Cyber Defense Emagazine November 2017

Cyber Defense eMagazine – September 2017 Edition
1
Copyright © Cyber Defense Magazine, All rights reserved worldwide
CONTENTS
CONGRATULATIONS TO THE CYBER SECURITY LEADERS OF 2017 6
BRAZILIAN "CAR WASH" TASK FORCE: CYBER SECURITY LESSONS 15
WHAT IS OLD IS NEW AGAIN 17
HOME OFFICE CYBER PROTECTIONS 19
MALVERTISING - ADVERTISING, BUT WITH A HOOK THAT HURTS, AND HURTS AGAIN
22
SEEING AROUND CORNERS: OPERATIVELY-SOURCED INTEL PREDICTED A

RANSOMWARE OUTBREAK 24
LACK OF INFOSEC & DEVSECOPS 26
HOW TO BECOME A CYBER SECURITY PROFESSIONAL 28
DOES YOUR COMPANY HAVE ADEQUATE SECURITY PROGRAMS IN THE ERA OF

CYBER ATTACKS? 31
CREEP HUNTERS CANADA SOCIETY 34
HOW TO MAKE NOTPETYA NOT YOUR PROBLEM 35
VPN: DO YOU REALLY NEED IT? THIS WILL HELP YOU DECIDE! 37
RANSOMWARE: NOTHING TO SNEEZE AT 40
SURVEYING ANTI-PHISHING STANDARDS – PART 2 42
COULD YOUR REACTIVE CYBER SECURITY APPROACH PUT YOU OUT OF BUSINESS?
44
HOW TO DEFEND YOUR BUSINESS AGAINST A RANSOM DRIVEN DDOS ATTACK 48
Cyber Defense eMagazine – November 2017 Edition

2
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.
SECURING THE CONNECTED AND AUTONOMOUS VEHICLE 51
3 STEPS TO CREATE A CULTURE OF CYBERSECURITY 53
THE CRITICAL DIFFERENCES BETWEEN SECURITY ORCHESTRATION AND

INTELLIGENT AUTOMATION 55
BUSINESS EMAIL COMPROMISE (BEC) IN FULL FORCE & EFFECT 59
9 WAYS CEOS CAN PROMOTE CYBERSECURITY 61
MEASURING SUCCESS IN CYBER SECURITY 65
ENHANCE CYBER THREAT HUNTING THROUGH OPTICAL NETWORK ANALYTICS 67
DIGITAL CERTIFICATES 70
A NEW APPROACH TO HARNESSING MACHINE LEARNING FOR SECURITY 73
CYBER RESILIENCE IN 2018: WHAT TO WATCH 76
‘TIS THE SEASON TO PREPARE YOUR E-COMMERCE BUSINESS TO EFFECTIVELY

FIGHT FRAUD 78
BIOMETRIC BEST PRACTICES 80
WHY YOU NEED A GOOD HEAD-HUNTER TO HELP FIGHT CYBER CRIME 82
IDENTITY THEFT RISK MANAGEMENT AND CYBER-SECURITY: CONNECTING THE

DOTS 84
TOP TWENTY INFOSEC OPEN SOURCES 101
JOB OPPORTUNITIES 101
FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL 111

3
FROM THE EDITOR’S DESK
CYBER DEFENSE eMAGAZINE
Dear Readers,
Published monthly by Cyber Defense Magazine
and distributed electronically via opt-in Email,
By the time you read this, HTML, PDF and Online Flipbook formats.
there will have been a huge PRESIDENT

Stevin Miliefsky
burst in cybercrime during stevinv@cyberdefensemagazine.com
EDITOR
“Black Friday” and “Cyber Pierluigi Paganini, CEH
Monday” – two huge retail Pierluigi.paganini@cyberdefensemagazine.com
days where more than 150m Americans are online ADVERTISING
Sarah Brandow
shopping. We’ll of course keep you informed of the sarahb@cyberdefensemagazine.com
latest wave of cybercrime on our home and news Interested in writing for us:
marketing@cyberdefensemagazine.com
pages. We’re thrilled to continue covering the fifty
CONTACT US:
cyber security leaders of 2017 in this edition and some Cyber Defense Magazine
Toll Free: +1-800-518-5248
powerful topics including how to beat ransomware. Fax: +1-702-703-5505
SKYPE: cyber.defense
http://www.cyberdefensemagazine.com
Also, we’re launching our InfoSec Innovators Awards
Copyright (C) 2017, Cyber Defense Magazine, a
for 2018 which will be given out during the RSA division of STEVEN G. SAMUELS LLC
848 N. Rainbow Blvd. #4496, Las Vegas, NV
Conference 2018 in San Francisco, California. We’re 89107.
EIN: 454-18-8465, DUNS# 078358935.
heading into our sixth year of CDM and we’ve taken in All rights reserved worldwide.
a lot of great ideas from sponsors, readers, partners FOUNDER & PUBLISHER
Gary S. Miliefsky, CISSP®
and our writing team so you’ll continue to see
improvements and changes as we grow. We have
some amazing writers covering incredibly important
topics and It’s always free so tell your friends to
subscribe. Spread the word, with our appreciation.
To our faithful readers,

Learn more about our founder at:
http://www.cyberdefensemagazine.com/about-
Pierluigi Paganini our-founder/
Providing free information, best practices, tips

and techniques on cybersecurity since 2012,
Editor-in-Chief, CDM Cyber Defense magazine is your go-to-source
for Information Security.

4
5
CONGRATULATIONS TO THE CYBER
SECURITY LEADERS OF 2017
Apcon “Apcon offers state of the art network tapping and

failover technology that should be at the heart of
every IT security team’s portfolio”
Aperio Aperio systems innovative Data Forgery

Protection™ (DFP) Technology provides the last line
of defense for protecting industrial control systems
and increasing resilience against cyberattacks”
Attivo Networks “Attivo Networks changes the game on the

modern-day human attacker leveraging advanced
deception technology and traps designed to
deceive attackers into revealing themselves. It’s
truly impressive”
Barkly “The Barkly Endpoint Protection Platform blocks

today’s most sophisticated attacks without adding
complexity. It’s an incredibly powerful endpoint
protecton tool for your arsenal”

6
Belarc “The Belarc products take software licensing,
network, asset and configuration management to a
new level”
BUFFERZONE “The BUFFERZONE solution is a unique, transparent

Security virtual container that protects any application that
you define as insecure including web browsers,
email, Skype, FTP and even removable storage. It’s
an impressive solution to help get one step ahead
of the next threat”
Chaitin Tech. “Chaitin Tech Safeline is an innovative Web

Application Firewall worthy of serious
consideration”
Coalfire “Coalfire is the cybersecurity advisor that helps

private and public sector organizations avert
threats, close gaps, and effectively manage risk”
Cronus Cyber “Cronus CyBot is the world’s first patented

automated pen testing solution and we applaud
them for turning this heavy lifting process into a
point and click event”
Cyber Observer “Cyber Observer is a high-level management &

awareness software solution designed for CISOs,
CIOs, SOC & Senior IT managers to specifically
address their pain points, delivering comprehensive
and near-real time understanding into the posture
and maturity of their entire cybersecurity

7
ecosystem”
CyberSift “CyberSift allows you to leverage your existing

security deployments while applying Artificial
Intelligence to reduce detection times and is easily
deployed on premise or in the cloud”
CyberVista “CyberVista delivers comprehensive, well

structured training for boards and executives so
they can begin to think critically about the
significant cyber issues facing their organizations”
Cylance “It’s time we go beyond traditional antivirus to fight

ransomware, advanced threats, fileless malware
and malicious documents – enter Cylance with
powerful artificial intelligence to help solve
endpoint security risks”
DarkOwl “DarkOwl’s data platform allows companies to see

in real-time the theft, breach, or other compromise
of their proprietary data on the darknet”
EdgeWave “EdgeWave reduces the risk of fraudsters stealing

your customer identities by continuous online id
verification using behavioral intelligence”
Edgewise “Edgewise Networks is a leader at trusted

Networks application networking by protecting application
workloads with machine learning based network
security which can even stop the most advanced
lateral movement of malicious actors “

8
Egress “Egress solves the data security issue for file,
workspace and email to protect shared information
throughout the data lifecycle”
Erkios “Erkios Systems delivers an innovative solution to

physically protect hardware ports on a critical
infrastructure device while providing auditing
capabilities through the logging, monitoring and
alerting”
Exabeam “Exabeam’s machine learning for advanced threat

detection is a powerful cyber defense weapon for
an cyber defense and incident response arsenal”
Fenror7 “Fenror7 uses a brilliant model of time-based

security to reduce TTD (Time To Detection) of
hackers,malwares and APTs in enterprises and
organizations by 90%, which is a breakthrough in
our industry”
FFRI “FFRI delivers one of the most innovative, light-

weight and powerful multi-layered endpoint
security solutions that actually works. It’s brilliant”
HackerArsenal “HackerArsenal’s tiny WiMonitor device makes Wi-

Fi penetration testing and packet sniffing incredibly
fast and easy”

9
Indegy “The Indegy platform secures Industrial control
systems (ICS) networks with real-time situational
awareness effective security and change
management policies to prevent unauthorized
activities on critical infrastructure”
Inky “Inky’s Phish Fence is one of the most advanced

anti-phishing solutions on the marketplace. Most
attacks are delivered by spear phishing and Inky is
one step ahead of these new threats”
Jumio “Jumio delivers the next-generation in digital ID

verification designed to help businesses reduce
fraud in an innovative, cost-effective solution”
KnowBe4 “KnowBe4 is a very powerful and popular

integrated platform for awareness training
combined with simulated phishing attacks”
LastLine “Lastline Breach Defender is a breach protection

system that uniquely provides a dynamic blueprint
of a breach as it unfolds in your network. This
blueprint provides your security teams with
complete breach visibility, displaying movement of
the attack across your network.”
HelpSystems “We’re extremely impressed with the GoAnywhere

managed file transfer solution which enables
organizations to automate, secure and audit all of
their file transfers from a single, centralized
location”

10
MindedSecurity “Minded Security helps businesses and
organizations to build secure products and services
both in the web on the server side as well as on the
client”
Mon-K “Secure-K Enterprise is a revolutionary encrypted

Secure Operating System tuned for enterprise
compliance and fitted in a robust USB body for data
protection, privacy and security. Very impressive”
Nehemiah “NehemiahSecurity enables near real-time

Security situational awareness of the entire IT environment
and the state of the organization’s risk posture and
defenses, including the exploitability of its critical
business systems”
NuData “NuData reduces the risk of fraudsters stealing your

customer identities by continuous online id
verification using behavioral intelligence”
Nyotron “Nyotron’s threat-agnostic defense finds threats

that traditional endpoint protection solutions
cannot detect, letting you secure the data on your
endpoints and critical systems and closing major
security gaps”
PacketSled “PacketSled delivers real-time, continuous

monintoring for advanced threats and policy
violations missed by other defenses, then analyze
and remediate in record time”

11
PerimeterX “PerimeterX prevents automated attacks by
detecting and protecting against malicious web
behavior. By analyzing the behavior of humans,
applications and networks, PerimeterX catches in
real-time automated attacks with unparalleled
accuracy”
PFPCyber “Power Fingerprinting (PFP) is a unique approach to

cybersecurity that utilizes analog signals (AC, DC,
EMI) to detect whenever unauthorized
modifications have compromised the integrity of an
electronic system. It’s brilliant”
PlainID “PlainID offers a simple and intuitive way for fast-

paced organizations to create and manage their
authorization policies with best practices in policy-
based access control”
Qualys “Qualys delivers one of the most robust and cost-

effective vulnerability management and
compliance solutions available on the marketplace
today”
Remediant “Remediant’s SecureONE provides agentless

continuous monitoring & protection at scale
for privileged/service accounts. Reduce the time
required to implement and operate a “zero trust”
access model. Couple two-factor authentication
with “Just In Time Administration” for protection
against stolen administrator credentials used to
exfiltrate sensitive data.”
ReversingLabs “ReversingLabs delivers in-depth file analysis with

distributed YARA rules processing for identifying
threats and data spillage, policy violations and

12
regulatory risks in real-time”
RiskVision “RiskVision is the world’s first enterprise risk

intelligence platforms specifically designed to help
organizations throughout the entire risk
management lifecycle”
(S4URC) “MalwarePot uses android container technology to

build an environment similar to the real device to
MalwarePot deliver in-depth analysis results for the most
advance android malware”
Scram Software “Scram Software secures the cloud against a

constant barrage of hacking, intellectual property
theft, sabotage, accidental deletion, copyright
infringement and identity theft”
SonicWall “SonicWall provides cost effective next-generation

firewalls and award-winning network security
solutions to prevent breaches “
Stormshield “Stormshield is a very impressive European leader

in digital infrastructure security that offers smart,
connected solutions in order to anticipate attacks
and protect digital infrastructures”
ThinAir ThinAir is a very unique and purpose-built insider

detection & investigation platform designed to
address one of the biggest security problems – the
hidden risk of the trusted yet malicious insider”

13
ThreatBook “ThreatBook is able to take on the latest zero-day
malware and share the latest zero-day threat
intelligence”
Titania “Titania is the standard for helping you find your

network and security gaps before the hackers,
malware or malicious insiders with powerful
security & compliance configuration auditing tools”
TriagingX “TriagingX provides complete protection for

endpoint systems and datacenter servers against
zero-day attacks without requiring any patches. It’s
game changing”
Ziften “Ziften empowers IT operations and security

teams to monitor and act quickly to repair user
impacting issues, improve endpoint risk posture,
speed threat response, and increase operations
productivity”
www.ziften.com

14
BRAZILIAN "CAR WASH" TASK FORCE: CYBER SECURITY LESSONS
The creators of House of Cards have publicly stated that their work is Discovery Kids. Brazil
already stars in a reality show worthy of Discovery ID. The world follows our events as if they
were accompanying their favorite series. Since we are all attentive to this show of real horrors,
we must learn some lessons for our day-to-day life. As Cyber Security researchers, we would
like to alert you to the good practices (believe it is not a joke) demonstrated by some people
who have been or are being investigated by Brazilian police forces, including with the help of the
FBI.
When talking about good practices in the use of Information Technology and Communication
resources, we should look to Daniel Dantas (Satiagraha) and Marcelo Odebrecht as great
personalities in the management of information security. We will not go into the merit of what
kind of information these personalities protect in their digital safes. However, it is true that Mr.
Trump, Mrs. Dilma, Mr. Nixon, Mrs. Clinton, NASA, CIA and all of us must learn to protect our
information with the masters of real life House of Cards.
“Neither FBI was able to open the archives of the Satiagraha task force,
culminating in the nullity of the operation and the exile of the Delegate
responsible for the operation”
The success of our personalities begins in the consciousness about having sensitive data and
the need to protect them. Next, we must learn to control our mouth. Secret that many people
know, well ... it is no secret. Remember that nowadays almost anything can hide a tape
recorder. Google holds restricted meetings with any electronic device. Mark Twain said,
"We ought never to do wrong when people are looking".
The use of encryption software (a way to hide text so that only the key holder can read the text)
is essential for storing large amounts of sensitive information. However, that alone is not
enough. We have already published research in specialized journals and security conferences
demonstrating failures in cryptographic systems: Symantec PGP, BitDefender, Truecrypt and
BitLocker from Microsoft, you can check in the Journal of Cyber Security and Mobility V5-2.
These flaws, coupled with the unsafe use of systems, can put their secrets on the first page
newspaper!
Imagine the following scenario: You are a politician, director of a large company or a
revolutionary researcher. Your life is in the security of your information. Therefore, you ask your
director of ICT to give you an encrypted notebook.

15
You end up getting a computer prepared by an intern. When you receive, you change the
password and think that everything is safe. We are sorry to inform you that your trainee and
everyone who has touched your device before you will have access to your files.
Neither FBI was able to open the archives of the Satiagraha task force, culminating in the nullity
of the operation and the exile of the Delegate responsible for the operation. The Brazilian press
announced that the computer of Marcelo Odebrecht (investigated in the Car Wash task force) is
so protected that it will not be able to have its data exposed.
No matter what you think about protecting. To do it right, learn from these "good" examples.
About the Authors:
Rodrigo Ruiz is researcher at CTI - Centro de Tecnologia da Informação

Renato Archer, Campinas, Brazil. In addition, he as the co-author of Apoc@lypse: The End of
Antivirus. He has also authored papers about privacy and security for Cyber Defense Magazine,
Cyber Security Review, JCSM, 2600 Magazine, US Cybersecurity Magazine, ICCYBER,
ICCICS, WCIT2014, YSTS, IJCSDF, ICISCF, SIGE, JPSS. rodrigosruiz@outlook.com
https://www.researchgate.net/profile/Rodrigo_Ruiz3
Rogério Winter is colonel at the Brazilian Army and head of Institutional

relations of CTI Renato Archer with more than 25 years of experience in military operations and
cybersecurity. He is master degree in Electronic Engineering and Computation by Aeronautics
Technological Institute-ITA, dedicates to the warfare issues, cybernetics, command and control,
and decision-making process and he is co-author of Apoc@lypse: The End of Antivirus.

16
WHAT IS OLD IS NEW AGAIN
NEW APPLICATION FOR OLD ATTACK
by DRP; Cybersecurity Lab Engineer
Vehicle security assessment (car hacking) being in earnest three to four years ago. The
momentous occasion most associated with this was the Jeep attack (Greenberg, 2017). This
has been well publicized in the print media, social media, YouTube, and many other
placements. This act of research truly opened the eyes of not just the public, but also politicians
and InfoSec personnel.
One area that continues to be an issue is with connect vehicles being vulnerable due to several
factors, one of which is the link to the internet. This link has the potential to open a door widely
to the vehicle, allowing the knowledgeable attacker the opportunity to exploit any vulnerabilities,
both openly known and not yet well publicized. A recent vehicle attack was presented at the
DIVMA security conference in Bonn, Germany (Greenberg, 2017).
Vulnerability
This particular attack is focused on the vehicle’s internal network and CAN. In effect, this takes
the form of a DoS attack. This is present in the vehicles manufactured for years. Unfortunately,
the attack and vulnerability is nearly a universal problem. The fundamental security issue for this
attack is the CAN protocol. This allows for the vehicle’s components to communicate with each
other within the vehicle’s network. This was designed for this and is within the standard
operations. With the current level of technology with the vehicles, this attack is nearly impossible
to detect.
The technology in the vehicles which are in service at this time are not designed to defend
against this (Maggi, 2017). To defend against the DoS attack seemingly would not require a
massive integration and a multitude of change orders. An issue within this implementation is
finding the application(s) that may work in this environment, completing successful proof of
concept, and then implementing this within each OEM’s platform. With the level of
administration and planning with this application, having this be an integral part of the vehicle’s
technology platform may require this being planned on with the next generation.
Attack
The issue is with the CAN standard itself (Maggi, 2017). This particular attack works a bit
different than the normal DoS attack that has plagued victims through the IoT botnet army. The
attack seeks a frame, or basic unit of communication. Once this is identified, the attacker would
insert its own frame with a corrupted bit. This corrupted bit is substituted for another bit already
present in the communication channel. The targeted vehicle component recognizes the bit is not
correct, as it has been corrupted by the attacker.

