Home About Blog Report & Survey Highlights Case Studies Q&A Interviews Services

Laura DiDio on…

Microsoft Azure Sphere chip for end-to-end IoT security from the Cloud to Network Edge

“MediaTek is a good partner [for Microsoft] to have for its Azure Sphere secure IoT chip,” said Laura DiDio, principal analyst with ITIC. “They will provide a Wi-Fi controller, the processor will run Microsoft’s Linux-based IoT OS and you’ve now got a highly secure, connected device at a decent price point.”

Channel Futures, April 17, 2018

Microsoft Reorganization:

“Microsoft has actually been moving away from Windows and more towards the cloud, analytics and AI for the past ten years,” explained Laura DiDio, an analyst at ITIC. “This did not happen overnight.” DiDio pointed out that Nadella has made major changes quickly during his tenure. “That’s the way you have to move,” to stay relevant, she said. “You’ve got to be agile to stay ahead of the game.”

The changes don’t mean that Microsoft is totally giving up on Windows, DiDio said. But they do mean that Nadella is focusing the company’s energies around stronger assets.

“They’re de-emphasizing Windows,” she said, in order to become a stronger “player in cloud and artificial intelligence, because that’s where the money is.”

CNN Money, March 29, 2018

Failure to deliver reliability and uptime:

“Time is money,” DiDio says. “Systems, networks and connectivity devices are subject to failure. If the downtime persists for any significant length of time, it can be expensive in terms of monetary losses. It can disrupt operations, decrease worker productivity and negatively impact the organization’s business partners, customers and suppliers.

“A security outage of any significant duration can also be a PR nightmare and damage the company’s reputation, causing lost business,” DiDio says. “Reliability and uptime go hand in hand with a comprehensive, detailed backup and disaster recovery plan that also includes an internal operational level agreement that designates a chain of command in the event of any type of service disruption.”

Every organization should have a disaster recovery plan that includes an itemized list of who to contact at vendor organizations, cloud and third-party service providers, DiDio says. “The CISO should also know what the company’s contracts stipulate as the response time from vendors, cloud, and third-party service providers to respond to and thwart security incidents and track down the hackers,” she says.

CSO Online, November 21, 2017

Cal State University and Hartnell College Launching Cohort Program:

“Since 2013, the two institutions have promoted this program as a way to attract minorities, women and students who are the first in their families to attend college to Computer Science and STEM subjects. The Cohort program nurtures these students by having them take their CS classes as a group.” DiDio says. It also helps them adjust more quickly to college life by providing them with group study and life skills classes to help them stick with CS as a major and graduate.

“So far, so good. A 75% majority of students enrolled in the CSUMB/Hartnell CS Cohort program graduate. This is well above the national average of about 30%,” DiDio notes.

ITIC Corp, November 17, 2017

Burger King Ad Creates Whopper of a Mess:

“In the Internet of Things environment, where you can have “an ecosystem or ecosystems of ecosystems interconnected, the attack vector universe is potentially limitless,” noted Laura DiDio, research director for IoT at 451 Research.

The risks are “everywhere, and what you can do is mitigate risk to an acceptable level,” she told the E-Commerce Times — but that requires vendors to make secure products.

E-Commerce Times, April 13, 2017

United Airlines Customer Service Snafus:

United’s behavior was “cavalier and callous,” said Laura DiDio, research director for IoT at 451 Research.

“The deck is stacked against passengers these days,” she told CRM Buyer.

However, this situation “is a PR nightmare for United Airlines,” DiDio added, “and it’s not going away.”

CRMBuyer, April 11, 2017

Longtime security professional, Stu Sjouwerman is the founder and CEO of KnowBe4.com a Tampa, Florida-based security startup that specializes in on-demand Internet Security Awareness Training (ISAT). The company’s goal is to enable organizations to quickly solve the increasingly urgent security problem of social engineering and avoid attacks before they occur. Sjouwerman also publishes an Electronic newsletter called Cyberheist. Prior to founding KnowBe4.com, Sjouwerman was president, CEO and founder of Sunbelt Software – now GFI Software which makes the VIPRE security package. He is also the founder and former editor of the popular WServerNews electronic newsletter which has a worldwide distribution. ITIC recently sat down and interviewed Sjouwerman about security threats and how companies can defend themselves.

Laura DiDio, ITIC: Tell us about KnowBe4.

Stu Sjouwerman: We are next generation security awareness training. That means old style security training doesn’t cut it anymore – it’s not enough to follow dos and don’ts. We do simulated phishing attacks – fully automated – for customers to let them know who the culprits are in advance of an attack. It’s preventive. We train people to be well aware of phishing attacks that are out there. Our main focus is on phishing attacks but it’s not our only focus.

