SiliconANGLE: Fixing 25 years of email insecurity

Posted on June 2, 2023 by dstrom

I have been writing about email security for nearly 25 years (or more, depending on how you count things). Back in 1998, when Marshall Rose and I wrote our landmark book “Internet Messaging,” we said that the state of secure Internet email standards and products is best described as a sucking chest wound.” We had the publisher print a blank page in the book to signify how bad email security was. Well, perhaps we are still the walking wounded, although at least today we have better tools.

Most recently, I wrote a piece for SilconANGLE entitled, Fixing email security: It’s still a rocky road ahead. It begins:

The foundational protocols for making email more secure and less of a threat have been in place for almost a decade, yet they remain mostly unused, poorly implemented and largely ineffective. A recent report from Sendlayer shows just how much of a problem that is.

SiliconANGLE: How the Mirai botnet continues to threaten business networks

Posted on May 31, 2023 by dstrom

One of the most powerful pieces of malware began with the efforts of three American teens who were motivated by playing “Minecraft” in 2014. Called Mirai, it would go on to crash Germany’s largest internet provider, knock Dyn’s Domain Name System servers offline and disrupt all of Liberia’s internet connections.

In my post for SiliconANGLE today, I discuss how Mirai exposed the soft underbelly of IoT security, which often has hard-coded default passwords that make them easy to compromise and subsequently control in a DDoS attack. It is a hard problem to enumerate all of these devices, update them and change their default passwords where that’s even possible.

SiliconANGLE: Infostealers get more lethal

Posted on May 18, 2023 by dstrom

The class of malware called infostealers continues to evolve into a more lethal threat. These threats are software that can steal sensitive data from a victim’s computer, typically login details, browser cookies, saved credit cards and other financial information. Unfortunately, criminals continue to enhance this malware genre, and two new reports released this week document their latest efforts. I describe what is new and how to recognize this attack method in my latest post for SiliconANGLE.

SiliconANGLE: CIOs’ relationship with AI is complicated, but they have hopes for a promising future

Posted on May 17, 2023 by dstrom

Artificial intelligence — its value, risks and utility in enterprise scenarios — not surprisingly dominated the discussion at this week’s MIT CIO Symposium, one of the year’s biggest gatherings of senior information technology executives. In this post for SiliconANGLE, Paul Gillin and I review what some of the CIO panelists revealed about the state of their domains, and their relationship with AI tools.

SiliconANGLE: We need more breach transparency, but a lot of obstacles are in the way

Posted on May 16, 2023 by dstrom

The U.K.’s National Cyber Security Center last week posted a joint blog with the nation’s regulatory commissioner’s office about the need for better cybersecurity breach transparency. They’re concerned about the unreported incidents, in particular ransomware cases, which are getting more dangerous, more prevalent and more costly. The situation creates a vicious cycle: “If attacks are covered up, the criminals enjoy greater success, and more attacks take place,” they wrote in the post.

In this analysis for SiliconANGLE, I look at the implications for designing the next generation of customer support systems using AI enhanced tools.

SiliconANGLE: AI-based chatbots can help improve customer support – if they’re done right

Posted on May 16, 2023 by dstrom

Most of us have been interacting with customer support agents for years. It can be a frustrating experience: Oftentimes the agent knows less than we do about their product or service, calls are dropped or transferred to other agents. About two years ago, I had such a bad experience with AT&T Inc.’s customer support that I ended up cancelling my cell and internet service with the company.

But now there are artificial intelligence chatbots and chat programs that are supposed to make our lives better. With all the attention focused on ChatGPT and other AI-based chatbots, a new long-term research study has found that AI can help improve support, but only under carefully controlled situations. Let’s examine the specific circumstances and what’s in store for the future of support. In this post for SiliconANGLE, I dive into what they found and make some recommendations on how to be more effective at deploying AI for customer support situations.

Invicti blog: Ask an MSSP about DAST for your web application security

Posted on May 15, 2023 by dstrom

When evaluating managed security service providers (MSSPs), companies should make sure that web application security is part of the offering – and that a quality DAST solution is on hand to provide regular and scalable security testing. SMBs should evaluate potential providers based on whether they offer modern solutions and services for dynamic application security testing (DAST), as I wrote for the Invicti blog this month.

SiliconANGLE: As cloud computing gets more complex, so does protecting it. Here’s how to make sense of the market

Posted on May 12, 2023 by dstrom

Whether companies are repatriating their cloud workloads back on-premises or to colocated servers, they still need to protect them, and the market for that protection is suddenly undergoing some major changes. Until the past year or so, cloud-native application protection platforms, or CNAPPs for short, were all the rage. Last year, I reviewed several of them for CSOonline here. But securing cloud assets will require a multi-pronged approach and careful analysis of the organization’s cloud infrastructure and data collections. Yes, different tools and tactics will be required. But the lessons learned from on-premises security resources will point the way toward what to do in the cloud. More of my analysis can be found in this piece for SiliconANGLE.

SiliconANGLE: The chief trust officer was once the next hot job on executive row. Not anymore.

Posted on May 11, 2023 by dstrom

We seem to be in a trust deficit these days. Breaches – especially amongst security tech companies – continue apace. Ransomware attacks now have spread to data hostage events. The dark web is getting larger and darker, with enormous tranches of new private data readily for sale and criminal abuse. We have social media to thank for fueling the fires of outrage, and now we can self-select the worldview of our social graph based on our own opinions.

In this story for SiliconANGLE, I discuss the decline of digital trust and tie it to a new ISACA survey and a new effort by the Linux Foundation to try to document and improve things.

SiliconANGLE: Boards of directors need to be more cyber-aware. That gets complicated.

Posted on May 9, 2023 by dstrom

The Securities and Exchange Commission proposed some new guidelines last year to promote better cybersecurity governance among public companies, and one of them tries to track the cybersecurity expertise of the boards of directors of these companies. Judging from a new study conducted by MIT Sloan cybersecurity researchers and recently published in the Harvard Business Review, it might work — though it also might backfire. In this analysis for SiliconANGLE, I discuss the pros and cons of these regs.

Web Informant

David Strom's musings on technology

Category Archives: Published work