17
The CAN protocol issues an error message to recall the message with the intentionally incorrect
bit. These steps are repeated. The substantial number of errors creates a Bus Off state. In
theory, the protocol should isolate a device that would be malfunctioning. This would stop the
waterfall of other devices continuing to fail post the initial device. The increase in the number of
errors creates the Bus Off state.
The attacker may focus on the different modules in the vehicle for the attack. With a successful
attack, the airbags, anti-lock brakes, door locks, or other areas in the vehicle may be disabled
(Greenberg, 2017).
Remediation
In the non-vehicle realm, the remediation for this is not a complex issue to solve. There are a
number of applications that may work well with the use case in the enterprise. These, while
coded for the enterprise, accomplishes its task exceptionally well, do not work in the vehicle
technology environment. To correct this and would require an update to the CAN standard
(Maggi, 2017). There are many different configurations to attempt to correct this, including
segmenting the network in the vehicle and encryption.
Reference
Greenberg, A. (2017, August 16). A deep flaw in your car lets hackers shut down safety
features. Retrieved from https://www.wired.com/story/car-hack-sht-down-safety-features/
Kovacs, E. (2017, July 31). ICS-CERT warns of CANBus vulnerability. Retrieved from
http://www.securityweek.com/ics-cert-warns-can-bus-vulnerability
Maggi, F. (2017, August 16). The crisis of connected cars: When vulnerabilities affect the CAN
standard. Retrieved from http://blog.trendmicro.com/trendlabs-security-intelligence/connected-
car-hack/
Palanca, A., Evenchick, E., Maggi, F., & Zanero, S. (2017, June 4). A stealth, selective, link-
layer denial-of-service attack against automotive networks. Retrieved from
https://link.springer.com/chapter/0.1007/978-3-319-60876-1_9
About the Author
DRP is a Cybersecurity Lab Engineer focused on securing the world for the users one module
at a time. DRP’s interests include the intersection AI & ML and automotive cybersecurity.

18
HOME OFFICE CYBER PROTECTIONS
by Tal Vegvizer, Director of R&D of BUFFERZONE
Nine to five ain't what it used to be; today, you have to add about a half hour in each direction to
account for commuting time (that doesn't include time spent looking for parking in the city or at
the train station, walking back and forth to the parking lot/train station, etc.). According to the
U.S. Census Bureau, the average American commute was 26.4 minutes long in 2015 – but
honestly, do you know anyone who can get to or from work in under an hour?
Actually, you do – it's the workers who get to stay at home and telecommute. Those same
Census Bureau statistics show that the number of workers who do their jobs at home has grown
at a healthy clip, more than tripling in the past 25 years, and up 5% between 2014 and 2015
(the last year for which the Bureau has figures).
Fortunately, the technology exists to enable home workers to participate in office life fully, being
“there” in everything but their bodies. Videoconferencing software via devices like tablets and
smartphones, fast and robust networks, connected computers using secure protocols, systems
that are armored with corporate level security systems – working at home should be as cyber-
safe as working at the office, and offers the advantage of letting employees avoid slogging
through traffic – ensuring a happier and more productive employee, according to many studies.
But that is just the problem: Who said working at the office was cyber-safe, anyway? By all
measures, the state of cybersecurity in corporate America is lousy, and it's getting worse.
According to the Identity Theft Resource Center, some 1,100 major data breaches were
reported in 2016, 40% more than in 2015. 2017 isn't over yet, but there have already been more
major data breaches this year than in 2016, with high-profile hacks of organizations like Equifax,
the SEC, Dun and Bradstreet, the IRS, River City Media, OneLogin, Verizon, and many others.
Meanwhile, a study by Ponemon and IBM says that each data breach costs victims $4 million
each on average; according to Forbes, losses to cybercrime will exceed $2 trillion by 2019. To
protect themselves in 2018, companies are set to spend some $90 billion.

19
As bad as the situation is, it's likely worse for home workers, who don't have an IT department
looking over their shoulder to ensure that they follow company policy. Even if telecommuters
use their own devices to get their personal e-mail, they may decide to forward a link from their
personal device to a corporate one, the better to be able to look at a site they may think can
help them with an assignment, or to open a document they believe is relevant to their work. If
that link or document contains malware, however, it's just a hop, skip, and jump to the corporate
network for that rogue exploit.
Does that mean that telecommuting is a bad idea, at least from a cybersecurity point of view?
Not necessarily; that same malware infection process could take place inside the office; after all,
the statistics we cited on breaches and cybersecurity are for all organizations, which are mostly
still office-centric. Blaming the telecommuters for the sorry state of cybersecurity is very short-
sighted; what's needed is a solution that will work both in-office and at home. Here are some
strategies that can be implemented both at the office, and at home offices:
1) Policy clarity: A recent study by Dell indicates exactly that: 91% of business users  said
that productivity was harmed because of security measures - meaning that many users
are likely to try and do an end-run around IT department rules if they feel too constricted
by the rules. But much of that, according to the study, is due to a lack of clarity on the
rules, and why they are in place; the study shows that over 60% of IT pros said that a
lack of “leadership awareness” was the greatest barrier to delivering a context-aware
security approach. “Context-aware” in this instance means knowing exactly how to
connect to the corporate network, what to do, and what not to do. A good context-aware
security system will make clear to users which protocol (like a specific browser or app)
to use to connect from within the network, and specify rules on where, what, and for how
long activity on the network can continue. With clear rules that are easy to understand,
employees both inside and outside the office are more likely to follow them, ensuring
that the network remains safe.
2) Superior supervision: Part of implementing rules is ensuring that they are followed, and
to ensure compliance, IT departments should be installing systems that monitor
compliance but are not intrusive. As mentioned, company-wide problems could result
from the actions of a single individual, who is seeking to get their work done more
quickly or easily – a temptation which might be even greater for highly productive
workers at home, who are hoping to knock off work early, once they finish their tasks.
Productivity is great, but not at the expense of security!

20
3) Isolation technology: According to studies, no fewer than 95% of data breaches start
with an e-mail phishing campaign, according to SANS Institute, with malware attached to
a message in the form of a document, or including a link to a rogue site, where victims
experience a drive-by malware attack. So it stands to reason that keeping users away
from these files will go a long way towards improving security. The problem, of course, is
that phishing messages are often designed to look like the real thing, with socially-
engineered messages that claim to be from the boss or from colleagues that seem to
require the attention of recipients. Some of these messages and documents may be
caught by filters or sandboxes, but not all, as is clear from the ongoing and increasing
number of data breaches (one could assume that companies like Equifax had the latest
and greatest cybersecurity technology at its disposal).
In a virtual container scheme, security systems check files and connections for activity in a “safe
zone,” with all aspects of the file or connection tested to ensure that it behaves as it is supposed
to – that a file does not seek to query areas of the registry that it ostensibly has no business with
or tries to execute code that should not be associated with it, or that a connection does not try to
hijack a user to another, rogue site. If the file/connection does try that, the system will keep it
away from the rest of the network, but still display the contents of the document or the site.
These ideas are certainly not the “silver bullet” that will eliminate cyber-insecurity – one would
think that with $90 billion spent on cybersecurity, we would have found that by now – but they
are likely to make organizations, and the workers who make them thrive, safer and more
productive, whether they are in the office or out of it.

21
MALVERTISING - ADVERTISING, BUT WITH A HOOK
THAT HURTS, AND HURTS AGAIN
by Chris Olson, CEO of The Media Trust
Malvertising, a combination of malware and advertising, has more than doubled in the
past three years and is increasingly found on premium websites that are typically
whitelisted by enterprises for employee internet use. Malvertising is typically spread via
legitimate digital advertising services and packs a nasty, unexpected and frequently
unseen punch for visitors to a compromised website. The harm is palpable: downloads
exploit kits, drops ransomware code, redirects to compromised landing pages, serves
fake pop ups, presents a phishing-oriented form, and the list goes on.
Malvertising comes in many shapes and sizes: majority of the time, malicious code
triggers auto-downloads of malware and occasionally requires user-initiated clicks. The
malware is also hard to detect, since it attacks only when certain conditions are met, for
example, if a website is accessed via mobile devices, or if a user from a specific
geography visits an infected webpage. Today, malvertising is designed to target
geographies, devices, browsers, behavior and even corporate IP blocks. Unfortunately,
evolving sophistication makes it a difficult beast to control. Its ability to penetrate
corporate networks highlights the fallibility of traditional security defenses like blacklists,
whitelists, generic threat intelligence, AVs, web filters and firewalls, etc.
Hiding in Plain Sight
Hackers use the digital ecosystem to hide malware in plain sight by hitching a ride with
legitimate advertising campaigns, and the result is a malvertising incident. That is what
makes it so stealthy and able to evade traditional enterprise security defenses.
Fake virus alerts and system updates delivering malicious exploit kits are ubiquitous in
today’s highly complex and dynamic digital ecosystem. But, those tricks are easy to
see. In order to effectively deliver malware, threat actors have resorted to sophisticated
coding to evade detection. Increasingly, malware only executes when predetermined
conditions are met, i.e., geography, device, or user profile combinations. For example,
Lucy in London on a mobile device receives the malware but Bob in Boston on a laptop
did not. Furthermore, in order to accurately target and deliver malware to specific
endpoints and internet users, threat actors exploit the very technologies that website
owners utilize to deliver customized and personalized content to their users.
Some enterprises attempt to address malvertising by adopting Adblockers. While this

sounds like a great idea, it is not a reliable security defense since the ad code can

22
execute before the blocker is activated, among other reasons. As adblock adoption
increases, so does the implementation of anti-ad blocking technology which, as
predicted, drives the exploitation of both tools. Provided by third-party vendors, anti-ad
blocking technology operates outside the purview of media publisher IT/Security
infrastructure and can surreptitiously be hijacked via code obfuscation. The only
effective way to tackle web-delivered malware is to incorporate web-based attack data
into enterprise filtering, firewall or antivirus defenses.
Cutting the line on Malvertising
Each new malvertising campaign erodes consumer trust, both in the website operator
and the internet at large.
Complementing anti-virus and other filtering tools, enterprises need an additional layer
of protection that leverages real-time threat intelligence regarding active and stealthy
threats propagating in the digital ecosystem. This web-based attack data exposes real
malware events that can be proactively arrested before penetrating the enterprise
network and endpoints.
Malvertising is a chameleon that can change domains, delivery channels, and payloads
by blending in with the background. Rather than allowing malvertising instances to
successfully penetrate the enterprise network, organizations must employ defenses that
investigate all code operating within their domain so threats can be identified and barbs
removed before anyone gets hooked.
About the Author:
Chris Olson co-founded The Media Trust with a goal to

transform the internet experience by creating better digital
ecosystems to govern assets, connect partners and
enable Digital Risk Management. Chris has more than 15
years of experience leading high tech and ad technology
start-ups and managing international software
development, product and sales teams. Prior to The Media
Trust, Chris created an Internet-based transaction system
to research, buy and sell media for TV, radio, cable, and
online channels. He started his career managing equity
and fixed income electronic trading desks for Salomon Brothers, Citibank and
Commerzbank AG.

23
SEEING AROUND CORNERS: OPERATIVELY-SOURCED
INTEL PREDICTED A RANSOMWARE OUTBREAK
OPERATIVELY-SOURCED INTELLIGENCE SIGNALED THE RISE OF PETYA RANSOMWARE AS

EARLY AS JANUARY 2017... A GAME OF CYBER "CAT AND MOUSE" ON A GLOBAL LEVEL.
by Byron Rashed, Vice President of InfoArmor, Inc.
By the end of June, 2017, the Petya ransomware and its variants had infected devices in 65
countries. The scope, severity and speed of the attack rivaled some of the most improbable,
imaginative of Hollywood plots - but the attack was indeed an actual security event, being
executed on a new and global level new level.
The exploit leveraged the same vulnerability as the infamous WannaCry malware which had
spread rapidly the previous month: MS17-010 (EternalBlue). But unlike WannaCry, Petya did
“Damage estimates from Petya were in the tens of millions from many
affected organizations, with most costs due to lost productivity and
remediation costs. But the greater damage was trust – Petya served as
a wake-up call that power grids, financial institutions and major
corporations were all vulnerable to ransomware.”
not have the sort of “back-door” kill switch that was inadvertently discovered as the exploit threat
spread, helping to halt its contagion.
Could operatively-sourced intelligence have prevented the contagion? Recent research finds
that for several companies, it did just that.
For example, InfoArmor has published research findings: InfoArmor Preempts Ransomware
Attacks
In January 2017, InfoArmor’s operative intelligence team identified the threat’s potential for
exploitation, enabling clients to identify and patch the open vulnerability, protecting their digital
assets from ransomware attack.
As the result of intel gleaned on the dark web as early as January, by April some companies
were aware of the MS17-010 vulnerability. By late April, those same companies knew which
specific hosts contained the MS17-010 vulnerability, and were able to bypass the Petya threat
entirely.

24
The research and subsequent series of events that marked the Petya wave strongly signal that
operatively-sourced intelligence is an essential and intelligent part of defense-in-depth
strategies, and should no longer be considered an optional layer of the security stack.
No matter how much organizations automate their cyber defenses, black hat hackers and other
bad actors will scour out vulnerabilities... and the ‘white hat’ operatives quietly conducting
operatively sourced threat intelligence will be looking over their shoulders in the web’s darker
corners to help discover who’s next at risk.
About the Author:
Byron Rashed has over 20 years of industry experience

spearheading global marketing and public relations programs in
various IT security organizations.
As the Vice President of Global Marketing, Advanced Threat

Intelligence for InfoArmor, he is directly responsible for all global
marketing and public relations strategies and tactics for the ATI
unit.
Mr. Rashed holds a Bachelor of Science degree in industrial

engineering from New York University.

25
LACK OF INFOSEC & DEVSECOPS
ROOTS AT THE COLLEGE LEVEL
The InfoSec field and industry continue to grow at an outstanding pace. This is being driven by
many market forces, including the increase in attacks, malware being released into the wild,
phishing, and spear phishing being promulgated by the attackers. From the technical side, there
are also massive advances in the hardware and software, and their connectivity. The number of
connected devices and their complexity are in an increasing varied devices such as vehicles,
refrigerators, coffee makers, thermostats, garage doors, home locks, and too many other
devices to name. This is a function of our society being directed towards ease and having
devices be automated in their functionality.
With the significant increase in these technologies, the need or demand for personnel with these
skills has increased substantially. There is a direct, positive correlation with the number of
devices and technologies and the personnel required to secure these. As an example, if the
number of connected devices, all from different regions on the planet from different
manufacturers, there will need to be more personnel to work on securing these. A person’s
number of hours to work is somewhat limited due to sleep requirements. Seemingly, with the
number of IT personnel across the planet, there should be the requisite number of InfoSec
personnel to manage most of the issues surrounding this sub-industry. This is especially the
case with DevSecOps.
With the focus and attention given InfoSec due to the business compromises and direct effects
on the consumers, likewise it would appear there should be enough programs at the University
and College level to fill these positions. On a secondary front, there should be other training
programs in place designed to fill in the gaps.
Appearances can be deceiving. The lack of a sufficient level of adequately trained and
experienced personnel to accomplish these tasks is well-publicized. This has increased the rate
of InfoSec persons also leaving the field due to the number of hours required to simply maintain
the baseline level of InfoSec for the business environment, stress, and other factors. This lack of
adequate training issue was researched by Veracode (Kawamoto, 2017) with their 2017
DevSecOps survey. The research sample included 400 respondents. The research indicated
70% of the sample noted the college training they received did not properly train them for
implementing security with application development. Also 65% of respondents received their
most relevant training on the job.
The results are rather disheartening. If this continues, the issue is only going to become worse,
as the number of personnel do not enter the field in sufficient numbers. The spiral downwards
will only continue. As this continues, the processes, software, and hardware will continue initially
to not be as secure as these should be. Granted there would be requests to have this reviewed

26
and improved, however with the baseline number of personnel to work on this, the change
requests will only pile up, and would be reviewed when they were according to the queue of all
the remainder of these. As this would occur, the attackers certainly would not slow in their
efforts. Without a concerted effort, there will continue to be issues and these are going to
increase in their negative effect on the users and business.
Reference
Kawamoto, D. (2017, August 17). Veracode survey shows a majority of DevOps pros mostly
learn on the job about security. Retrieved from https://www.darkreading.com/application-
security/70-of-devops-pros-say-they-didnt-get-proper-security-training-in-college/d/d-id/1329654
About the Author

27
HOW TO BECOME A CYBER SECURITY PROFESSIONAL
IF YOU WANT TO SWITCH TO A CAREER IN CYBER SECURITY, THIS IS HOW
YOU CAN GET STARTED
by Ehtisham Hussain, Content Marketing Manager, QuickStart
At the time this article is being written, there are more than 35,000 cyber security jobs posted on
indeed.com, out of which more than 5000 were posted within the last 48-72 hours. According to
an article published in Forbes, there will be a shortage of 2 million cyber security professionals
by 2019. In fact, there is a shortage of one million cyber security professionals across the world
as we speak. With an average salary of more than 116,000 per year, and organizations literally
getting into bidding wars over skilled cyber security professionals, it is safe to say that if you
want to switch to an industry, cyber security should be at the top of your list.
PRE-REQUISITES TO SW ITCH TO A CAREER IN CYBER SECURITY
You cannot start a career in cyber security without a background in IT. This does not mean you
need to come from IT exclusively, but you need to have a thorough understanding of how things
work in the IT world. If you are working in a different domain altogether, you will need to do a
number of courses and certifications before you can start applying for jobs in cyber security. If
you are just starting your professional career, you should look for career paths such as
Exchange Administrator, Network Administrator, System Administrator, and Web Developer.
From these career paths, you can get into email security, network security, system security, and
web security respectively.
To summarize this section, let’s just say that you need to put some time in the IT sector in one
of the career paths we just mentioned, and develop skills in Operating Systems & Database
Management, Programming & Coding, and Networks. Once you have that on your resume, and
have a clear understanding of how data works, how it is transferred, how it can be
compromised, and why it needs protection, you can move on to the next phase, which is
acquiring the relevant certifications.
BEGINNER LEVEL COURSES AND CERTIFICATIONS
While there are a number of courses and certifications being offered by Microsoft, Linux, (ISC)²
and Comptia in this category, we have narrowed it down to the following two:
1. CISSP
Certified Information Systems Security Professional (CISSP) will equip you with all the
information you need about best practices in terms of cyber security, its methodologies,
principles, concepts. After taking the CISSP exam, you will be able to start a career in cyber
security as an Information Security Consultant or an Information Assurance Engineer. You will

28
mostly be planning the cyber security strategy of an organization and will use the resources they
have to oversee implementation. As you can see, even the most basic cyber security job places
you higher up the hierarchy and in a position of extreme responsibility.
2. COMPTIA SECURITY+
This course equips you with the skills needed to identify vulnerabilities and threats, and plan
and implement the cyber security strategy of an organization. You will learn the fundamental
concepts of cyber security, and will be able to troubleshoot cyber security incidents. Your job
responsibilities will include ensuring business continuity and disaster recovery. By doing this
certification, you can get a job as a cyber security analyst, an IT support technician, a
penetration tester, and a cyber security tester.
INTERMEDIATE LEVEL COURSES AND CERTIFICATIONS
As with beginner level courses, there are tons of courses in this category but we have decided
to go with the following two:
1. CERTIFIED ETHICAL HACKING

Certified Ethical Hacking (CEH) is the perfect intermediate level course for cyber security
officers. If you are already responsible for network security in your organization, you should do
this course as it will enable you to identify weaknesses in your system, and will equip you with
the skills you need to counter any threats. You will also be able to anticipate different types of
cyber-attacks and take measures to prevent them. As the name just, the course teaches you the
strategies hackers use to penetrate a system, so you know exactly how to defend your system
against them.
2. CERTIFIED DISASTER RECOVERY ENGINEER

If you are working in the InfoSec industry for about a year and want to pivot to disaster recovery,
this is the perfect course for you. It covers everything from risk analysis to recovery techniques,
making sure you have the training you need to analyze a situation, come up with a strategy to
resolve it, and implement the strategy. In short, a Certified Disaster Recovery Engineer is a one-
man/woman army you bring in when the cyber security of your organization is compromised.
Getting this certification on your resume will make you a highly sought-after entity in the InfoSec
world.
EXPERT LEVEL COURSES AND CERTIFICATIONS

1. COMPTIA ADVANCED SECURITY PRACTITIONER CASP (COMPTIACASP)
This is an expert level course for people who have been in the InfoSec business for about 5
years, and have working experience in the IT industry for about 10 years. Doing CompTIA
Security+ is not a pre-requisite for this course, but if you have already done it, you will find this
course to be a little easier. In this course, you will learn Enterprise Security Architecture,
Security Research and Analysis, and everything in between. You will learn how to manage the
security policies and procedures of an organization.

