EU Archives - Cyber Protection Magazine

AI industry at a crossroads

Lou Covey February 25, 2026

The AI industry appears to be reaching a crossroads that will determine its future in the next two years. The only clear outcome is it will not be what it is now, nor what it is predicted to be.

Most doomsayers and cheerleaders largely agree on a single vision: The technology will destroy hundreds of thousands of jobs. Wealthy investors and captains of industry consider that a good thing and mumble about universal income legislation and Star-Trekkian futures. White-color workers and unions see the future less optimistically. But cooler heads see a precarious future. Those cooler heads include Anthropic’s Claude, OpenAI’s Chat GPT, and X.ai’s Grok. Cyber Protection Magazine talked to all three, and they all came up with four likely scenarios that may be brewing even as this article is read.

A security breach or a major AI system collapse.
Technical plateau causing diminishing returns on scalability.
Strict regulatory legislation that stifles innovation and makes development too expensive to pursue.
A significant economic downturn or massive market correction drying up capital investment.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

EU’s DORA: Who will stand up for protection?

Lou Covey February 18, 2025

The EU's Digital Operational Resiliency Act (DORA) went live in January. This legislation's goals seem to conflict with the US administration’s willingness to ignore technology security standards. The question is: Who will stand up to protect corporate and consumer data?

DORA is highly targeted at the stability and resilience of the financial services sector. It ensures financial institutions can respond to, withstand, and recover from ICT-related threats and disruptions. It also requires robust strategies and policies to manage ICT risks in financial institutions.
Arnaud Treps, chief information security officer at Odaseva, said, “DORA is very different from previous regulation where you have to change where you operate. DORA is about having proper backups, the capability to restore quickly, and building redundancy.”

Europe takes the lead

But does the US rejecting data privacy regulation mean walling America off from the rest of the world? Meta has threatened to potentially limit

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Election security worldwide

Editors Desk September 30, 2024

The question of election fraud is a worldwide concern, but the use of electronic voting machines introduced shortly after the………more...

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Criminal using a device to make a deep fake voice call

Telemarketers are hated, but loved by criminals and entrepreneurs

Lou Covey September 24, 2024

Everyone hates telemarketers. If they can convince one or two suckers out of a thousand call to sign up, it………more...

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Security expert collapsed from exhastion

Breach fatigue or too big to fail?

Lou Covey September 19, 2024

As we prepare for the annual October holiday season with Cybersecurity Awareness Month there is an important question to ask. Are we as a society at the point of fatigue over every new security breach, or are the companies getting breached just too big to fail?

Security giant Fortinet announced a data breach this week that was remarkable in two ways. One was how small the breach was (less than 500GB) Two was how calm Fortinet seemed to be about. Security gadfly Dr. Chase Cunningham posted a flippant comment about the breach on Linkedin, encouraging his followers to “buy on the breach.” He pointed out that with big public companies, in security or not, generally take a hit on their stock for a day or two after a breach, but the stock rises to new highs as the dust clears. And no one seems to care about the downstream customers whose data might have been stolen.

A 2010 study published in the Journal of Cost Management concluded that a company could be more profitable if it annoyed unhappy customers more than they already were. The success of that strategy increased with the size of the company, according to the study, and when there were fewer competitors for a customer to turn to.

The reasons for the success were simple. If a pissed off customer decided to go a smaller provider, there were always new customers who signed up, simply because they were the biggest. If there were no smaller competitors, the customer never went away. In the process, the offending company rarely has to pay out to make the customer whole. The study pointed our that companies like United Airlines have notoriously bad customer service, but they rarely lose market share because of it.

Kevin Szczepanski, co-chair of Barclay Damon's Data Security, is much more forgiving

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

The CISO’s Myopia

Jordan Bonagura September 17, 2024

Fifteen years ago, I wrote an article entitled “The CSO’s Myopia.”…

Getting serious about PQC

Lou Covey September 12, 2024

t seems like everyone should be concerned, based on the level of urgency the companies present, but in the end, no one has yet built a quantum computer capable of breaking even the most standard 256-bit encryption. To that statement, the industry responds with, “Yet.”

