The Cyber Express - January 2024 by The Cyber Express

Award Winning World’s Fastest Growing Cybersecurity Company

ISSUE 14

TheCyberExpress

Cyble VISION Beyond

Threat Intelligence

The Best Ai-Powered Threat INtel PLATFORM • Uncover hidden threats. • Predict and prevent attacks. • Empower informed decision-making. • Stay ahead of evolving risks. • Secure your digital ecosystem.

See Cyble Vision in Action

TheCyberExpress

ISSUE 14

Contents 6 FROM THE EDITOR

2023 in Cybersecurity: Reflections and Way Forward

8 VIEWPOINT AI Arms Race: Malicious Actors Stumble in Pursuit of Scalable Weaponry

12 FORESIGHT Beyond theFirewall: Why Soft Skills Are Cybersecurity’s New Superpower

22 CYBERVILLE Gacha Games Decoded: Controversies, Psychology, Coping

28 THE COVER 10 Most Vital Ai Trends Of 2024 We Need To Be Ready For

32 HOT SEAT 2024 Cybersecurity Forecast: 5 Key Trends to Prepare for Now

ISSUE 14

TheCyberExpress

36 DIGEST Beyond Convenience: Can You Trust Your Smart Home?

44 TRENDS Expert Predictions: Upcoming Cybersecurity Trends For 2024

52 REGISTER Deepfakes Gone Wild: 10 Trends That Will Reshape 2024

84 SCOOP World CyberCon India 2023 Ignites a Digital Revolution in Its Second Triumph

90 INSIDER Let’s Talk Cybersecurity: Wisdom From World Cybercon India

102 BOTTOMLINE Leaders’ Take on WORLD CYBERCON INDIA 2023

TheCyberExpress

ISSUE 14

STAFF

Editorial

Management

Augustin Kurian

Rajashakher Intha

Editor-in-Chief editor@thecyberexpress.com

Head - Marketing & Sales raj@thecyberexpress.com

Avantika Chopra

Ashish Jaiswal

Associate Editor avantika@thecyberexpress.com

Conference Manager ashish.j@thecyberexpress.com

Samiksha Jain

Priti Chaubey

Magazine Producer samiksha.jain@thecyberexpress.com

Content Strategist priti.c@thecyberexpress.com

Ishita Tripathi

Ravi Gupta

Senior Tech Journalist

SEO Analyst

ishita.tripathi@thecyberexpress.com

ravi@thecyberexpress.com

Ashish Khaitan

Vittal Chowdry

Journalist ashish@thecyberexpress.com

Design Lead vittal@thecyberexpress.com

Image credits: Shutterstock & Freepik

*Responsible for selection of news under PRB Act. Printed & Published by Augustin Kurian, The Cyber Express LLC., The publishers regret that they cannot accept liability for errors & omissions contained in this publication, howsoever caused. The opinion & views contained in this publication are not necessarily those of the publisher. Readers are advised to seek specialist advice before acting on the information contained in the publication which is provided for general use & may not be appropriate for the readers’ particular circumstances. The ownership of trade marks is acknowledged. No part of this publication or any part of the contents thereof may be reproduced, stored in a retrieval system, or transmitted in any form without the permission of the publishers in writing.

ISSUE 14

TheCyberExpress

From The Editor’s DESK Augustin Kurian Editor-in-Chief

Dear Readers, Happy New Year and welcome to a fresh, exciting start with The Cyber Express! As 2024 unfolds, we’re here to guide you through the complex and ever-evolving world of cybersecurity with insights, analysis, and stories that matter. In this January issue, we kick off with “AI Arms Race: Malicious Actors Stumble in Pursuit of Scalable Weaponry.” Tim Pappa, a seasoned former FBI Profiler, offers a riveting exploration of how AI is reshaping the landscape of cyber warfare. His unique perspective, rooted in behavioral analysis, unravels the sophisticated interplay between technology and criminal intent, providing a thought-provoking read. We then pivot to a topic that often flies under the radar in tech discussions – the human element. “Beyond the Firewall: Why Soft Skills Are Cybersecurity’s New Superpower” sheds light on the importance of empathy, communication, and collaboration in cybersecurity. It’s a compelling reminder that in the world of zeros and ones, human skills are invaluable. The intriguing world of online gaming is unpacked in “Gacha Games Decoded: Controversies, Psychology, Coping.” This article offers a deep dive into the psychological nuances

and controversies surrounding these popular games, providing insights and strategies for safe and mindful gaming. Prepare to be enlightened by “10 Most Vital AI Trends of 2024 We Need to Be Ready For.” This comprehensive piece not only highlights the groundbreaking developments in AI but also arms you with knowledge to navigate the future of this rapidly evolving field. For professionals and organizations, “2024 Cybersecurity Forecast: 5 Key Trends to Prepare for Now” is an indispensable guide. It outlines the strategic trends that are shaping the cybersecurity landscape, offering practical advice to stay ahead of potential threats. In “Beyond Convenience: Can You Trust Your Smart Home?” we delve into the critical issues of privacy and security in the era of connected homes. This piece challenges you to think critically about the trade-offs between convenience and safety in our digitally interconnected lives. “Expert Predictions: Upcoming Cybersecurity Trends for 2024” brings together foresight from leading minds in the field. Their predictions paint a vivid picture of the challenges and innovations we can expect in the coming year.

The phenomenon of deepfakes is scrutinized in “Deepfakes Gone Wild: 10 Trends That Will Reshape 2024.” This article is an eye-opener on how these advanced technologies might blur the lines between reality and fiction in our digital world. We’re also proud to present an exclusive report on the World CyberCon India 2023. Hosted in the bustling city of Mumbai, this event, organized by The Cyber Express by Cyble, was a confluence of innovative ideas, robust discussions, and visionary solutions to secure India’s digital future. As we enter 2024, our mission at The Cyber Express remains unwavering: to bring you the most relevant, insightful, and engaging content in cybersecurity. We’re excited to embark on this journey with you, navigating the complexities of the digital age together. Wishing you all a year filled with growth, discovery, and digital resilience. Most importantly, we welcome your feedback at editorial@thecyberexpress.com. Stay Informed, Stay Secure. Augustin Kurian Editor-in-Chief The Cyber Express

TheCyberExpress

ISSUE 14

VIEWPOINT

AI Arms Race:

Malicious Actors Stumble in Pursuit of Scalable Weaponry - By Tim Pappa Tim Pappa is a certified former FBI profiler on the Behavioral Analysis Unit, one of the few profilers in the world specializing in cyber deception and online influence. Pappa was also previously assigned to the FBI Cyber Division’s Cyberterrorism Unit, where he oversaw the FBI’s cyber threat programs focused on Middle East and Southeast Asia cyberterrorism.

ISSUE 14

TheCyberExpress

ISSUE 14

VIEWPOINT

Many cyber threat intelligence and policy communities are increasingly concerned with the threat posed by generative artificial intelligence, as GenAI is being operationalized to attempt to influence attitudes and beliefs of target populations. But we also keep reading about how those documented methods have not influenced audiences or narratives much at all. Imagine an athlete who can perform at exceptional levels in running or other displays of strength. You hear he’s joining a rival cricket team. When you see him play, however, he can’t seem to hit anything. He doesn’t know how to play. For all his natural athletic ability, he doesn’t know how to hit or throw the correct way. Yes, he appears fearsome because of his general athletic performance, but he is not an effective player on that team, until he learns how to deliver and hit a cricket ball. This is one way to conceptualize how malign influence cyber actors are applying or thinking of applying scalable generative artificial intelligence to attempt to influence target audiences. This includes everyone, including pro-Western cyber actors targeting overseas audiences. A summer 2022 report highlighted how ineffective many of these ‘pro-Western’ narrative accounts appeared to be at generating engagement and building influence. While social media platforms have documented how these accounts created artful, foreign-language

ISSUE 14

TheCyberExpress

content and calls to action to encourage engagement and social media response, most of these accounts had no more than a handful of likes or retweets on Twitter, and less than a quarter of the accounts had more than a thousand followers. Nearly half of these accounts posing as media organizations included batches of hashtags with their posted content, likely trying to reach broader audiences. But again, there was limited audience response. In my experience as a certified former profiler with the FBI’s Behavioral Analysis Unit (BAU), broad appeals to broad audiences even in the right language on the right platform do not work. Content including narratives must be crafted specific to targeted individuals with some understanding of the kind of platforms they use and trust and the kind of relationships they have or how those relationships influence the decisions of that targeted individual or group. There are established theoretical frameworks for understanding generally how people, even outside of these behavioral relational contexts, process and respond to content like this. Communication researchers throughout the past forty years have established relatively similar conditions for cognitive and attitudinal processing of content. These dual processing models or conditions generally find that people spend more or less time thinking about and consuming or sharing content based on how relevant it is to them and how motivated they are to process that content.

This is important especially in this growing environment of “coordinated inauthentic behavior”, where creators may be scaling and applying more generative artificial intelligence content with the same methods for attempting to influence audiences. These models suggest influence attempts may still be unsuccessful regardless of the content, if the creator is largely depending on unfamiliar audiences and unknown users to respond to content. If there are any challenges trying to access that content, people may not even be motivated to process that content or even less motivated to share that content with others. Audiences may be more likely to scrutinize content if they struggle to process it or understand it. If there are cultural or religious sensitivities to engaging in any kind of content, audiences will likely not encounter that content or may even react aggressively to the content. Audiences may not engage content or follow content creators because of the possible consequences for being associated in some manner with that kind of content or those creators. These are general considerations, but they are serious considerations. These considerations may explain some of the limited success of the controlled accounts in these recent reports, but these dual processing models of individuals and audiences apply even if there is uniquely generative artificial intelligence content. While much of my experience observing or reviewing other failed attempts to influence broad audiences with scalable programs is anecdotal, the psychological underpinnings of how individuals and groups of individuals as audiences process content or narratives provides an integrated theoretical framework that consistently explains why this is not working. The above research literature is the beginning of understanding this framework. The liminal step however in effectively behaviorally operationalizing content or narratives whether that includes use of GenAI or not is having a defined target with content or narratives crafted for that defined target. Malign influence cyber actors will continue to struggle to behaviorally operationalize scalable GenAI throughout this new year, even as GenAI programs become more dynamic. This will likely result in more of the same kind of reports described above, which highlight the growing use of GenAI programs to materialize malign influence attempts but in which we see limited measure of how anyone was influenced behaviorally.

