How enterprises can stay ahead of risks, threats and potential attacks [Q&A]

How enterprises can stay ahead of risks, threats and potential attacks [Q&A]

Risk dial

Businesses are engaged in a constant cat-and-mouse game with hackers, attackers, and bad actors in order to stay secure.

Dominic Lombardi, VP of security and trust at Kandji believes that in order to stay ahead it’s necessary to master basic IT and security hygiene, update and communicate your risk register, and work steadily toward a zero-trust security model. We spoke to him to discover more.

BN: It’s been said the human element is the next organization versus hacker battleground, why is this and what comes next?

DL: Malicious threat actors always look for the weakest link, the chink in the armor. Last year, we saw more unique attacks focused on bypassing the weakest link within standardized security controls. The weakest link? The human element. Many of these security incidents were related to multi-factor authentication (MFA) spamming, in which MFA requests were repeatedly sent to people until a link was clicked or exploiting a misconfiguration on publicly accessible resources. Meanwhile, cybercriminals have unleashed social engineering attacks aimed to disrupt organizations across different verticals and markets. During these attacks, an individual impersonates a customer and calls the company’s support desk. In the process, the attacker obtains valid account access. The organization’s lack of organizational-level security controls served as the attacker’s entry point, allowing them to gain a foothold in these environments.

In 2023, attackers will get more creative in their pursuits. Many of the security controls we put in place earlier are at risk of being bypassed due to human error. How do we ensure our security controls are fault tolerant? This starts with basic hygiene at a people, process, and procedural level. Work to build a proactive cybersecurity culture in which you document all ongoing processes — basically, all the validation steps that ensure you properly identify and authenticate a person’s identity, information, and account ownership.

BN: Risk register has come up a lot lately as a critical tool to maintaining a secure environment, how should organizations handle this in 2023?

DL: Your organization’s risk register should serve as a ‘what if’ manual that outlines current and potential security risks and how they could impact the organization. Organizations are facing constraints at all levels — budgets, personnel, and time — in 2023. Your risk register must catalog the various risk scenarios that face your business and provide visibility for your leadership teams to make more risk informed treatment plans.

Maturing organizations will double down on best practices, perform threat analysis, and continue to populate their risk register. The more visibility (and fewer cracks) you have, the less probability of unexpected negative outcomes. This involves maintaining a running asset inventory across your organization and mapping this inventory against security controls. Meanwhile, build out project plans to have a continuous rollout to fulfill some of the gaps. Think patch management, standardized configurations across servers, and a rigorous process for building, deploying, and maintaining new software. Remember that basic IT hygiene is 99 percent of the game.

BN: What is next for the CISO role? How important has this role become for enterprises?

DL: When it comes to cybersecurity, executive-level engagement is a must. That means the CISOs must take a seat at the C-level table (if they haven’t already) and stay there. Recently, with the Joseph Sullivan/Uber case, we saw the first criminal conviction of a CISO/CSO for failure to effectively disclose a breach. To prevent miscommunication and promote total transparency, any CISO who does not report directly into the CEO should demand that they do — immediately. To set themselves up for success, they should also ensure that the general counsel at their organization is in their ‘peer set’.

At the C-level table, the CISO can also (continuously) champion the risk register to ensure they receive needed resources to remediate and reduce risk on an ongoing basis. Not to mention executive buy-in for the appropriate resources to resolve high-priority items. Keep in mind that new threats, risks, and updates will always populate your risk register. It is critical to actively work to remediate against this list; this prevents risks from escalating and becoming more complicated.

BN: IT and InfoSec continue to move following their own agendas, can security become more of a ‘team sport’?

DL: Traditionally, IT and InfoSec teams within an organization pursued their own agendas. InfoSec secured the company and its users, while IT enabled people within the organization to work efficiently and effectively. InfoSec and IT teams must work more collaboratively to reduce the gap between identifying and addressing issues.