29
2. Certified Authorization Professional
Certified Authorization Professional (CAP) by (ISC)² is an advanced level certification that’s
designed for professionals who are already highly experienced in cyber security and are
working towards or have already acquired a leadership role in their organization. A certified
authorization professional works within the Risk Management Framework (RMF) to identify
vulnerabilities in the system, and aligns the information systems with the RMF. With this
certification, you show the recruiters that you can create a cyber security strategy, formalize
processes, and maintain the necessary documentation. To do this certification, you have to
have minimum two years of experience in at least one of the seven domains of the CAP
Common Body of Knowledge (CBK).
We hope you found this article helpful. Do reach out to us if you require any further information
on the subject.
About the Author
Ehtisham Hussain is the Content Marketing Manager at

QuickStart. He describes himself as a writer, editor, and digital
marketer.
Having worked with multiple organizations and a number of

websites, he specializes in content that caters to both man and
machine.
Ehtisham can be reached online at

ehtisham.hussain@quickstart.com and at our company
website https://www.quickstart.com/.

30
DOES YOUR COMPANY HAVE ADEQUATE SECURITY
PROGRAMS IN THE ERA OF CYBER ATTACKS?
MANY COMPANIES HAVE A FALSE SENSE OF CONFIDENCE ABOUT THEIR
CYBER SECURITY CAPABILITIES
by Doug Ramos, Security Practice Manager, Groupware Technology
Facing ever-evolving malware, vulnerabilities and hacking attempts, companies today need to
seriously look at and evaluate their cyber security policies.
Studies show a vast number of businesses of all kinds seem to be woefully unprepared to deal
with cyber threats. Some companies that have yet to be compromised operate with a false
sense of confidence about their cyber security capabilities. Many companies that discover they
have been compromised find that hackers had been in their network from as far as 4-6 months
back, before the breach was found.
According to Deloitte’s 2017 “Cyber Risk in Consumer Business” online survey and in-depth
interviews of over 400 CIOs and CTOs in retail, restaurants and consumer products, 76% of the
executives felt they were adequately ready for cyber incidents. However, 82% had not
documented and tested their cyber response plans involving business stakeholders in the past
year and less than half of the executives performed threat simulations on a regular basis. For
consumer-facing businesses who have a lot at stake should a cyber incident cause them to lose
the confidence of their customers, the neglect of cybersecurity best practices could be
imminently harmful to their overall business.
Small companies, who are particularly vulnerable to cyber threats, illustrate the fatal danger
posed to an organization that does not have adequate security practices in place. According to
stats collected last year by the publication Small Business Trends, 43% of cyberattacks targeted
small businesses, but only 14% of these businesses felt they were ready with a security plan. It
is estimated that 60% of small businesses will go out of business within six months of a cyber-
attack. Scary numbers like this are a cybersecurity-cry-for-help.
Did Human Error Cause One of the Biggest Cyber Attacks Ever?
The greatest vulnerability in cyber-attacks are not even the security programs themselves:
human error plays a significant role. According to a study from the IT industry association
CompTIA, human error is the reason for 52 percent of the root causes of security breaches. A
2016 Data Security Report commissioned by a law firm which handled cyber cases found that
out of 300 security incidents it handled in the previous year, human error was the leading cause
of the incidents, accounting for nearly 40% of them.

31
One of the biggest cyber hacks to date in US history has apparently even been attributed to
human error. In the recent Equifax breach which compromised the private data of more than
145 million people, the company’s CEO alarmingly blamed a missed security patch by a single
IT employee in opening the door for a hacker to target a vulnerability in Equifax’s system. In his
widely publicized testimony to the House Energy and Commerce Committee, the CEO noted,
“The human error was that the individual who’s responsible for communicating in the
organization to apply the patch, did not.” In light of this very unfortunate reveal, a Congressman
ruefully noted: “How does this happen when so much is at stake?”
What Can Companies Do for Security Best Practices?
Failing to address the human component of security protection can negate many of the
cybersecurity programs which organizations are investing in. And each year, as companies try
to keep up with and deploy the latest security technologies, attackers in turn develop and launch
new tactics to circumvent those technologies. As the world increasingly becomes more
digitalized, the threat of cyber attacks on organizations large and small grows exponentially.
So what are companies to do when 1) their security programs are not adequate or 2) their staffs
are not adequately overseeing security programs or 3) both?
Once companies realize that in the era of cyber attacks, their chances of being compromised on
security are most likely to happen than not, they need to incorporate and shore up their
detection and response levels. But for many companies, self-managing their security systems is
not realistic, given the level of sophistication of today’s hackers, as well as organizations’ scarce
internal resources.
In a trend that is changing the cybersecurity industry, companies are increasingly looking for
security programs which enable them to focus on their core business and not get caught up in
managing security. As the global management consulting company McKinsey stated in a report
from a few years ago: “Eliminating threats is impossible, so protecting against them without
disrupting business innovation and growth is a top management issue.”
Organizations that feel overwhelmed in running their core business and do not have the
resources to self-manage their own security programs would be well served to contact a
solutions provider who can identify and recommend the best security programs that best fits the
organization’s needs. The benefits of signing on with a security solutions provider are
numerous, including:
• Faster deployment and improved data security. An experienced solutions provider

will be in better position to faster deploy security protocol and programs to protect data
and sensitive information.

32
• Cost efficiency. Managing security programs in-house can be a drain on scarce
company resources. By outsourcing their security programs to a solutions provider,
organizations can achieve cost savings by not having to maintain their own full-time on-
site security staff.
• Awareness of regulatory compliance issues. Security solutions providers will help

companies in regulated industries keep on top of compliance requirements and help
them maintain infrastructures for compliance.
• Problem resolution by specialists. When problems and issues arise, experienced

security specialists do the trouble-shooting. Cyber attacks occur at a rapid pace and are
often not detected until much later. A security solutions provider has the proper tools and
resources for early threat detection and protection, keeping on top of threats as they
arise, not weeks or months after an organization has already been attacked.
• Availability and support. An organization that elects to manage its cybersecurity

programs in-house would require enormous resources in manpower and technology to
monitor systems 24x7. A best-practices security solutions provider with end-to-end
support services often offers 24x7 support and live monitoring of systems and data.
Cyber attacks are on the rise and companies have scarce internal resources, as well as
inadequately trained employees, to deal with managing security programs in-house.
Organizations that work with experienced security solutions providers will mitigate the risks
posed by security threats in an efficient and cost-effective manner and enable the organization
to concentrate on its actual business.
About the Author
Doug Ramos is Security Practice Manager at Groupware

Technology, where he is growing and expanding the
company’s security business by evaluating and adding the
latest security solutions that will offer the best protection for
Groupware Technology customers. He has over 20 years
of experience in the technology industry in security and
networks. Doug started his career at Lucent and became
one of its first VoIP specialists, building out voice networks
in eight different countries. He has also worked at Cisco in
its wireless and security divisions and as Manager of Cisco
Enterprise Networking for CANCOM-HPM Networks. Prior
to joining Groupware Technology, he was Director of
Wireless Product Marketing at Fortinet.

33
CREEP HUNTERS CANADA SOCIETY
COLLABORATES WITH GOOGLE DEVELOPERS TO HUNT ONLINE
PREDATORS
by Brendon S Brady, Executive Director, CHCSociety
We are happy to announce that in the coming months we will be releasing an app.
This app in short, will give real time access for law enforcement to our chat logs and hunters. In
hope this real-time access will cut down on court time and enhance our ability to work with law
enforcement.
We will be releasing it first in the United States, and hopefully after in Canada.
This app will give law enforcement open access from the beginning of our investigations to point
they deem fit to take over those investigation.
We hope this will help those police departments that are underfunded have a stronger presence
online.
By giving people the opportunity to volunteer their time to chat logs in on a police monitored
environment.
When a borderless Internet community comes together, good things happen.

We would like to thank the Google program developers for donating their time and efforts to this
app.
Brendon S Brady, Executive Director at Creep Hunters

Canada Society.
Brendon Brady can be reached online at

creephunterscanada@gmail.com, FB: Brendon S Brady, IG
Brendon S Brady, FB: Creep Hunters Canada Society and at
our company website www.CHCSociety.com

34
HOW TO MAKE NOTPETYA NOT YOUR PROBLEM
4 CRITICAL STEPS ORGANIZATIONS MUST TAKE FOR RANSOMWARE
DEFENSE
by Noa Arias, Director of Marketing, Semperis
The NotPetya attack took the world by storm when a compromised update of M.E.Doc financial
software spread the virus across major corporations in Europe, encrypting files and demanding
bitcoins in exchange for file decryption. Upon further investigation, impacted companies learned
there was no way to decrypt infected files and spent days and, in some cases, weeks trying to
repair the damage. The real shocker? The astronomical costs associated with virus-related
downtime. As each impacted organization reported their quarterly results, it became evident that
the total monetary impact of the NotPetya virus was more than a billion dollars.
While NotPetya ransomware authors may have asked for 100 bitcoins (or $250K in regular
currency) in exchange for decrypting victim’s files, the actual cost of the attack was
exponentially greater. The virus hit industry giants Maersk, FedEx, Mondelez, Reckitt-Benckiser
and Merck hardest, halting operations and leading to a combined estimated loss of over $1.2B
dollars. In addition to financial losses, both Mondelez and Reckitt-Benckiser said goodbye to a
few C-level executives post-attack.
Preventing Ransomware Attacks
Ransomware attacks on enterprises are escalating both in frequency and complexity. As seen
in the Petya/NotPetya attack, cyberattackers are employing more sophisticated methods of
attack, spreading malware through the enterprise software (i.e. accounting software) to
maximize reach and impact. Subsequently, the total average cost of cybercrime is increasing at
a rate of 23% annually, mostly due to information loss and business disruption.
Enterprises that employ identity and access management (IAM) technology are able to save, on
average, roughly $2.4MM in cybercrime costs. Therefore, in order to protect against
ransomware attacks and the associated costs, organizations need to put into place systems and
processes to protect their enterprise identity. This includes:
1. Solid Patch Deployment Processes: NotPetya was able to infect victims through a
Windows SMBv1 vulnerability dubbed “EternalBlue”. Microsoft had released a security
update, MS17-010, to resolve the SMBv1 vulnerability just three months prior to the
Petya attack which, had it been deployed, would have prevented the spread of the virus
for the companies that were attacked.
2. Employee Education: According to the Verizon Data Breach Investigation Report, more
than half of all malware attacks are caused by malicious email attachments, so training
employees to recognize and report any suspicious email activity is crucial in preventing
malware attacks.

35
3. Proactive Monitoring: Real-time auditing of your IT environment will alert you to
suspicious behavior and help you detect potential threats prior to a full-blown
ransomware attack.
4. Disaster Recovery: Implementing a robust Disaster Recovery plan is the last, but most
critical, step in protecting against ransomware. If you have a strong backup and recovery
solution in place, and are hit by a ransomware attack, you can simply restore your
encrypted files from backup.
Last, but not least, if you are ever hit by a ransomware attack, never ever pay the ransom
because there’s no guarantee that the attacker will unencrypt the files. Reports indicate that
NotPetya was actually wiper malware, and not ransomware, and no amount of money could
have reversed the damage cause by the virus.
About the Author
Noa Arias is Director of Marketing at Semperis,

an enterprise identity protection company that
enables organizations to quickly recover from
changes and disasters that compromise Active
Directory. Prior to joining Semperis, Noa held
senior marketing roles spanning technology
startups, consumer goods and financial services.
She received her BA from Columbia University
and MBA from NYU's Stern School of Business,
with concentrations in marketing and strategy.
Noa can be reached online at
noaa@semperis.com, or on Twitter
@SemperisTech, and at the company website
https://www.semperis.com.

36
VPN: DO YOU REALLY NEED IT? THIS WILL HELP YOU
DECIDE!
Privacy is an aspect that is increasingly valued when it comes to surfing the Internet, but is
increasingly difficult to achieve. User data is too valuable for companies and is used in a
multitude of network activities. For this reason, virtual private networks or VPNs are gaining
prominence in forced marches by allowing us to surf anonymously. If you want to give them a
chance in 2017, we'll give you a compilation of the best VPNs for free.
The advantages of VPNs are several. First, it adds a layer of security that reinforces our
anonymity against the different tools that spy on our data or surfing habits on the Internet.
Secondly, they allow us to access certain portals that are blocked in our country for one reason
or another.
Classification of VPN Systems
The Virtual Private network is categorized by:
● The frequency of connections simultaneously.

● Security levels that are provided.
● The connections’ topology type.
● The termination location point of the tunnel.
● The protocols that are used for traffic tunneling.
● The connecting network’s Open System Interconnection model layer that they present.
What are the Uses of the Virtual Private Network?
The following are the uses of the VPN;
● Blocking malicious software.

● Internet protocol masking.
● File sharing.
● Safe use of WI-FI
Benefits of using the Virtual Private Network
The users of VPN enjoy the following major benefits;
● Security
VPN provides security to its users by allowing them to avoid the restricted sites.
● Anonymous surfing
By using VPN, you are guaranteed a high level of inaccessibility to your traffic making it
unavailable to the unauthorized parties.

37
Price
Once you have decided to use a vpn services, get the money needed for a subscription. The
VPN service allows its users to choose from a range of differently priced services which range
from the cheapest to the ones which are freely provided.
Are Free VPNs Reliable?

Our RedesZone colleagues are trying to shed some light on the issue of free VPN reliability.
Keep in mind that servers cost money and if they offer us something that costs money for free,
that has to be paid somehow. It is possible that this money may come from the sale of users'
personal data or from advertising.
The Hello extension is a clear example of how a free tool for anonymous surfing and accessing
services from other countries can affect our privacy. In the past it was discovered that they were
selling user traffic and doing business with them.
If you think that free VPNs are not for you and you want to go a step further in your security, we
recommend you to read the collection of anonymous VPN servers for payment.
Factors to Consider When Choosing the Best VPN Service
Anyone who needs to use a Virtual Private Network service should first consider the following
important factors;

38
Go Through the Reviews
The different users of the Virtual private network are encouraged to always leave a review about
the services rendered. This provides a good starting point to a new subscriber since he is able
to get information from other users. This information is constantly updated for the purpose of
providing up to date information.
The FAQ sections will help you get answers for your questions, leaving you informed and up to
date.
The top rated VPN services are outlined to give you great insight of the services to help you
choose your systems’ best protector.
The reviews are not only useful to the newbies but also to users who are considered advanced.
Other information one can get from the reviews include server network, internet connection,
multiple connection, encryption protocols the payment methods accepted, supported systems
and many more.
Conclusion
The benefits and importance of using a Virtual Private Network are very clear. Go ahead and
subscribe to a VPN of your so as to protect your system.
About the Author
Amelia Blanche (twitter handle: @AmelieBlanche) is an

online journalist from Hawaii whose main interests are
internet-freedom, cyber-security, and social media
marketing.
Studying marketing at Honolulu Community College

and previously working as a content-manager for
SafeNetHonolulu, she created her own blog about
Internet privacy.
Through simply-written
articles, Amelie teaches
residents of Hawaii
about Internet security
tools and how to use
them for playing games
or browsing the Net.