TheCyberExpress

ISSUE 14

FORESIGHT

Beyond the Firewall:

Why Soft Skills Are Cybersecurity’s New Superpower - By Avantika Chopra

In a domain traditionally lauded for its technical prowess, the emergence of soft skills as a critical factor might seem counterintuitive. Yet, as cyber threats continue to evolve in sophistication, industry experts are acknowledging the indispensable role these skills play.

ISSUE 14

TheCyberExpress

Cybersecurity is no longer solely about firewalls and encryption. It’s a critical defense against sophisticated attacks that exploit human vulnerabilities. As technology intertwines more deeply with daily life, the interconnectedness of systems amplifies the impact of such attacks.

Protecting against these threats demands a comprehensive approach that includes not only technical measures but also education, awareness, and the development of strong human-centric security practices.

TheCyberExpress

ISSUE 14

FORESIGHT Let’s lay the groundwork with a simple hypothetical scenario.

Adam, a cybersecurity analyst with impressive technical expertise, found a vulnerability in the company’s network infrastructure with the potential to expose sensitive client data if exploited.

Adam’s struggle to simplify technical findings for non-technical stakeholders led to the misinterpretation of a severe vulnerability as a minor glitch, delaying its urgent addressal.

The ignored security flaw soon led to a data breach, compromising customer data and causing loss of trust, legal issues, and a major hit to the company’s reputation.

ISSUE 14

TheCyberExpress

A cybersecurity analyst, brilliant with code but lacking in communication skills, failed to effectively explain a critical security update to key decision-makers. His lack of effective communication and soft skills hindered his ability to convey the urgency of the situation, leading to dire consequences that could have been mitigated with clearer, more persuasive communication. While the above example might slightly overstate the situation, it does reflect a significant transformation in the cybersecurity sector. Although technical skills are indispensable for the protection of digital systems, they alone are increasingly inadequate to address the complexities of modern cyber threats.

What are Soft Skills in Cybersecurity? Soft skills, also known as interpersonal or people skills, encompass a collection of personal attributes and qualities that empower individuals to engage effectively in various personal and professional scenarios. Unlike technical or hard skills, which are specific to a particular job and often tied to one’s expertise in a particular domain, soft skills have gained increasing importance in cybersecurity. They work in tandem with technical proficiency to establish more robust defenses and responses to cyber threats. Field Chief Information Security Officer (CISO) for Public Sector at Presidio, Dan Lohrmann, stressed to The Cyber Express the pivotal role of soft skills in cybersecurity. According to him, strong soft skills play a crucial role in facilitating effective teamwork and coordinated communication during emergency incidents. “In an emergency incident, strong soft skills enable a team to work together well and communicate in coordinated ways. You don’t want to be meeting someone in person for the first time during a major incident or misunderstand directions, expected actions, etc. Strong soft skills build trust and better outcomes,” stated Lohrmann.

However, before diving into why soft skills are essential in cybersecurity it is essential to understand the key soft skills for cybersecurity professionals and what they are.

1. Communication Skills In cybersecurity, the ability to convey complex technical concepts in clear, understandable language is crucial. Professionals must translate jargon-heavy security information into layman’s terms for non-technical stakeholders, enabling informed decision-making and support. Communication is key, and this principle is equally important in cyberspace. The Equifax data breach in 2017, a significant event in cybersecurity history, highlights the critical importance of communication in cyberspace. This breach exposed the personal information of nearly 150 million Americans, primarily due to the failure to patch a known software vulnerability. Despite the availability of a patch, internal miscommunication and bureaucratic delays between IT and security teams led to its non-implementation. “Ability to communicate technical details in a clear and concise manner is a critical communication skill that should be innate. Comprehension of problem statements and addressing those for easily understandable solutions is important to team success,” Senior Research and Intelligence Manager at Cyble told The Cyber Express.

2. Critical Thinking The capacity to analyze, evaluate, and solve complex problems or challenges by using logical and creative thinking. Critical thinking skills are vital for making informed decisions and adapting to various situations. Cybersecurity experts must possess acute critical thinking skills to recognize and analyze potential threats. This includes identifying subtle indicators of phishing attempts, assessing risk scenarios, and swiftly making informed decisions under pressure. Critical thinking allows professionals to anticipate vulnerabilities and proactively implement security measures to mitigate risks.

TheCyberExpress

ISSUE 14

FORESIGHT

3. Problem-solving The skill of identifying issues, evaluating possible solutions, and selecting the most appropriate course of action to resolve problems or overcome obstacles. Problem-solving skills can play a crucial role in resolving cybersecurity incidents efficiently. The cybersecurity space is dynamic and constantly evolving. Strong problem-solving skills enable professionals to adapt to emerging threats, devise innovative strategies, and respond effectively to security breaches. This involves thinking on one’s feet, creatively finding solutions, and implementing measures to contain and resolve incidents efficiently. Having individuals on the team who possess not only technical expertise but also the ability to extract valuable insights from past incidents and apply them to current situations is of great importance. It highlights that safeguarding the future is as crucial as defending against present threats. Cyble Senior Reseracher also highlighted the importance of Conflict Resolution Skills. “In a cybersecurity environment, conflicts may arise, the skill to mitigate the conflicts and come to a resolution is a skill that can be developed through experience and practice under good mentors in an organization,” he told The Cyber Express.

4. Active Listening Lack of active listening can lead to ignoring critical feedback from team members, as seen in various incidents where employee concerns about security vulnerabilities were overlooked.

While empathy may not be the first trait that comes to mind in the context of cybersecurity, it plays a vital role in various aspects of the field. Professionals who practice empathy are better equipped to create user-friendly security solutions, provide support during incidents, and foster a culture of security awareness and cooperation.

6. Teamwork and Collaboration This skill involves the ability to work effectively with others, both within and outside the organization, to achieve common goals. It includes communicating clearly, sharing responsibilities, and integrating diverse perspectives and skills. Teamwork is paramount in cybersecurity, and its effectiveness in preventing cyberattacks.

7. Adaptability and Flexibility

Building trust and rapport with stakeholders—whether they’re clients, colleagues, or end-users—is facilitated through active listening. Understanding their concerns, challenges, and security needs helps in tailoring solutions that address specific vulnerabilities.

The rapid shift to remote work, especially post 2020 led to increased phishing attacks, showing the need for adaptable security strategies. Being flexible in security strategies is crucial to staying ahead of cybercriminals.

By actively listening to feedback and concerns, cybersecurity professionals can effectively align security measures with organizational goals and user requirements.

Every organization’s security posture is different, and professionals may require coaching on adaptability to perform their roles optimally in a new environment.

5. Empathy

8. Attention to Detail

Empathy in cybersecurity refers to the ability of cybersecurity professionals to understand and consider the perspectives, emotions, and experiences of both colleagues and end-users affected by security measures or incidents.

Minor oversights in code or security protocols have led to numerous breaches. A prime example of this is the Heartbleed bug discovered in 2014. This bug was a security flaw in the OpenSSL cryptography library, which is widely used for the SSL/TLS protocol to secure internet communication.

ISSUE 14

TheCyberExpress

The oversight in OpenSSL allowed attackers to read sensitive information from the memory of systems protected by the vulnerable versions of OpenSSL, leading to the exposure of private keys, usernames, passwords, and other sensitive data. Attention to detail is essential in code development and security protocols to prevent such vulnerabilities.

9. Leadership and Management Skills Leadership plays a pivotal role in establishing a securityfocused culture. Failures in this aspect have been at the root of many data breaches, emphasizing the need for strong leadership and management in cybersecurity teams.

10. Emotional Intelligence Ransomware attacks often rely on psychological tactics. Having emotional intelligence enables professionals to better understand and defend against these tactics, enhancing cybersecurity resilience. In the context of ransomware, attackers frequently use tactics designed to create urgency, fear, or confusion, prompting victims to act impulsively, such as by paying a ransom. In such situations, cybersecurity professionals with high EI can better understand these manipulative tactics, allowing them to educate and prepare users and organizations to respond appropriately.

11. Ethical Judgment and Integrity Insider threats, often stemming from ethical lapses, have been responsible for corporate espionage cases. Ethical judgment and integrity are critical in maintaining trust and security within organizations. Honesty towards designated portfolio stakeholders and maintaining highest moral standards is critical to securing any enterprise.

12. Continuous Learning and Curiosity The evolving nature of cyber threats necessitates continuous learning and curiosity among cybersecurity experts. Staying updated and adaptive is essential to effectively combat emerging risks. Emphasizing the importance of staying informed and adaptable in the field of cybersecurity, Lohrmann stressed the need for a proactive approach in keeping abreast of the latest technological advancements and hacker tactics. “Being curious with a thirst for knowledge and hunger to learn more. We need to be life-long learners with tech changing so rapidly. Also, good communicator - with the more modes the better (writing, speaking, listening). Also, humble but bold at the same time. Don’t be afraid to ask questions,” he said.

