Network Access (ZTNA) systems. Yet in the consumer and SMB space, VPNs role as an essential privacy and security tool for individuals and small companies appears to be solidifying.

I had the chance to discuss this with from Justas Pukys, product owner at Surfshark and a lecturer at Vilnius Tech University. Here are excerpts of our dialogue, edited for clarity and length:

LW: Is it safe to assume demand for consumer VPNs has spiked, post Covid19?

Pukys: VPN and other digital products’ demand tends to rise as people are forced to spend more time indoors, especially during colder months of the year. The COVID-19 pandemic has prolonged our screen times and shifted remote work opportunities. Thus, paired with the rise of cybercrime during that time, the situation has made cybersecurity products a necessity in many cases.

LW: What strategic shifts have VPN vendors been making, Covid19?

Pukys: From a strategic side, VPN suppliers made more appealing deals that would encourage users to use their product. Another aspect is to ensure that users may access all the content securely.

At Surfshark, we put a lot of focus on humanizing digital security to make it accessible to all. Since internet security has become a concern of all people and is no longer designated to a niche audience only, it has been our main strategy right from the beginning.

LW: Who would you personally rank in the Top 5 suppliers of VPN services servicing individual consumers?

Pukys: Without Surfshark being in 1st place, it would be: Nord VPN; Express VPN; Private Internet Access (PIA; ) Proton VPN.

LW: What differentiates the Top 5 consumer VPN suppliers; what’s distinctive about each one?

Pukys: Nord puts a lot of effort, in terms of advertising, to the gaming/streaming community. They also have other distinctive products like NordPass, Nord Locker or Nord Layer that’s focused towards the B2B layer, which make Nord a big security suite that can be used by everyone.

Express VPN focuses on simplicity and quality of a service; Proton VPN – aims to be second secure “Google Suite” with its other products, such asProtonMail, Proton Calendar, etc.; PIA suggests lots of customization for more geeky users.

LW: Can you generally frame the competitive dynamics?

Pukys: During the last few years, with the rise of cyber security threats and more people working from home due to Covid, VPN popularity grew quite a lot. There are lots of new VPN competitors that enter the market, so the competition was already quite big and it keeps getting bigger.

LW: How much pricing elasticity is there?

Pukys: If you mean VPN pricing between suppliers, the range is quite wide – from free VPN services to $20 per month. Depending on the pricing plans, the prices could be even bigger. That’s for the B2C users. Business-focused VPNs cost even more, depending on the size of the organization and users’ count that would use the product.

So, the user really has the ability to choose what best fits his pocket. Of course, quality always comes with a price, especially considering server infrastructure costs around the world and other operational expenses.

LW: What’s customer retention and switching like?

Pukys

Pukys: Customers always choose what fits their needs best. If you create a good product, people will love it and they will use it. If not, well, then they will go for whatever product that’s more appealing. That creates competition – ensuring that the user can get the best experience possible, which would bring the customer to you. We keep our retention rates optimal by ensuring that marketing promises and onboarding experience match to live up to customers’ expectations.

LW: Very generally, how should a consumer go about choosing which VPN to use?

Pukys: The user should know what he wants to use the VPN for. If he needs security and protection – he should research what protocols the VPN uses, how secure those protocols are, how the company treats the user’s data, etc. Or maybe the user needs to go into more deep technical stuff – then he should check if VPN has features like custom DNS or port forwarding features.

It all comes down to particular use cases, for which the user needs to do a little bit of research to find what fits his needs best.

LW: What role should we expect  VPNs to play, going forward, in the consumer space?

Pukys: According to various researches, with the rapid advancements of IT technologies there are more and more cyber security threats, for individuals and for companies as well. Our studies show this worrying trend in many technologically advanced countries, with the UK and Netherlands seeing around 40-50 percent YoY rise in cybercrime during 2021 alone.

For that reason, VPNs will get more and more important to keep peoples’ data and privacy secure.  Also, people are more aware of such threats than they were 3 or 5 years ago. And they care about that, they care about their data and their privacy. I think that in the future VPNs will be more or less a default feature for our computers or phones.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Gathering intelligence has always been a key tool for organisational decision making – understanding the external operating environment is the ‘101’ for business. How can you grasp the challenges and opportunities for your company without a deep understanding of all the contributing factors that make the company tick?

Related: We’re in the golden age of cyber espionage

Intelligence is required to support the evolving needs of business, providing information for decision makers throughout the company lifecycle – everything from entering and exiting markets to managing mature operations. At any point the external environment can throw a curve ball – new government regulations, changes in political and social dynamics, or trends in sustainability to name a few.

In our recent report Intelligent Business: 2022 Strategic Intelligence Report we asked 205 creators and consumers of intelligence within large organizations (i.e. with a turnover of over USD 250 million) about the importance of intelligence to their company. 65 percent said that strategic intelligence had grown in importance over the past five years.

And why? The top reason, chosen from a proved list of ten, was ‘increased cyber security risks’, followed by the related concern, ‘new and/or increased data privacy regulations’. Cyber security keeps the C-suite up at night and perhaps that’s no surprise.

Cyber in a silo?

Cyber attacks are crippling incidents that hurt immediately – by halting business, and continue to hurt into the longer term – by hitting company reputation. This concern isn’t new, there is wide understanding that when it comes to cyber incidents, it is about  ‘when’ not ‘if’, and all large companies will have cyber strategies in place.

Riani

However, in our research, Investing in Cyber Resilience (2021) we found that only 49 percent of companies have a fully implemented and rolled out cyber security strategy, indicating pervasive barriers to cyber strategy adoption. And who is creating and driving the cyber strategy? In traditional, siloed, organizational structures, collaboration between cyber functions and the rest of the business can be inhibited and an uphill struggle for wide understanding and adoption of cyber security.