39
RANSOMWARE: NOTHING TO SNEEZE AT
by Mike Andrews, Managing Director, NovaStor Corporation
We’re heading into cold season and the common cold is well… common. A trip to the pharmacy
presents us with endless options for making your week a little more bearable, but unfortunately,
it’s after the fact. Colds keep evolving and staying one step ahead of medications.
Ransomware is similar to the common cold in the way that there is no foolproof preventative
cure, its roots date way back, it continuously reinvents itself to find new methods of attack and
overall, just makes your life miserable.
You’ve probably been seeing a lot of news about Ransomware lately due to the recent
devastation executed upon high profile targets including universities, hospitals and government
agencies by strains that include names like WannaCry, Locky, Bad Rabbit, etc. The targets you
probably don’t hear as much about are everyday small businesses, lawyers, dental offices,
construction companies for example – who bear the lion’s share of these attacks.
We call it Ransomware because in the moments that follow the breach of an unsuspecting
victim, it locks down access to data on their system and then purports to provide the key for
unlocking information, if a ransom is paid within a specified amount of time. Maybe.
Rule number one is not to pay a ransom as numerous cases exist where a victim has paid only
to never receive the promised key. Also, who is to say that paying does not make you a target
for future attacks?
Like the common cold, taking measures to prevent getting infected in the first place is the best
way to deal with ransomware. You need to think prevention – Think smoke detectors over fire
extinguishers. Investing the time in advance preparation will pay off in the long run when
compared to the resources needed to deal with the aftermath.
To understand how to prevent ransomware attacks, it’s best to know how they work, what are
the unique types of ransomware for identification, and what preventative actions to take.
Common types of Ransomware:
• Crypto-Ransomware
o Encrypts the files on a victim’s machine.
o Gives a time limit.
o Victim must pay a fee.
• Lock-Screen Ransomware
o Locks the screen.
o Demands payment.
o No files encrypted or affected.
• Master Boot Record Blocking
o Computer will not boot up.
o Ransom instructions displayed on screen.

40
Prevention tips:
Educate your users – Schedule a meeting to discuss what threats look like, and what to avoid.
How to store passwords and media. How to disconnect their machine safely from the network
and who to contact if infected.
Scanning and filtering – Antispam/anti-phishing in place. Filter file attachments in email (.ece,
.scr, .com, etc.). Show file name extensions in Windows, and disable macros (MS Office).
Patch early and patch often – Ensure that all server and workstation operating system are up
to date with regular patch maintenance.
Configure intrusion prevention – Business grade antivirus and firewall protection, with
advanced filtering, centrally managed with alerting capability.
Test your backup solution – Ensure that you have the ability to restore in the event that
prevention methods fail. Follow the 3-2-1 backup rule (3 backups, 2 different types of media, 1
offsite). Test restorability monthly.
With a cold, you can take every preventative measure in the world, and it can still get the better
of you.
The same goes for ransomware. These attackers are continually changing their techniques and
their code evolving to be smarter and trickier. All it takes is one person letting their guard down
to create a break in your cyber defense security chain.
So if you do get hit with ransomware – follow these steps:

• Immediately disconnect infected systems from the network
• Disconnect from the internet until situation is resolved
• Lock the source user accounts / Delete profile
• Identify source of infection to warn other users
For a healthier winter season, be sure to take your vitamin C and talk to your system
administrator about implementing a ransomware prevention checklist that your organization can
live by. Here’s to you and your critical corporate data’s health… Gesundheit!
About the Author
Mike Andrews (https://www.linkedin.com/in/mikeandrews), is a 20-year

veteran of the data-protection and security software industry and
serves as Managing Director of NovaStor Corporation. NovaStor®
(http://www.novastor.com) represents “Backup for the Rest of Us” by
empowering overwhelmed and underfunded IT administrator’s with all-
inclusive, fast, highly scalable, budget sensitive data backup solutions
for both physical and virtual environments. NovaStor’s disruptive
approach redefines service by including personalized local, expert level
professional services as part of every solution - helping ease the
enormous expectation being placed on maintaining a working,
compliant backup under even the strictest of budgets.

41
SURVEYING ANTI-PHISHING STANDARDS – PART 2
by Marc Laliberte, Information Security Threat Analyst, WatchGuard Technologies
In our last article, we looked at three different technology standards that combat spam and
phishing attacks. If you haven’t read the first installment of this two-part series yet, check it out
now to familiarize yourself with some important terms we’ll use while exploring why these anti-
phishing standards aren’t more widely used today.
Sender Policy Framework (SPF) was an open standard created to prevent sender address
forgery in email envelope MAIL FROM headers. At around the same time, DomainKeys
Identified Mail (DKIM) was developed to authenticate approved mail servers for a domain.
Finally, Domain-based Message Authentication, Reporting and Conformance (DMARC) was a
solution crafted to tie SPF and DKIM together with added reporting functionality. All three of
these technologies are great at helping to stop common forms of phishing. So, why haven’t they
reached 100 percent adoption?
As it turns out, SPF and DKIM adoption are actually doing quite well with email senders.
According to a 2016 report by Google, 95 percent of non-spam emails received by Gmail users
came from senders with SPF records, and nearly 88 percent of non-spam emails employed
DKIM signing. DMARC, however, is still struggling to take off. A Federal Trade Commission
report earlier this year found that only a third of surveyed companies have published DMARC
records and less than 10 percent of that group have configured their DMARC records to reject
unauthenticated messages.
The good news is that DMARC adoption has been seeing modest improvements. According to
the Online Trust Alliance (OTA), adoption for both DMARC record and rejection/quarantine
grown over the past year (from 27.4 percent to 34.3 percent and from 5.8 percent to 14.6
percent, respectively), and that the Internet Retailer and Consumer categories were the lead
adopters for both. Unfortunately, organizations in the Federal and ISP categories were the
laggards for records adoption, and banks and federal groups were dragging their feet in
rejection/quarantine adoption.
So, while there have been humble increases in DMARC adoption, the rates are still low;
especially with compliance enforcement enabled. Why might this be? For one thing, it’s
common for businesses to start with a DMARC solution configured with a “none” policy while
testing, which means they don’t want recipient email servers to take any action against non-
compliant messages. Businesses might choose to do this if they use third-party mailer services
to send newsletters, since DMARC can cause these messages to be denied if misconfigured.
It’s certainly important to test policy changes in phases instead of diving right in at the risk of
breaking something critical, like your company’s ability to send email.

42
Here are three tips that can help you properly set DMARC policies:
• First, test with a “none” policy. Mailboxes that support DMARC should still send reports
on messages that fail DKIM and SPF checking. This can help you identify legitimate
email sources from your domain that you may have overlooked.
• Make sure you follow the correct syntax when configuring your DMARC DNS record.
Dmarc.org has a wide range of tutorials and guides that can help you with this.
• Once you have finished testing your DMARC record, change the policy to “reject” or
“quarantine” to instruct recipient mailboxes on how to handle spoofed messages from
your domain.
Configuration issues aren’t the only obstacle here. DMARC also suffers somewhat from the
“chicken or the egg” conundrum. Some companies wonder why they should invest precious
resources into testing and deploying DMARC records for their domain when recipient mail
servers don’t bother verifying emails against them. It is commendable that DMARC’s adoption
rate was 60 percent by mailboxes after just one year, but that percentage has only grown by 10
percent as of 2016 according to a recent report by Return Path. DMARC verification by recipient
servers must increase as well, in order to help slow the growing epidemic of spam and phishing.
It is in everyone’s best interest to fully adopt protocol standards like SPF, DKIM and DMARC.
While they may take some effort to deploy, the benefits are more than worth it. Preventing
spammers from spoofing your company’s domain can help you avoid costly reputation damage
and shield your customers from annoying, potentially malicious emails. Enabling DMARC
verification on your own mailboxes for incoming messages can also drastically reduce your
chances of falling for convincing phishing attacks.
About the Author
Marc Laliberte is an Information Security Threat Analyst at

WatchGuard Technologies. Specializing in networking security
protocols and Internet of Things technologies, Marc’s day-to-
day responsibilities include researching and reporting on the
latest information security threats and trends. He has
discovered, analyzed, responsibly disclosed and reported on
numerous security vulnerabilities in a variety of Internet of
Things devices since joining the WatchGuard team in
2012. With speaking appearances at industry events and
regular contributions to online IT, technology and security
publications, Marc is a thought leader who provides insightful
security guidance to all levels of IT personnel.

43
COULD YOUR REACTIVE CYBER SECURITY APPROACH PUT
YOU OUT OF BUSINESS?
by Ajay Unni, Founder and Chief Executive Officer of Stickman
Cyber security is a concern for businesses of any of size, but it’s especially pressing for smaller
companies.
That’s because they tend to be more vulnerable than larger enterprises. They often lack the
resources and manpower to fully protect themselves from a sophisticated attack, which can
make them very appealing targets.
In fact, Small Business Trends reports that smaller businesses encounter nearly half (43
percent) of all cyber-attacks. What’s scary is the damage that can stem from an attack. Many
companies never recover, and 60 percent of SMBs end up going out of business within six
months.
Protecting your business through effective cyber security processes can literally mean the
difference between averting disaster or being so crippled by it that you have to close your doors.
One area where many organisations go wrong is taking a reactive approach to security rather
than a proactive one. They often end up waiting until something happens and responding to it
rather than taking effective measures to heighten cyber security ahead of time.
This obviously isn’t ideal, but could it put you out of business?
Some Unsettling Statistics
Small Business Trends provides some additional data that puts perspective on the current state
of cyber security attacks.
Studies have found that 55 percent of SMBs dealt with a cyber-attack between May 2015 and
May 2016. They also found that 50 percent experienced data breaches that compromised
customer and employee data during that same period.
So in theory, at least half of all SMBs will suffer from some type of cyber-attack during any given
year. In terms of specific attacks, these were the most common:
• Web-based attack (49 percent)
• Phishing/ social engineering (43 percent)
• General malware (35 percent)
• SQL injection (26 percent)
• Compromised/stolen devices (25 percent)
• Denial of services (21 percent)
In terms of costs, the affected enterprises ended up spending an average of $879,582 to cover
the expenses of damage or theft to their IT assets. On top of this, there’s the issue of disruption
to operations, which resulted in an additional $955,429.

44
Add this together and it amounts to more than $1.83 million. With such exorbitant costs, it’s
easy to see why 60 percent of all SMBs inevitably go out of business. Often a single cyber-
attack is a deathblow from which they never recover.
Operating in the Danger Zone
Here’s the problem. Even though most companies are at least somewhat aware of the growing
threat of cyber-attacks, not much is being done about it.
President and Co-founder of CSID, Joe Ross explains that 58 percent of companies have
expressed concern, but a staggering 51 percent have failed to allocate any budget into
mitigating cyber security risks.
He also reports that only:

• 38 percent of small businesses regularly upgrade their software solutions
• 31 percent monitor business credit reports
• 22 percent encrypt databases
This disconnect creates a tremendous amount of risk where it’s not a matter of if but when a
crisis occurs. Way too many organisations are ill-prepared for the increasing number of cyber-
attacks that are happening each and every day.
The FBI even listed the number of ransomware attacks to be 4,000 per day in 2016 – a 300
percent increase from the 1,000 in 2015. If this trend continues, countless businesses will
experience the backlash.
The Consequences of a Reactive Approach
There are a variety of reasons why companies are reluctant to invest time and resources into
cyber security. It could be a limited budget, a lack of knowledge, a false sense of security or a
combination of these factors.
Some companies even operate under the assumption that these types of things happen to other
businesses, but it won’t happen to them. Regardless of the reasoning, a reactive approach is a
recipe for disaster.
One scenario could involve your organisation becoming the victim of ransomware where an
attacker hijacks your data and demands compensation for it. Without paying up, your operations
come to a screeching halt, and your revenue plummets overnight.
Another would be having sensitive customer or employee information fall into the wrong hands.
This can lead to everything from identify theft to corporate espionage. Even basic information,
like email addresses, phone numbers and billing addresses can be of significant value to cyber
criminals and open a can of worms.
You also have to consider the level of disruption that comes along with an attack. Not only does
downtime cost your business serious money, it can tarnish your brand reputation, and many
customers may end up turning to competitors. Hardly anyone wants to risk their own security
and privacy by doing business with a company with inadequate security protocol.
It’s a bad deal all around. If your organisation isn’t taking proper cyber security measures, it’s
something you’ll want to address right away. You’ll want to make the transition from being
reactive to proactive.

45
Taking Steps Toward Becoming Proactive
It’s clear that the threats modern businesses face are very real. But what can they do in order to
mitigate their risks?
It all starts with a mental shift where there’s a genuine commitment to enhancing cyber security.
This is integral to creating a security-minded culture and lays the groundwork for a real
transformation to begin.
Our philosophy is based upon cyber security by design rather than chance. As cyber criminals
continue to become more sophisticated and advanced with their attacks, it requires diligence
and perseverance to stay ahead.
You need a comprehensive plan that covers all of the core areas and enables you to get your
cyber security to where it needs to be. This involves a five-step process:
1. Define
2. Plan
3. Execute
4. Report
5. Monitor
Defining involves examining where your company is currently at in terms of cyber attack
prevention and determining where you need to be and what your target profile looks like.
Planning is where you develop and implement a plan that will ultimately enable you to attain
your cyber security target profile. It’s where you must devise realistic and actionable steps to
take.
Execution revolves around implementation of the plan that’s based on a specific timeline, while
taking resources and budget into account.
These first three steps are what allow you to initially ramp up your cyber security. They help
catalyse the transformation and get security to where it needs to be.
At that point, reporting and monitoring are what allow you to assess and track the results and
continually fine-tune your security practices. This provides consistent protection even as threats
evolve and advance over time.
Performing Penetration Testing
One of the most effective ways to protect your data assets is to identify potential vulnerabilities
before attackers have the chance to. Penetration testing is a means of accomplishing this and
involves a comprehensive assessment of your web app, mobile app, network and so on.
By pinpointing weaknesses, you can come up with viable solutions to drastically reduce the
attack surface. In turn, you can ensure that your company remains ahead of cyber attackers,
which will give you greater peace of mind.
Developing a Business Continuity Plan
A business continuity plan is based upon devising a strategy and creating a plan of action in the
event of a disaster. If your enterprise is in fact hit with a serious attack, you will have a
sequence of steps in place to minimise the damage and get operations back to normal in the
shortest amount of time possible.

46
In turn, there should be minimal disruption and less frustration for your customers. Some
specific steps that your company might want to take include:
• Identifying potential cyber security disaster scenarios
• Determining the series of steps that must be taken to restore IT
• Educating employees on proper protocol and behaviour
• Organising recovery teams (e.g. who’s responsible for what?)
• Having a failover database server in place in case your primary server goes down
It’s also smart to periodically have “test drills” where you assess the effectiveness of your
business continuity plan. This increases your efficiency should you have to use it.
Making the Transition
The ISACA’s 2015 Global Cybersecurity Status Report found that only 38 percent of
organisations were prepared for a sophisticated cyber attack. A lack of planning and preparation
could prove disastrous or even fatal for many SMBs.
Research has proven that a reactive approach can be incredibly costly, and even a single attack
puts more than half of all companies out of business. As attacks become more and more
prevalent, the threat level will only continue to rise.
Fortunately, there are numerous ways to protect your organisation, and it all starts with making
the shift to taking a proactive approach.
Being on the offence arms your company with the tools it needs to combat the omnipresent
threat of cyberattacks and gives you a much greater level of control. In the long run, this can
mean the difference between avoiding/withstanding attacks or being ruined by them.
How comfortable are you with your company’s current cyber security, and are there any
specific areas you need to improve upon?
About the Author
Ajay Unni is the Founder and Chief Executive Officer of

Stickman.
Ajay specialises in helping customers manage the growing
threat of data breaches and compliance with globally accepted
industry standards for data security and compliance.
Ajay can be reached online on Twitter:
https://twitter.com/ajayunni, Linkedin:
https://www.linkedin.com/in/ajayunni/ and via their company
website: https://www.stickman.com.au

47
HOW TO DEFEND YOUR BUSINESS AGAINST A
RANSOM DRIVEN DDOS ATTACK
RESPONDING TO THE SURGE IN DDOS RANSOM CAMPAIGNS
by Stephanie Weagle, Vice President, Corero Network Security
Since the inception of the internet, hackers have used DDoS attacks as a vehicle to sabotage
and retaliate. Today, we see a widening array of DDoS targets and tactics as access to an
increased number of DDoS-for-hire tools and services significantly lower the barrier to entry for
anyone looking to cause chaos, benefit from extortion campaigns, gain notoriety or infiltrate
networks.
Anyone can access the depths of the dark web to launch a crippling attack for a nominal price;
DDoS-for-hire botnets offer a subscription-based model enabling the launch of DDoS attacks at
the size, scale or duration required to take a service offline and test existing security defenses.
The anonymity of these services, ease of access and bargain basement prices make it easy for
anyone to launch an attack against unsuspecting victims.
Ransom driven DDoS attacks (RDoS) – a tactic when attackers threaten DDoS attacks unless
paid in cryptocurrency, have been a hacker’s extortion tool of choice for several years, and the
activity appears to come in waves. In recent months RDoS appears to have hit another peak in
popularity targeting organizations across the globe with threats.
September 30 was a key date for RDoS targets– pay up or prepare for a DDoS attack. This
more recent campaign was driven by well-known hacker group Phantom Squad, and it spanned
across industries—from banking and financial institutions, to hosting providers, online gaming
services and software as a service (SaaS) organizations.
Unfortunately, when even one victim chooses to engage with attackers by paying a ransom, we
begin to see an onslaught of these types of attacks. RDoS attacks have grown in frequency as
cyber criminals are constantly on the lookout for more efficient methods to attack systems and
obtain profits. When faced with the costs of their business going offline if a successful DDoS
attack is launched against them, some organizations believe that paying a ransom demand
represents a worthwhile investment.
This approach offers no guarantee that an attack will not be launched, in fact it could result in
just the opposite. It is important to highlight the danger these attacks pose to businesses and
learn how to build a successful defense against them.

48
DDoS – A Threat to Availability and Security
Today’s DDoS attacks are almost unrecognizable from the early days of attacks, when most
were simple, volumetric attacks intended to cause disruptions to online services, maybe even
publicly humiliate an organization. Today, the attack techniques are becoming ever-more
complex and the frequency of attacks is growing exponentially. The combination of the size,
frequency and duration of modern attacks represent a serious security and availability challenge
for any online organization. Minutes or even tens of minutes of downtime or latency significantly
impacts the delivery of essential services. As the DDoS attack landscape evolves toward more
sophisticated attack techniques, the objective is no longer focused solely on disruption.
The goal is not only to cripple a website, but rather to distract IT security staff with a low-
bandwidth, sub-saturating DDoS attack. Such attacks typically are short duration (under 5
minutes) and volume, which means that they can easily slip under the radar without being
detected or mitigated by some DDoS protection systems. These attacks are increasingly used
as a smokescreen to camouflage other cyberattacks, including data breached and data
exfiltration. The disruption caused by the DDoS attack can expose weaknesses in organizations’
cyber defenses or overwhelm other security tools, like firewalls or IPS/IDS, opening the door for
cyber criminals to plant malware or steal sensitive information.
Proactive Protection in the Face of DDoS Attacks
Distinguish DDoS attack activity – Have a clear understanding of your network traffic
patterns. Short duration, low volume attacks can be used as ‘stress tests’ profiling for security
vulnerabilities within your edge security perimeter. Visibility into DDoS activity on your network
is step one in defining your DDoS resiliency plan.
Document your DDoS defense plan – Proactive planning requires both technical and
operational considerations. A comprehensive plan also includes a communication strategy that
spans across all facets of the business, to ensure that key stakeholders are notified and
consulted accordingly.
Time-to-mitigation is a critical consideration – When faced with an attack, ransom driven or

otherwise, time-to-mitigation is critical. Minutes, tens of minutes or even seconds count.
Downtime, outages, latency and security implications become increasingly damaging when
mitigation techniques are not instantly engaged.
Organizations, regardless of industry, need to be proactive in their DDoS defense strategies.

