cybersecurity

WHAT IS PROACTIVE CYBER DEFENSE?

It’s not hard to understand the concept of proactive cyber defense: acting in anticipation of an attack against a computer or network. The goal is getting in front of attacks by evading, outwitting, or neutralizing them early instead of waiting for the damage to start like reactive cyber defenses. It’s also not hard to understand the benefits of being proactive: preventing the negative effects of cyber attacks instead of trying to minimize the damage. The only thing hard…

Continue reading

cloud cybersecurity

What is Cloud Workload Protection?

Cloud usage is increasing rapidly. Analysts forecast growth of 17 percent for the worldwide public cloud services market in 2020 alone. This proliferation comes on top of already widespread cloud adoption. In a recent report by Flexera, over 83 percent of companies described themselves as intermediate to heavy users of cloud platforms, while 93 percent report having a multi-cloud strategy. With a growing number of companies planning on doing more in diverse cloud environments, cloud workloads are becoming…

Continue reading

cybersecurity innovation privacy regulation

Solving Data Privacy Once and For All

The way online services are setup today implies that the only technical means to provide a more personalized experience to customers is to collect as much as possible personal data into a server and then to put it into some machine that offers recommendations. Personalization is convenient, and we all want convenience, even at the price of compromise of our personal lives. This line of thought started with Amazon, Google, and Facebook, and today it…

Continue reading

cybersecurity iot

Unpredictions for 2020 in Cyber Security

The end of the year tradition of prediction is becoming a guessing game as the pace of innovation is increasing towards pure randomness. So I will stop pretending I know what is going to happen in 2020, and I want to write on areas that seem like the most unpredictable for 2020. Below you can find an honest review of my?2019 predictions. 2020 Unpredictions 5G A much talked about topic in 2019 with billions poured…

Continue reading

cybersecurity

The ACCEPTABLE Way to Handle Data Breaches

LifeLabs, a Canadian company, suffered a significant data breach. According to this statement, the damage was “customer information that could include name, address, email, login, passwords, date of birth, health card number and lab test results” in the magnitude of “approximately 15 million customers on the computer systems that were potentially accessed in this breach”. It is an unfortunate event for the company, but eventually, the ones hurt the most are the customers who entrusted…

Continue reading

cybersecurity innovation regulation

Spanning the Chasm: The Missing Link in Tech Regulation – Part 1 of 2

Mark Zuckerberg was right when he wrote in his op-ed to the Washington Post that the internet needs new rules, though naturally, his view is limited as a CEO of a private company. For three decades, governments across the globe have created an enormous regulatory vacuum due to a profound misunderstanding of the magnitude of technology on society. As a result, they neglected their duty to protect society in the mixed reality of technology and…

Continue reading

AI cybersecurity

What Will Happen When Machines Start Lying to Us

The mere thought of a computer lying to you about something has boggled my brain ever since I heard it from a friend professor on a flight as an anecdote on what could happen next in AI. That one sentence took me on a long trip in a rabbit hole of a wide range of implications. I did not want to write on it first, not to be the one which saws that idea in…

Continue reading

cybersecurity iot

My Ten Cyber Security Predictions for 2019

Well, 2018 is almost over and cyber threats are still here to keep us alert and ready for our continued roller coaster ride in 2019 as well. So here are some of my predictions for the world of cybersecurity 2019: IoT IoT is slowly turning into reality and security becomes a growing concern in afterthought fashion as always. This reality will not materialize into a new cohort of specialized vendors due to its highly fragmented…

Continue reading

cybersecurity

How to Disclose a Security Vulnerability and Stay Alive

In recent ten years, I was involved in the disclosure of multiple vulnerabilities to different organizations and each story is unique and diverse as there is no standard way of doing it. I am not a security researcher and did not find those vulnerabilities on my own, but I was there. A responsible researcher, subjective to your definition of what is responsible, discloses first the vulnerability to the developer of the product via email or…

Continue reading

cybersecurity

The Emerging Attention Attack Surface

A well-known truth among security experts that humans are the weakest link and social engineering is the least resistant path for cyber attackers. The classic definition of social engineering is deception aimed to make people do what you want them to do. In the world of cybersecurity, it can be mistakenly opening an email attachment plagued with malicious code. The definition of social engineering is broad and does not cover deception methods. The classic ones…

Continue reading

cybersecurity

The First Principle of Security By Design

People create technologies to serve a purpose. It starts with a goal in mind and then the creator is going through the design phase and later on builds a technology-based system that can achieve that goal. For example, someone created Google Docs which allows people to write documents online. A system is a composition of constructs and capabilities which are set to be used in a certain intended way. Designers always aspire for generalization in…

Continue reading

AI blockchain cybersecurity

Risks of Artificial Intelligence on Society

Random Thoughts on Cyber Security, Artificial Intelligence, and Future Risks at the OECD Event – AI: Intelligent Machines, Smart Policies It is the end of the first day of a fascinating event in artificial intelligence, its impact on societies, and how policymakers should act upon what seems like a once in lifetime technological revolution. As someone rooted deeply in the world of cybersecurity, I wanted to share my point of view on what the future…

Continue reading

AI blockchain cybersecurity

Accountability – Where AI and Blockchain Intersect

Recently I?ve been thinking about the intersection of blockchain and AI. Although several exciting directions are rising from the convergence of these technologies, I want to explore a specific one: accountability. One of the hottest discussions on AI is whether to constraint AI with regulation and ethics to prevent an apocalyptic future. Without going into whether it is right or wrong to do so, I think that blockchain can play a crucial role if such…

Continue reading

cybersecurity

Thoughts on The Russians Intervention in the US Elections. Allegedly.

