Home About Blog Report & Survey Highlights Case Studies Q&A Interviews Services

Laura DiDio on…

Microsoft Azure Sphere chip for end-to-end IoT security from the Cloud to Network Edge

“MediaTek is a good partner [for Microsoft] to have for its Azure Sphere secure IoT chip,” said Laura DiDio, principal analyst with ITIC. “They will provide a Wi-Fi controller, the processor will run Microsoft’s Linux-based IoT OS and you’ve now got a highly secure, connected device at a decent price point.”

Channel Futures, April 17, 2018

Microsoft Reorganization:

“Microsoft has actually been moving away from Windows and more towards the cloud, analytics and AI for the past ten years,” explained Laura DiDio, an analyst at ITIC. “This did not happen overnight.” DiDio pointed out that Nadella has made major changes quickly during his tenure. “That’s the way you have to move,” to stay relevant, she said. “You’ve got to be agile to stay ahead of the game.”

The changes don’t mean that Microsoft is totally giving up on Windows, DiDio said. But they do mean that Nadella is focusing the company’s energies around stronger assets.

“They’re de-emphasizing Windows,” she said, in order to become a stronger “player in cloud and artificial intelligence, because that’s where the money is.”

CNN Money, March 29, 2018

Failure to deliver reliability and uptime:

“Time is money,” DiDio says. “Systems, networks and connectivity devices are subject to failure. If the downtime persists for any significant length of time, it can be expensive in terms of monetary losses. It can disrupt operations, decrease worker productivity and negatively impact the organization’s business partners, customers and suppliers.

“A security outage of any significant duration can also be a PR nightmare and damage the company’s reputation, causing lost business,” DiDio says. “Reliability and uptime go hand in hand with a comprehensive, detailed backup and disaster recovery plan that also includes an internal operational level agreement that designates a chain of command in the event of any type of service disruption.”

Every organization should have a disaster recovery plan that includes an itemized list of who to contact at vendor organizations, cloud and third-party service providers, DiDio says. “The CISO should also know what the company’s contracts stipulate as the response time from vendors, cloud, and third-party service providers to respond to and thwart security incidents and track down the hackers,” she says.

CSO Online, November 21, 2017

Cal State University and Hartnell College Launching Cohort Program:

“Since 2013, the two institutions have promoted this program as a way to attract minorities, women and students who are the first in their families to attend college to Computer Science and STEM subjects. The Cohort program nurtures these students by having them take their CS classes as a group.” DiDio says. It also helps them adjust more quickly to college life by providing them with group study and life skills classes to help them stick with CS as a major and graduate.

“So far, so good. A 75% majority of students enrolled in the CSUMB/Hartnell CS Cohort program graduate. This is well above the national average of about 30%,” DiDio notes.

ITIC Corp, November 17, 2017

Burger King Ad Creates Whopper of a Mess:

“In the Internet of Things environment, where you can have “an ecosystem or ecosystems of ecosystems interconnected, the attack vector universe is potentially limitless,” noted Laura DiDio, research director for IoT at 451 Research.

The risks are “everywhere, and what you can do is mitigate risk to an acceptable level,” she told the E-Commerce Times — but that requires vendors to make secure products.

E-Commerce Times, April 13, 2017

United Airlines Customer Service Snafus:

United’s behavior was “cavalier and callous,” said Laura DiDio, research director for IoT at 451 Research.

“The deck is stacked against passengers these days,” she told CRM Buyer.

However, this situation “is a PR nightmare for United Airlines,” DiDio added, “and it’s not going away.”

CRMBuyer, April 11, 2017

It’s time for corporations to wise up and use the latest, most effective weapons to safeguard and secure their data.

High tech devices, software applications, Emails, user accounts, social media and networks – even those presumed safe — are being hacked with alarming alacrity and ease.

Security tools, encryption and updating your networks with the latest patches are certainly necessary, but they are not enough. Corporations must arm themselves with the latest security tools and devices in order to effectively combat the new breed of malware, malicious code and ever more proficient hackers. I’m referring to the new breed of continuous monitoring tools that identify, detect and shut down vulnerabilities before hackers can find and exploit them.

In the late 1980s – the “early days” of computer networking hacking was a means to an end. The modus operandi of hackers, (usually white males in their teens and twenties) was to perfect their skills, perform a high profile penetration, claim it was a mistake and then land a well paying job with a legitimate security company. Many of today’s hackers are professionals who operate within an organized ring. Hacking is the means and the end. It’s an extremely lucrative business.