Paying out a ransom to stop an attack is not a scenario that any organization should have to
deal with. As DDoS attacks continue to become more complex, more frequent and more
adaptive in nature, traditional IT security infrastructure doesn’t stand a chance when it comes to
proper protection for your business. Organizations must begin to look at DDoS as a threat
vector that requires a dedicated detection and mitigation solution as part of an overall layered
security strategy. Proper DDoS mitigation combines real-time, automatic detection and
mitigation, deployed at the internet edge to defeat the growing threat of DDoS before it can
impact the targeted environment.

49
About the Author
Stephanie Weagle brings more than 12 years of experience to

Corero Network Security. As Vice President for the Corero
DDoS protection solutions, Stephanie strives to accelerate
market penetration of the award winning Corero real-time
DDoS mitigation product portfolio.
Stephanie has been instrumental in establishing Corero as a

category creator for automatic, scalable DDoS protection that
is architected to meet the needs of any Internet dependent
organization, including, hosting and service providers, global
carriers, and digital enterprises.
Stephanie can be reached online at

Stephanie.Weagle@corero.com and at our company website
https://www.corero.com/.

50
SECURING THE CONNECTED AND AUTONOMOUS
VEHICLE
DIFFICULT, YET FULFILLING
Vehicles have been connected and on the road for years throughout the nation. This has been
placed in the various vehicles and platforms to better the user experience. The consumers have
enjoyed the radios with added functionality, safety services, convenience of having the vehicle
start and defrost in mid-January while the owner is walking to the vehicle. Other connected
features include the user’s cell phone being connected with the car being a pass through,
current maps to guide the driver to their final destination, and other services to maintain a
seamless transition through life with the vehicle as just another point of existence.
The natural extension of this has been the autonomous vehicle. The autonomous vehicles
projects are closing in and will be a fully realized and executed project in the very near future.
These have been promised by the manufacturing community in the next 5-7 years. Initially these
may cohabitate with user driven vehicles, however the autonomous vehicle systems are where
the driving experience is clearly headed. On a tangent, this also has a number of very useful
and consumer friendly options. The benefits are present on many levels, from efficiency to
safety, and other measures. This will truly be another paradigm shift not only for the auto
market, but also consumers.
Potential Issues
These clearly are and will be a fantastic addition for the vehicles and the fleets. These assuredly
will continue to increase our efficiency and enjoyment of riding to our destination. As the
autonomous vehicles become an increasingly integral part of our society, there is one aspect
that have not been properly or fully addressed. If there is any doubt regarding this, there are a
number of vehicle compromises requiring recalls and OTA updates that have been present.
These devices are starting to take over a greater level of the user’s responsibilities in driving,
monitoring, and ownership. With this increasing, the users are more dependent on the vehicle
for these and other functions integral for the user’s experience, e.g. safety.
These functions, the vehicle modules, and the vehicle itself need to be fully secured from
unauthorized access and attempted unauthorized access. The OEMs should use the present
InfoSec standards with equipment. When this has not been accomplished and groups have not
included security into the process, except at the very end, there have been significant issues. If
third party equipment is used with these vehicles, the manufacturer’s efforts at security should

51
not be automatically trusted. These should likewise be tested. The other party’s idea and
definition of security may be a bit different than the standard, accepted version.
This is required by necessity. Without this in place and actively used, there is a rather direct
potential positive correlation with the user’s being in hazard’s way due to a lack of properly
applied security. If the vehicle’s systems are not secure from an attack and compromise, the
vehicle could be directed to brake during heavily traffic, make a sharp right turn while on the
expressway during rush hour and other malicious driving patterns the vehicle would normally
not complete.
This is not an easy task. The vehicle is a rather complex machine. Mechanically, there are many
different systems interacting and communicating within the vehicle. The electronics present a
separate and distinct set of security parameters. The attack points, physical and wireless, are
massive in number in a vehicle. To test every point repeatedly would require a large amount of
time.
On another point, the security surrounding the vehicle is not static. The red teams may test a
module or vehicle, recommend remediation for any issues, and once implemented believe the
subject is secure. As time passes however, there may be more insecure areas and attack points
that are present. This moving target makes security ever-changing and interesting.
Solution
With the complexity involved, any security function needs to be fully integrated throughout the
modules, guarding the process and embedded devices. The best alternative is to maintain a
quality research implementation from the design stage forward. Too many times, security is
thought of within the last stage prior to production, and the interested parties then are
substantially rushed. At this point also, any changes may need to be implemented with the next
iteration of the part or module, which allows for the end users to have their vehicle open to
compromise until the change or patch is applied to their vehicle’s application.
This does deserve more attention and focus from manufacturers at all levels. Until this is
implemented in the appropriate manner, there will continue to be the extra costs for recalls and
too many patches being uploaded.
About the Author

52
3 STEPS TO CREATE A CULTURE OF CYBERSECURITY
by Mary-Michael Horowitz
It seems like every business is trying to improve its company culture. And that’s a good thing.
An effective culture is built on solid values and a core purpose. It gives employees the
opportunity to understand what makes the company tick – what its beliefs are, what its goals are
and how each person can help move the business forward.
In the same way, I encourage businesses to think about creating a culture of cybersecurity.
Ensuring your business, and its data, stay safe from the many cyber threats lurking in the ether
means constant education and discussion so that each team member understands how to
safeguard the business and demonstrates that day in and day out.
Here are three steps to create a culture of cybersecurity in your business:
1. Involve the entire company

Cybersecurity isn’t just an IT thing. It’s an everybody thing. So, take the time to teach
everyone in the company why cybersecurity matters. Train employees to know what to
look for, like how to spot a phishing email, and to whom suspicious activity should be
reported. Explain to the team the reality of cyber attacks. If employees understand the
consequences of their actions and the potentially devastating results, they’re probably
going to be more likely to buy into a culture of cybersecurity. We suggest companies
provide their teams with formal training at least annually, if not quarterly. These trainings
shouldn’t be stiff and dull. Make them fun and engaging with friendly competitions or
games, rewards and demonstrations.
2. Keep cybersecurity top of mind

Holding annual or quarterly cybersecurity training sessions is important in establishing a
culture of cybersecurity, but it’s not enough on its own. To truly build a strong culture,
security needs to be top-of-mind for employees. Things like posters hanging around the
office with brief security tips, handouts with reminders of things to look out for and
quarterly newsletters with more in-depth tips and takeaways from the latest hacks
making headlines all help make security part of the daily conversation.
3. Create a sense of responsibility

In addition to teaching your team how to prevent and spot cyber attacks, it’s equally
essential to ensure employees feel comfortable reporting their findings.

53
Consider this scenario:
Maria from accounting notices a suspicious looking email in her inbox and realizes it’s
likely a phishing email, so she doesn’t open it. Feeling proud that she spotted the email
before opening it, she moves on to the next task at hand. She figures since she didn’t fall
for it, there’s no need to do anything else. She never reports it.
Hackers often send out mass amounts of phishing emails – possibly to employees within
the same company – looking for the weakest link. So while Maria didn’t take the bait, her
coworker who receives a similar email the next day might. Reporting suspicious emails
allows IT and company leaders to create awareness around the issue.
What if Maria had fallen for the phishing email but still didn’t tell anyone? The
consequences could have been tragic. It’s important to create a workplace where people
feel open and invested. Instilling fear in employees for reporting cybersecurity issues
won’t help. Instead, offer an incentive or award. For example, give a special treat to
those who report a phishing email.
About the Author
Mary-Michael Horowitz is VP of sales and operations at Asylas, a security, privacy and risk
consulting firm located in Nashville, TN. She works with small- and medium-sized businesses to
align business goals and objectives with technology solutions that fit for today and plan for the
future.

54
THE CRITICAL DIFFERENCES BETWEEN SECURITY
ORCHESTRATION AND INTELLIGENT AUTOMATION
by Kumar Saurabh, CEO and Co-founder, LogicHub
Ransomware, IoT attacks, phishing, cloud vulnerabilities—there are plenty of reasons for the
increase in SecOps workloads. To reduce this growing burden on security analysts, many
SecOps teams are exploring new security architectures and uses of automation.
SecOps teams have a wealth of solutions—and acronyms—to choose from. They can evaluate
Security Automation and Orchestration (SAO) products, Security Orchestration Automation and
Response (SOAR) products (recommended by Gartner), or products based on a Security
Operations and Analytics Platform Architecture (SOAPA) (recommended by ESG).
SAO, SOAR, and SOAPA vary in several ways, including how much they rely on orchestration
and various types of automation.
How should a SecOps team decide which approach is right for them?
DIFFERENTIATING ANALYTICS FROM AUTOMATION
A good first step for cutting through the fog is to distinguish analytics from automation. Analytics
is a tool that helps analysts with their manual investigations. It produces data and insights for
evaluating alerts and IOCs. Most of an analyst’s time is unproductively spent on sifting out the
false positives by having to investigate each one.
Today, analytics supports decision making by the analysts. However, intelligent automation
must replace analytics with decision science. The automation itself needs to be advanced
enough to accurately weed through the torrents of false positives and mark them as such.
Analytics is not automation, and we should not be comparing them in the same bucket.
ORCHESTRATION IS NOT ENOUGH
Orchestration connects the various components of a workflow. By bringing disparate systems

together in a single of pane of glass, orchestration reduces the number of stand-alone products
an analyst has to login to and consult as part of doing his or her job. It also provides a
mechanism to hand off tasks between different teams.

55
Orchestration solutions are task oriented and geared to take actions such as isolating an
endpoint from the network or opening a ticket in a case management system. They are most
prominently used for incident response, as well gathering investigative data.
These solutions help tie together the various steps and moving pieces in an investigation
workflow. However, the act of determining whether an alert is a false positive still falls upon the
analyst. In most customer situations, we see that analysts receive hundreds of alerts a day, and
typically 90-95% of these will be false positives. The decision making burden on analysts is still
tremendously taxing, expensive, and unmanageable.
We fundamentally believe that automation can help analysts tremendously, not just with
repetitive actions, but more impactfully with key decision making several dozen times a day.
TYPES OF AUTOMATION
Orchestration provides only a rudimentary form of automation. To reduce analysts’ workloads

further, SecOps teams need smarter solutions that apply automation to the more challenging
aspects of decision making.
When evaluating security automation products, it’s useful to reference Harvard Business
Review’s three main types of automation. The ones that apply to security automation are:
● Robotic process automation

● Cognitive automation
Robotic process automation automates high-volume, low-complexity, and routine tasks. These
tasks might be physical, such as installing a rivet, or they might be software-based, such as
transforming a data set according to a set of rules and transferring the output to a file server.
Cognitive automation addresses complex, non-routine, creative, or exploratory tasks, which can
involve pattern recognition on large data sets and decision-making based on the results of that
pattern recognition. Cognitive automation has recently achieved major breakthroughs in areas
as diverse as language translation (e.g., Google Translate) and vehicle navigation (e.g., self-
driving cars).
AUTOMATION AND SECOPS
How are these various types of automation applied in today’s SecOps offerings?
The vast majority of automation in SecOps today is robotic process automation. For example,
when an orchestration product processes a directive to close a specific firewall port or open a
trouble ticket, that’s robotic process automation. A well-defined process has been performed
quickly and efficiently, but the process itself hasn’t been changed or optimized, and the SecOps
system itself learns nothing from the experience.

56
Robotic automation can help reduce workloads by minimizing “swivel chair” tasks. It can save
analysts the trouble of opening trouble-tickets, changing firewall rules, and so on. But it cannot
address the time-consuming challenges of analyzing billions of alerts to detect hidden threats.
To sort false positives from genuine security threats requires advanced cognitive abilities. A new
generation of SecOps solutions applies cognitive automation to improve the accuracy of threat
detection and thereby accelerate the mitigation of threats.
These new security automation products apply Machine Learning techniques to rapidly analyze
SIEM alerts and other contextual data. Their deep ranking and correlation algorithms perform
analysis far more sophisticated than the simple rule-based matching used by SIEM systems.
These products can even take into account the context of events, which enables them to more
easily identify false positives. Unlike robotic automation products that operate by rote, cognitive
automation systems accept feedback and tuning from security analysts, so they can learn from
experience and become more accurate over time.
ALIGNING INTELLIGENT AUTOMATION WITH SECOPS REQUIREMENTS
By differentiating automation from orchestration and robotic automation from cognitive

automation, it’s possible to come up with a basic rubric for applying automation and
orchestration to reduce workloads and improve outcomes in a SOC:
● Incident Response – Use orchestration that applies robotic automation to open tickets
and make configuration changes to mitigate threats.
● Alert Triage –Orchestration is helpful for collecting investigative data, but for optimal
results, use cognitive automation to distinguish false positives from genuine threats and
to quickly understand those threats so they can be stopped.
● Threat Hunting – Rely on cognitive automation to perform sophisticated analysis at

scale, discovering deep correlations to uncover unknown threats.
With this rubric in mind, SecOps teams can develop strategies for investing in new security
technologies, confident that they have aligned new product capabilities with specific work
requirements in the SOC.
If a SOC is overwhelmed by the volume of security alerts they are receiving, they should invest
in cognitive automation. Automating analysis of alerts can greatly speed the identification of
false positives, dramatically reducing the number of alerts that analysts need to investigate. In
some enterprises, cognitive automation has been able to reduce false positives by as much as
95%.
Additionally, if a SOC is concerned about detecting Zero Day threats or data breaches that
might leave a network vulnerable for weeks or months, then cognitive automation is a must.
Machine Learning that goes beyond the rule-based analysis of SIEMs will be able to detect
threats that most of today’s security products overlook.

57
In evaluating all these approaches and technologies, it’s important to consider not just what
SOCs need today, but also what they’re likely to need in the future. Security attacks are more
sophisticated and targeted than ever before. Enterprise networks are becoming more distributed
and complex, and the number of connected devices is likely to explode as IoT becomes more
mainstream. If security workloads are high now, they’re likely only to become higher in the
coming months. Of course, an ideal solution would be one that spans all the uses cases for
Threat Hunting, Alert Triage, as well as Incident Response.
SecOps teams should explore intelligent automation solutions today so they will be prepared for
an even busier and more vulnerable future.
About the Author
Kumar Saurabh, CEO and Co-founder, LogicHub. Kumar has

15 years of experience in the enterprise security and log
management space leading product development efforts at
ArcSight and SumoLogic.
He has a passion for helping organizations improve the efficacy

of their security operations, and personally witnessed the
limitations of existing solutions in helping SOC analysts detect
threats buried deep within mountains of alerts and events.
This frustration led him to co-found LogicHub™ to empower

cyber analysts by building intelligence automation, not just
analytics.

58
BUSINESS EMAIL COMPROMISE (BEC) IN FULL FORCE
& EFFECT
ANOTHER UNIVERSITY’S EPIC FAIL
There have been few attacks in the last five years that have been more success overall and on
average than the phishing campaigns that have run rampant through the global email systems.
The users seem to want to click, click, click, and click again on the links and images. In the
newer variants, the user is directed to a URL to enter into their web browser as an additional
attack vector. This may be directly noted in the email, or a PDF that is partially obscured, with
the URL to venture to in order to retrieve the document intended for the user.
The corporate environment can introduce and have training on what to be wary of in these
emails, forward email alerts to current scams with or without examples, posters at the offices
and cafeteria stating the obvious things to look for, and unfortunately there will be a subset of
users that will click or click multiple times on a phishing email.
After this activity, the user may feel embarrassed or they will be ostracized and not immediately
tell the InfoSec team, which only further exasperates the situation. The general format for these
attacks have been general phishing or spear phishing emails. There are subtle varieties of
these, modifying the target or delivery, however the intent and initial delivery methodology are
mundane.
With the overall phishing campaigns, one form has been exceptionally profitable for the phishers
in the last three years. The emails do have to be customized, however it merely takes on
hapless finance or accounting staff member to ruin the week or quarter by relying on this. The
amounts fraudulently obtained have ranged from tens of thousands of dollars to several million.
Here comes MacEwan University. On August 23rd of this year, the University detected the issue.
The phishers sent a series of emails which convinced the staff to change the bank routing
number from the one they had been using for one of their primary vendors. The phishers
worked to take the identity of the University’s primary vendor through a series of emails.
The end, detrimental result was $11.8 million in Canadian dollars of the University’s funds were
transferred to a Canadian bank and subsequently to Hong Kong. This is not the smallest or
largest sum fraudulently obtained via this form of attack, however it is rather significant.

59
One action which could have been taken to derail this fraudulent activity would have been
simple communication. After the demanding emails being received notifying the person to
change the bank routing number were received, a simple phone call by the University staff
member to the vendor would have ceased this.
Having a bank routing number change is not a normally occurring event. This generally is an
anomaly, which may warrant a simple follow up act. Although the regular training, email alerts,
and other cybersecurity activities do not guaranty this will be found, it certainly is a help and
diminishes the pool of potential people that may be successful with. As a lesson, training is
beneficial, however it is still the user that makes the choice to click. If the user has even a not
significant level of concern, a simple phone call should be made.
About the Author

60
9 WAYS CEOS CAN PROMOTE
CYBERSECURITY
by Jessica Anderson, Director of PR, PhoenixNap Global IT Services
The increase in ransomware attacks has created security challenges for companies. CEO roles
have expanded to include cybersecurity. As CEO you can take steps to minimize these
potential threats. Prepare your company and take precautions to avoid costly data breaches.
Hacks can hurt the company financially, and the reputation and brand ruined.
Here are nine steps that CEOs can take to promote cybersecurity.
UNDERSTAND SECURITY PROTOCOLS IN PLACE W ITH YOUR COMPANY
Once you have a clear picture of what practices are in place, you can identify areas that need
improvement. Work with other company leaders to develop a cybersecurity plan throughout the
company. Keep your security protocols updated to stay on top of new security threats.
Each employee needs to understand what rules are in place When a breach occurs; employees
should know what to do. Communicate changes to the whole company, to lessen the chance of
a security breach.
CONDUCT REGULAR SECURITY ASSESSMENTS
An annual security assessment can be a powerful tool to prevent and identify a breach.
Regulations like HIPAA Compliant hosting and the PCI require companies to perform these
evaluations. A security risk assessment (SRA) allows a company to identify key risk areas in the
network from the view of a hacker.
After the SRA, the CEO decides on where to allocate resources and security solutions. The size
and complexity of the network determine whether specific areas need to be prioritized or if it can
be more generalized
A CEO and the board decide what level of risk is acceptable for the company. An SRA cannot
eliminate all security risks. It identifies potential targets that hackers may target so that you can
protect those areas. Company resources are finite, but the assessment can assist with the
prioritization.
CREATE A WORKING RELATIONSHIP WITH THE CISO
Establish a partnership with the company's Chief Information Security Officer (CISO).

