Cyber Protection Magazine

The online magazine for cybersecurity and data protection

Podcasts

In his podcast series “Crucial Tech”, our correspondent from Silicon Valley, Lou Covey, explores and explains trending cybersecurity topics in detail. And if he can’t explain it, his guests most definitely can. 

We’re happy to feature this series here at Cyber Protection Magazine. Enjoy this series of podcast – and make sure to check back regularly for the latest episode.

General Podcasts 

New engineering discipline predicted for 2022

Editors Desk
Podcasts 

Fletch provides an early Christmas gift

Editors Desk
General Podcasts 

Mozilla wants to show you where “Privacy is Not Included”

Editors Desk

How security researchers are fueling cybercrime, and more from Black Hat 2021

I attended Black Hat 2021 virtually again this year and wrap it up in this grab bag of issues including #AI ethics, #cybercrime legislation, #ransomware growth and control, and building #cybersecurity community to compact the organization of cybercrime. Grab a coffee and take 25 minutes to get up to speed.

Have we reached Peak ransomware? George Finney says, probably not

I interviewed George Finney, chief information security officer for Southern Methodist University, a couple of weeks ago for a Cyber Protection Magazine article about the state of ransomware. It wasn't encouraging. But George is a very nice guy who also helps people and companies get their act together regarding good security practices. The entire conversation was illuminating, even though I had to do it over my iPad due to a tech glitch. Ah the modern digital age....

A look inside the editorial process of Cyber Protection Magazine

For a journalist to decide what to cover and when takes some discussion and this week we decided to do our editorial meeting in a public setting so you can see how we pick what to report. In this episode, Joe Basques, Patrick Boch and Lou Covey look at the changing paradigm of Ransomware, the ethics of paying ransoms, Webscraping, Amazon Sidewalk and the state of security jobs.

Special episode: Revital Libfrand of OdiX on tech opportunities for women

This week the WomenTech Global Conference (#WTGC2021 ) is happening on the web and we thought it would be a good idea to interview a leader in the security industry, Revital Libfran of OdiX about her career and opportunities in #cybersecurity. Plus it gives us a chance to plug this great conference. Sign up at www.womentech.net and learn more.

Hacking is not spoofing, plus a case study

I had two conversations this week about spoofing attempts that turned into educational moments. There will be more to learn here at Cyberprotection-magazine.com but this revealed a lot.

It's Earth Day. Are your batteries exploding?

Lithium-ion batteries are in almost all electronics, all electric vehicles and are expanding through the power grids worldwide to store energy during system outages. They are crucial to continued operation of “green” data centers. When you talk about renewable energy, you have to talk about where lithium-ion batteries fit in the discussion. That’s not necessarily a good thing. Lithium-ion technology is fraught with social, environmental, and security downsides. Forced child labor, the lack of effective recyclability, potential poisonous fires and explosions and complex, imminently hackable control systems are all aspects of the industry that just won’t be going away soon. But there is hope. There are alternatives. This is the subject of this episode of Crucial Tech. We talk to Jack Pouchet, Vice President of marketing for Natron Energy, a company manufacturing a sodium-ion battery that lacks all the downsides of its lithium cousin and offers significant upsides that we need. The good news is that it looks like this technology will be going into large-scale production just before the Lithium-ion technology collapses under its own weight.

Supply chain headaches abound along with potential fixes

This interview with Warren Savage, guest researcher at the University of Maryland in IoT security, is a follow up to an interview I did with him last year at the @DesignCon conference in Santa Clara. In the interview and his keynote at the show, he talked about how vulnerable the electronics supply chain was. A year later we are stuck in a semiconductor supply chain slowdown and one of the reasons is the inability to secure it. Things haven't gotten much better but Savage sees progress. This is part two of a series on supply chain.

Boring technology can be the most important to understand

We talk to Harry Haramis, GM of Prime Key, about public key infrastructure (PKI) and certificate authority (CA), which may be the most boring technologies you come in contact with, but are foundational to keeping you secure on the internet and even in your car. The problem is that few companies will let you know what they are doing about managing those things and if it is done badly, you are screwed. Time to start tasing questions.

CDR: another security acronymn that you need in your arsenal

Securing an organization's data isn't easy, or cheap, but relatively tiny section of the cyber-protection industry, known as content disarm and reconstruction (CDR) might be a solid beginning. If only they would spend enough on marketing to build awareness. We open the fourth season on Crucial tech with Taeil Goh, CTO of OPSWAT, about his companies threat detection and removal technology and why he ain't rich yet.