“The hackers have upped their game,” says Stu Sjouwerman, founder and CEO of KnowBe4, a Clearwater, FL company that trains corporate knowledge workers on how to avoid spam, phishing, spear phishing and social engineering hacks. “Hackers have gone completely professional. They’ve graduated from identity theft to full-fledged Internet bank robbery or cyber heists. There are now highly organized computer security “Mafias” in Eastern Europe, Russia, the Ukraine and Romania that employ highly qualified computer science majors who do nothing but hack. Most companies are woefully ignorant and unprepared to deal with the new threats,” Sjouwerman asserts.

On June 1, 2010 The National Institutes of Standards and Technologies (NIST) published new guidelines that require enterprises to engage in continuous monitoring of their networks. These guidelines are based on a wealth of real-world experience, and highlight the necessity of using new tools to facilitate implementation, says Major General John P. Casciano, USAF-Retired served as director of intelligence, surveillance and reconnaissance, deputy chief of staff, air and space operations, Headquarters U.S. Air Force, Washington, D.C. He is currently President and CEO of GrayStar Associates LLC, and consults on Cyber Security issues.

“In the dynamic and ever- changing network, continuous monitoring simply can’t be performed manually; it must be supported by software that provides powerful new weapons with which to successfully defend and thwart attacks,” Casciano says.

Continuous monitoring encompasses both a new approach as well as new products and tools is a preventive and prescriptive measure. It Continuous monitoring enables organizations to detect threats as they occur, and most importantly to identify vulnerabilities that can be mitigated or plugged in advance of a cyber “intrusion” or “attack.” The NIST guidelines are based on a wealth of real-world experiences. These include “routine” attacks launched on individuals’ online social media accounts like Facebook and Twitter. Each day the headlines deliver yet another sobering call for corporations and consumers alike to wise up and defend their data.

We all know that there is no such thing as a 100% hack proof network, application or device. Hacks from malware (phishing, Trojans, bots, worms, zombies et al) to exploits that result in forgotten back doors to targeted corporate espionage are facts of 21st Century computing life.

Hackers are more organized and the attacks themselves are becoming more sophisticated and more pernicious. They use the Internet as a superhighway to circumnavigate the globe faster than you can say “Magellan.” What’s worse, the hackers are aided and abetted by corporations with lax, porous and often outdated computer security measures. Consumers too, are often the hackers’ best helpmates particularly when they don’t keep their anti-virus and firewalls up-to-date and don’t check the privacy settings on the many social networking sites they frequent!

Security experts warn that malware is proliferating at the astounding rate of 73,000 new threats cropping up on a daily basis; a 26% increase over the 2010 statistics. Even if we apply the 10/90 rule: 10% of all malware and rogue code is responsible for 90% of the damage, the upswing in security threats is alarming.

Unfortunately, corporations and consumers tend to get complacent in the absence of a data breach that directly impacts them or their organizations. It’s easier to rationalize and downplay the very real security threats and delay implementing the necessary proactive measures. It takes headlines or more recently those messages appearing with alarming regularity in our personal Email boxes to give us all a much needed jolt. Computer, cell phone/smart phone, notebook, tablet and networking security are fragile, ephemeral and fluid. Meaning the risks are always present and exploits are always lurking and waiting to happen.

This is War: Continuous Monitoring, the Latest Weapon in the Ongoing Security Battle

In response to the growing cyber-threat, United States Senators John Kerry and John McCain have introduced a bi-partisan online privacy bill designed to protect and control personal information. If the legislation passes it will prohibit the collection and sharing of private data by businesses that have no relationship to the consumer for purposes other than advertising and marketing.

The 2010 Verizon Data Breach Investigations Report, released last July and based on a first-of-its kind collaboration with the U.S. Secret Service, found that breaches of electronic records last year involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups.

The report cited stolen credentials as the most common way of gaining unauthorized access into organizations in 2009, pointing once again to the importance of strong security practices both for individuals and organizations. Organized criminal groups were responsible for 85 percent of all stolen data last year, the report said.

The stories behind the statistics are even more alarming. Hackers collaborating via the Web and forming their own online communities to exchange data and perfect hacks, And now they’re moving from V2P: virtual to physical, with entire communities – most prominently in Eastern Europe devoted to the pursuit of career cracking. The city of Râmnicu Vâlcea, population 120,000 and located three hours outside of Bucharest in the Transylvania Alps has been dubbed “Hackerville” by global law enforcement agencies. The town is brimming with cyber crooks that specialize in targeted corporate malware attacks and Ecommerce scams. Business is so profitable that the town is home to luxury car dealerships and apartment buildings and upscale restaurants, shops and nightclubs. The town’s reputation as a malware maelstrom has become so notorious that it was the subject of a feature article in the March issue of Wired Magazine.