TheCyberExpress

ISSUE 14

FORESIGHT

Decoding Cybersecurity Decisions Tim Pappa, a certified former FBI profiler with expertise in cyber deception and online influence from the Behavioral Analysis Unit, highlighted the importance of naturalistic decision-making in cybersecurity during his discussion with The Cyber Express. He drew upon Gary Klein’s research to emphasize his points. “There have been a few researchers over the past several decades who have developed various models of naturalistic decision making. Gary Klein, for instance, explored how fire commanders make crisis decisions, uncovering that many rely on what he termed the ‘recognition-primed model.’ This approach is rooted in experiential learning, allowing for quick decisions that seem instinctive but are actually informed by past experience and an understanding of what’s likely to succeed,” Pappa said. Gary Klein’s study, titled “Rapid Decision Making on the Fire Ground,” investigates how fire commanders make quick decisions

ISSUE 14

TheCyberExpress

during emergencies. The research introduces the “Recognition-Primed Decision” (RPD) model, demonstrating that these rapid decisions are informed by commanders’ extensive experience and knowledge. This study significantly contributes to the understanding of naturalistic decision-making in critical situations. This is particularly relevant to the cybersecurity sector, which frequently demands rapid and high-pressure decision-making. Pappa suggests that this model can be applied to cybersecurity, considering the dynamic nature of human lives and the complex variables influencing decision-making. “Naturalistic decision-making challenges traditional models by recognizing the dynamic nature of human lives and decisions. It understands that decisions are influenced by various unknown factors in a person’s life, like relationships and organizational constraints, and these factors can change over time,” he added. “In criminology and cybersecurity, the distinction isn’t always black

and white. It raises questions about whether automated software can identify and follow patterns in a cyber threat actor’s campaign over time and if threat actors consider these factors when exploiting vulnerabilities in network defense, he added further. Pappa argues for a focus on soft skills, recognizing the necessity for a more humanistic model in cybersecurity. This approach acknowledges the diverse motivations and circumstances of individuals, including cybercriminals.

Bridging the Soft Skills Gap in Cybersecurity The recognition of soft skills’ significance in cybersecurity is on the rise within the cyber sector. According to the ISACA’s State of Cybersecurity 2023 report, soft skills have emerged as a significant gap in the cybersecurity field, highlighting that 54% of cybersecurity professionals rated soft skills as the greatest skills gap.

These skills are not merely additional qualities but are becoming central in the complex digital space, especially with the advent of AI and evolving global regulations.

Cyber defenders now need a holistic skill set that includes not just technical prowess but also strong communication, critical thinking, and awareness of human behavior.

The top soft skills identified as crucial for security professionals include communication, critical thinking, problem-solving, teamwork, and attention to detail.

Identifying and Cultivating Soft Skills Challenges

The rise of social engineering attacks—a tactic that preys on human psychology and exploits interpersonal vulnerabilities rather than technical weaknesses is a growing concern. With AI playing a bigger role, these attacks are only going to get harder to detect. These attacks often leverage trust, persuasion, and psychological manipulation to bypass traditional security measures. Phishing emails, pretexting phone calls, and impersonation scams are common examples of social engineering techniques. According to the 2023 Ponemon Institute’s Cost of Phishing Study, a staggering 83% of organizations experienced a phishing attack in the past year. A key finding of this study is the identification of poor employee awareness and training as a major contributing factor to these incidents. No firewall or encryption can fully protect against an unsuspecting employee falling victim to a well-crafted phishing email or a convincing social engineering ploy.

The challenges in identifying and developing soft skills within the cybersecurity workforce are multifaceted, as highlighted by both industry insights and academic research. Cyble’s Senior Researcher observations align closely with findings from broader industry studies, shedding light on the nuanced difficulties organizations face in this area. He points out that the common assessment criteria in cybersecurity hirings are heavily focused towards technical skills, often based on certifications. This approach leaves the assessment of soft skills to team leads or managers, which can burden the organizational structure. The need for a more comprehensive and traitspecific soft skills hiring assessment model is crucial for organizational success. This observation is substantiated by an ISACA report, which shows that while technical skills like identity and access management and cloud computing are heavily sought after, soft skills such as communication and critical thinking are not emphasized to the same extent, despite their recognized importance.

TheCyberExpress

ISSUE 14

FORESIGHT DIGEST According to the report, the most significant skill gaps identified in today’s cybersecurity professionals include soft skills (55%), followed by cloud computing expertise (47%), knowledge in security controls (35%), and abilities in coding (30%) and software development (30%). Additionally, Cyble’s Senior Researcher discusses the ‘Talent Crunch & Skill Combo’ issue, highlighting the rarity of finding cybersecurity professionals with both technical and soft skills. “The industry as it is having a critical shortage of skilled cybersecurity professionals and its rare to find both technical and soft skills, hence organizations have to make do by compromising on either of them and more so on soft skills to keep up with business operations pressure,” he told The Cyber Express. This forces organizations to compromise, often on soft skills, to maintain business operations. This is echoed in the broader industry context where 59% of cybersecurity leaders say their teams are understaffed, leading to a focus on filling roles with a primary emphasis on technical skills. The impact of strong soft skills on cybersecurity risk management and incident response efforts is significant. Cyble’s Senior Researcher mention of the need for cybersecurity professionals to evolve their focus beyond IT security to encompass risk management, governance, and compliance is particularly relevant. As cybersecurity challenges intensify, effective collaboration with various stakeholders becomes critical for audits, legal compliance, business risk assessments, and business continuity planning, necessitating strong soft skills. Dan Lohrmann, addressing challenges in the modern work environment, particularly emphasizes the difficulties posed by a shift to a largely virtual setting. Speaking to The Cyber Express, he notes, “Moving meetings and so much conversation online makes it hard to really know someone well. We used to be almost 100% in-person, and we are not going back to those days, but it is harder than ever to learn by osmosis (just being around people).” This shift has particularly affected the learning and development of younger workers. Lohrmann highlights their unique challenge, stating, “Younger workers can’t see their senior colleagues ‘in-action’ as much - unless the inclusion is very intentional, which is much harder to do consistently on a wide scale.” His observations point to the need for more deliberate and structured approaches to mentoring and knowledge sharing in remote or hybrid work environments. This is crucial for fostering the same level of learning and professional development that was more naturally facilitated in traditional, in-person settings.

ISSUE 14

TheCyberExpress

Soft Skills in the Future of Cybersecurity The future of cybersecurity is increasingly recognizing the vital role of soft skills. As noted by experts, these skills are becoming crucial due to the evolving nature of cyber threats and the integration of technologies like AI and GenAI. “As cybersecurity challenges intensify, so would the collaboration with various stakeholder to maintain flow of information for audits, legal, Business Risk Assessment, and BCP planning and management. Hence, the soft skills will be more than ever essential for maintaining team collaborations and high level of security in the organization,” Cyble Senior Researcher adds. While technical skills remain a cornerstone in cybersecurity, the development and integration of soft skills into the workforce are vital for addressing current and future challenges in the field. The concept of ‘human-centric AI’ highlights the need for skills that distinguish humans from machines. “The ‘human centric’ part is all about building those soft skills that differentiate humans from robots and machines. I only see the importance of building stronger soft skills growing in the years ahead within cybersecurity,” concluded Lohrmann while stressing upon the need for soft skiils, especially with the way AI is being integrated in day to day life, and the tasks involving cybersecurity. Moreover, organizations need to adapt their hiring and training strategies to create a more balanced skill set in their cybersecurity teams. This balanced approach is essential for the overall effectiveness and resilience of cybersecurity operations within organizations. Professionals with strong interpersonal skills can play a pivotal role in educating and empowering teams to recognize and resist these attacks. Training programs focused on cybersecurity awareness, incident response, and social engineering simulations can significantly reduce the susceptibility of individuals within an organization. Furthermore, cybersecurity professional’s adept at understanding and communicating across departments— bridging the gap between technical teams, management, and end-users—can implement comprehensive security protocols and create a culture of vigilance against social engineering attacks. In essence, the evolution of cybersecurity demands a shift towards recognizing the human element as a critical factor in defense. Combining technical expertise with strong interpersonal skills is the new frontier in fortifying organizations against the ever-growing sophistication of social engineering threats.

TheCyberExpress

ISSUE 14

CYBERVILLE

GACHA GAMES DECODED: CONTROVERSIES, PSYCHOLOGY, COPING - By Ashish Khaitan The online gaming landscape, particularly in-game item-dependent realms, has witnessed a significant transformation in recent years, with one controversial genre taking center stage: Gacha games. This distinctive category has not only garnered immense popularity but has also faced intense criticism, particularly in East Asian regions where players willingly invest substantial amounts of money in virtual items.

ISSUE 14

TheCyberExpress

In this comprehensive investigation, The Cyber Express delves deeply into the intricate mechanics of Gacha games, unveiling potential scams, examining the psychological impact they may have, and exploring the coping strategies employed by former players.