In many organizations, IT admins are joining the security team, as today’s global, decentralized workplace has broadened IT’s responsibilities within the enterprise. IT admins have become a key part of the security organization, with 34 percent of Fortune 500 companies rolling the IT department into the CISO’s purview in 2021. This percentage was close to 80 percent in startups and emerging technology companies. As more enterprise companies follow the lead of modern SaaS and technology organizations, the next task will be creating (and using) the best tooling to bridge the gap between these two core competencies. How do you adjust for the overlap and enable bidirectional communication and collaboration?

BN: Zero trust seems to be a priority, especially as it pertains to the hybrid office, how should security organizations employ zero trust methods in the coming year?

DL: Security teams have been talking about the zero-trust cybersecurity approach for a few years. It used to be ‘trust but verify’. The new zero trust — in a workplace filled with multiple teams, multiple devices, and multiple locations — is ‘check, check again, then trust in order to verify’. Basically, organizations must validate every single device, every single transaction, every single time — always.

Only six percent of enterprise organizations have fully implemented zero trust, according to a 2022 Forrester Research study. The complex and disparate workplace environments that are so common now make it difficult to adopt zero trust — at least all at once. This does not mean organizations are not slowly rolling out zero trust across their environments and assets.

It would be easy when a company only has a limited number of environments. However, if you are using AWS, Azure, and GCP with an on-premises instance along with a private cloud where you are running virtualization through VMware — that will take some time to uniformly roll everything out. Yes, companies are working towards zero trust, but it will take a bit longer than people like. As we all continue to embark on the zero-trust journey, we will see new solutions for complex problems companies are experiencing on premise and in public and private clouds.

Photo Credit: Olivier Le Moal / Shutterstock

The contradictory fall in ransomware in 2022

The contradictory fall in ransomware in 2022

There are three certainties in 21st century life – death, taxes, and ransomware. So how have the figures for the most familiar cyberattack in the world gone down by over half in 2022?

18 April 2023

That special ransomware moment – felt by fewer and fewer companies in 2022?

In Part 1 of this article, we spoke to Mike McLellan, Director of Intelligence at the Secureworks Counter Threat Unit about a seeming rise in reports of business email compromise being used against business in 2022 – as revealed by the Unit’s annual report on the cyber-threat landscape. In Part 2, we took a look at the rising tide of attacks based on multifactor authentication fatigue. But the leading – not to mention the best known and probably best understood – cyberthreat remains ransomware. While we had Mike in the chair, it seemed almost indecent not to ask him about it.

Especially as figures in the report showed ransomware down by a staggering 57% in 2022. Our first question, then, was probably inevitable.


What gives with the plummeting number of ransomware attacks in 2022?


Ransomware grabs a lot of attention, because you have attacks like the Royal Mail, the US Marshals Service, just to name a couple from the last few months. They are very high-profile organizations that are impacted by this with, with a clear impact on people.

Typically, the general public only care about these things when they actually have some impact on their lives, and some of these ransomware attacks do, because they hit critical infrastructure or critical services.

The Ukraine factor.

So yes, it’s interesting that we’ve seen a reduction in the number of incidents this year. And I don’t think we’re alone in seeing that – it’s not a blip in our data. Some other vendors have reported similar trends, though whether it continues to be a trend throughout 2023 remains to be seen…


You’re about to tell us something mind-blowing with a tinge of horror, aren’t you?


What makes you say that?


We’ve interviewed you before. We know that pause.


Well… it’s possible the war in Ukraine had a significant cooling effect on ransomware last year. We saw a two- or three-month period where there was a huge disruption to the ecosystem, because you had groups who had operators in Ukraine, or they had split political loyalties, and that impacted on the volunteer activity.

So whether we will see that decline continue, I’m not sure. I think we will start to see it pick up again, because I think it remains a very lucrative form of revenue for cybercriminals.

But, you know, reasons why we could see a reduction would include organizations getting better at defending against it, which we always like to say is a thing.

Law enforcement disruption getting better, having more impact on the groups is a thing. Groups deciding it’s not economical because of the price of cryptocurrency or the challenges of conducting attacks. That’s a potential thing, too.