The launch of Cyber Protection Magazine

Season 3 concludes with Joe Basques interviews Lou Covey and Patrick Boch, co-editors of the recently launched Cyber Protection Magazine, an international joint project between the Footwasher Media in the US and Fabogi in Germany. The new publication will focus on practical implementation of cybersecurity for businessmen and the non-technical among us.

Stupid Stuff in Tech

Technology has a lot of wondrous things going on but it has it’s fair share of stupid things as well. We took a moment to look at four of the more stupid things in tech of the past two weeks in the new year.

Airgap Networks: an absolute defense?

We talk to a lot of companies developing digital security devices and systems. Virus scans catch about 50 percent of the attacks but don't stop them from happening. Network solutions are too expensive and do little to protect against people doing stupid things behind the firewall. It has really seemed hopeless for a while and very frustrating. Then we ran across Airgap.io It's affordable, scalable, and it stops ransomware from spreading throughout all connected devices in the network.

Phisihing threatens US elections

Between January and August 2020, The number of phishing sites detected by Google rose by more than 200,000 to 1,892,980.
“When you get that all too familiar barrage of spam emails, social engineers are betting that if you’re a MAGA supporter who received spoofed emails pitching progressive candidates or causes, you’ll click unsubscribe ,” says Adam Levin, founder of Cyberscout. Levin explained that the emails are rigged to download malware, ransomware, or access your accounts when you click unsubscribe." The dramatic increase is giving rise to an entire sub-industry dedicated to zero-trust technologies that are slowly coming to market. Maybe too slowly for the 2020 election cycle. We talked to two of them: Zero Fox and Airgap Networks

BlackHat wrap up, Part 1: How hostile states are hacking elections

Our first re-run of the season is going back to our report on election hacking, a two-parter, that doesn't dwell on the technology of elections as much as how they can be influenced. For several years we have heard about how technologically vulnerable our elections systems are, but it turns out that physically hacking a system is a lot harder and yields insignificant fruit in national elections. It is much easier to sway voters with disinformation.

Apple's porn scan is bad, unless you think it is good

The term “slippery slope” is applied to a lot of hypothetical outcomes of everything from legislation to technology. In the case of Apple monitoring the use of products and services for distributing child pornography it appears there are more than one or those lubricated hillsides. At Cyber Protection Magazine we are internally debating the benefit/risk ratio of this decision and decided to air our thoughts in real time in this episode of Crucial Tech. US editor Lou Covey thinks the GDPR, CCPA and a host of other potential legislation has already begun a slide toward government control of technology. On the other hand, EU editor Patrick Boch thinks Apple’s decision in the impetus. In either case, one has to decide whether making it difficult for child abusers to pursue their kink is worth the potential loss of privacy, or if privacy is an absolute right.

Search for the Holy Grail in Security: Penetration Testing with Ronin-Pentest

This episode of Crucial Tech is the beginning of a search for Holy Grail of cybersecurity: Products and services that actually make us safer without breaking the budget. There is no one company that delivers everything, but we found one that provides the crucial service of penetration testing that can give a small business a starting point for securing their data with both automated tools and enhanced with professional services cost below $100. Ronin Pentest offers an automated, web-based tool that can be used by anyone to go through the top 10 vulnerabilities as listed by the Open Web Application Security Project (OWASP).

That time when the business world got serious about cybercrime

Cybercrime has been with us for a while, but the business world saw it as a minor annoyance. Luckily, the criminal world kept the cost low, requiring small ransom amounts and cash cards as a delivery mechanism. #Cryptocurrency kicked the demands up because it was easier to demand more money and easier to hide the money trail. Big ransomware demands hit the news and infrastructure was threatened. But in 2020 and 2021, law enforcement figured out some ways to track those criminals down. Extraditions began and ransoms were recovered. The gloves are coming off and CEOs find themselves squarely in the crosshairs of regulators and stakeholders along with the criminals. In September 2020, Gartner Research predicted that CEOs would be held criminally and fiscally liable for cyberattacks that harmed people physically if the company had not taken basic precautions to prevent it. We talk with Mathieu Gorge, CEO of VigiTrust and author of the Cyber Elephant in the Boardroom, about what CEOs need to be investing in to keep themselves out of jail.