TheCyberExpress

ISSUE 14

CYBERVILLE

Exposing Gacha Games’ Covert Scams Gacha games, a gaming genre popularized by a subculture, emerged in 2010. The Dragon Collection, one of the pioneering Gacha games, debuted on GREE, a Japanese social networking platform, marking the inception of a phenomenon that siphons money, time, and energy down the drain. Fast-forward to the present day, and players globally are shelling out thousands of dollars daily on in-game items. But are Gacha games truly fraudulent, or are we exaggerating the issue? Let’s delve into the realm of potential Gacha game scams to ascertain if we’re all on the same page. According to Comic Book Resources (CBR), numerous Gacha games are perceived as a form of gambling due to their chance-based mechanics. Many players find themselves enticed to spend substantial amounts of money on these games, only to regret their purchases later. Gacha games have faced criticism for their predatory mechanics, leading players into a relentless cycle of spending money. The core of these games lies in the Gacha system, a thinly veiled form of gambling. Players use in-game currency, acquired through gameplay or real-money purchases, to obtain randomized virtual items. The insidious nature of Gacha games lies in their exploitation of player psychology, capitalizing on the innate desire for progression and success. This creates a pay-to-win environment, where those who make significant financial investments gain a distinct advantage over free-to-play users. In-app purchases are strategically designed to exploit players’ impulses, creating a sense of urgency or scarcity that pushes them to spend more than they initially intended. The lack of transparency in the odds of obtaining rare items adds to the manipulative nature of these games, leaving players feeling helpless and disappointed. Gacha games might be likened to real-world situations, where marketing strategies encourage consumers to buy more than they originally intended. Just as fast-food combos entice customers to purchase more items, Gacha games employ tactics that encourage players to spend beyond their initial plans. The psychological impact is profound, as players find themselves caught in a vicious cycle of spending in pursuit of elusive virtual rewards.

ISSUE 14

TheCyberExpress

Gacha Games and the Psychology at Play Social media platforms such as Reddit, Twitter, and Discord host communities of players and individuals recovering from the psychological damage inflicted by these games. The temptation of Gacha games is such that players find themselves spending excessive amounts of time collecting virtual items, often neglecting real-life responsibilities. While some argue that Gacha games are a money sink and highlight the potential harm to a small minority of players, others emphasize the statistical insignificance of such cases. Several users suggest that working adults, the primary market for Gacha games, generally spend within their means, occasionally making impulsive decisions but not to a detrimental extent. In-depth narratives from various players reveal the complex psychology at play. The desire to “catch up” with friends or achieve the same power level creates a sense of competition and envy. Gacha games often utilize “limited availability” tactics, compelling players to spend impulsively. Recognizing these patterns is crucial, as it forms the first step towards self-control.

Beating Overspending and Addiction Players and experts collaborate to share valuable insights on overcoming overspending and addiction in Gacha games. Recommendations encompass practical strategies such as disengaging from game-related groups to sidestep temptation, exploring alternative hobbies, and

conducting a critical evaluation of the time and money invested in these games. Emphasizing the paramount significance of selfawareness and self-control, players are advised to establish budgets, discern the manipulative tactics employed by these games, and contemplate the broader financial implications of their spending habits. For individuals grappling with Gacha game addiction, a pivotal step involves withdrawing from online communities that exacerbate temptation. Severing ties with Gacha megathreads on platforms like Facebook and Reddit proves effective in eliminating constant triggers that prompt impulsive decisions. Maintaining connections with groups that provide updates without nudging players toward excessive spending, such as r/gachagaming, presents a healthier alternative. Another strategy to curb overspending involves exploring alternative hobbies. Gacha games, strategically designed to allure players with tempting packs, constitute the crux of the business model. By diverting time and money into physical activities like going to the gym or engaging in pursuits such as gunplay, players can redirect their focus and energy away from the enticing virtual rewards. Crucial to overcoming addiction is understanding the motivation behind playing Gacha games. Many players, having traversed the daily grind and awaited updates, come to the realization that the investment of time and money may not be justified. Consequently, they often transition to other Gacha games, bidding farewell to the money previously spent.

TheCyberExpress

ISSUE 14

CYBERVILLE

For those enticed by the competitive aspect of gaming, exploring nonGacha competitive games is highly recommended. MOBAs such as LoL: Wild Rift or Mobile Legends, along with shooters like CoD Mobile, offer the satisfaction of competition without the accompanying temptation to spend on virtual packs and pulls. These coping strategies, derived from authentic experiences, aim to chart a course for individuals seeking liberation from the clutches of Gacha game spending. By recognizing manipulative tactics, setting budgets, and engaging in alternative activities, individuals can foster a healthier relationship with gaming.

Closing Thoughts The controversy surrounding Gacha games continues to unfold, revealing a complex interplay of psychological manipulation, financial expenditure, and the pursuit of virtual rewards. The Cyber Express encourages players to approach these games with caution, fostering awareness and responsible gaming practices to ensure a healthy and balanced gaming experience. In an era where virtual and real worlds increasingly intersect, understanding the impact of Gacha games is crucial. As discussions on the ethics and implications of these games persist, it becomes evident that Gacha games are not mere sources of entertainment but complex experiences that demand a nuanced perspective from both players and the gaming industry.

ISSUE 14

TheCyberExpress

ISSUE 14

THE COVER

10 MOST VITAL AI TRENDS OF 2024 WE NEED TO BE READY FOR - By Neelesh Kripalani

Neelesh Kripalani, Chief Technology Officer at Clover Infotec, is a seasoned technology leader boasting over 17 years of extensive experience. His proficiency spans a diverse spectrum, including Strategy Planning & Management, IT Services Delivery, Banking Implementations, People Management, and IT Operations Management. With a robust background in these key areas, Neelesh brings a wealth of knowledge and strategic insight to his role, contributing significantly to Clover Infotec’s technological advancements and overall success.

In the ever-evolving landscape of technology, staying ahead of the curve is not just an advantage; it’s a necessity. As we stand on the brink of 2024, the realm of Artificial Intelligence (AI) is undergoing transformative shifts that will

ISSUE 14

TheCyberExpress

redefine how we perceive and utilize technology. Below are the 10 most vital AI trends for 2024 that we all need to be prepared for right now.

TheCyberExpress

ISSUE 14

DIGEST THE COVER

AI-Powered Cybersecurity: The New Digital Shield AI is becoming the cornerstone of robust cybersecurity strategies. Machine learning algorithms can now swiftly identify and neutralize cyber threats in real-time, making our digital fortresses more secure than ever before.

Explainable AI: Demystifying the Black Box The demand for transparency in AI decision-making processes is rising. Explainable AI models are on the ascent, enabling us to comprehend and trust the outcomes of complex AI algorithms. Understanding the ‘why’ behind AI decisions is the future of responsible technology deployment.

AI-Driven Process Automation: Efficiency Amplified The marriage of AI and automation is reshaping workflows. From mundane tasks to complex processes, AI-driven automation is streamlining operations, enhancing efficiency, and reducing operational costs. Organizations across the world are embracing it to witness unparalleled productivity gains.

AI in Healthcare: Revolutionizing Patient Care AI is revolutionizing healthcare delivery. Predictive analytics, image recognition, and natural language processing are enabling more accurate diagnostics, personalized treatments, and efficient patient care. In 2024, healthcare powered by AI will become the norm.

AI Ethics and Bias Mitigation: A Moral Imperative Ensuring that AI systems are ethically sound is nonnegotiable. Bias mitigation techniques and ethical AI frameworks are crucial. As leaders, it’s our responsibility to champion AI systems that are fair, unbiased, and accountable.

AI-Enabled Edge Computing: Power at the Periphery Edge computing, empowered by AI, is enabling realtime data analysis at the edge of networks. This rapid decision-making ability is a game-changer, especially in IoT applications, creating new possibilities for efficiency, responsiveness, and innovation.

ISSUE 14

TheCyberExpress

AI-Powered Personalization: Tailoring Experiences Customer expectations are soaring, and AI is the key to meeting them. AI-driven personalization allows businesses to create hyper-targeted and individualized customer experiences, leading to higher satisfaction, engagement, and loyalty.

Quantum Computing and AI: The Ultimate Synergy Quantum computing’s potential to solve complex AI problems cannot be overstated. The convergence of quantum computing and AI algorithms will lead to breakthroughs in areas like optimization problems, and machine learning algorithms, pushing the boundaries of what we can achieve.

AI in Human Resources: The Rise of Workplace Intelligence AI is reshaping HR functions. Predictive analytics, sentiment analysis, and AI-driven recruitment tools are optimizing talent management, fostering a more engaged workforce, and revolutionizing the employee experience.

AI-Powered Supply Chain Optimization: From Predictive to Prescriptive AI’s role in supply chain management is evolving. Predictive analytics is transitioning into prescriptive intelligence, allowing businesses to not only foresee disruptions but also proactively optimize their supply chains in response. This foresight is becoming invaluable in an increasingly interconnected global economy.

To Wrap Up The future is arriving faster than we can imagine. Embracing these AI trends isn’t just about staying relevant; it’s about leading the charge into a future where technology serves humanity in unprecedented ways. As we step into 2024, CIOs must collaborate, innovate, and integrate these trends into their organizational DNA and pave the way for transformational and sustainable growth.

TheCyberExpress

ISSUE 14

HOT SEAT

2024 Cybersecurity Forecast: 5 Key

Trends to Prepare for Now - By Shomiron Das Gupta

Shomiron Das Gupta, Founder and CEO of DNIF HYPERCLOUD, is a seasoned Intrusion Analyst with nearly two decades of experience in crafting sophisticated threat detection systems. Passionate about detection engineering, product-market fit, data engineering, and optimization, he seamlessly blends entrepreneurship with his technical acumen. Beyond his professional pursuits, Shomiron is a trained mountaineer, boasting expedition experience in the challenging terrains of the high Himalayas.

By entering the digital era, the ever-evolving landscape of cybersecurity is shaped by the relentless innovation of technology and the persistent efforts of cybercriminals. By the completion of the coming year, the financial impact of cyber-attacks on the global economy is anticipated to reach US$10.5 trillion. Whether small or large organizations, corporations, or even governments, reliance on computerized systems for day-to-day operations underscores the pivotal role of cybersecurity in safeguarding data against various online

ISSUE 14

TheCyberExpress

threats and unauthorized access. Today, incidents like data breaches, ransomware attacks, and hacks have become commonplace, reinforcing the importance of staying abreast of the latest developments in the cybersecurity landscape. As a result, there has been a discernible surge in technical advancements across diverse domains, signaling a concurrent evolution in cybersecurity trends. Let’s delve into some of the top cybersecurity trends to watch out for 2024.