Finally, and possibly the most likely explanation, is that we’re just seeing an underreporting of it to the likes of ourselves, to law enforcement, and to other places. One theory that we’ve got is that following Colonial Pipeline and some of those very big attacks, the more sophisticated ransomware gangs decided that actually, if they could keep their heads under the radar a bit more and conduct more attacks against smaller organizations, they could still generate enough money, but without bringing the headlines, and so without bringing the law enforcement interest.

The quiet life.


Cybercriminals opting for a quiet life?


It’s possible, yes. There are plenty in the criminal organizations who are absolutely only in it for the money. If you can make a good living without bringing the FBI or Interpol down on your own head, why not do that?

So it’s very hard for us to say, because we only work with organizations who pay us to come and do incident response for them. But there is potentially a much larger number of very small organizations who aren’t mature enough, don’t have those relationships to report these things, don’t know how to report it to law enforcement, and we’re just not seeing it. So I think our data on this tells potentially only part of the story.

There are reasons why that might be, but it’ll be interesting to see over the next 12 months whether insurance firms and other organizations report similar trends or not based on their data and their view of that threat.

I do think we’ll see the numbers start to creep back up, sadly. But we definitely saw a reduction last year driven probably by the war in Ukraine, and by some of the heat that came from some of the very high-profile attacks, forcing a rethink of the operation.

A busy year?


This is inevitably going to sound crass, but is it possible that, with the illegal Russian invasion of Ukraine, lots of cybercriminals had… more pressing things to focus on?


I think they undoubtedly will have, yes. Ukrainian police arrest people for their involvement in ransomware gangs, and while those may not be the core operators, (the really sophisticated criminals probably live in places where they’re never going to be arrested), it will have an impact on your operation if there’s suddenly a war which encompasses places where you or some of your colleagues live.

So yeah, undoubtedly, that caused a significant distraction, and possibly some kind of physical disruption if people had to relocate.

Obviously, we hope that situation improves over the next 12 months. But it certainly looks like most of the criminal gangs that were disrupted have managed to reconfigure themselves to carry on as they were before. So we will be keeping a very close eye on that, just seeing if the fall in ransomware numbers becomes a long term trend, or if it was just a bit of a blip last year.

An offer they can’t refuse.


As we understand it, some of the pro-Russian groups have died out or been agglomerated into the bigger groups too, right?


Yes, some of the big ransomware-as-a-service schemes have. There’s been a sort of stratification of the landscape where you’ve got two or three ransomware schemes, which are now very large, with lots of affiliates, lots of people kind of participating in them.

I think that’s making it harder for other schemes to establish themselves and break into that market, you’ve got a bit of a monopoly going on there with a very small number of schemes now running lots of affiliates, potentially.

And again, when we see some of the high-profile attacks, the likes of the US Marshal Service, it’s possible that was some affiliate who just hasn’t really appreciated the potential impact of that attack on the scheme.

We think the criminals who have been doing this for a long time have come to the realization that you don’t really want to try and take down the Irish Health Service, or the Royal Mail or whatever, because the potential blowback on you from law enforcement could be significant, could cost you a lot in terms of having to adapt and retool and all that sort of thing.

So we’re seeing a small number of schemes with lots of affiliates. And I’d be interested to see if we see some kind of unintended behaviour from some of those affiliates who are less easy to control, maybe because they’re less experienced.


Apologies if this is cliché, but it sounds like there’s a mafia-style structure developing in those schemes. The cyber-mafia?


It’s interesting, because if you go back 15-20 years, some of the people in charge now are the same people who started out back then. And it’s always important to know that there are people behind these attacks. The central people have probably been around for a long time, but you end up with a much broader pyramid of other people who get involved.

Potentially, the people who’ve been in the business for less time are just making a sort of salary rather than generating the big payouts, but they are nevertheless getting paid well to do the job they’re doing. So you do have this kind of organizational structure.