This year, however, the National Institute of Standards and Technology (NIST) issued the first, approved algorithm standards to produce encryptions capable of fighting off quantum computing attacks. So we thought it would be a good idea to put together a batch of experts to explain why the rest of us should care.

The invitation was put out to a dozen experts in the PQC industry, but also to the companies tasked with implementing their products into the internet. Unfortunately, none of the PQC companies ended up accepting the invitation when they learned they would on the same platform discussing their approaches. But we did get acceptances from representatives from the other group. Our final panel was Karl Holqvist, CEO of of Lastwall;; Tim Hollebeek, industry strategist for Digicert; and Murali Palanisamy, chief solutions officer of AppviewX.

The three companies both compete with and complement each other services, but all were active in the development of the standards with NIST. Our conversation is available on our podcast Crucial Tech.

However, there are still questions regarding the urgency, timing, and whether the introduction of quantum computing on an encryption-busting level is even possible in the near future.

The rest of this story is available with a subscription only.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

a man wearing a white and black boxing glove

How Breach and Attack Simulation (BAS) Enhances Robust Cybersecurity Practices

Editors Desk September 10, 2024

Traditional methods of safeguarding information assets have become insufficient in today’s world of advanced cybercrime strategies. A more proactive approach is needed. This article explains the concept of breach and attack simulation (BAS).

Crossing the Compliance Chasm

Tarique Mustafa August 22, 2024

There is a wide gap between regulatory compliance mandates and practical implementation and enforcement that I like to call the “Compliance Chasm”. That chasm is defined by the activity to protect consumers and consideration for the economic and operational impact on business enterprises. Finding that balance requires thought, not the more popular whack-a-mole enterprise strategy that reacts to new compliance mandates.

The frequency and size of regulatory fines are rising for non-compliance. In January 2023, Meta was fined $418 million for GDPR violations by Meta properties’ Facebook and Instagram. Ireland’s Data Protection Commission follows up in May that same year with a $1.3 billion fine for additional violations. And those were just the latest fines imposed on web giants, that also included Google and Amazon.

The targets of those fines might be justified in saying compliance is an impossible task. By 2025 the volume of data/information created, captured, copied, and consumed worldwide is forecast to reach 181 zettabytes. Nearly 80% of companies estimate that 50%-90% of their data is unstructured text, video, audio, web server logs, or social media activities.

Security concerns reach beyond CISOs

Lou Covey August 14, 2024

The English riots this past week provide a Dickensian “best of times…worst of times.” context to politics in the United Kingdom and possibly the United States later this year. The UK has had a significant political shift in leadership that brought relief to the majority of that countries citizens (the best) but also encouraged the minority opinion to lash out with provocation from domestic actors and foreign states (the worst). This highlight the fact that digital security concerns reaches far beyond the confines of corporate CISO offices.

The rioters are extreme anti-immigration nationalists whipped up by false information regarding the stabbing of several young children and adults at a dance recital in Southport, a town just north of Wales. The disinformation came from several sources but is primarily coming through a Russian-linked website posing as a legitimate American news organization. The claim was meanwhile amplified up by far-right figures Tommy Robinson and Andrew Tate. Robinson was arrested under anti-terrorism laws but is out on bail has been vacationing in Europe. He is still spreading disinformation. Tate is currently under “judicial supervision” for rape and human trafficking charges. X owner Elon Musk has also participated personally in sewing the discord.

Foreign interference grows

Meanwhile, open source intelligence monitored by companies like Zero Fox and Fletch have identified efforts by North Korea and Russia to interfere in elections of Western countries including Germany and the United States. Zero Fox said, “The Telegram-based bot service IntelFetch had been aggregating compromised credentials linked to the Democratic National Committee (DNC) and their websites. This data, primarily sourced from botnet logs and third-party breaches, includes sensitive information such as login credentials for party members and delegates. This breach poses a significant risk of unauthorized access and potential disruptions to the convention.”

Zero Fox said the DNC had been alerted several weeks ago and that the weaknesses fixed. The DNC Convention is set to begin August 19 and Zero Fox was planning on announcing their findings that day to boost their profile.