TheCyberExpress

ISSUE 14

HOT SEAT 1. Underdeveloped Generative AI Applications The dominance of artificial intelligence (AI), especially large language models like ChatGPT, has been a headlinegrabbing phenomenon. Business owners, with over 60% anticipating increased productivity, are witnessing a gold rush of new players capitalizing on niche generative AI applications. The accelerated development of these apps, facilitated by Large Language Models (LLMs), raises concerns. The emphasis on speed may come at the expense of robust controls over user security and privacy in the development process. Users trusting these apps may unknowingly expose sensitive information, and with AI projected to grow at an annual rate of 37.3%, this trend remains a focal point in cybersecurity well into the future.

2. Ransomware as a Service (RaaS) Ransomware has emerged as a pressing concern for businesses, institutions, and individuals. Shockingly, ransomware attack payments have surged, reaching an average of USD 1.54 billion over the past 10 months, a figure that has doubled since 2022. Examining the Indian landscape, the nation has experienced an alarming average of 2,126 cyberattacks per week in the last six months. This surpasses the global average of 1,108, resulting in significant financial losses and reputational damage. Cybercriminals no longer need to develop their own malware; instead, they can purchase it from a seller, democratizing the ability to carry out attacks. Ransomware as a Service operates akin to legitimate businesses, allowing affiliates to purchase and customize ransomware. Organizations must prioritize good cyber hygiene as a baseline defense against this trend.

3. Data Breaches: A Prime Target for Cyber Threats The recognition of cyber threats’ potential impact on national security and economic prosperity is increasingly gaining traction among governments and organizations. The awareness of the potential social and political fallout resulting from large-scale data breaches has spurred the development of new regulations addressing cybersecurity concerns. In the early days of August 2023, the Indian Parliament ratified the Digital Personal Data Protection (DPDP) Act, 2023, presenting a framework for the protection of

ISSUE 14

TheCyberExpress

personal data. However, regulatory frameworks alone are insufficient to ensure effective data privacy. As organizations continue to accumulate and store extensive volumes of sensitive data, fortifying defenses against data breaches becomes imperative. Therefore, implementing robust data protection measures and cultivating a cybersecurity-aware culture are essential components of a comprehensive defence strategy.

4. Cyber Warfare and State-Sponsored Attacks State-sponsored cyber warfare involves a government or state either endorsing or conducting cyberattacks against other governments, businesses, organizations, or individuals. In the contemporary landscape, this form of cyber warfare stands as a formidable threat to both national security and global stability. Governments and various entities deploy advanced techniques to execute cyberattacks on their targets, employing diverse methods such as malware, phishing scams, ransomware, denial-of-service attacks, and social engineering. Cyber espionage is also a prominent strategy employed by governments to gather sensitive information, ranging from trade secrets to military plans and diplomatic communications. Despite the uncertainty surrounding the future trajectory of state-sponsored cyber warfare, it remains evident that it will persist as a significant and evolving threat.

5. Deepfake Proliferation: A Growing Threat to Cybersecurity In today’s digital age, the proliferation of deepfake technology poses a significant cybersecurity threat. Deepfakes, powered by advanced artificial intelligence (AI) and machine learning (ML) algorithms, have the potential to deceive individuals, organizations, and even entire nations. While deepfakes have been around for as long as vishing scams, advancements in video technology make them harder to detect. Forums offering source code for deepfake technology further increases the risk, as malicious actors can recreate identities on video using scraped high-quality images and videos from the internet. Face recognition authentication and conference calls could become new attack vectors soon.

Next Up with Cybersecurity Trends State-sponsored cyber warfare involves a government or state either endorsing or conducting cyberattacks against other These cybersecurity trends are bound to cause more fear in organizations to stack their

security measures. It is expected that organizations will spend more than ever with US$100+ Billion on protecting their assets alone this year. By gearing up the security game, organizations can fortify their cybersecurity defences and navigate

the evolving threat landscape successfully. By embracing innovative technologies and adopting a proactive approach to cybersecurity, businesses can better protect their assets and sensitive information from the ever-present and ever-evolving threat of cybercrime.

TheCyberExpress

ISSUE 14

DIGEST

Beyond Convenience: Can You Trust Your Smart Home? - By Samiksha Jain You settle into your cozy armchair for a movie night, your smart lights dimming automatically as you fire up the projector. As the opening credits roll, you reach for your phone to order popcorn, only to be met with a chilling notification: “Unauthorized access detected on your smart kitchen appliances.”

promise convenience and luxury, they also introduce a new frontier of vulnerabilities: cybersecurity risks. From eavesdropping smart speakers to hacked thermostats, the very things designed to make our lives easier can become gateways for unwanted intrusions.

Your blood runs cold as you scramble to disconnect everything from the internet, the once comforting hum of your smart home now a menacing drone.

This isn’t paranoia; it’s a stark reality. Research from Zscaler ThreatLabz paints a chilling picture: a staggering 400% surge in IoT malware attacks in the first half of 2023 alone, compared to the previous year.

This isn’t a scene from a dystopian sci-fi thriller, but a potential reality in the age of smart homes. While these interconnected devices

As we step into the age of hyperconnected homes, understanding these threats and safeguarding our digital sanctuaries is more crucial.

ISSUE 14

TheCyberExpress

In this article, we’ll delve into the dark side of smart homes, exposing the hidden security threats lurking in our everyday devices. We’ll explore the common vulnerabilities, the potential consequences of cyberattacks, and most importantly, the practical steps you can take to fortify your smart home against digital invaders. So, before you plug in that next smart gadget, read on this critical exploration of the cybersecurity risks in everyday devices. Because in the age of smart homes, security is no longer optional, it’s essential.

TheCyberExpress

ISSUE 14

DIGEST

Safe Homes, Smart Homes: A Cybersecurity Deep Dive Operating under the expansive umbrella of the Internet of Things (IoT), smart home devices, from thermostats to security cameras, bring automation and remote control to home management. Yet, as we embrace the advantages of these interconnected technologies, it becomes paramount to grasp the critical importance of smart home cybersecurity. Specifically, devices like cameras and printers, designed for connectivity, inadvertently serve as potential entry points for cyber threats. Illuminated by striking statistics, the initial two months of 2023 witnessed a weekly average of 54% of organizations facing targeted attacks—a significant 41% surge from 2022. With nearly 60 attacks per organization per week on IoT devices, this marks a tripling of incidents compared to two years prior. The spectrum of targeted devices spans common IoT elements, including routers, IP cameras, DVRs, NVRs, and printers. Notably, IoT devices like speakers and IP cameras, integral to remote work and learning setups, offer cybercriminals an extensive array of potential entry points. Therefore, understanding the intricate dynamics of smart home cybersecurity emerges as a crucial imperative in our quest for a secure and connected future. Additionally, it highlights the need for proactive security measures and staying informed about evolving cyber threats to safeguard our interconnected digital ecosystems effectively.

ISSUE 14

TheCyberExpress

Smart Home Devices and their Vulnerabilities Smart Security Cameras Smart security cameras, designed to enhance home surveillance, unfortunately, expose users to various cybersecurity risks ranging from unauthorized access to data decryption in IoT cameras. In 2022, vulnerabilities in at least five models of EZVIZ IoT cameras came to light, allowing threat actors to potentially access, decrypt, and download video footage. As a globally used brand offering numerous IoT security camera models, EZVIZ faced scrutiny from cybersecurity analysts at Bitdefender, who identified these vulnerabilities, highlighting the broader concerns in IoT hardware security. The unsettling incidents extend beyond EZVIZ, as Xiaomi Mijia’s smart security cameras also faced scrutiny. Reports emerged of vulnerabilities that allowed unauthorized access to camera feeds, leading to concerns about user privacy. Notably, a Google Nest Hub owner discovered images from other users’ homes appearing randomly on his camera feed, highlighting the potential risks associated with smart security devices. Even established brands like Ring, a subsidiary of Amazon, have grappled with cybersecurity challenges, leading to a class-action lawsuit. Instances of unauthorized access and hacking incidents on Ring’s security cameras prompted heightened scrutiny. Notably, Bitdefender researchers identified a flaw in Amazon’s Ring Video Doorbell Pro, potentially

granting hackers unauthorized access to the user’s Wi-Fi network and other connected devices. While a security patch has been deployed to address the issue, it highlights the inherent vulnerability of widely used smart security systems. Moreover, in March 2023, Ring reportedly fell victim to an alleged data breach orchestrated by the ALPHV ransomware group. While there is no official confirmation of the Amazon Ring data breach, a news report uncovered that the ransomware group claims to possess access to the home security company’s private data and has issued threats to disclose it unless an agreement is reached. The compromised data potentially encompasses sensitive information such as mailing addresses, phone numbers, passwords, and more. The Cyber Express has reached out to Amazon Ring for comment on the incident but is still awaiting a response. Similarly, Tenable researchers uncovered seven critical vulnerabilities in Amazon’s Blink XT2 security camera systems, including the ability for hackers to remotely view camera footage, listen to audio, and launch DDoS attacks. Amazon responded by promptly releasing patches and urging users to update their devices to mitigate the identified vulnerabilities. These incidents collectively highlight the critical need to address and rectify cybersecurity risks associated with smart security cameras, safeguarding user privacy and safety.

