Author: Lou Covey

An encryption primer: Don’t wait

Encryption became a hot topic in the news in the past month. The United Kingdom, Sweden, France and the EU are considering requiring “back doors” to encryption protections. The “Signalgate” scandal in Washington, DC started most people asking, “What is this encryption stuff?” So we decided to provide a primer on the state of encryption today.

While the technology behind encryption is complex, it is not new. The basic algorithms have been with us for decades, silently running on devices and servers, invisible to the user. The purpose is basic: to keep data safe from prying eyes, like criminals and nation states.

Encryption is also a good way of saving money and not just in avoiding ransoms. Insurance companies often offer up to 15% premium discounts to businesses demonstrating strong security practices, including proper data encryption. Encryption significantly reduces the risk of data breaches and their associated costs.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...

AI bubble about to pop for cybersecurity?

As quickly as the artificial intelligence (AI) industry appeared, it may disappear just as quickly. That may have significant ramifications for cybersecurity, according to industry watchers, as the technology falls into the trough of disillusionment.

When OpenAI burst on the scene more than two years ago, Microsoft was a significant instigator in its growth and adoption. Microsoft invested billions in the not-for-profit enterprise for early access to cutting-edge AI technologies and helping accelerate OpenAI's research. It transformed its Azure cloud platform into a leading infrastructure provider for AI development, offering specialized hardware (like GPUs and TPUs) and services tailored for machine learning workloads. AI capabilities were embedded across its product suite, and Microsoft Research contributed significantly to AI advancement in computer vision, natural language processing, and deep learning.

All of that came with extreme demands on computing resources. Microsoft began a buying spree in data centers, both to secure resources and build new centers. They even entered into a deal to reopen the notorious Three Mile Island nuclear power plant.

Spree ends

That has all come to an end. As reported in Bloomberg last week, the company decided to scale back data center projects in the UK, Australia, and Indonesia. Data center development in Illinois, North Dakota, and Wisconsin is also canceled. All tolled, Microsoft has walked away from more than 2GW. That’s on top of the news that Microsoft had walked away from two data center projects in the US and Europe, piling on to a February announcement that it was canceling data center leases.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

Scam bucket: Tech support fraud

Dealing with wonky printers is a universal frustration. According to Gartner studies, printers are by far the biggest technology problem, racking up 50 percent of all technical support calls worldwide. And that makes them a very profitable scam.


Here’s how it works. You’re sitting at home and want to print out a bill, letter, or other document and the printer hangs up. The little wheel is just spinning and spinning. After multiple tries you decide to call tech support to fix the problem. After 2 hours of sitting listening to the same song, interrupted by the recorded voice telling you your “call is important,” you start surfing for some sort of help. Your results show three or four sites for printer support and a free chat service.

You click one of them, still waiting on your phone for help, and immediately get someone in the chatbot who is very helpful and asks if they can be connected to your computer to see what the problem is. In the hope of being freed from frustration you click on a link and suddenly your “savior” is moving around your computer downloading “the latest printer driver.” It is only much later that you find he has found your banking information and has sucked your account dry.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

EU’s DORA: Who will stand up for protection?

The EU's Digital Operational Resiliency Act (DORA) went live in January. This legislation's goals seem to conflict with the US administration’s willingness to ignore technology security standards. The question is: Who will stand up to protect corporate and consumer data?

DORA is highly targeted at the stability and resilience of the financial services sector. It ensures financial institutions can respond to, withstand, and recover from ICT-related threats and disruptions. It also requires robust strategies and policies to manage ICT risks in financial institutions.
Arnaud Treps, chief information security officer at Odaseva, said, “DORA is very different from previous regulation where you have to change where you operate. DORA is about having proper backups, the capability to restore quickly, and building redundancy.”

Europe takes the lead

But does the US rejecting data privacy regulation mean walling America off from the rest of the world? Meta has threatened to potentially limit

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

The case for insider-threat detection

An independent threat intelligence team warned the Treasury Department that representatives of Elon Musk's Department of Government Efficiency was a significant “insider threat.” The warning made the problem of insider threats a new worry for US citizens, sparking multiple discussions on social media. It also made a new case for technology that defended against the threat.

Insider threats are not the most common form of security weakness, but they are the hardest to defend against. Even if a company successfully screens out potential bad actors in the hiring process, they have to make sure who they hired is who shows up to get their security badge. And if they get past those two processes, there’s always the possibility of an unbalanced or angry employee bringing a firearm into the office to commit mayhem. Luckily there are technologies in place, such as advanced detection and response, identification validation, and AI-driven weapons detection available in the market.

Identifying the threat

According to the Verizon Data Breach Investigation report for 2024, 80 percent of breaches are based on social engineering and phishing making them the top attack vectors. However, the report said that 32 percent of breaches involving an insider are considered malicious. That is a cause for significant concern when hiring new workers. Identifying a potential threat is easier than repairing the damage it causes later.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...