61
This is key to promote cybersecurity throughout the company. A CISO helps business
executives, including the CEO, understand cyber risks and are essential to promoting a culture
of cyber defense.
In recent years, most CISO's have been connected to the company's leadership team, and in
half of the companies, they are a member of the executive leadership team. A CEO must
understand and carry out security procedures throughout the entire enterprise. Together with
the CISO, you can work together to run threat assessments and review the results.
Consult the CISO on new projects early on in the planning phase so that they can find ways to
improve security. It is easier to integrate security measures during the development rather than
after the fact. The CISO will work with each team to find ways to meet the project goals in a way
that complements security protocols. Then it is up to the CEO to make sure that the teams
follow through and stay accountable.
PROMOTE SECURITY AW ARENESS WITH EDUCATION AND TRAINING
Most companies have a cyber awareness program in place to educate employees.
These programs train them to be able to identify network threats. An effective training program
stays up to date to meet new security threats. An outdated program wastes time and resources.
Take an active role in security awareness programs. By supporting these programs, you send a
message to employees on what they can do to promote cybersecurity awareness. It is also up
to your leadership to keep employees, managers, and other executives on track.
Involving yourself in the training program helps to measure its effectiveness. You can see how
many users have completed the training program, along with parts that they found helpful.
Employee surveys can provide feedback, and you can identify areas that need improvement.
STRENGTHEN AND ADAPT SECURITY PROTOCOLS
A risk assessment identifies areas in your IT security that need to be improved. Whenever your
company adds new equipment or software, you should make sure that it keeps the existing
network secure. Cybersecurity becomes more relevant as your business continues to add these
new tools.
By the year 2020, there will be between 20 to 30 billion connected devices in the world.
Connected devices provide useful information, but unprotected they can be a liability. Adapt
your security protocols to reduce or eliminate these liabilities.
Place a higher priority on mobile and connected devices. Your cell phone that allows you to
connect to your business email can be a spot that hackers can exploit. Understand how these
devices fit into the network, you can make the changes needed to strengthen the network.
DECENTRALIZE ACCESS
People, not technology, is the weakest point in your network.

62
You need to be cautious considering the new ways that hackers can steal your information.
Limit your access to protect the company from a major break in security. Instead of accessing
information directly, you can request reports from the relevant department. If the worse case
scenario happens, the damage can be minimized.
Having a CISO can help to identify possible breaches. How do you find the right CISO for your
company? Here are some of the key traits you should look for in a CISO.
You want a person that has a strong background in information security. They should be able to
keep an open perspective as well. When needed, they should be able to consult with outside
specialists to identify threats before they become an issue.
COORDINATE AND COMMUNICATE WITH ALL EMPLOYEES

Communication is a key part of promoting cybersecurity awareness.
As the CEO, it is your job to bridge the gap between security offers and the board. Encourage
your CISOs to use business language in their reports for easy understanding.
Security training should occur on a regular basis. Most companies train on an annual basis but
can benefit from more frequent training. Quarterly or biannual meetings can help to reinforce
defensive behaviors. By improving these programs, you can communicate updates with your
employees as they occur.
Stress the importance of cybersecurity awareness. This cannot be overstated. Educated

employees can make well-informed decisions that will lessen security risks. Employees that are
more aware become less of a liability.
Cybersecurity is an important part of every employee's job. As the CEO, you need to be a
role model for the company. Display proper security behavior, and create an environment where
security is constantly changing. Create a culture that promotes awareness so employees can
find weak spots in security.
UPDATE SECURITY PROTOCOLS AND SYSTEMS
Ransomware targets many worldwide institutions and businesses in all sectors. Software used
to steal information has become commonplace, and criminals for hire are not in short supply.
Many hacked victims have one thing in common. A part of their network is out of date, and
hackers exploit this vulnerability to enter the company's network.
An overextended IT department can have issues with keeping all of the devices on the network
up to date. A security threat assessment can identify these devices that can be exploited by
hackers. Once these threats are identified, you can create a schedule that ensures that devices
are not being skipped over.
Tools are available that can help to test your existing security. Anomaly detection tools can spot
unusual patterns in the network and user behavior. Penetration testing can also identify
weaknesses in the network.
63
Active defense techniques is an area that has developed in the network security world. Active
defense techniques can embed programs in the data that will attack the hacker's computer if
data is stolen. These techniques can have legal issues and would need approval from a CEO
before being used.
HAVE A DATA RECOVERY AND EMERGENCY RESPONSE PLAN

It can take only hours for your company's reputation to be damaged by a security breach.
A security breach can create both financial, and legal issues for your company. When your
business becomes a victim, you need to know how to respond to minimize the damage. Some
companies minimize risks by transferring liability to a third party. Securing data on a cloud
service cuts costs, and increase flexibility.
Cloud providers maintain security to protect their clients' data and function as a data backup.
Security risk can also be transferred to the provider, or cyber liability insurance can be
purchased by your company. If a breach occurs, react quickly. Identify when and where the
breach occurred. You should work with your security team to gather information. This will help
you figure out if any information is stolen so that you have a complete picture of the situation.
Staying on top of the issue will minimize the damage so that you can work on recovery as soon
as possible.
Conclusion
As the CEO, you have a vital role in promoting cybersecurity awareness.
Having the right cybersecurity culture can help with protecting your company's valuable data..
These nine methods will contribute to strengthening your organization's cybersecurity.
About the Author:
Jessica Anderson is a cybersecurity enthusiast and writer who studied journalism at Rhodes
University. She is working as Director of Public Relations in Phoenix NAP LLC. Jessica can be
reached online at jessicaphoenixnap@gmail.com and her company website
https://phoenixnap.com/

64
MEASURING SUCCESS IN CYBER SECURITY
IS NO NEWS GOOD NEWS WHEN IT COMES TO CYBER SECURITY IN YOUR
BUSINESS? WHAT ARE THE HALLMARKS OF EXCELLENCE IN THIS FIELD?
Phil Cracknell, Chief Information Security Officer (CISO) at Homeserve, is speaking alongside
senior public and private sector figures at the 16 November Cyber Security Summit in London,
shining a spotlight on the challenges facing Cyber Security practitioners.
He is keen to bring focus onto the lack of quantification in Cyber Security, pointing out that
“What good looks like is becoming increasingly important”, and as such, the ability to define
what construes “good” Cyber Security takes priority.
Phil has long made strides in developing co-operation between CISOs with a number of
purposes, one of which is the quantification of Cyber Security standards. Initially focusing on
“anonymous surveys of CISO’s to fill the void of information regarding breaches”, this work has
since evolved into The Metrics Project.
The Metrics Project focuses on defining the mechanisms and language used to measure the
effectiveness of Information Security, with over 50 UK CISO’s involved. As the collective work of
over 350 CISO’s over its current lifespan and purposely avoiding vendors and analysts thus far,
the Metrics Project focuses on developing something that will deliver true value to the
businesses of those involved, in Phil’s words – “By the CISO, for the CISO.”
Measuring and validating
Phil emphasised the role of metrics as “very much the key to our future” in measuring and
validating the effectiveness of Cyber Security. “Businesses are waking up to the fact that they
need metrics and risk indicators that our board, audit committees and non-executive directors
are able to understand.”
Promoting a “report what you should, not what you can” mind-set from organisations, Phil
suggests metrics have the ability to affect business practice in a number of ways. Metrics can
demonstrate effectiveness, measure exposure and agility, test organisation culture, pinpoint
responsibilities and highlight levels of investment”, all of which provide a great insight into a
sector and tangible, measurable indicators of Cyber Security suitability.

65
Having been in Cyber Security for over 20 years, the quirks and trends of the industry are no
longer a mystery to Phil, and looking forward, Phil is able to offer an insight not only on the
current state of the industry but also into where this fast-paced and largely unpredictable
industry may be headed.
Soft skills also crucial
Suggesting the current focus by security providers on product and technology may not be the
optimum strategy going forward, Phil draws attention to the softer skills involved in effective
Cyber Security. “Security leads are still procuring solutions that don’t address their top issues or
risks.
Good risk management will avoid this, and of course a solution for a risk doesn’t always have to
involve buying hardware, software or a service at all”. Instead, Phil advocates an introspective
business model, with training of staff and improved process management.
Casting a glance to the future, Phil addressed the rising trend in both work and society of ‘Bring
your own Device’, and the risks associated with such a trend – “With our corporate perimeters
expanding and even disappearing entirely, and the prevalence of personally owned devices in
our work environments, businesses should concentrate on protecting the contents, not the
containers, and identify critical data.”
Phil Cracknell will talk as part of the Cyber Security Summit at 3:30pm on 16 November, with his
address Measuring Success: Metrics for Cyber Security Strategy. He is speaking alongside
senior public and private sector figures, including Mark Sayers, Deputy Director of Cyber and
Government Security at the Cabinet Office, and Chris Ulliott, Chief Information Security Officer
at the Royal Bank of Scotland.
Author: David Roberts, Event Director at GovNet, organizer of the 16th November Cyber
Security Summit and Expo, and co-located GDPR Conference at the London Business Design
Centre.

66
ENHANCE CYBER THREAT HUNTING THROUGH
OPTICAL NETWORK ANALYTICS
CYBER INTELLIGENCE OFFICIALS NEED DATA MINING CAPABILITIES TO
TRACK MALICIOUS ACTIVITY ON GLOBAL TRANSPORT NETWORKS
REQUIRES
by Mike Seidler, Product Marketing Manager, NetQuest Corp.
Global optical transport networks have a little-known secret that keeps cybercriminals up at
night: It’s called analytics. Every time an attack is launched, whether it is theft of Equifax user
data or one of an estimated 4,000 ransomware attacks that occur daily, malicious actors leave a
trail of data that could be used to uncover their activities. Analytics derived from the physical
transport network can be employed to give cyber threat hunters an advantage in collecting this
data.
Cyber intelligence officials often don’t see the data that could identify criminal activity because it
is typically obscured by contemporary monitoring methods that strip away and discard
information that could be used to locate malicious activity.
Additionally, rapid technology changes occurring across long-haul transport networks are
making it more difficult to search for cyber threats. As transmission speeds accelerate and the
volume of traffic expands exponentially, it further impedes efforts to gain real-time visibility
across the all of the pipes that feed into modern optical transport networks.
That could all change as analytics and orchestration take a large role in in network access and
monitoring technology. Providing greater information on where and when attacks occur could
lead to the type of intelligence that turns the table on cyber terrorists.
Modern cyber intelligence applications hunt down aggressors and malicious activity. Successful
solutions should proactively and iteratively search through networks or datasets to discover and
react to advanced threats that evade traditional rule or signature-based security solutions.
This search starts with comprehensive traffic visibility because cyber intelligence agents cannot
find what they cannot see. Trained cyber analysts will rely on automated tools that correlate
information from data collected across multiple platforms to provide actionable intelligence. A
combination of skilled professionals and capable tools provides the necessary backdrop for
successful threat hunting.

67
Ignored in most monitoring applications, each signaling protocol layer on the optical network
contains information identifying the carrier responsible for transport as well as detailed
geographical information that could identify the physical source or destination of the monitored
traffic flow. As cyber intelligence agents try to gain an advantage in finding criminals who
perpetrate network attacks, they will find that complementing traditional IP flow information with
an extra layer of optical network analytics opens new opportunities to enhance threat detection.
Here are a few examples of information extracted directly from the optical transport network:
• Telecom carrier ID: AT&T, Vodafone, Verizon, Oi, or other;
• Network fiber ID: for example, “Verizon_seattle_lax_345”;
• Optical wavelength: for example, ITU channel 16 or other;
• Signal type: STM-64, 100GbE, OTU4, other;
• Geolocation and path ID: for example, Russia to Brazil;
• Transport protocol: GFP, POS, Ethernet, etc.;
• Traffic volume - changes in traffic patterns may be an indicator of network misuse.
Discovery starts by analyzing each of these data points across an entire monitored network or
unique network segments. These network parameters can be used to characterize the optical
network and may be tracked over time to gather historical trends over days, weeks, months or
years.
With access to current and historical information, network monitoring applications can identify a
baseline for how the network is expected to operate. More importantly, it presents the
opportunity to detect abnormal network behavior and provide early warning of a network attack
or threat. This visibility is provided through the collection of data across the network by
orchestrating the monitoring tools used to access each optical transport layer. The data can be
used to expose network trends, unusual events and provide comprehensive, real-time
understanding of the monitored network.
By providing continuous visibility through complex multi-layer transport networks, this advanced
cyber threat-hunting capability offers automated responses to network provisioning changes and
removes the need for costly on-site engineers and additional equipment.
The application of analytics in this situation offers flexible alarm reporting where an end user
can create thresholds based on various network parameters including traffic types, transport
overhead information and monitored traffic bandwidth. Each threshold setting can be used to
trigger alarms notifying surveillance operations centers of configuration changes to the
monitored network. Armed with this information, cyber intelligence agents can then initiate the
appropriate response.

68
Additionally, there is also the option to export analytics data for further analysis. Correlating the
metadata extracted from optical network analytics with standard IP flow analysis provides a
complete picture of the network across all layers: from the physical network to the application
data.
Modern cyber intelligence missions require comprehensive optical network analytics to pair with
their current cybersecurity tools to conduct real-time and in post-mortem analysis to best protect
networks from future attacks.
Cyber warfare has clearly become more dangerous as it matures. Enterprises and government
agencies are increasingly seeking improved methods for identifying threats by using data from
advanced network monitoring applications.
However, cyber intelligence tools focused only on IP traffic analysis often miss valuable
information from the physical transport network. Use of progressive optical network analytics
can reveal anomalies that can enhance cyber threat hunting tasks. Cyber intelligence missions
are pairing these comprehensive optical network analytics with current cybersecurity tools to
maximize success.
About the Author
Mike Seidler is a senior product manager for NetQuest

Corporation where he directs development of the company’s
automated intercept access and intelligent monitoring
solutions.
Prior to his current position, he was a product manager for

ARRIS and a principal hardware engineer for Motorola.
Mike can be reached at mseidler@netquestcorp.com and via

NetQuest’s corporate website at
http://www.netquestcorp.com/.

69
DIGITAL CERTIFICATES
THE BASICS, SWEEPING INDUSTRY CHANGES COMING IN 2018 AND HOW
TO BE PREPARED FOR THEM
by Doug Beattie, vice president of product management, GlobalSign
With an incredibly active threat landscape today there are a plethora, and even perhaps
overwhelming, number of options to consider to ensure your company’s cyber safety. One of the
first “basic” items on your security check list should always be to have the proper SSL
certificates in place.
SSL certificates offer the strongest encryption to ensure your website is protected. Customers
and visitors to your site will be confident knowing their browsing session is safe and that
information such as payment details and personal information are secure and encrypted.
Security professionals understand that, among the varying levels of certificates, Extended
Validation (EV) certificates are the “gold standard”. They activate the browser padlock and https,
and shows a company’s corporate identity, which assures your customers that you take security
very seriously. They also lend more credibility to a website.
All certificates should be obtained from a reputable Certificate Authority (CA). Research
carefully and do be wary of lower level certificates, such as Domain Validation (DV) certificates
that are free, as some have been linked to dangerous phishing scams.
WHY SSL CERTIFICATES ARE IN THE NEWS NOW
What’s got lots of tongues wagging these days is related to the fallout from Google’s dispute
with Symantec.
This began two years ago when Google engineers discovered Symantec accidentally mis-
issued 127 SSL certificates. The issue rose to prominence again in March of this year when
Google announced that it had uncovered more concerns with Symantec’s certificates, alleging
the company had mis-issued more than 30,000 certificates. Then in August, Symantec decided
to exit the web certificate business and sell it to Digicert.
The end result is that by mid-April 2018, all Symantec-issued certificates obtained prior to June
1, 2016, will be marked as untrusted by Chrome 66. Then by the end of October 2018, all
certificates that are chained to Symantec's pre-December 2017 rooted infrastructure will be
untrusted by Chrome 70.

70
This is an extremely significant development, and will certainly have the people responsible for
maintaining secure systems busy as they consider their next steps.
THINKING OF SWITCHING TO A NEW CERTIFICATE PROVIDER?
With the sweeping changes being implemented by Google (and Mozilla by extension), some
companies may be considering making a switch to a new SSL service provider.
While it’s not necessarily an extremely complex process, it will be necessary to plan this out. It
is also strongly recommended you give yourself enough time to determine whether you want to
remain with your current CA, or if you do indeed want to jump to a new one.
If you’re strongly considering making a switch, following are some important steps to consider.
At the outset, it will be important to survey and access your existing certificates, your company’s
needs as well as your usage. You should also be inventorying everything so you know what
needs replacing once you decide to make a switch. In addition, it will be necessary to identify
which of your team members will manage your new account. Making sure you train these
individuals on the new GUI (Graphical User Interface) is key, and you should factor any training
time into your transition timeline.
Also important during the certificate authority switch is API integration. If you have one with your
current CA, there will need to be a similar integration with your prospective new CA who should
have satisfactory API documentation, and be able to provide support and guidance throughout
the on-boarding process.
Another critical element in this process will be estimating the costs involved of a switch. You
should be thinking about everything from capital and operational expenditures to annual costs,
product definitions and any set-up fees you’ll incur with the new CA.
During this process you should insist on a solution that includes comprehensive SSL certificate
management. This service helps customers discover, inventory and manage all SSL certificates
across their network and cloud services. Most CA’s today offer this to reduce risk, respond to
threats but also to control SSL costs.
Finally, when comparing managed SSL providers, be sure you place an importance on the fact
that you are essentially picking a business partner, not just a product, as this is a relationship
that goes well beyond just its delivery. Your organization will have a dependency on the CA long
after they have issued your certificates.
Your prospective new CA should also be able to provide you with the highest security, feature-
rich SSL Certificates. They should also be able to provide sound advice on security initiatives,
take your business needs into consideration when making recommendations, and provide you
with tools in order to verify that your web server configuration has been optimized to guarantee
maximum security.