TheCyberExpress

ISSUE 14

DIGEST Smart TV

Smart Bulbs

The surge in Over-The-Top (OTT) platform use has led to a significant increase in Smart TV purchases, with an expected value of US$340.8 billion by 2027. Android TV, developed by Google, has experienced rapid growth, doubling its device count annually since 2016, now surpassing 80 million devices. Despite the convenience of Smart TVs storing passwords for various services, especially for popular platforms like Google, Amazon Prime, and Netflix, they face cybersecurity risks.

While smart lights eliminate the need for traditional switches, offering convenient home automation, they too fall prey to cybersecurity risks. Murtuza Jadliwala from the University of Texas at San Antonio reveals a potential vulnerability where hackers can compromise infrared-enabled smart bulbs by exploiting infrared invisible light emitted from the bulbs. This manipulation allows attackers to send commands, potentially compromising other connected IoT devices within the home network.

Smart TVs, particularly those using protocols like DIAL, have been vulnerable. A bug in Netflix’s screencast protocolv, known as DIALStranger, allowed hackers to manipulate video streams, revealing potential for credential theft. Purdue University researchers also found vulnerabilities in Smart TVs, enabling attackers to control and access stored data. Google responded to a related vulnerability (CVE-2021-0889) on their Android TV platform. Historical instances, such as the 2019 discovery of vulnerabilities in Sony’s Android-based smart-TVs, including their flagship Bravia line, highlighted risks like compromising WiFi passwords and accessing stored images. The FBI has warned about overlooked security issues in smart TVs, emphasizing manufacturers’ neglect of security considerations, making these devices susceptible to various threats. These vulnerabilities extend beyond homes to impact companies and organizations using smart TVs in conference and meeting rooms, broadening the threat surface. As Smart TV adoption rises, addressing and fortifying against diverse cybersecurity risks associated with these devices becomes crucial.

ISSUE 14

TheCyberExpress

In August 2023, TP-Link’s Tapo smart light bulbs gained popularity for their affordability compared to competitors like Philips Hue. However, recent research uncovered vulnerabilities in both the bulbs and the Tapo app, creating an opportunity for hackers to pilfer the Wi-Fi password of the home network. The most significant issue arises from a lack of authentication between the smart bulb and the Tapo app, allowing attackers to impersonate a smart bulb and authenticate to the application. Another substantial vulnerability involves a hardcoded, short shared secret exposed by code fragments. The remaining issues, rated as ‘medium’ severity, pertain to message transmissions between the app and the smart bulb, using static initialization vectors and lacking freshness checks for received messages. Exploiting these vulnerabilities could enable attackers within the smart bulb’s range to access Tapo credentials and WiFi credentials. While the first vulnerability requires the smart bulb to be in setup mode for exploitation, the second vulnerability can be exploited if the bulb is already connected, necessitating users to reset the bulb.

These findings highlight the importance of addressing cybersecurity vulnerabilities in smart bulbs to safeguard the security of connected home networks. Smart Speakers Smart speakers, a common fixture in modern households for their convenience, raise cybersecurity concerns as users must place trust in the companies handling their voice recordings and ambient sounds. This vulnerability isn’t exclusive to specific brands, even extending to Google Home smart speakers. Researchers from the University of Texas at San Antonio (UTSA) and the University of Colorado at Colorado Springs (UCCS) have uncovered a noteworthy sensitivity in most smart speakers. These devices, capable of picking up voice commands beyond the conventional frequency range of human voices, present a potential risk of unintended eavesdropping. In 2019, security researchers at SRLabs brought to light a substantial vulnerability affecting both Google and Amazon smart speakers. This flaw could empower hackers to covertly eavesdrop on users or execute phishing attacks. The researchers demonstrated the risk by disguising malicious software as seemingly innocuous Alexa skills or Google actions, illustrating the potential for smart speakers to surreptitiously record users or solicit sensitive information, such as Google account passwords. This revelation serves as a crucial reminder for users to exercise prudence with third-party software associated with voice assistants. Diligence in monitoring and removing unused or unnecessary applications is vital to mitigate potential security risks, ensuring the privacy and security of smart speaker users.

TheCyberExpress

ISSUE 14

DIGEST Cracking the Code: Risks Affecting Smart Devices The susceptibility of smart devices to cyberattacks stems from a combination of factors, each contributing to a complex web of vulnerabilities. Weak passwords, often chosen for their simplicity, serve as a gateway for unauthorized access, compounded by the lack of encryption that leaves data vulnerable to interception. The landscape of data privacy concerns deepens with the monetization of personal data, prompting ethical questions about the collection practices employed by smart devices. The inadequacy of data protection measures further exposes user privacy, leaving personal information at risk. Device vulnerabilities introduce another layer of risk, where outdated software and firmware create exploitable security gaps. “Numerous smart devices exhibit vulnerabilities in their software or firmware that hackers can exploit, potentially leading to unauthorized access, control, or manipulation of the device,” said Rami F. Khawaly, R&D Manager, MindoLife IoT. The delayed implementation of security updates exacerbates this risk, leaving devices exposed to known vulnerabilities. Additionally, Khawaly highlighted that insecure network, characterized by weak or poorly configured Wi-Fi setups, serve as significant gateways for cybercriminals to compromise smart home devices. “Weak or poorly configured Wi-Fi networks serve as gateways for cybercriminals to access smart home devices. Strengthening network security is imperative,” he explained.

“We have seen massive scans taking place by varied BOT operators attempting to identify the common weakness or vulnerability. A small brand like Zyxel was the reason of edge vulnerability exploit in Denmark and India have many such devices in its base. Smart Home devices second concern is the TLS session and authorization session for management,” Doshi highlighted further. As the smart home ecosystem expands, a collective commitment to staying ahead of cybersecurity challenges is crucial to ensuring the seamless integration of technology without compromising privacy and security.

Smart Moves for a Secure Smart Home Securing your smart home against the dark side of cybersecurity risks demands a strategic and vigilant approach. Strengthening passwords and incorporating robust authentication processes is akin to fortifying the entrance, preventing unauthorized access to your smart devices.

Mehul Doshi, CTO at Jainam Technologies, sheds light on the critical role of edge security, especially in the context of home devices reliant on wireless or home gateway connections.

Regularly updating software and firmware is the digital equivalent of installing security reinforcements, patching vulnerabilities, and ensuring the latest defenses are in place.

“Presently majority of the home devices are connected via wireless, or home gateway and edge security become as strong as the edge parameters or capability. Indian Corporate and Consumer industry the Broadband at home is just started to move upward interest and cellular broadband has been the weak link as well as strength. The reason is the IP pool be it IPv4 or IPv6,” explained Doshi.

“Ensure that IoT devices have the capability to upgrade firmware over the air (OTA). This functionality must be highly secure to prevent potential exploitation by attackers attempting to inject malicious code, said Khawaly.

The dynamic nature of the IP pool, coupled with the OEM nature of devices and a deficiency in lifecycle updates, creates an environment ripe for cyber threats. As users prioritize migrating to newer edge devices over maintaining or upgrading firmware, smart home devices become attractive targets for BOT operators.

Ensuring the resilience of your home network is equally crucial. Much like securing the perimeter of a physical space, fortifying Wi-Fi setups is essential to thwart unauthorized infiltrations. For instance, adopting advanced encryption protocols, such as WPA3, enhances the security posture of your network.

ISSUE 14

TheCyberExpress

Think of it as a routine checkup for your smart home’s health.

“Smart homes today are Digital Box with too many digital attack surfaces exposed. The biggest threat comes from CCTv cameras fire alarm and door locks. These devices has both digital and physical impacts such as breach of privacy, life threats etc. It is important to scan and check the security settings and posture of these devices, since they do not have any inbuilt anti-virus support Manufacturers must publish the possibility of security threats due to unprotected smart home devices, so that users are aware of risks,” opined Divyanshu Verma, Chief Executive Officer, Redinent Innovation. Further, education becomes a powerful weapon in this cybersecurity arsenal. Raising awareness and educating users about potential risks and best practices empowers them to recognize and respond to potential threats. It’s like providing homeowners with a manual on smart living, enabling them to navigate the digital landscape safely. Consider the concept of local data storage as an additional layer of security. By reducing reliance on cloud-based services and minimizing the exposure of sensitive information, you limit potential attack surfaces. It’s akin to keeping valuable possessions in a secure safe within your home rather than entrusting them to an external storage facility. “Discourage the use of technologies that upload and store data in any cloud. Given the sensitivity and value of collected data, it should be stored locally in a gateway and maintained there. This approach ensures that users retain control over their data,” said Khawaly. To streamline the implementation of these security measures, consider the role of widely adopted IoT platforms. These platforms, such as Apple’s HomeKit or Google’s SmartThings, come equipped with built-in security features.

Choosing devices that align with such platforms ensures that your smart home is not just connected but also fortified against evolving cyber threats. As you fortify your smart home, remember that a proactive and comprehensive strategy ensures a resilient and secure digital living space.

Securing Smart Homes Without Sacrificing Convenience In this exciting era of smart homes, we’re surfing the wave of convenience, letting our homes adapt and respond to our every need. Yet, amidst this tech-driven thrill, it’s crucial to recognize the delicate dance between convenience and security. As we bask in the glow of automation, ensuring our digital fortresses stand strong becomes a personal mission. We shouldn’t let the fear of cyberattacks cripple our enjoyment of the smart home’s many benefits. Instead, let’s view security as an investment, a necessary step to ensure that our havens of comfort remain truly safe. Think of it like installing a sturdy lock on your door – it doesn’t prevent you from enjoying your home, but it gives you peace of mind knowing you’re protected. Ultimately, the future of the smart home lies in our hands. By embracing a security-conscious approach, we can ensure that these interconnected devices continue to enrich our lives without compromising our safety. In this digital adventure, let’s not just chase the ease of living but also safeguard the very essence of what makes a home—a place of comfort, privacy, and security. Finding that perfect balance is the real smart move in the smart home game.