Truth in marketing: It doesn't have to be that hard

After several decades working in and with marketing professionals we've learned a couple of things about how marketing is done. One of the more important lessons is that marketers make their jobs much harder than it needs to be. And maybe one of the worst offenders is in the world of #cybersecurity. Patrick Boch, my cofounder of Cyber Protection Magazine, share some of our frustrations insights on how companies can promote their products and services more effectively. It really isn't that hard.

How I learned to fear my computer and ignore the bomb

The potential of nuclear warfare is being eclipsed by the potential of cyber warfare as the ender of civilization, so I guess their is that upside. No, seriously, it's becoming apparent to rogue nations that cyber warfare is more effective, cheaper and has less chance for retaliation than a nuclear strike. We talk to cyber warfare experience Pano Yannakogeorgos from New York University about the potential devastation from cyber attack.

The massive upside of Apple's transparent tracking feature

When you peel back all the layers, digital marketing and consumer tracking on social media apps presents the most significant security flaw in our digital world. Apple's giving individual IoS users control over that decision is a big step forward into making us all safer. It also removes a lot of the hype and fraud that comes from unrestricted tracking. Joe Basques and Lou Covey answer a user question about the significance of the new feature.

The year we became painfully aware of the supply chain

2021 is quickly becoming the year we realize that supply chains are what make the developed world. SolarWinds, the Suez Canal, the worldwide semiconductor shortage, and the “snowpocalypse” in Texas has shown us that one glitch can wipe out our standard of living for weeks, months and years. With that in mind we start a series of podcasts and articles in cyberprotection-magazine.com on the supply chain, with special focus on semiconductor security. Stay until the end. You will learn something and get pissed off.

Cyber insurance may be a good idea... or not

We started looking into insurance coverage for cyber attacks a few weeks ago and contacted analyst Maxine Holt of Omdia about it. And then more questions came after the talk. So this episode is a part of additional coverage you will see in Cyber Protection Magazine and additional podcasts. It's the complex, but we are going to try to make it understandable.

California small business grant program is a security nightmare

If you are a small business hoping for a grant from California to stay alive during the COVID-19 lockdown, you need to listen to this podcast. The state has chosen to work with third-party financial institutions to transfer the funds to banks, but those organizations are asking applicants to violate basic good practices for maintaining security. Moreover, some business banks have internal security mechanisms that prevent the connections being made between the state and the banks. You can do this safely, but you need to take precautions. We give your those precautions in this podcast.

Human Error can still Defeat Cybersecurity tech

As soon as the SolarWinds breach hit the news, press releases started pouring out of the cyber security industry with claims that their products or services would have prevented the breach, but talking to people in the trenches, that is a dangerous claim to believe. The truth is, human error and intention can defeat any security protocol or technology. We talked to Matthew Rosenquist and Steve Hanna about the only way to deal with security: vigilance.

Sometimes, a digital breach just isn't your fault

Even the most security-conscious people and organizations get hacked, so it's not always something you can stop. We go back to talk with #Sectigo's VP of IoT security, Alan Grau to talk about how a security training from got hacked through a common phishing scam, how deep the flaws in our technology are and finally, how Sectigo is helping companies make secure technology.

Quantum computing is a security nightmare, but making it safe is a priority for Sectigo

Some people think quantum computers are mostly hype. They are. We won't see them come into real use for a decade. In the meantime, people are freaking out over how they can be used to makes us all less safe. The good news is some companies, like Sectigo, are working on ways to make sure we are all safe when they actually become a reality. So grab a coffee and listen to our take on quantum computer security.

BlackHat wrap up, Part 2: How foreign elections are being hacked

In our last episode we reported on presentations at BlackHat USA 2020 about election interference. In this second part, we look specifically at the Russian and Chinese approaches to disinformation campaigns and how it is less technology hacking and more about strategic use of social media.

The vulnerability of the internet of things

The Internet of Things (IoT) is growing faster than the original internet. Cisco Systems predicts that internet-connected devices will represent 75 percent of all the internet traffic in less than 10 years, and Gartner predicts that there will be five times more IoT devices in use than there are people on the planet. But more than 90 percent of all those devices are easily hackable and will remain so for the foreseeable future. There are some companies working hard to fix the problem but until manufacturers decide to start designing for security, it's going to be a long road, indeed.