I got a call last night on whether I want to come to the morning show on TV and talk about Google?s recent findings of alleged Russian sponsored political advertising. Advertising that could have impacted the last US election results, joining other similar discoveries on Facebook and Twitter and now Microsoft is also looking for clues. At first instant, I wanted to say, what is there to say about it but still, I agreed as…

Continue reading

cybersecurity

Some Of These Rules Can Be Bent, Others Can Be Broken

Cryptography is a serious topic ? a technology based on a mathematical foundation posing an ever-growing challenge for attackers. On November 11th, 2016, Motherboard wrote a piece about the FBI?s ability to break into suspects? locked phones. Contrary to the FBI?s constant complaints about going dark with strong encryption, the actual number of phones they were able to break into was relatively high. The high success ratio of penetrating locked phones in some way doesn?t…

Continue reading

cybersecurity

Searching Under The Flashlight of Recent WannaCry Attack

Random thoughts about WannaCry Propagation The propagation of the WannaCry attack was massive and mostly due to the fact it infected computers via SMB1, an old Windows file-sharing network protocol. Some security experts complained that Ransomware has been massive for two years already and this event is only a one big hype wave though I think there is a difference here and it is the magnitude of propagation. There is a big difference when attack…

Continue reading

cybersecurity

A Cyber Visit to London

CDA I had a super interesting visit to London for two cyber-related events. The first was a meeting of the CDA which is a new collaboration effort among the top European banks headed by Barclays Global CISO and the CDA themselves. The Israel Founders Group assembled top experts from the world of cyber security and gathered them as an advisory board to the CDA. CDA Group of Seven British Government The second part of the…

Continue reading

blockchain cybersecurity

United We Stand, Divided We Fall.

If I had to single out an individual development that elevated the sophistication of cybercrime by order of magnitude, it would be sharing. Codesharing, vulnerabilities sharing, knowledge sharing, stolen passwords, and anything else one can think of. Attackers that once worked in silos, in essence competing, have discovered and fully embraced the power of cooperation and collaboration. I was honored to present a high-level overview on the topic of cyber collaboration a couple of weeks…

Continue reading

AI cybersecurity

Right and Wrong in AI

Background The DARPA Cyber Grand Challenge (CGC) 2016 competition has captured the imagination of many with its AI challenge. In a nutshell, it is a contest where seven highly capable computers compete, and a team owns each computer. Each group creates a piece of software that can autonomously identify flaws in their computer and fix them and identify flaws in the other six computers and hack them. A game inspired by the Catch The Flag…

Continue reading

cybersecurity

Cyber-Evil Getting Ever More Personal

Smartphones will soon become the target of choice for cyber attackers?making cyber warfare a personal matter. The emergence of mobile threats is nothing new, though until now, it has mainly been a phase of testing the waters and building an arms arsenal. Evil-doers are always on the lookout for weaknesses?the easiest to exploit and the most profitable. Now, it is mobile’s turn. We are witnessing a historic shift in focus from personal computers, the long-time…

Continue reading

cybersecurity

Is It GAME OVER?

Targeted attacks take many forms, though there is one common tactic most of them share: Exploitation. To achieve their goal, they need to penetrate different systems on-the-go. The way this is done is by exploiting unpatched or unknown vulnerabilities. More common forms of exploitation happen via a malicious document that exploits vulnerabilities in Adobe Reader or a malicious URL that exploits the browser in order to set a foothold inside the end-point computer. Zero-Day is…

Continue reading

cybersecurity

Exploit in the Wild, Caught Red-Handed

Imagine a futuristic security technology that can stop any exploit at the exact moment of exploitation?regardless of the way the exploit was built, its evasion techniques, or any mutation it might have or was possibly imagined to have. This technology is truly agnostic for any form of attack. An attack prevented with its attacker captured and caught red-handed at the exact point in time of the exploit…Sounds dreamy, no? For the guys at the stealth…

Continue reading

cybersecurity

Time to Re-think Vulnerabilities Disclosure

Public disclosure of vulnerabilities has always bothered me and I wasn’t able to put a finger on the reason until now. As a person who has been involved personally in vulnerabilities disclosure, I am highly appreciative of the contribution security researchers on awareness and it is very hard to imagine what would the world be like without disclosures. Still, the way attacks are being crafted today and their links to such disclosures got me into…

Continue reading

cybersecurity

Most cyber attacks start with an exploit – I know how to make them go away

Yet another new Ransomware with a new sophisticated approach?http://blog.trendmicro.com/trendlabs-security-intelligence/crypvault-new-crypto-ransomware-encrypts-and-quarantines-files/ Pay attention that the key section in the description on the way it operates is “The malware arrives to affected systems via an email attachment.?When users?execute the attached malicious JavaScript file, it will?download four files from its C&C server:” When users execute the JavaScript files it means the JavaScript was loaded into the browser application and exploited the browser in order to get in and then…

Continue reading