TheCyberExpress

ISSUE 14

TRENDS

EXPERT PREDICTIONS: UPCOMING CYBERSECURITY TRENDS FOR 2024 - By Ishita Tripathi As the world steps closer to 2024, the cybersecurity industry is poised to witness some transformative changes. The cybersecurity predictions for 2024 suggest that with the increasing numbers of cybercrime syndicates across the globe constantly working to disrupt business operations, organizations need to buckle up and build digital fortresses to protect against disasters which are otherwise obvious.

ISSUE 14

TheCyberExpress

A recent research report indicates that the cybersecurity industry will grow from US$190 billion in 2023 to US$208.8 in 2024, indicating a 10% year-on-year growth. With the increased rates of cybercrime, the need for strong cybersecurity is constantly increasing, giving rise to the demand for trustable cybersecurity solutions. Experts have predicted a continued rise in the exploitation of zero-day vulnerabilities, ransomware, state

sponsored attacks, as well as a lack of adequately trained cybersecurity resources in 2024. The cybersecurity anticipations for 2024 from the industry experts across numerous security teams who work on the frontlines of cyberattacks suggest that proliferation of AI is going to be a boon for both cybersecurity professionals and the cybercrime syndicates.

TheCyberExpress

ISSUE 14

TRENDS Increased Artificial Intelligence Usage AI is going to be the major factor driving changes in the cybersecurity industry for the upcoming year where a lot of trends are going to redefine the way we have been navigating the cyber-universe till now. Recent report suggests an expanding global AI market in the upcoming two years. It is expected to reach US$ 190.61 billion by 2025, which is a compound annual growth rate (CAGR) of 36.62%. Pooja Shimpi, founder and CEO of Sybernow believes that the usage of artificial intelligence will continue to increase in the coming year which might give rise to the already increased number of ransomware attacks. She further explains that the use of AI has increased and will continue to do so in the coming year too along with the associated risks. The increased use of AI will serve as a supporting factor for individuals on both sides giving rise to a challenging competition between the cybersecurity defenders and the cybercriminal gangs. Increased sophistication of AI tools is expected to enhance the precision of both offence and defense.

David Aviv, CTO at Radware said, “An AI arms race will transform both offense an d defense in the cyber domain. In just over a year, AI attack

ISSUE 14

TheCyberExpress

tools have advanced from simple amplification to sophisticated opensource code that enables bad actors to customize assaults that exploit vulnerabilities with precision.”

2024 Will be the Cloud Era The data presented by IDC’s Worldwide Semiannual Public Cloud Services Tracker suggests that the revenue generated from cloud services will reach US$663 billion by the end of 2023, an increase of 20% over 2022. A similar increase is expected in 2024. Business Wire quoted IDC stating that the total amount spent globally in 2024 on cloud services, the professional and managed services opportunities that surround them, and the gear and software that support cloud services will exceed US$1.0 trillion.

Experts are anticipating that mobile devices will be a target for cyber criminals in 2024, with an increase in mobile-specific threats. These threats will include mobile malware, banking trojans, and phishing attacks. Mobile devices have taken an integral place in our lives. and this is making them an attractive target for the cyber adversaries. Exposure of mobile phone data can lead to serious threats of identity theft, unauthorized access to sensitive personal data, and financial frauds.

State Sponsored Attacks

Experts predict that this trend will also give rise to an increased need for a strong zero-trust architecture and cloud security across various sectors as the human threat actors combined with AI might amplify the threats.

This year has witnessed a number of states sponsored cyberattacks on both the citizens of the same country, as well as on the citizens and organizations of enemy nations. Towards the end of 2023, famous celebrities and politicians of countries got notifications on their mobile phones for possible “state-sponsored hacking” attempts to extract data for government agencies, India too witnessed a similar incident.

Milin Shah, a cybersecurity professional and AVP at SitusAMC stated, “Year 2024 will witness a shift to cloud services. Considering the upcoming changes, I anticipate major cybersecurity developments for the next two years in the field of cloud security”.

Also, government sponsored hacktivists and attackers have been on a rise in 2023, which is expected to continue in the upcoming year 2023 as the world continues to grapple with multiple fault lines of geopolitical stress like the RussiaUkraine, and Israel-Palestine.

Growing Frequency of Mobile Cybercrime

Milin Shah, while citing the RussiaUkraine war and the use of statesponsored attacks, stated that 2024 will witness, “Rise in State sponsored cyberattacks, economic and cyber espionage targeting critical infrastructure, rise of a political war due to increased deepfakes and their use for political influence.”

Google’s Cybersecurity Forecast 2024 also predicts that in 2024, scammers and cybercriminals will still be using social engineering techniques, like spoofing pop-up alerts, phony social media accounts, banks, or government officials, to trick victims into downloading malicious apps to their smartphones.

Rise in Ransomware Attacks

Experts like Pooja Shimpi anticipate that with the continued rise in ransomware attacks, cybercriminal groups might also evolve in their attacking methods and will operate at a larger scale to churn bigger profits. This also will expose organizations to a higher risk if they do not adopt a

better cybersecurity strategy. Hackers are also getting very advanced; and it is essential for organizations to be well equipped and train their employees to guard against them.

that governments need to help organizations to train in order to react to such situations and elements.

Sabarinathan Sampath, Chief Strategy Officer at Wire 19, said that ransomware attacks are increasing. It is crucial for organizations to be prepared to guard against them. He believes that employees are the weakest link in the cybersecurity chain and that adequate training helps them understand where the weakness lies, and how to react in such scenarios.

Experts also predict that the world needs to buckle up for AIpowered frauds in 2024. This time, cybercriminals will more cunningly orchestrate deceit with morphed photos, doctored videos, and fake voices. Knowing the trade won’t be enough to peacefully do business, organizations will need to have an understanding of the tricks deployed by cybercriminals too and keep themselves aware and updated against cybercrime.

He also highlighted the need for an inter-government collaboration for sharing cybersecurity intel related to ransomware. Sampath believes

Rise in AI Powered Frauds

TheCyberExpress

ISSUE 14

DIGEST TRENDS

Rise in AI Powered Frauds Experts also predict that the world needs to buckle up for AIpowered frauds in 2024. This time, cybercriminals will more cunningly orchestrate deceit with morphed photos, doctored videos, and fake voices. Knowing the trade won’t be enough to peacefully do business, organizations will need to have an understanding of the tricks deployed by cybercriminals too and keep themselves aware and updated against cybercrime. Padmakumar Nair, CEO & Co-founder of Ennoventure Inc. stated, “As we approach 2024, the escalating threat of counterfeiting necessitates a proactive approach harnessing cutting-edge technology-driven anticounterfeit solutions.” Adv Puneet Bhasin, expert at cyber law and data protection anticipates that there will be increased AI powered frauds in 2024. Such frauds could happen in multiple ways like fake voices, doctored videos, and morphed photos. AI will assist in making very realistic audio-visual content for malicious actors. She predicts that this will continue to happen in 2024, until and unless people are adequately educated about it and don’t fall prey to vicious threat actors. She also predicted that the trend of Indian organizations, primarily financial institutions being targeted in cybercrime will also continue.

Increased Need for Employee Training Many ICS networks are segmented to limit potential hackers’ ability to do damage across the whole organization. Cybersecurity professionals may segment systems based on their functions or importance to an organization’s

ISSUE 14

TheCyberExpress

operations. They should use firewalls between each network so only authorized parties can access them. Skill crunch in the cybersecurity industry is a continuous issue since the emergence of cybersecurity industry. Forbes quoted a report by Enterprise Strategy Group while stating that 54% of cybersecurity professionals feel that their firm has been negatively impacted by cybersecurity skills shortage in the past two years. Vaibhav Patkar, an independent cybersecurity consultant stated, “Skill mismatch is always there. The only way out is constant training. And the way things are evolving, unless and until you upgrade yourself with training. Training should be done according to hierarchy levels and the responsibilities he is having in an organization.” Cybersecurity stalwarts believe that upskilling employees is going to strengthen businesses against negative instances. Proactive approach of enhancing cybersecurity like vigilant defense against cyberattacks will build a more cybersecure future. Binod Singh, CEO and Chairman of Cross Identity said, “Upskilling programs emerged as a cornerstone, empowering organizations to transition from a defensive to a proactive cybersecurity stance. Fundamental cybersecurity practices - from robust passwords to vigilant defense against phishing - have laid the foundation for a more secure digital future.” Experts predict that although a number of organizations are already implementing incident response training programs, 2024 will witness an increased need for adequate employee training to respond to cybersecurity emergencies that could emerge in the coming year.

Milin Shah states, “Incident response and planning is implemented by almost every MNC’s or Large-scale Startup’s, but how many of them have a real-world simulation exercise to ensure the Incident response plan is effective?” He continued by saying that even though the “Escalation Matrix” or the stepwise guide for complex cybersecurity incidents exists, are severe incidents really handled well? He stated, “I would say less than 2 in 10. That is the case with Employee Awareness too. While every company performs Security Awareness training, real-world simulated Phishing excessive with actual pressure is different from responding in well-aware and practice grounds.”

Continued Exploitation of Zero-Day Vulnerabilities Since 2012, there has been an overall rise in the exploitation of zero-day vulnerabilities, and 2023 is expected to surpass the previous record set in 2021, stated Google’s Cybersecurity Forecast 2024. Google anticipates that nationstate attackers and cybercriminal organizations will continue to use zero-day vulnerabilities in 2024. This can be attributed, in part, to the attackers’ desire to have persistent access to the system for as long as possible. By taking advantage of zeroday vulnerabilities, they can do so far longer than they could if they were to send a phishing email and then install malware.