The real lesson of the Verizon Business Data Breach Report and even Hackerville is that the overwhelming majority of data breaches can be thwarted if companies establish and follow good computer security practices and back these up with the latest technical weapons. Astoundingly, only four percent of breaches assessed in the Verizon Business Data Breach report required difficult and expensive protective measures. The report further claimed that 87% of attacks could be prevented using simple, proactive measures.

The 2010 Verizon report concluded that being prepared remains the best defense against security breaches. For the most part, organizations still remain sluggish in detecting and responding to incidents. Nearly two-thirds of breaches — 60% — continue to be uncovered by external parties and then only after a considerable amount of time. And while most victimized organizations have evidence of a breach in their security logs, they often overlook them due to a lack of staff, tools or processes.

Casciano maintains that any corporation that is serious about creating and maintaining a secure environment needs to deploy continuous monitoring tools. Right now there are two types of continuous monitoring devices: “those that address what’s going on in the enterprise and identify vulnerabilities and those that enable companies to plug holes and correct vulnerabilities in advance so the attack is not effective,” Casciano says. There are several companies that address this emerging market segment. Veteran security firm ArcSight which was acquired in 2010 by Hewlett-Packard Co. and the Einstein Program developed by the Dept. of Homeland Security produce products that enable businesses to identify the potential weak spots in their networks. Other companies like RedSeal in San Mateo, CA and the Security Content Automation Protocol (SCAP) address the rapidly emerging secure product class of both identifying and closing the holes in the network.

RedSeal’s Systems Network Advisor v4.1 and Vulnerability Advisor v4.1, for example, are near real-time risk management solutions that use network and vulnerability data to determine risk and provide prioritized remediation recommendations. RedSeal security packages allow organizations to assess and strengthen their cyber defenses. Unlike systems that detect attacks once they occur, RedSeal identifies holes in the security infrastructure that create risk – before they are discovered by hackers.

Casciano says organizations must utilize both types of continuous monitoring. The products in the first group (HP’s ArcSight and the Einstein Program) provide business with “tactical warnings and a snapshot in time of the activities within the IT enterprise” so that management can react to specific events. The second class of products (RedSeal and SCP) “exposes the strengths and weaknesses of the entire IT enterprise, identifies potential avenues of attack and enables management to take defensive actions well in advance of an attack,” Casciano notes.

Ultimately though, computer security products represent only half the solution. The other 50% is human element. Companies and their IT departments must construct strong computer security policies and procedures, disseminate them to the entire staff and employee population and enforce them. In an age where hackers’ ranks are swelling and successful penetrations are increasing, corporations would be wise to arm themselves with the continuous monitoring tools to thwart cyber terrorists.

Ask yourself: “What have you got to lose?”

Share This Content:
3 Discussions
  • Judy Kilroy said:

    I don’t know what to use to protect myself from hackers and cyber terrorists.
    I am running the Windows 7 Home Premium system.
    What do you suggest I download to help my system better.

    • Hi, Judy: There are many excellent products on the market that are priced very reasonably. MacAffee, Symantec and GFI Software (formerly Sunbelt Software) which makes VIPRE, are all excellent products. Additionally, Windows does have its own security software as well. The main thing is to stay up-to-date on your anti-virus/anti-malware software. You can also purchase a security package that will scan and clean your PC, check for Registry errors and perform regular disk degfragmentations. Pareto Logic makes a good package that retails for under $40. While not security specific, it will let you know if you have any infections and it will regularly scan your desktop for errors, make any necessary fixes/repairs and install the latest drivers. This will optimize the performance of your desktop. Finally, the old proverb, “An ounce of prevention is worth a pound of cure,” is very true. Don’t open any suspicious links; take the necessary steps to block Spam and avoid questionable Web sites. If you have children, block access to any questionable Web sites and don’t give anyone your Passwords and User IDs and don’t let anyone borrow your computer or install software or freeware without your knowledge and consent. Best of Luck to you! Regards, Laura DiDio

  • Hey just wanted to give you a quick heads up and
    let you know a few of the pictures aren’t loading properly.
    I’m not sure why but I think its a linking issue.

    I’ve tried it in two different web browsers and both show the same outcome.

Post a Comment:

Laura DiDio on Facebook
Laura DiDio on LinkedIn
Laura DiDio on Skype
Laura DiDio on Twitter