71
It's been a very active year for the certificate market. One major player is exiting and Google
Chrome has been vocal about some very significant changes it will be implementing next year.
Now is a good time to consider all your certificate options, and map out what makes the most
sense for your company so you’re not caught off guard in 2018.
About the Author
Doug Beattie is the Vice President of Product

Management at GlobalSign. He is responsible for
defining, positioning and launching all SSL-related
products. Prior to joining GMO GlobalSign, Mr. Beattie
was Principal Systems Engineer at General Dynamics
where he was the lead architect responsible for driving
and building a smart card management system issuing
over 500K PKI-enabled smart cards for the US
government. Prior to joining General Dynamics, Mr.
Beattie was the Director of Product Management at
GeoTrust where he led the SSL line of business from
their first SSL certificate sale through the successful
acquisition of the business. He has also held positions
at CyberTrust Solutions, a PKI and e-Security firm,
Securant Technologies, an access and privilege management product, and GTE Government
Systems Corporation. Doug can be reached online at doug.beattie@globalsign.com and at
http://www.globalsign.com/

72
A NEW APPROACH TO HARNESSING MACHINE
LEARNING FOR SECURITY
by Sarosh Petkar, Malware Analyst, Barkly
For years, we’ve heard the same things over and over again about the challenge of
cybersecurity. Attackers will always be one step ahead of organizations. The amount of
malware they’re producing is overwhelming and increasing every day. Compromise is
inevitable.
But with the adoption of machine learning, security technologies are providing organizations
with new ways to tackle this seemingly intractable problem. Models can process extremely large
datasets and be trained to identify similarities in malware samples that make them distinct from
good software. Retraining the models can also be automated to keep pace with the massive
influx of new and changing samples that overwhelm traditional solutions.
There are however, a couple of caveats that present challenges to machine learning, and limit
the level of accuracy these models can achieve.

73
● Caveat #1: Models need to be trained on the right data: To accurately differentiate
between malware and "goodware," a model's datasets need to consist of a diverse range of
both. Otherwise, imbalances in sample types can produce biases. Ex: Models can be prone to
false positives, classifying legitimate programs as malware and creating the need for overrides.
This is especially true when organizations deploy their own or custom-built third party software.
● Caveat #2: Models need to be constantly refreshed: Attacks evolve. New techniques and
new malware appear constantly. As a result, as time passes, machine learning models
designed to detect malware gradually deteriorate. Their accuracy suffers, with new malware
samples slipping past them and updates to legitimate software triggering false positives. To
compensate, some vendors use whitelisting and blacklisting, which increases management
costs and doesn’t solve the underlying problem. It’s not until a model can be retrained on new
samples that accuracy can be restored. And then the cycle begins anew.
With these caveats in mind, it’s worth noting the adoption of machine learning for security
purposes is still in its early stages. As analysts point out, many models lack refinement and
currently serve as “coarse-grained filters” that operate with a clear over-sensitivity to malware
versus goodware. That’s because the vendors behind them have often found themselves facing
a difficult choice between providing wider coverage (blocking more malware) or more accurate
coverage (making sure malware is the only thing getting blocked). In those cases, wider
coverage wins nearly every time. As a result, false positives have become the accepted price of
protection, even though they are well understood to be a prohibitive barrier to effective roll-out
and come at considerable cost.
As more security vendors turn their attention to successfully harnessing machine learning,
however, significant advances are being made that may eventually make that “necessary”
sacrifice a thing of the past.
74
A DIFFERENT APPROACH THAT INCREASES ACCU RACY
To maximize coverage and accuracy, the approach to machine learning we take at Barkly
involves nightly training of our models (which keeps protection up-to-date) as well as the
creation of organization-specific models trained against each company’s unique software profile.
Not only does that allow our models to be more current and responsive to the newest threats, it
also allows them to be less reactive to the legitimate goodware deployed in each environment.
Here’s how it works: Each night, we collect thousands of samples of new malicious software,
and we combine those samples with up-to-the-minute data on the known-good software
organizations are running. We then re-train and redistribute the updated models, which have
been tailored and optimized specifically for each organization. Thanks to that cadence, we’re
able to provide more accurate, maximized protection that maintains its strength over time.
We believe this new, responsive approach represents an exciting step forward in the way
security providers can apply machine learning. But the truth is we still have a very long way to
go before we tap the technology’s full potential. As adoption of machine learning becomes more
prevalent we’re eagerly anticipating more breakthroughs that tip the scales against attackers.
About the Author
Sarosh Petkar is a BS/MS student of the RIT Computing Security

department. He is currently working as a Malware Analyst at
Barkly, the Endpoint Protection Platform that delivers the
strongest protection with the fewest false positives and simplest
management.
His interests include reverse engineering, network security, and

cryptography.
He can be reached online at sarosh.petkar@barkly.com.

75
CYBER RESILIENCE IN 2018: WHAT TO WATCH
by Anthony J. Ferrante, Senior Managing Director & Head of Cybersecurity, FTI Consulting
A report from Lloyd’s of London recently claimed that a global cyber attack could result in up to
$53 billion in losses, putting the potential financial impact of a cyber incident on par with that of
a major natural disaster. The cybersecurity events that took place around the world this year
demonstrate how very real those predictions may become. Some companies are still reeling
from the NotPetya attack in June, with several claiming they may never completely recover from
the damage to their systems. The three largest cyber attacks this year – WannaCry, NotPetya,
and Bad Rabbit – all involved the use of ransomware, which will continue to hit private and
government networks around the globe.
These and other incidents indicate that malicious actors are gaining rapid momentum and
becoming increasingly sophisticated. In 2018, cybersecurity professionals can surely expect to
see more of the same from this past year, along with a handful of new challenges. In order to
prepare for the next wave of emerging threats, organizations should look closely at the top
trends expected to hit the global cybersecurity landscape. These include:
1. Increasing IoT issues: The threat landscape is increasing at an incredible rate, with
connected devices in the workplace and in our homes playing a big role in that evolution.
Security isn’t typically built into Internet of Things (IoT) devices, autonomous vehicles,
and other ‘smart’ technology, making them uniquely vulnerable to malicious threat
actors, as we’ve seen with several high-profile distributed denial-of-service (DDoS)
attacks. In October of last year, hackers launched the Mirai botnet to execute a massive
DDoS attack on Internet domain provider Dyn, using infiltrated connected household
devices such as DVRs and cameras. Many mainstream websites, including Twitter and
Spotify, were impacted. Attacks are already wide-reaching across the globe, with no
specific region as a primary target. The new year will likely bring further attacks involving
hijacking of connected technology, and organizations will need to work diligently to
ensure they are resilient against this breed of threat.
2. Mounting cyberwarfare and malware activity: Cyberspace has become the new
battlefield for modern warfare, providing state-sponsored malicious actors with an
inexpensive, highly-effective, and globally-accessible platform to steal money and wreak
havoc. Cybersecurity researchers are increasingly reporting on malicious activity that
they suspect is state-sponsored, including the use of ransomware. Infrastructure is also
being targeted. Dragonfly, a group that is believed to be nation-state-run, has
successfully intruded networks that control elements of U.S. power infrastructure and is
conducting increasingly sophisticated multi-stage attacks. The CrashOverride malware
used to cause the 2015 and 2016 power outages in Ukraine is another red flag that
demonstrates the types of targets politically-motivated malicious actors are pursuing.
Cyberwarfare is starting to spill over into private industry and businesses must be
prepared for critical areas such as healthcare and other public safety systems to become
targets.

76
3. Privacy concerns will drive new requirements: New laws impacting cybersecurity
practices are being implemented around the world, with Europe’s General Data
Protection Regulation (GDPR) and China’s Cybersecurity Law as two timely examples.
GDPR outlines that to be compliant, companies must follow established cybersecurity
practices and “state of the art” approaches to prevent a breach of sensitive, protected
data. It also institutes new data breach notification requirements, wherein organizations
are given a 72-hour window to notify impacted persons when a breach occurs. This will
present a big challenge for any organization that houses sensitive information, and in
2018, businesses must prepare for increasingly strict legislation and policymaking on
this front. Emerging policy standards will have an impact on how we do business, and
organizations will need to take action to achieve compliance.
4. Increased exploitation of information as a weapon: Mainstream news has been

inundated with headlines related to hacking into sensitive information and the use of that
information for financial, political, and other gains. As we’ve seen a number of times,
such as with Sony and Equifax, these breaches can have a huge reputational and
financial impact on corporations, and executive leaders of breached companies will
become increasingly held responsible for failing to prevent and detect these types of
attacks. Cybersecurity professionals should expect additional exploitations and
intrusions into sensitive data and must be prepared to stay ahead of malicious actors to
ensure they are not gaining entry into sensitive files and email communications.
Cybersecurity is a dynamic field, and it is difficult to predict exactly what we’ll face tomorrow, let
alone in a year. But implementing holistic programs that are intelligence-led and built on lessons
learned from previous incidents is the most effective approach to ensuring a more secure and
resilient future. Proactive intelligence gathering is also critical in evolving cybersecurity
programs in parallel with evolving threats. Sharing of intelligence between private industry,
government, and international partners is another important step to prepare for the implications
of cyberwarfare, privacy regulations and other challenges on the horizon. By taking these
steps, businesses can be sure they are ready to face the cyber threats of 2018.
About the Author
Anthony J. Ferrante is a Senior Managing Director at FTI Consulting and

is based in Washington, DC in the Global Risk & Investigations Practice
(GRIP) of the Forensic & Litigation Consulting segment.
Mr. Ferrante has more than 15 years of top‐level cybersecurity

experience, and maintains first‐hand operational knowledge of more than
60 criminal and national security cyber threat sets and extensive practical
expertise researching, designing, developing, and hacking complex
technical applications and hardware systems.

77
‘TIS THE SEASON TO PREPARE YOUR E-COMMERCE
BUSINESS TO EFFECTIVELY FIGHT FRAUD
With the holiday shopping season fast approaching, e-commerce companies are once again
planning for and preparing to profit from the increasing numbers of shoppers who purchase their
gifts online. While etailers anticipate heavenly profits, they’re also wary of the earthly reality of
CNP fraud. Does the increased opportunity of the holiday season also contain an equally
increased risk of fraudulent orders and costly chargebacks?
While this fear might seem logical, the reality is the Grinch of fraudulent orders is unlikely to
steal the yuletide bounty. This is because e-commerce fraud rates actually significantly
decrease during the holiday shopping season - not because fraudsters are taking a break, but
because of the huge influx of legit shoppers during this time. This is especially true for the three
kings of Cyber Monday, Black Friday, and New Year’s Eve.
Change your fraud prevention focus
Since the percentage of all orders which are fraudulent drop during this time, online merchants
face a higher risk of turning down legit orders unless they adjust their fraud prevention systems.
Declined legit orders mean lost revenue, not only for that particular order, but also any future
online orders which will now be diverted to your competitors because your crude fraud filter
seriously dampened that shopper’s holiday spirits by mis-labeling them as a criminal. This is
precisely why many etailers are switching to more advanced e-commerce fraud protection
solutions, like the machine learning-based service offered by Riskified.
Not only is there a danger in overreacting to the actual fraud risk, e-commerce companies can
also make costly mistakes when it comes to manual review of suspicious orders. The huge
surge of shoppers during this time results in a large volume of orders which need to be manually
reviewed by analysts who then accept or decline the order. This in turn forces online merchants
to add seasonal hires to their fraud review team as well as increase the workload on permanent
staff, both of which can result in inaccurate, rushed decisions (especially if the seasonal hires
are new to fraud prevention).
Help bring joy to the world: don’t falsely decline international orders
Rushed decisions and fear of chargebacks often result in more false declines and thus lost
revenue. What compounds this problem of false declines during the holiday shopping season is
not only the already discussed quantity of orders, but also their quality, because perfectly
legitimate holiday e-commerce shopping can have one or more indications of a fraudulent order.
One of these is a mismatch between the billing address of the card used and the shipping
address of the gift, which can indicate a fraudulent order. It can also indicate, however, a
consumer shopping for friends or family and choosing to have the merchandise shipped directly
to them. The fact that many online merchants offer gift wrapping before shipping makes this all
the more convenient.

78
Another example is an international shopper using their non-US card (with an overseas billing
address) for payment, but requesting a US shipping address. This could be a fraudulent order
from a criminal in a foreign country using a reshipping service to conceal their location.
This could also be a legitimate international shopper using a reshipping address because the
merchant doesn’t ship products globally, but they still want jump on a great deal. This example
combines the billing/shipping address mismatch of the previous example with international
factors - foreign card and use of a reshipper—which often raise red flags and thus can get
falsely declined.
By responding to the actual size of e-commerce fraud risk, switching to more sophisticated fraud
prevention solutions, and optimizing their manual review policies, online merchants can both
boost their revenue and minimize their losses from fraudsters this holiday season.
About the Author
Anna Jones is an experienced freelance writer, and has written for a

number of high quality publications. She loves to write about
anything technology, but dabbles in a bit of interior design. She may
be reached at anna.helen.jones@gmail.com and on twitter at
@a_jonesyjones

79
BIOMETRIC BEST PRACTICES
In the identity-based world we live in, passwords seem to hold the key to our identities. But with
a majority of Americans (64 percent) personally experiencing a data breach, our long held
tradition of safeguarding our wealth and personal information using a secret word or phrase is
being turned on its head.
This past September, Deloitte was hit by a cyber-attack, compromising the emails of some of its
blue-chip clients. Hackers had access to information including usernames, passwords and IP
addresses. It’s been reported that the hacked account only required a simple password. Hacks
such as Deloitte and others underline the utmost need to ensure the safekeeping of information.
Enter biometrics. By leveraging your face, voice, eyes and behaviors, biometrics is upending
our world and is helping us reclaim our right to our rightful identity. So much so that biometrics
has entered the mainstream in today’s society, being adopted by big companies such as Apple
(new Face ID) and Amazon (Alexa).
In order to implement biometric systems, there are do’s and don’ts that need to be considered.
In the end, the most important thing is the consumers. They need to feel safe and trust
biometrics to be their new form of identity and there are certain steps that can do just that.
Here are some best practices:
1. Take a platform approach: The best way to incorporate biometrics into an existing
infrastructure is to take a platform approach to the consumption of biometrics into
applications – meaning that you don’t just focus on one type of biometric or one piece of
hardware. Whether you’re a financial institution or data center, by taking a platform
approach, biometrics can continue to innovate and evolve. Many might fall into the
pattern of using simple point-to-point integration which only causes a piece of code to
become frozen in time and bound to a single biometric. Developers will pick a favorite
biometric and stick with it, but by using a platform approach, systems can integrate one
biometric and then easily add on additional methodologies.
2. Incorporate risk-based authentication: Multi-factor authentication is not enough in

order to eliminate spoofing from the biometric space. Critics of biometrics will point to
spoofing, which is defined as the ability to imitate or fool a physical security application.
As we’ve all encountered, one study by Keeper Security found that more than 80 percent
of people reuse the same password across multiple accounts showing that convenience
will trump security any day. Higher risk transactions such as a bank wire transfer for
$10,000 should not be given the same weight as lower risk transactions, for example
sending your coworker $5 for the coffee they bought you. Instead, the focus should be
on the relationship between risk and trust. For higher risk transactions, multi-factor
authentication using multiple biometrics and liveness detection can create the most
80
secure platform. By requiring an individual to provide his or her identity, the platform’s
algorithm can significantly lower the chances of a system being tricked into wrongly
identifying a subject.
3. Use a hybrid approach to store data: When it comes to storing biometric data, there is
a common debate on whether the server (i.e., the Cloud) or local storage systems
should be deployed. As a best practice, BioConnect recommends that companies utilize
a hybrid approach as there are positives and negatives to both. But more importantly,
enterprises need to consider not only where they store their data but how. One method,
asymmetric cryptography, uses public and private keys to encrypt and decrypt data, with
one key that can be shared with everyone and another key that is kept secret. This
practice offers increased security.
4. Education: The best practice above all is education. The challenge we face today is that
people are skeptical of biometrics because they don’t fully understand what it is and how
it works. Every day, efforts are made in the right direction as more and more people
adopt biometrics. With the introduction of biometrics in the mobile phone industry,
physical security has moved forward as Acuity Market Intelligence forecasted that all
smartphones shipped will have biometrics included within its software by 2020. The
responsibility of education falls on the manufacturers and providers to educate the public
on how biometrics can simplify and protect one’s identity.
In the not-so-distant future, passwords will go the way of cassette tapes, CD players and other
devices that have been retired from everyday use. And I for one cannot wait. I envision a world
where a person is no longer tethered to a plethora of passwords that they need just to access
their own information. In the next few years, we will begin to shift away from passwords to the
point where an individual can simply be themselves to prove their identity. We will wipe out the
need to memorize different passwords and sequences, and instead we’ll rely on our eyes, voice,
hands, face –qualities that are unique to you and you alone—to protect our rightful identity.
About the Author
Rob Douglas is the Chairman and CEO of BioConnect. Over

the last fourteen years, he has been providing global market
leadership in the biometric identity market. He was formerly
Board Member, President and CEO of Bioscrypt Inc from
2003 to 2009 (BYT.TO) which was successfully sold to L-1
Identity Solutions (ID:NYSE) in 2008. Prior to that Rob was
instrumental in shaping high growth technology companies as
a former leader at IBM, Oracle and Siebel Systems. While at
Siebel Systems, Rob led a hyper growth business unit from
$1m to $110m in less than 4 years. Connect with him on
Linkedin or Twitter @RobMDouglas7.

81
WHY YOU NEED A GOOD HEAD-HUNTER TO HELP
FIGHT CYBER CRIME
by Will Bourne – Director – Cognatio Solutions
In a market driven by highly skilled professionals, it’s essential organisations attract the best
talent to help fight cyber crime and prevent future breaches. According to the National University
of Singapore ‘Cyber Crime is predicted to cost the global economy $6 Trillion by 2021.’
Therefore, investment is needed to help secure many organisations. This includes investing in
education and ensuring any future skill gaps are addressed before it’s too late. As breaches
become more frequent and complex it’s important companies use skilled recruiters to be
matched with the best talent.
The Commission on Enhancing National Cyber security suggested training over 100,000 cyber
security practitioners by 2020 will prevent the risk of skill shortages. However, 9 out of 10 CSO
and CISO’s admit these are skills their organisations require immediately. Palo Alto commented
on the lack of cyber talent in their predictions for 2017 - suggesting that as the number of cyber
security professionals increases across all industries, recruiters need to look for top talent
outside technology companies and ‘the need for non-technical security professionals will also
increase.’
So, what does this mean for the job market? Unfortunately, if you’re already in a cyber security
role your workload is set to increase dramatically if your company can’t add resources and
personnel to your team. However, with these skills being in demand it means salaries are
increasing and will continue to do so above the market average for the next few years. With a
median salary of approximately $100K, there are many opportunities for cyber security
professionals across both international organisations and start-ups. This means companies
have to work a lot harder to attract and retain employees. For example, last week Goldman
Sachs relaxed their dress code for all tech employees to try to compete with Tech Giants such
as Apple and Google.
With a market led by skilled candidates how can a good recruiter affect your business? Firstly
you’ll have access to the best candidates within the market, those both actively looking for new
roles and passive job seekers. Also a good head-hunter has the ability to influence and advise
C-suite stakeholders, communicating technical information and statistics into real time facts for
business leaders. Therefore, helping them make informed decisions about the resources they
need to secure their business.