And if you look at something like the constant leaks from last year which exposed some of this, it’s fascinating to see them talking about things like HR disputes, and salaries and all that kind of thing, and having to deal with the kind of things that most managers have to deal with in legitimate organizations.


It’s curious to think that some of the players responsible for the bigger, flashier, more headline-grabbing ransomware attacks may actually be the people with less experience, who have yet to buy into the quiet life philosophy of advanced cybercrime. You can’t help wondering if that might be a useful thing for companies to consider in their future negotiations with these players.

In the final part of this article, having dipped into the conflict in Ukraine, Mike turns his attention to other national-level state actors that have been especially busy delivering cyberattacks in 2022. Will the leading threat surprise you at all…?

18 April 2023

18 April 2023

17 April 2023

Criminals are using this top remote access tool to hijack your company networks

Yet another legitimate enterprise software platform is being abused by various cybercriminals to deploy malware and ransomware to unsuspecting victims. Cybersecurity researchers from The DFIR Report have observed multiple threat actors using Action1 RMM, an otherwise benign remote desktop monitoring and management solution. 

Just as any othe remote management tool out there, Action1 is used by managed service providers (MSPs) and other IT teams to manage endpoints (opens in new tab) in a network from a remote location. They can use it to handle software patches, software installation, troubleshooting, and similar. 

Emerging cyberpros tried to Conquer The Hill in Argonne’s latest CyberForce® Program challenge

Newswise — Argonne National Laboratory, a U.S. Department of Energy (DOE) national laboratory, announced Cameron Whitehead of University of Central Florida as the winner of the 2023 CyberForce Conquer the Hill: Adventurer Edition competition.

Whitehead was one of 213 students from 95 accredited U.S. colleges and universities who competed virtually to complete over 57 anomalies — work-based cybersecurity tasks and challenges — during a seven-hour, energy sector-related adventure.

“Ideally, we want to bring more awareness to those participating about what cybersecurity companies do, what jobs are available, and what skills are needed.” – Amanda Theel, leader of Argonne’s Workforce Development group and the CyberForce Program

The purpose of DOE’s Conquer the Hill competitions and its overall CyberForce® Program, which Argonne leads, is to increase hands-on education to college students, raise awareness in the critical infrastructure and cyber security nexus, and promote basic understanding of cybersecurity in real-world scenarios. According to a 2022 study, there is a shortage of 410,695 cybersecurity professionals in the U.S. With the increasing amount of information placed on the internet, improving security and developing a cybersecurity workforce is a high priority.

Competitors were presented with a checkerboard of easy, medium and hard cyber challenges that they could tackle up to three times in any order they wished. Their performance on each task resulted in a score visible only to them and to the competition organizers. The winner received the highest points by completing the most tasks successfully in the least amount of time.

“These smaller individual competitions are fun because they give students a lot more in-depth time to evaluate different areas of cybersecurity that they might not see in school,” said Amanda Theel, who leads the Workforce Development group in Argonne’s Strategic Security Sciences division and the CyberForce Program for DOE’s Office of Cybersecurity, Energy Security and Emergency Response (CESER). ​“Students can build cybersecurity skills and interests in areas they weren’t aware they liked or had an interest in, such as logs, forensics or encryption.”

All of the anomalies in this year’s Conquer the Hill: Adventurer competition are mapped to the National Institute of Standard and Technology National Initiative for Cybersecurity Education framework. By designing the challenges within this framework, DOE and Argonne believe students can better understand where they are proficient in their cybersecurity skills and where they may need to improve.

“The Department of Energy’s CyberForce Program is dedicated to developing the highly skilled workforce we need to protect and defend our nation’s critical energy infrastructure,” said CESER’s deputy director for Preparedness, Policy and Risk Analysis, Mara Winn. ​“We are proud to invest in these unique, hands-on opportunities to educate and challenge the next generation of energy cybersecurity professionals.”

Upcoming CyberForce Program events include a virtual webinar on May 10; another virtual mini ​“Conquer the Hill” competition on July 15, which will be themed like an escape room, and a virtual career fair on October 11. The competitive cybersecurity season will close with DOE’s large, hallmark CyberForce® Competition, in which college and university students will compete in teams at an in-person event in the Chicagoland area, Nov 3-4.

