Lou Covey, Author at Cyber Protection Magazine

a red security sign and a blue security sign

CISA is dead. Long live CISA?

Lou Covey February 5, 2026

The Cybersecurity Information Sharing Act (CISA) of 2015 expired January 30, 2026. Whether that means anything is debatable.

The 10-year old act facilitates sharing cyber threat information between the government and private sector organizations. Many security experts are unimpressed by how the act performed. Chaim Mazal, Chief AI and Security Officer at Gigamon said wasn’t a two-way street. Most of the sharing was done by private companies. There was little data shared by the government. As a result. Participation in the program cratered in the last two years.

“Allowing the law to lapse gives us the opportunity to reinvigorate the bidirectional transfer of information,” he predicted.

Scam bucket: Ticket fraud is for suckers

Lou Covey January 27, 2026

The Superbowl is a few days away, the Winter Olympics starts in February and the Summer Olympics is not far………more...

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

A world surrounded by disconnected data centers

Prediction 2026: Beginning of the end of the WWW

Lou Covey January 20, 2026

As the world stumbles head on into deglobalization we predict national sovereign clouds will replace international access to data. That is good news for in-country corporations and for security companies in specific fields. It may not be so good for large multinational tech firms and people living in authoritarian countries. It may also mean the end of the World Wide Web.

Sovereign clouds used to be referred as proprietary clouds to keep intellectual property (IP) secure. National sovereign clouds today are used to control access to citizens private data. For big tech, multiple governments require organizations to comply with data protection laws requiring specific data residency and management practices. National sovereign clouds facilitate that within the country but create significant complexity for multinational operations. Even within a specific politico-economic bloc like the EU, there are different regulations within the bloc for data security.

In a recent blog post, Cory Doctorow summed up the current business climate caused by geopolitical shifts, "There's finally political space to stop worrying about tariffs and reconsider anti-circumvention laws, to create disenshittification nations that stage raids on the most valuable lines of business of the most profitable companies in world history – Big Tech."

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

When predictions fail

Lou Covey December 15, 2025

It’s that time of year when the weather turns cold, shoppers obsess over gift ideas, and tech companies start pounding the inbox with predictions for the next year. But for Cyber Protection Magazine we collect them all through December and compile them in January. Today we will look back and see how we did on our predictions for 2025.

Usually, we do quite well. This year…not so good. It might be because we changed how we did our predictions In January 2025. We ran several prediction articles from various companies and hand-selected a few we thought we could agree with. That was a mistake.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Malicious actor considering his next act of dysinformation

Defining Dysinformation

Lou Covey November 20, 2025

Happy Holidays – our last issue of the year is out, and it’s all about Disinformation or, as we like to put it: Dysinformation.

Dysinformation is a scourge of society, fueled by social media and malicious actors, but you may not have heard the term spelled this way. Dysinformation simply means “damaging information.” It puts misinformation and disinformation in the same bucket, but what is the difference?

Disinformation

Disinformation is intentional. The authors know it is false and distribute it with the desire to defraud, destabilize and delegitimize issues and individuals. It is often defended as, “Hey, I’m just asking questions.” The first recorded instance of disinformation occurs in Genesis. After Eve explains to the serpent why she should not eat forbidden fruit, the serpent replies “Has God really said…?”

Disinformation authors do not need to prove an allegation. They just need to get a small credulous audience to wonder if what they say is true. If the allegation reflects a particular opinion of the audience, they are more likely to accept the allegation as true. Every piece of disinformation may contain an element of truth to establish the author’s qualifications, but the majority is sheer speculation.

Is cyber training worth the effort?

Lou Covey November 13, 2025

There has been a debate within the cybersecurity industry regarding cyber training effectiveness. On one side are tool providers who claim technology trumps training in securing data, networks, and people. On the other side is the $10-billion cyber training industry, growing at 20 percent per year. That says they must be doing something right.

The real answer is not black and white.
The naysayers point to a recent study done by UC San Diego of its own employee training program. The study said, “Cybersecurity training programs as implemented today by most large companies do little to reduce the risk that employees will fall for phishing scams.” It was a comprehensive study of more than 19,000 university and student employees concluded in the summer of 2025. Seems like a slam dunk, doesn’t it?
Not so fast.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

The problem with proxies

Lou Covey October 31, 2025

Proxies are absolutely crucial to the operation of the internet, but they also represent a clear and present danger to users. Finding that balance is pretty much a full-time job for cybersecurity. The recent Amazon Web Services (AWS) and Microsoft Azure outages are good examples of that.

Amazon explained the outage was caused by “failing intermediaries” monitoring system health, preventing proper traffic routing. Another word for intermediaries is “proxies”. When the monitoring subsystem malfunctioned, health check updates were not propagated properly, causing backend servers to appear offline even when they were active, which invalidated DNS lookups. This created a cascading failure.
Likewise, the Azure outage was caused by a misconfiguration of the proxy Front Door, a global entry point for content delivery network functionality, load balancing, and application acceleration.

How Proxies Function

When a user wants to access a website, the request goes to the proxy server instead of going directly to the internet. The proxy server receives the request, then forwards it to the target website. It modifies the request header to hide the user's original IP address.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Bolaji Ojo and renewed importance of the press

Lou Covey October 23, 2025

Technology journalism, like the rest of journalism,has struggled for most of the 21st century. The advent of AI generated content his restoring the value of professional journalists. It is crucial not just to democracies but to business success.

One of the most prolific and successful technology journalists is Bolaji Ojo. He has headed editorial efforts for the EETimes, AspenCore Media, the recently closed Ojo-Yoshida Report and the now-defunct EBN. Some of those titles may be foreign to people in the cybersecurity world, but not to executives in the electronics world that cybersecurity rests upon. Cyber Protection Magazine's chief editor talked with him this week.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Scam Bucket: The Docusign scam is back

Lou Covey October 16, 2025

For almost a decade and generally in the summer and early fall, email boxes get hit with several phishing attempts claiming to be from Docusign. This reporter received seven just in the past few weeks. It seems appropriate to give out a few tips about how to recognize them, avoid dealing with them and what you may have to do if you clicked on the link.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Gartner hype cycle shows generative AI well down the slope into the trough if disillusionment

Credibility and fortunes at risk with AI

Lou Covey October 8, 2025

The failure of the current iteration of generative AI to live up to its promises is putting severe strain on its credibility. A collapse could result in the destruction of personal wealth on a massive scale. While it is probably a given that the artificial intelligence (AI) industry is here to stay, questions are many. What form will survive, what will it really cost, and what is the near-term effect on other sectors like the cybersecurity industry?
There are more than 5,000 cybersecurity tool providers and thousands more MSSPs and all of them, in some form, are reliant on AI to some degree. Cybersecurity marketing, investment, and especially technology development could be a disastrous dependency… or not.
AI startup funding reached $333 billion in 2024 AI in 2024. Global venture capital funding for generative AI reached approximately $45 billion in 2024, from $24 billion in 2023 AI Investment Trends 2025. AI-related investments accounted for 33 percent of total investments into VC-backed companies in the U.S. This year, global venture capital investment in generative AI appears ready to dwarf those totals, with $49.2 billion in the first half of 2025. It is on track to exceed $100 billion this year .
The big knock on AI is the lack of an effective infrastructure to support the claims the AI companies are making on potential uses. In response, tech giants are making massive infrastructure investments: More than $300 billion has been invested this year on AI infrastructure tech megacaps plan to spend more than $300 billion in 2025 as AI race intensifies.