From the Winter 2024 Issue

,

Avoiding Phantom Risk – Chasing Exploitability, Not Vulnerability

Author(s):

Alex Haynes, CISO , IBS Software

exploitability

The gravest warning a pen test report could contain are the words “The host may be vulnerable to remote code execution”.  It is hard to know what that immediately means. Did they get system access on a host? Nope. Was there a public exploit available for that version of software that enabled remote code execution? … Read more

From the Winter 2024 Issue

,

QKD versus PQC: A Quantum Showdown? Part 2

Author(s):

Hilary MacMillan, EVP for Engineering, CyLogic

QKD versus RQC

This is part two of a two-part article on secure key distribution in a post-quantum world.  Part one focused on Quantum Key Distribution (QKD) as a method to securely distribute encryption keys.  This article will focus on Post-Quantum Cryptography (PQC), which seeks new quantum-resistant (i.e., hypothesized, but can’t be proven, to be secure against) cryptographic … Read more

From the Winter 2024 Issue

,

QKD versus PQC: A Quantum Showdown? Part 1

Author(s):

Hilary MacMillan, EVP for Engineering, CyLogic

HilaryMacMilan-feature-wn19

The need for communications confidentiality has existed since humans developed language. Accounts of the Greco-Persian wars in fifth century B.C. described steganography, (hiding the existence of a message). Cryptography, on the other hand, hides a message’s meaning. The cryptographic task of encryption enables a sender to “scramble” a message’s content, rendering it unreadable to anyone … Read more

From the Winter 2024 Issue

,

Information Integrity and National Identity

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

History defines who we are and informs how Americans chart the nation’s future. It underpins representative government. Increasingly, historical records and documents are being converted to digital formats. This promises to make essential information available to more Americans than before. There are also troubling implications. It takes only a cursory examination of recent events to … Read more

From the Winter 2024 Issue

Navigating the Cybersecurity Landscape: College Students and the Role of Professors in Preparation

Author(s):

Rafael Hocker, Graduate Student, Oklahoma State University

Cybersecurity has become a critical facet of our lives in the digital age and is often described as the fifth dimension of warfare (Land, Sea, Air, Space, and now, Cyberspace). A recent Forbes article, published on December 5, 2023, delves into the multifaceted world of cybersecurity, urging college students to recognize its significance and advocating … Read more

From the Winter 2024 Issue

How to Separate the Good SOCs from the Bad

Author(s):

Julia Girardi, Senior Consultant, CyberCX

How to Separate the Good SOCs from the Bad

Security Operations Centers (SOCs) typically provided by Managed Security Services Providers (MSSP) can be a valuable asset to help protect a company against cyber threats and to help them to operate securely. With so many providers in the marketplace and many organizations having adopted an outsourced SOC arrangement, how can your organization tell if its … Read more

From the Winter 2024 Issue

How is Generative AI a Bigger Security Concern Than a Benefit?

Author(s):

Shigraf Aijaz, Cybersecurity Writer and Journalist,

Generative AI Security Concern

The rapid rise and development of generative AI, such as ChatGPT, Google Bard, or even Microsoft Bing, has revolutionized how we interact and view AI. These LLM chatbots have significantly made lives more manageable, providing every individual and business with a fast and improved method to execute repetitive tasks. However, despite all their benefits, these … Read more

From the Winter 2024 Issue

Cyber McCarthyism – The Third Red Scare

Author(s):

Chris Pogue, Director, Digital Forensics and Incident Response, CyberCX

Cyber McCarthyism

McCarthyism, also known as the Second Red Scare, refers to the political repression and persecution of various politicians, government employees and military personnel, in an attempt to spread the fear of alleged communist and Soviet influence on American institutions and of Soviet espionage in the United States during the late 1940s through the 1950s.  After the mid-1950s, Senator Joseph McCarthy, who had … Read more

From the Fall 2023 Issue

,

Why Cybersecurity Training is Essential for Companies in the Digital Age

Author(s):

Joanne Camarce, Director of PR Operations, uSERP

With the increase in digital technology, cybersecurity has become a vital concern for businesses of all sizes. As technology evolves, so do the methods and techniques of cyber-attacks, and without proper protection, companies can suffer significant financial and reputational losses. Cybersecurity training is no longer a nice-to-have but an essential element for any organization’s security … Read more

From the Fall 2023 Issue

How to Build Your Workforce’s Psychological Cyberdefenses

Author(s):

Dr. Shaun McAlmont, President & CEO, NINJIO

workforce psychological cyberdefenses

When cybercriminals launch social engineering attacks, they’re exploiting the psychological vulnerabilities of their victims. Phishing messages lure victims into clicking on dangerous links or downloading malware with coercive language. Other cyberattacks take advantage of victims’ curiosity by sending fake headlines, offers, and other information that’s calibrated to their interests. No matter what strategies cybercriminals deploy, … Read more