“Ideally, we want to bring more awareness to those participating about what cybersecurity companies do, what jobs are available, and what skills are needed,” said Theel. ​“We’re hoping to fill that pipeline of professional openings.”

Argonne National Laboratory seeks solutions to pressing national problems in science and technology. The nation’s first national laboratory, Argonne conducts leading-edge basic and applied scientific research in virtually every scientific discipline. Argonne researchers work closely with researchers from hundreds of companies, universities, and federal, state and municipal agencies to help them solve their specific problems, advance America’s scientific leadership and prepare the nation for a better future. With employees from more than 60 nations, Argonne is managed by UChicago Argonne, LLC for the U.S. Department of Energy’s Office of Science.

The U.S. Department of Energy’s Office of Science is the single largest supporter of basic research in the physical sciences in the United States and is working to address some of the most pressing challenges of our time. For more information, visit https://​ener​gy​.gov/​s​c​ience.

Coley Burke Joins HYCU® as Chief Revenue Officer

Coley Burke Joins HYCU® as Chief Revenue Officer

(image: KobizMedia/ Korea Bizwire)

(image: KobizMedia/ Korea Bizwire)


Boston, Massachusetts, April 18 (Korea Bizwire) – HYCU, Inc., the world’s fastest-growing multi-cloud data protection as a service company, today announced that Coley Burke joined to lead the global sales organization and drive go-to-market programs to accommodate scale and growth for continued worldwide expansion. Burke joins HYCU on the heels of the recent introduction of R-Cloud, the world’s first developer-led data protection platform to address the underserved needs of SaaS application users for enterprise-class data protection, and after the company closed 2022 with more than 3,600 customers and a Series B funding round that brings the total raised to date to $140M. Burke will report to HYCU Founder and CEO Simon Taylor.

“The ongoing fight against ransomware and the ever-increasing need for data protection regardless of platform or application in use, has never been greater,” said Coley Burke. “HYCU is at a pivotal moment in time, solving the challenges that legacy backup solutions cannot address while changing the game for companies and partners that need cloud-native, cost-effective and efficient SaaS backup where few solutions exist today. I am excited to join HYCU to drive and lead sales through the company’s next phase of hypergrowth.”

As Chief Revenue Officer, Burke will be responsible for driving HYCU’s global go-to-market strategy and accelerating growth and scale to accommodate customer and partner interest. Burke brings more than 30 year’s experience as a results-driven executive to lead sales and business development efforts. Prior to HYCU, Burke was CRO at Semperis where he increased demand for identity driven cyber resilience to offset the growing rise of cybersecurity risks to enterprises globally. Before Semperis, Burke was CRO at Zerto, successfully leading go-to-market for the global IT resilience company prior to the acquisition by HPE. Burke has held sales and go-to-market positions at EMC, Kashya, IBM, Quantum, and Arrow Electronics and has extensive background in software, data protection, infrastructure, storage, and BCDR products and solutions. Throughout his career, Burke has led successful market strategy and revenue growth for many of the industry’s leading product portfolios.

“We are thrilled that Coley is joining HYCU and excited that he will be instrumental in driving HYCU’s go-to-market and sales efforts around the world to handle the growing interest in our multi-cloud and SaaS data protection solutions,” said Simon Taylor, Founder and CEO, HYCU Inc. “Coley is an impressive sales leader with deep roots in data protection, and a power of positivity wherever he has worked. His outlook and attitude is infectious and our growing customer base and teams will enjoy every minute he has to spend with them. Welcome Coley, I am looking forward to working together with you, and the rest of the executive team to share why HYCU is quickly becoming the data protection provider of choice, regardless of data location and platform in use.”