ITIC: What’s the top headline in security these days?

SS: Cybercrime is big business. It’s everywhere, but it’s especially proliferating and flourishing in Eastern Europe and Russia. There are many are ex-KGB agents who have teamed up with the local organized crime; they have a very well developed and broad criminal economy. There are social networks for cyber criminals and tons of technical support sites for malware. Business is booming: it’s at least a $1B a year industry and growing every day. It’s very easy and very profitable to be a cyber criminal.

ITIC: You’ve been in the security business for 15 years now. How have the security threats changed and evolved?

SS: In the last 15 years we’ve seen five generations of threats. Today’s security hacks and attacks have evolved; they are not the work of amateurs. It used to be that teenaged hackers did it for the thrill or to make a name for themselves and get hired to work for a security firm. Ten or fifteen years ago, hacking was a means to an end. Today hacking is the end game. The hackers have gone pro. And the security threats are much more professional and stealth-like which makes detection more difficult. Many organizations and individuals don’t find out until after the fact and it’s damaged their networks. Back in the “good old days” circa 1995, a company’s worst case scenario was a DOS attack which caused the server to go down and applications to be unavailable. In 2011 – soon to be 2012 – the threats are much worse. Organizations are facing two types of damage. The first is stolen customer data, Intellectual Property, corporate designs etc. Once it’s stolen, highly sensitive data oftentimes ends up for sale to the highest bidder on criminals’ social media networks. The second, very pernicious threat is that hackers frequently install a stealthy Trojan/key logger and at regular intervals it will send the information e.g. accounting information to the hackers. They literally take control of the account and transfer out the money in small chunks usually $10K at a time. It’s then forwarded on to their “money mules” and organizations lose monies. Once a company has been the victim of a cyberheist, recovering the money, tracking and prosecuting the hackers is difficult, time consuming and expensive.

ITIC: How aware are companies of these threats and do they take them seriously?

SS: Every organization: the largest businesses, small Mom and Pop shops, academic institutions, non-profits and religious institutions are all at risk. Nothing is sacred and no one is safe. The large enterprises like banks and brokerage houses, usually have good proactive defenses in place to minimize risk, delay and thwart attacks and to alert them when an attempt to penetrate the perimeter or network occurs. Ironically, the biggest threat facing companies – particularly SMBs – is a false sense of security. Many small businesses, non-profits and churchesare operating under a serious misperception that they’re too small to be of interest to hackers and thus they won’t be targeted. The Fortune 500 firms know they’re targets and have relatively good defenses in place. But these small businesses often do lag behind a bit in security awareness training unless they’re forced by SOX or HIPPA regulations to do security awareness training because they get audited. Some organizations just do it perfunctorily to pass a required audit and that just won’t cut it.

ITIC: What’s your advice to businesses?

SS: If you are a corporate cyberheist victims are NOT insured. The FDIC does not insure corporate accounts; they insure personal accounts. So the banks and insurance companies won’t refund your money UNLESS you purchase specific cyberheist insurance policies. Otherwise you’re SOL (shit out of luck) – and if the theft is big enough, many SMBs could find themselves out of business. The hackers are also not confining themselves to SMBs – they attack non-profits, local and municipal governments and churches with equal impunity.

ITIC: What proactive measures should organizations take to protect their businesses?

SS: First make sure that you have good quality anti-malware and keep it up to date and have a good firewall and then make sure you perform good quality security awareness training. You have to constantly reinforce that they need to be tested – we recommend testing at least once a week. The weakest link in any organization will be the users. The security perimeter has been broken thanks to mobile and remote users. The network and the firewall used to be the perimeter but the consumerization of IT has changed that. The hackers are now professional. The spear fishing attacks are very sophisticated.

ITIC: What should organizations and individuals look for?

SS: This sounds mundane, but never open an attachment that you didn’t ask for or one that came from an unknown source.

Be suspicious of all your Emails, even those from so-called trusted sources and friends because their accounts may be spammed or hacked. This includes things like direct messages from people you know and are friends with on the various Social Media sites like Facebook, Twitter and Yahoo. Pay very close attention to how your Email looks e.g., be on the lookout for spelling and grammatical errors and missing elements or things that just don’t appear right.

ITIC: Do you have any last insider tidbits for our readers?

SS: Yes, be aware that currently there’s only one bank that insures business accounts from cyber criminals and cyberheists and that’s JP Morgan Chase.

URL: http://www.knowBe4.com

Based in Tampa Bay, FL.

Share This Content:
Laura DiDio on Facebook
Laura DiDio on LinkedIn
Laura DiDio on Skype
Laura DiDio on Twitter