Our research found that a key component in lifting these silos and gaining broader implementation was engagement at the very top. When organizations cite their board-level engagement in cyber strategy as ‘highly proactive’ then the implementation rates are significantly higher too.

Context of risk

Cyber security should also be viewed in a wider business context. The technical side of protecting a company from cyberattack is important, but taking a step back and considering the who and the why can add shape to one’s security strategy. And this is where strategic intelligence feeds into the cyber security puzzle.

The Ukraine-Russia war is a grim example of geopolitical risk intersecting with cyber security risk. In the months before the invasions, all the signs of imminent military action began to emerge, these red flags combined with Russia’s reputation as a leader in cyber threat activity should all raise the alert level for any companies exposed to Russian markets.

How would nation state actors respond to the war? Would this conflict spill into cyber space and what could that look like? In this context, geopolitical threat intelligence is a critical piece in understanding and planning for cyber security.

Risk, including cyber risk, cannot be viewed in isolation. The CEOs and senior leaders charged with navigating companies through the interdependencies need relevant, timely and actionable insights – the strategic intelligence that will complete the puzzle and support decision making.

About the essayist: Gala Riani is the head of strategic intelligence at S-RM a global intelligence and cyber security consultancy. Riani has experience as political advisor to Kurdistan Regional Government (KRG) and as the director on the Global Risk Analysis  at Control Risks. She has a BA from the University of Cambridge and an MSc from the London School of Economics.

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat.

Related: Deploying human sensors

Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say. This raises the concerns of corporate data security in remote working that still stand as a key challenge that organizations are trying to navigate, workforce productivity being the second.

Organizations need to have critical business data made available to the employees that work remotely- and this could include the devices carefully vetted and secured with corporate policies and provided by the organization, but could also include the devices that are not under the organization’s purview.

Fragmentation dilemma 

The modern employees demand flexibility and you simply can’t prevent employees from accessing work emails on their phones while they surf the beach or hike the mountains- nor does it add to your organization’s overall efficiency and productivity.

But this, along with the hugely fragmented devices and endpoints used in the virtual working environment adds to the security risks that can not only drain out the IT teams but also the CIOs to a great extent.

The associated challenges include the knowns- employees connecting to unknown, insecure networks, data sharing via non-work apps allowing hackers to make a grand entry but it also includes a set of unexpected threats that are unique to the remote working environment.

Kakarala

These include lurking devices (think home automation tools and other smart devices lying around in the same room your employee works or attends confidential meetings from) to sophisticated email phishing attacks using pseudo names of the CXOs (since, well everything is virtual).

Managing endpoints securely 

Another key aspect of endpoint management, that is not security, is ensuring that remote working adds value- both to the organization as well as the employees. Engaged employees are more productive and hence making sure that employees have access to up-to-date, relevant business resources at all times, are equipped with the right tools to get work done faster and can connect to their teams without glitches is not just essential, it is imperative.

As an organization, that’s quite a mountain of checkboxes to tick and can be challenging, especially when the IT team size is petite and the infrastructure cost has to be budgeted.

To address these concerns, organizations are actively engaging in conversations to make endpoint management smoother, more cost-effective and mutually beneficial.

It starts with educating the workforce (remote or otherwise) on security since your infrastructure and data are only as secure as your employees want them to be.

Tools and best practices

The next gradual step that organizations should take is accommodating BYOD to cut down on infrastructural costs while also enabling employees to leverage flexibility. When employees are empowered to use the device they love, it can be a game changer for their productivity.

Organizations can then seek out tools for driving innovation and engagement. This has to go beyond the conventional messaging platforms. A tool that can help employees quickly share, make calls, both video and voice, and also mark down the tasks they are working on can create a seamless engagement while effectively driving conversation and collaboration.

For SMBs or organizations that are just starting, this may seem overwhelming. This is also why looking for a solution with a holistic approach can be such a tipping point. Mobile device and endpoint management solutions are hence gaining rapid traction. It’s no longer the question of ‘whether’ organizations should opt for an MDM or not, but the question of ‘when’ and ‘how fast’.

Procuring an endpoint management solution is no longer difficult. Picking the right one that solves the business problem of your organization can be transformative. And not just that, a solution that can translate your concerns into scalable solutions, is customizable to suit your needs and yet is simple to use and is hard to find but not impossible.

About the essayist: Sriram Kakarala is the Vice President of Products at ProMobi Technologies. He is one of the innovative minds behind Scalefusion, mobile device and endpoint management solution for organizations.

Virtual Private Networks – VPNs – remain widely used in enterprise settings. Don’t expect them to disappear anytime soon.

This is so, despite the fact that the fundamental design of a VPN runs diametrically opposed to  zero trust security principles.

I had the chance to visit with David Holmes, network security analyst at Forrester, to learn more about how this dichotomy is playing out as companies accelerate their transition to cloud-centric networking.

Guest expert: David Holmes, Analyst for Zero Trust, Security and Risk, Forrester Research

VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe. VPNs verify once and that’s it.

Zero trust — and more specifically zero trust network access, or ZTNA — never trusts and always verifies. A user gets continually vetted, with only the necessary level of access granted, per device and per software application; and behaviors get continually analyzed to sniff out suspicious patterns.

Remote access is granted based on granular policies that take the least-privilege approach. For many reasons, and for most operating scenarios, ZTNA solutions makes more sense, going forward, than legacy VPN systems, Holmes told me. But that doesn’t mean VPN obsolescence is inevitable. To learn more, please give the accompanying Last Watchdog Fireside Chat podcast a listen.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)