To learn more about HYCU’s multi-cloud and SaaS backup and recovery as a service solutions, visit


About HYCU
HYCU is the fastest-growing leader in the multi-cloud and SaaS data protection as a service industry. By bringing true SaaS-based data backup and recovery to on-premises, cloud-native, and SaaS environments, the company provides unparalleled data protection, migration, disaster recovery, and ransomware protection to thousands of companies worldwide. As an award-winning and recognized visionary in the industry, HYCU solutions eliminate complexity, risk, and the high cost of legacy-based solutions, providing data protection simplicity to make the world safer. With an industry-leading NPS score of 91, customers experience frictionless, cost-effective data protection, anywhere, everywhere. HYCU has raised $140M in VC funding to date and is based in Boston, Mass. Learn more at


Don Jennings
HYCU, Inc.
[email protected]

Katie Helander
The Bulleit Group
[email protected]


press release curation and disclaimer notice

School Passport 2.0 Puts Schools In Control of Data, ‘Seamlessly Anonymizes’ PII Shared with Ed Tech — THE Journal

Data Privacy

School Passport 2.0 Puts Schools In Control of Data, ‘Seamlessly Anonymizes’ PII Shared with Ed Tech

Global Grid for Learning has unveiled its newest school data exchange solution designed to give schools better data analytics and control over data privacy while eliminating the need for vendors to access and share students’ protected private information, according to a news release. 

At the ASU+GSV Summit this week, GG4L introduced its new School Passport data exchange platform, which “allows information to be shared by schools with their ed tech vendors, but can now seamlessly anonymize PII to address a major privacy vulnerability for the industry.”

The challenge of capitalizing on ed tech data to improve learning outcomes while protecting student data has become the industry’s biggest Achilles heel, as cyber crime grows more sophisticated and ransomware’s steadily rising impact on K–12 school districts leads to more breaches of student data every year. Last year, ransomware attacks targeting K–12 schools rose by 827% according to the latest threat report from network security researchers at SonicWall.

And yet ed tech vendors’ routinely share school PII across platforms, with schools having very little, if any, control or insight into what data, precisely, is being shared and by which platforms. 

“School Passport is breaking this habit by minimizing the need to share school PII across ed tech vendors,” GG4L said in its announcement. 

The updated School Passport platform “leverages GG4L’s patents and innovative token-based services to solve the problem that traditional rostering approaches have created, including the reliance on legal compliance as the sole approach to protect schools,” according to the announcement. 

School Passport offers “a robust open standards-based API framework of anonymized services which makes it easy for vendors to adopt.”

All the students’ PII is anonymized within the platform, and schools using School Passport have monitoring tools to track where and how data is shared and data governance tools to restrict sharing or anonymize data, GG4L said. District tools include a PII vault that allows IT managers to maintain control of data encryption.

“School Passport builds on our recent experience with PII Shield, API-based communications, and school-centric data governance,” said GG4L Founder and CEO Robert Iskander. “School Passport is the first zero trust-based anonymized and tokenized data exchange and governance infrastructure for schools.”

GG4L said districts using School Passport can “significantly reduce the amount of student PII that is shared with external entities” and thereby greatly relieve compliance burdens on IT teams as well as reduce implementation delays where data privacy oversight is a concern. 

Vendors can benefit from School Passport, too, GG4L said, by eliminating their absorption of student PII, they reduce their risk profile and lower costs associated with data privacy compliance and oversight — all while providing the same user experience as well as data that can be combined on the district dashboard to help educators make better-informed decisions for improving learning.

GG4L is a contributing member of the open-standards advocacy nonprofit 1EdTech and has been participating in 1EdTech’s Identity Task Force and the 1EdTech OneRoster® standard project. “This will lead to certification showing that ed tech suppliers can meet the requirements for supporting anonymized identity,” GG4L said.

“The 1EdTech community of school districts, universities, states and suppliers is providing leadership on student data privacy through our TrustEd Apps program,” said 1EdTech CEO Rob Abel. “The community greatly appreciates GG4L’s contributions, and we will expedite the benefits of this work via extensions to the widely adopted OneRoster standard.”

Learn more at

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can
be reached at [email protected]om.