Author: Lou Covey

Reporter’s notebook: Taking a CNAPP

Cloud-native application protection platforms (CNAPP) emerged as an industry niche around 2021, when Gartner coined the term to describe to consolidate cloud‑security capabilities under a single term. The niche evolved as organizations adopted cloud-native technologies and needed integrated security solutions.

In short, CNAPP providers consolidate security and compliance into a unified platform to prevent misconfigurations as compliance requirements evolve. It provides real-time detection and response to threats across cloud workloads. It scans code under development for vulnerabilities preventing runtime issues. CNAPP follows and protects cloud-native applications from development to production.

Now it sounds like subscribing to a CNAPP tool set is an easy decision for application developers. That’s the easiest decision. It gets harder going forward.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...

DROP drops for consumer privacy

California this year launched an online site to put teeth into the 2023 California Delete Act. It could be the most powerful privacy tool consumers have ever had. It could also create havoc for the data broker and social media industries.

On January 1, the California Delete Request and Opt-out Platform (DROP) is an online tool allowing residents to remove and opt out of data collection. On the site, consumers enter personal identifiers, including phone numbers and email addresses currently in use. After submit the request, data brokers must process the deletion request within 45 days. The starting date, August 1, 2026, gives brokers the time to establish internal processes. People requesting the deletions can check their DROP status after that date to see if your data was deleted. They can add more information about themselves at any time. New data can take up to 90 days to process.

California’s Delete Act was a step forward, but lacked the mechanism to allow consumers to easily get their data removed. Instead of a single place, they contacted every company they knew carried their data and submitted a letter requesting deletion. But they had to know where that data was to issue a request, and they would never know if it had ever been deleted. The state also now offers a website allowing residents to know how many data brokers are collecting data.

Read more...

AI industry at a crossroads

The AI industry appears to be reaching a crossroads that will determine its future in the next two years. The only clear outcome is it will not be what it is now, nor what it is predicted to be.

Most doomsayers and cheerleaders largely agree on a single vision: The technology will destroy hundreds of thousands of jobs. Wealthy investors and captains of industry consider that a good thing and mumble about universal income legislation and Star-Trekkian futures. White-color workers and unions see the future less optimistically. But cooler heads see a precarious future. Those cooler heads include Anthropic’s Claude, OpenAI’s Chat GPT, and X.ai’s Grok. Cyber Protection Magazine talked to all three, and they all came up with four likely scenarios that may be brewing even as this article is read.

A security breach or a major AI system collapse.
Technical plateau causing diminishing returns on scalability.
Strict regulatory legislation that stifles innovation and makes development too expensive to pursue.
A significant economic downturn or massive market correction drying up capital investment.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

Vibe coding faces rough growing pains

Vibe coding (using LLMs to create computer code) was all the rage when 2025 began. By June, the bloom had fallen off the rose. Companies offering platforms and tools for the practice saw dramatic downturns in users. What happened? Evidence points to the traditional market practice of targeting early tech adopters.

Vibe coding was largely sold as a mean of improving efficiency professional coders and, as is their wont, professionals loved it for eliminating what they considered grunt work. But as the fad gained traction in the coding community, there was little evidence that it made coding any better, Rather, it made it possibly worse.

Illusions of efficiency

New studies showed any improvements in coding efficiency were illusions. While the coders assumed the tools made them as much as 50% more efficient, the reality is it made them, on average 19% slower. There were multiple reasons for the drag on efficiency. For one, professional coders know something about the issues of security, compliance, and quality control. LLCs don’t and neither do people without coding experience.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

CISA is dead. Long live CISA?

The Cybersecurity Information Sharing Act (CISA) of 2015 expired January 30, 2026. Whether that means anything is debatable.

The 10-year old act facilitates sharing cyber threat information between the government and private sector organizations. Many security experts are unimpressed by how the act performed. Chaim Mazal, Chief AI and Security Officer at Gigamon said wasn’t a two-way street. Most of the sharing was done by private companies. There was little data shared by the government. As a result. Participation in the program cratered in the last two years.

“Allowing the law to lapse gives us the opportunity to reinvigorate the bidirectional transfer of information,” he predicted.

Read more...

Prediction 2026: Beginning of the end of the WWW

As the world stumbles head on into deglobalization we predict national sovereign clouds will replace international access to data. That is good news for in-country corporations and for security companies in specific fields. It may not be so good for large multinational tech firms and people living in authoritarian countries. It may also mean the end of the World Wide Web.

Sovereign clouds used to be referred as proprietary clouds to keep intellectual property (IP) secure. National sovereign clouds today are used to control access to citizens private data. For big tech, multiple governments require organizations to comply with data protection laws requiring specific data residency and management practices. National sovereign clouds facilitate that within the country but create significant complexity for multinational operations. Even within a specific politico-economic bloc like the EU, there are different regulations within the bloc for data security.

In a recent blog post, Cory Doctorow summed up the current business climate caused by geopolitical shifts, "There's finally political space to stop worrying about tariffs and reconsider anti-circumvention laws, to create disenshittification nations that stage raids on the most valuable lines of business of the most profitable companies in world history – Big Tech."

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

When predictions fail

It’s that time of year when the weather turns cold, shoppers obsess over gift ideas, and tech companies start pounding the inbox with predictions for the next year. But for Cyber Protection Magazine we collect them all through December and compile them in January. Today we will look back and see how we did on our predictions for 2025.

Usually, we do quite well. This year…not so good. It might be because we changed how we did our predictions In January 2025. We ran several prediction articles from various companies and hand-selected a few we thought we could agree with. That was a mistake.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

Defining Dysinformation

Happy Holidays – our last issue of the year is out, and it’s all about Disinformation or, as we like to put it: Dysinformation.

Dysinformation is a scourge of society, fueled by social media and malicious actors, but you may not have heard the term spelled this way. Dysinformation simply means “damaging information.” It puts misinformation and disinformation in the same bucket, but what is the difference?

Disinformation

Disinformation is intentional. The authors know it is false and distribute it with the desire to defraud, destabilize and delegitimize issues and individuals. It is often defended as, “Hey, I’m just asking questions.” The first recorded instance of disinformation occurs in Genesis. After Eve explains to the serpent why she should not eat forbidden fruit, the serpent replies “Has God really said…?”

Disinformation authors do not need to prove an allegation. They just need to get a small credulous audience to wonder if what they say is true. If the allegation reflects a particular opinion of the audience, they are more likely to accept the allegation as true. Every piece of disinformation may contain an element of truth to establish the author’s qualifications, but the majority is sheer speculation.

Read more...

Is cyber training worth the effort?

There has been a debate within the cybersecurity industry regarding cyber training effectiveness. On one side are tool providers who claim technology trumps training in securing data, networks, and people. On the other side is the $10-billion cyber training industry, growing at 20 percent per year. That says they must be doing something right.

The real answer is not black and white.
The naysayers point to a recent study done by UC San Diego of its own employee training program. The study said, “Cybersecurity training programs as implemented today by most large companies do little to reduce the risk that employees will fall for phishing scams.” It was a comprehensive study of more than 19,000 university and student employees concluded in the summer of 2025. Seems like a slam dunk, doesn’t it?
Not so fast.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...