82
At Cognatio Solutions we have a dedicated Cyber Security practice with specialist consultants
and researchers who are able to analyse the market and understand client’s needs to match
businesses with the best talent. We’re seeing huge demand for skilled
➢ Cyber security consultants
➢ Engineers
➢ Security administrators
➢ Analysts
➢ General IT staff
These are not just within technology companies but also across all industries. Some industries
in particular are becoming prime targets, such as banking, governments and healthcare sectors,
which is driving the need for a consistent level of cyber security measures. Some of the world’s
largest international banks and government bodies are doubling their cyber security budget as it
becomes apparent that no industry or individual is safe! At Cognatio we have the ability to
become an extension to your business, dedicating time and resources to fully understand
challenges you face and create in depth solutions tailored to your needs in a timely manner.
About the Author
Will Bourne – Cognatio Solutions.
Having personally helped numerous companies in the technology

industry staff out workforce's across the globe, from US & Israel
based start up style organisations testing new territories to large
global manufacturers revamping teams and regions, there aren't
many locations I haven't successfully engaged in and there aren't
many departments within an organisation I haven't staffed out.
I have accumulated thousands of contacts on my journey, all of which have something to offer
my network and my clients. From support in contracts, outsourced payroll, creating entities in
new territories to introducing partners/suppliers and distributors who can help your
products/services reach new target customers. To that end I endeavor to raise awareness of
your brand via my network via regular updates, news feeds, market releases and relevant
material that can increase your social media footprint in new territories. Reach me at
will.bourne@cognatiosolutions.com.

83
IDENTITY THEFT RISK MANAGEMENT AND CYBER-
SECURITY: CONNECTING THE DOTS
by Yan Ross, Director of Special Projects, Institute of Consumer Financial Education
.......
In recent years, media coverage and public perception of identity theft risk management has
begun to be overshadowed by reports of cyber-security threats and responses. Large-scale
data breaches have grown as identity thieves and other abusers of sensitive information have
become more sophisticated and have used high-tech means to exploit weaknesses in hardware
and software applications.
In this context, cyber security is a relative latecomer, but it’s clear that IT solutions have taken a
central role in defending against cyber hackers. Where is this going? To respond, it’s
important to address the question “Why do hackers hack?”
“Why do I rob banks?

Because that’s where the money is!”
Willie Sutton
Repositories of big data are the new banks. There are principally three types of hackers, and
their exploits mirror those of garden-variety identity thieves.
1. Hacking for financial gain. This includes the sale of sensitive information, which may
sell for pennies (like Social Security numbers) or tens of dollars (like medical records
and insurance information, and many other elements of Personally Identifiable
Information (PII) for in-between prices.

84
2. Hacking for political purposes. This includes both state-sponsored and terrorist
exploits, for both access to sensitive information and the distribution of
disinformation, as well as unauthorized modifications and denial of service attacks on
web sites.
3. Thrill-seekers. No longer limited to the skateboard set living in Mom’s basement, but
other sophisticated criminals who apparently experience enjoyment and peer
adulation by stealing sensitive information and causing general online havoc.
To some extent, it is tempting to “fight fire with fire,” and respond to cyber threats exclusively
with cyber defenses. In a perfect world, this would seem to make sense. In some cases, that
works even in the real world, and an application or software fix or patch can often overcome a
specific cyber security exploit or technical vulnerability.
However, beyond cyber-based data breaches, schemes to gain access through non-technical
individuals have proliferated, resulting in growth in both the number and costliness of cyber-
attacks. In the midst of all this threat spectrum, human vulnerability is still the leading entry
point of identity theft and data breaches. Numerous recent surveys report that the vast majority
of data breaches are rooted in phishing exploits and are successful due to human failure.
Schemes such as social engineering and other manipulations designed to inveigle individuals
into launching malware or executable files, and accessing bogus web sites, are often the means
used by cyber criminals. Think of a seemingly innocuous e-mail request to update account
information for an active account, but with a link to a similar-sounding web site controlled by the
cyber criminals, in actuality the means to capture the username and password of the victim.
Regardless of the illicit objectives, the necessary defenses must include both IT responses and
education of the broader population of organizations and consumers. Without getting all non-IT
users to practice good “cyber hygiene,” it is unlikely that the cyber defense system will be
successful. As long as there is a human being with a keyboard and a mouse, and access to the
system, cyber defenses alone will leave vulnerabilities.
This state of affairs has been referred to as “asymmetrical warfare,” in which the opposing sides
play by different rules and have different standards of success. The defenders must prevail
100% of the time, while the attackers need only enjoy the occasional success to win.
In practice, the most successful cyber defense is a thoughtful combination of IT methods and
education of employees and other users who may have access to sensitive systems and data.
One example is the human factor in failing to keep all software programs up to date with
important patches to combat perceived and discovered vulnerabilities. Another is the
importance of keeping all users up to date on the latest methods used by cyber criminals and
identity thieves. The established methods of managing the risks of identity theft, especially
through education, are the most likely to be used successfully in conjunction with cybersecurity
applications.

85
For the time being, both IT solutions and user education must be employed together in order to
craft an effective defense against cyber criminals. Coordination of these two approaches can
best be accomplished by educating general users to recognize and avoid the predations of
cyber criminals and identity thieves, as well as providing the technical professionals with a solid
understanding of the non-technical vulnerabilities involved. In this way, the desired result of
fighting cyber-attacks to a standstill is most likely to be successful.
Looking ahead, it’s important to remember that the internet as a system was not originally
intended to serve as a platform for commercial transactions and a system to carry all types of
private and personal communications, much less as a command-and-control facility.
Essentially, today it’s a leaky ship with a fast-growing number of holes, and the patches amount
to a crazy-quilt of Band-Aid fixes. Until the entire platform can be separated or replaced with
one or several more suited to the kind of integrated security systems that can assure that
human failure is not possible, there will be no end to cyber exploits.
One further observation is in order about the future of identity theft and cyber attacks: Current
projections of up to 2 million new cybersecurity jobs will be created in the next 4-5 years. How
many of these may be made redundant by AI applications? Are we preparing to fight the last
war? How will identity theft risk managers work together with cybersecurity professionals to
meet this growing threat, now and in the future?
“Look Dave, I can see you're really upset about this. I honestly
think you ought to sit down calmly, take a stress pill, and think
things over.”
Hal from 2001: A Space Odyssey
The ICFE’s Certified Identity Theft Risk Management Specialist ® XV CITRMS® course is now
available both in printed format and online. See: http://icfe.info/Certifications/CITRMS.shtml
The Textbook and Desk Reference edition of the course book is also available at
https://www.createspace.com/6176952 . Bulk pricing and discounts for veterans and students
available. Inquire at yan.ross@icfe.info
About the Author
Yan Ross is ICFE's Director of Special Projects, and the author of the
Certified Identity Theft Risk Management Specialist ® XV CITRMS®
course.
As an accredited educator for over 20 years, he has addressed Identity

Theft Risk Assessment and management for consumers, organizations
holding personally identifiable information, and professionals who work
with individuals and organizations who are at risk of falling victim to
identity thieves.

86
87
Oman offers scope for ICT investment, evident by increase in activities in
tourism and infrastructure and upcoming Smart City projects like the Logistics
city near Muscat, Duqm and Madinat Al Irfan and the transformation of
Muttrah into a smart city. Held from 23-25 April 2018 at the Oman Convention
& Exhibition Centre, COMEX will usher in an era of economic growth by
tracking the progress of ICT in transforming companies & industries.
As ICT applications are being realized across several sectors in Oman,

COMEX will showcase technological developments across industries related
to Manufacturing, Transport & Logistics, Healthcare, Retail, Finance &
Banking, Education, and Oil & Gas.
The transition to a knowledge-based information society lies at the heart of

Oman's Vision 2020 and development toward Vision 2040. The private
sector’s role in aiding this transformation will be highlighted at COMEX
Business through specific focus on corporate solutions related to Computer &
IT, Big Data/ Storage, Internet of Things, Future Technology, Smart City,
Artificial Intelligence, Augmented & Virtual Reality, 3D Printing, Cloud Data
and Retail & Payment. Similarly the public sector’s role in formulating citizen-
consumer approaches characterized by secure connectivity & complimented
by the Information Technology Authority’s (ITA) digital strategy will be
highlighted at COMEX eGovernment.
The ‘Tech Smart Conference’ held alongside COMEX will explore the
potential of the ‘Internet of Things’ & ‘Artificial Intelligence’ across various
industries in Oman while COMEX Shopper taking place from 24th- 28th April
2018 will be a haven for homeowners hoping to invest in smart homes &
consumer electronic products that offer new & smarter ways to live. New
Pavilions at Shopper this year include a Smart Home Zone, AR & VR Zone &
Gaming Zone.
To know more, visit www.comex.om

88
89
90
91
92
93
94
95
96
97
98
99
100
TOP TWENTY INFOSEC OPEN SOURCES
OUR EDITOR PICKS HIS FAVORITE OPEN SOURC ES YOU CAN PUT TO W O RK TODAY
There are so many projects at sourceforge it’s hard to keep up with them. However, that’s not where we are going
to find our growing list of the top twenty infosec open sources. Some of them have been around for a long time
and continue to evolve, others are fairly new. These are the Editor favorites that you can use at work and some at
home to increase your security posture, reduce your risk and harden your systems. While there are many great
free tools out there, these are open sources which means they comply with a GPL license of some sort that you
should read and feel comfortable with before deploying. For example, typically, if you improve the code in any of
these open sources, you are required to share your tweaks with the entire community – nothing proprietary here.
Here they are:
1. TrueCrypt.org – The Best Open Encryption Suite Available (Version 6 & earlier)
2. OpenSSL.org – The Industry Standard for Web Encryption
3. OpenVAS.org – The Most Advance Open Source Vulnerability Scanner
4. NMAP.org – The World’s Most Powerful Network Fingerprint Engine
5. WireShark.org – The World’s Foremost Network Protocol Analyser
6. Metasploit.org – The Best Suite for Penetration Testing and Exploitation
7. OpenCA.org – The Leading Open Source Certificate and PKI Management -
8. Stunnel.org – The First Open Source SSL VPN Tunneling Project
9. NetFilter.org – The First Open Source Firewall Based Upon IPTables
10. ClamAV – The Industry Standard Open Source Antivirus Scanner
11. PFSense.org – The Very Powerful Open Source Firewall and Router
12. OSSIM – Open Source Security Information Event Management (SIEM)
13. OpenSwan.org – The Open Source IPSEC VPN for Linux
14. DansGuardian.org – The Award Winning Open Source Content Filter
15. OSSTMM.org – Open Source Security Test Methodology
16. CVE.MITRE.org – The World’s Most Open Vulnerability Definitions
17. OVAL.MITRE.org – The World’s Standard for Host-based Vulnerabilities
18. WiKiD Community Edition – The Best Open Two Factor Authentication
19. Suricata – Next Generation Open Source IDS/IPS Technology
20. CryptoCat – The Open Source Encrypted Instant Messaging Platform
Please do enjoy and share your comments with us – if you know of others you think should make our list of the
Top Twenty Open Sources for Information Security, do let us know at marketing@cyberdefensemagazine.com.
JOB OPPORTUNITIES
Send us your list and we’ll post it in the magazine for free, subject to editorial approval
and layout. Email us at marketing@cyberdefensemagazine.com

101
102
103
104
105
106
107
108
109
110
FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL
ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR

MAGAZINES FOR FREE.
This magazine is by and for ethical information security professionals with a twist on innovative
consumer products and privacy issues on top of best practices for IT security and Regulatory
Compliance. Our mission is to share cutting edge knowledge, real world stories and
independent lab reviews on the best ideas, products and services in the information technology
industry. Our monthly Cyber Defense e-Magazines will also keep you up to speed on what’s
happening in the cyber crime and cyber warfare
arena plus we’ll inform you as next generation
and innovative technology vendors have news
worthy of sharing with you – so enjoy.
You get all of this for FREE, always, for our

electronic editions.
Click here to signup today and within moments,

you’ll receive your first email from us with an
archive of our newsletters along with this month’s
newsletter.
By signing up, you’ll always be in the loop with

CDM.
Cyber Defense E-Magazine October 2017
To learn more about us, visit us online at http://www.cyberdefensemagazine.com/

111
WE OFFER SOME OF THE BEST HIGH TRAFFIC OPPORTUNITIES
FOR INFOSEC INNOVATORS: LEARN MORE BY EMAILING US
at marketing@cyberdefensemagazine.com for more information.
Copyright (C) 2017, Cyber Defense Magazine, a division of STEVEN G. SAMUELS

LLC. PO Box 8224, Nashua, NH 03060-8224. EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide. marketing@cyberdefensemagazine.com Cyber Defense
Published by Cyber Defense Magazine, a division of STEVEN G. SAMUELS LLC.Cyber
Defense Magazine, CDM, Cyber Defense eMagazine, Cyber Defense Test Labs and
CDTL are Registered Trademarks of STEVEN G. SAMUELS LLC. All rights reserved
worldwide. Copyright © 2017, Cyber Defense Magazine. All rights reserved. No part of
this newsletter may be used or reproduced by any means, graphic, electronic, or
mechanical, including photocopying, recording, taping or by any information storage
retrieval system without the written permission of the publisher except in the case of
brief quotations embodied in critical articles and reviews. Because of the dynamic
nature of the Internet, any Web addresses or links contained in this newsletter may
have changed since publication and may no longer be valid. The views expressed in
this work are solely those of the author and do not necessarily reflect the views of the
publisher, and the publisher hereby disclaims any responsibility for them.
Cyber Defense Magazine

PO Box 8224, Nashua, NH 03060-8224.
EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide.
marketing@cyberdefensemagazine.com
www.cyberdefensemagazine.com
Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 11/27/2017

112
113
114
115

Cyber Defense Emagazine November 2017

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Defense Emagazine November 2017

Uploaded by

Copyright:

Available Formats

Cyber Defense eMagazine – September 2017 Edition

BRAZILIAN "CAR WASH" TASK FORCE: CYBER SECURITY LESSONS 15

WHAT IS OLD IS NEW AGAIN 17

HOME OFFICE CYBER PROTECTIONS 19

SEEING AROUND CORNERS: OPERATIVELY-SOURCED INTEL PREDICTED A

LACK OF INFOSEC & DEVSECOPS 26

HOW TO BECOME A CYBER SECURITY PROFESSIONAL 28

DOES YOUR COMPANY HAVE ADEQUATE SECURITY PROGRAMS IN THE ERA OF

CREEP HUNTERS CANADA SOCIETY 34

HOW TO MAKE NOTPETYA NOT YOUR PROBLEM 35

RANSOMWARE: NOTHING TO SNEEZE AT 40

SURVEYING ANTI-PHISHING STANDARDS – PART 2 42

HOW TO DEFEND YOUR BUSINESS AGAINST A RANSOM DRIVEN DDOS ATTACK 48

Cyber Defense eMagazine – November 2017 Edition

3 STEPS TO CREATE A CULTURE OF CYBERSECURITY 53

THE CRITICAL DIFFERENCES BETWEEN SECURITY ORCHESTRATION AND

BUSINESS EMAIL COMPROMISE (BEC) IN FULL FORCE & EFFECT 59

9 WAYS CEOS CAN PROMOTE CYBERSECURITY 61

MEASURING SUCCESS IN CYBER SECURITY 65

ENHANCE CYBER THREAT HUNTING THROUGH OPTICAL NETWORK ANALYTICS 67

A NEW APPROACH TO HARNESSING MACHINE LEARNING FOR SECURITY 73

CYBER RESILIENCE IN 2018: WHAT TO WATCH 76

‘TIS THE SEASON TO PREPARE YOUR E-COMMERCE BUSINESS TO EFFECTIVELY

BIOMETRIC BEST PRACTICES 80

WHY YOU NEED A GOOD HEAD-HUNTER TO HELP FIGHT CYBER CRIME 82

IDENTITY THEFT RISK MANAGEMENT AND CYBER-SECURITY: CONNECTING THE

TOP TWENTY INFOSEC OPEN SOURCES 101

JOB OPPORTUNITIES 101

FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL 111

Cyber Defense eMagazine – November 2017 Edition

there will have been a huge PRESIDENT

To our faithful readers,

Pierluigi Paganini our-founder/

Providing free information, best practices, tips

Cyber Defense eMagazine – November 2017 Edition

Apcon “Apcon offers state of the art network tapping and

Aperio Aperio systems innovative Data Forgery

Attivo Networks “Attivo Networks changes the game on the

Barkly “The Barkly Endpoint Protection Platform blocks

Cyber Defense eMagazine – November 2017 Edition

BUFFERZONE “The BUFFERZONE solution is a unique, transparent

Chaitin Tech. “Chaitin Tech Safeline is an innovative Web

Coalfire “Coalfire is the cybersecurity advisor that helps

Cronus Cyber “Cronus CyBot is the world’s first patented

Cyber Observer “Cyber Observer is a high-level management &

Cyber Defense eMagazine – November 2017 Edition

CyberSift “CyberSift allows you to leverage your existing

CyberVista “CyberVista delivers comprehensive, well

Cylance “It’s time we go beyond traditional antivirus to fight

DarkOwl “DarkOwl’s data platform allows companies to see

EdgeWave “EdgeWave reduces the risk of fraudsters stealing

Edgewise “Edgewise Networks is a leader at trusted

Cyber Defense eMagazine – November 2017 Edition

Erkios “Erkios Systems delivers an innovative solution to

Exabeam “Exabeam’s machine learning for advanced threat

Fenror7 “Fenror7 uses a brilliant model of time-based

FFRI “FFRI delivers one of the most innovative, light-

HackerArsenal “HackerArsenal’s tiny WiMonitor device makes Wi-

Cyber Defense eMagazine – November 2017 Edition

Inky “Inky’s Phish Fence is one of the most advanced

Jumio “Jumio delivers the next-generation in digital ID

KnowBe4 “KnowBe4 is a very powerful and popular

LastLine “Lastline Breach Defender is a breach protection

HelpSystems “We’re extremely impressed with the GoAnywhere