TheCyberExpress

ISSUE 14

TRENDS Since security teams and solutions are now much better at spotting malware and phishing emails, attackers will look for additional ways to avoid detection. Threat actors are particularly drawn to edge devices and virtualization software because of their difficulty in monitoring. Based on previous extortion incidents, cybercriminals are aware that utilizing a zero-day vulnerability would increase the number of victims and the number of enterprises willing to pay exorbitant ransomware or extortion demands.

Combined Power of AI and Human Threat Actors In the times where everyone can access AI tools, it has become easier for cybercriminals to create mirages leading to phishing attacks and frauds. Malicious threat actors have added artificial intelligence to their arsenal to outsmart commoners, which is scary on the part of innocent, unsuspecting people. Vaibhav Patkar, an independent cybersecurity consultant said that spotting phishing sites was easier in the older times as they had common doubt-elements like spelling and grammatical errors. But nowadays with the help of AI and ML, these threat actors are improving their tactics, which is frightening for a common man. He further explained that there are AI powered tools available for almost everything. Anyone can go and make whatever changes they want to make to someone’s face and exploit it for blackmailing and extortion. But on the other hand, he believes that the same tools can also be used for a good cause. He thinks forums can be created where experts can come together and change the game. As the world is advancing towards 2024, a new storyline emerges. The battle for survival in the cybersecurity sector will intensify and artificial intelligence will become the major driver of change for most cybersecurity trends in 2024. Some experts predict that with AI tools being available for anything and everything, there will be an increase in cybercrimes; but at the same time, some of them also believe that the very power behind these crimes which is artificial intelligence, could also change things to the better side next year. In addition, the combination of human factor and artificial intelligence will bring a new batch of cybersecurity problems and solutions. Ramped-up vigilance throughout the year will be followed by a concerted effort to train employees in order to guard against hackers.

ISSUE 14

TheCyberExpress

ISSUE 14

DEEPFAKES GONE WILD: 10 TRENDS THAT WILL RESHAPE 2024 - By Ashish Khaitan

n 2024, the lines between reality and illusion blur as deepfake trends reshape our perception. No longer confined to playful movie magic, this AI-powered tool has infiltrated our lives, weaving misinformation and sowing discord across industries. From manipulated crypto endorsements by Elon Musk

ISSUE 14

TheCyberExpress

to the disturbing hyper-realization of celebrity deepfakes, the technology’s dark edge casts a long shadow. And with its market booming and resources readily available, the potential for malicious actors to weaponize deepfakes for personal gain raises urgent concerns. The

question looms: can we harness the creative potential of this technology while safeguarding ourselves from its deceptive depths? In this article, we will delve deeper to uncover the answers and explore the 10 deepfake trends in 2024 that will shape the landscape.

DEEPFAKES TheCyberExpress

ISSUE 14

The Deceptive Realm of Deepfake Technology Deepfake technology, with its deceptive capabilities, necessitates a closer examination of the challenges confronting society. Understanding the gravity of deepfake technology is crucial to grasping its potential for deception. In essence, deepfake technology utilizes AI algorithms to craft hyper-realistic videos and audio recordings, skillfully manipulating facial expressions and voices. These manipulations have stirred concerns about the malicious exploitation of such content, prompting organizations and governments worldwide to advocate for heightened awareness and the implementation of policy measures. Sorab Ghaswalla, an AI communicator and advocate, aptly highlights the double-edged sword of deepfakes. In 2023, advancements like heightened realism and easier access to AI tools have blurred the lines between genuine and manipulated content. Ghaswalla, in a conversation with TCE, aptly remarked, “New and more powerful AI-powered software and other tools are now bringing the tech to even the layman, and this is being then used for creating synthetic content or deepfakes. While the democratization of tech is always welcome, and such synthetic content is all right if used for visual effects in films or other positive purposes, it also raises concerns of misuse by people with malicious intent.”

Government’s Digital Move: Boosting Accountability In response to the escalating trends in deepfakes, the Indian government has taken decisive action by instructing social media platforms to promptly remove deepfake content within 36 hours of receiving a complaint. This move follows controversies involving public figures like Rashmika Mandanna and Katrina Kaif. Enforcing the stipulations laid out in India’s IT Rules of 2021, these platforms are mandated to take down offending content within 24 hours, a strategic measure aimed at combating the growing menace of deepfake misinformation. This proactive stance resonates on a global scale, with similar measures being adopted worldwide. The European Union mandates fact-checking networks, China requires explicit labeling, and the United States has implemented the Deepfake Task Force Act.

ISSUE 14

TheCyberExpress

in a recent Digital India dialogue session, Rajeev Chandrasekhar, Union Minister of State for Skill Development & Entrepreneurship and Electronics & IT, emphasized the imperative of fostering a safe and trusted internet environment. “All platforms and intermediaries have agreed that the current laws and rules, even as we discuss new laws and regulations, provide for them to deal with deepfakes conclusively. They have agreed that in the next seven days they will ensure all the terms and views and contracts with users will expressly forbid users from 11 types of content laid out in IT rules,” said Minister Chandrasekhar. In response to concerns raised by Indian Prime Minister Narendra Modi about deepfake threats, platforms and intermediaries have committed to aligning their community guidelines with IT rules, specifically targeting harmful content, including deepfakes. Platforms have pledged to enforce terms and contracts forbidding users from engaging in content violating IT rules within the next seven days. The Ministry of Electronics and Information Technology (MEITY) is set to appoint a ‘Rule 7’ officer to address violations, providing digital citizens with a platform to report intermediary misconduct. Minister Chandrasekhar acknowledges progress in grievance redressal mechanisms but highlights the ongoing challenges posed by deepfakes and misinformation. Collaborative efforts between the government and intermediaries are essential to addressing these issues and ensuring a safer online environment.

Looking into the digital future, Ghaswalla also emphasizes the urgent need for collaboration between governments and agencies. “Tackling malicious deepfakes and fake news requires a two-pronged approach. The first is where governments, big tech, businesses, and nonprofits need to come together to address these challenges and alleviate the risks linked with deepfakes. The other is to launch viral educative programs/ campaigns in public, the end users, about deepfakes, and educate them in spotting deepfakes and manipulated content,” he opined.

Generative AI and Deepfake Statistics for 2024

On the other end of the spectrum, particularly in the cybersecurity domain, threat actors have begun employing deepfakes for malicious operations. Instances of hackers and ransomware groups using audio and video deepfakes to scam individuals and organizations for financial gain have already surfaced. Ghaswalla, in a conversation with TCE, highlights the necessity for robust detection and countermeasures to address the rising threats of deepfakes. He notes that advancements in AI-powered detection tools and forensic analysis techniques make this possible. Given the constant evolution of deepfake technology, cybersecurity strategies must adapt swiftly to keep pace.

As generative AI tools gain prominence, the relevance of deepfake-related statistics comes to the forefront. Focusing on key generative AI metrics such as adoption rates, financial implications, and associated risks underscores the rapid evolution of deepfake technology and its use of generative AI. CSOonline identifies deepfakes as a top security threat, particularly as the 2024 U.S. election cycle approaches. Cloudflare CSO Grant Bourzikas emphasizes the increasing realism of today’s deepfakes, presenting challenges for identification. Addressing concerns about malicious use cases, industry leaders emphasize the importance of demystifying AI and implementing robust security measures.

TheCyberExpress

ISSUE 14

10 Deepfake Trends Reshaping 2024 2024 promises a surge in deepfake trends, reshaping societies and amplifying the misinformation challenge. Fueled by a burgeoning global market, these 10 key trends – from market dynamics to ethical dilemmas – present both opportunities and threats, demanding closer scrutiny and proactive solutions. 1. The Market Dynamics The market dynamics are underlined by the global deepfake software market’s impressive growth, reaching a valuation of US$54.32 million

in 2022 and is anticipated to reach US$348.9 million by 2028, demonstrating a notable CAGR during the period from 2022 to 2028. A comprehensive deepfake software market report encapsulates crucial data on market introduction, segmentation, status, trends, opportunities, challenges, competitive analysis, company profiles, and trade statistics. Offering an in-depth analysis of types, applications, players, major regions, and subdivisions of countries, this report ensures tailored insights for stakeholders.

ISSUE 14

TheCyberExpress

2. Deepfake Software Market Growth and Government Intervention The surge in demand for applications across PC and mobile platforms is an important factor propelling the growth of the deepfake software market globally. The market space, categorized into deepfake creation and deepfake detection, witnessed notable shares for these segments in 2023. This could also mean the aggressive use of deepfake for spreading misinformation. In response to the deepfake threat, governments and

regulatory bodies are likely to enact new laws and regulations. Legal frameworks may emerge to hold individuals or entities accountable for creating and disseminating malicious deepfake content. This regulatory approach seeks to address the potential societal and political risks associated with the misuse of deepfakes, offering a means to curb their negative impact and establishing consequences for those who engage in deceptive practices.

3. Improved Realism and Quality Advances in deepfake technology promise heightened realism and quality in manipulated videos. Evolving algorithms and increased computational power contribute to more convincing facial expressions, gestures, and overall visual coherence. The potential consequences extend to challenges in discerning between authentic and fake content, necessitating continuous development in countermeasures and detection technologies to safeguard against the deceptive nature of these sophisticated manipulations, which could impact areas ranging from public trust to legal considerations as the technology evolves. Beyond malicious use, deepfake technology holds potential commercial applications. The entertainment industry may leverage it for realistic special effects, while marketers explore personalized advertising through the creation of engaging and tailored content. This dual application raises both creative and ethical considerations, prompting a delicate balance between innovation and responsible usage to ensure the technology’s positive contributions without compromising ethical standards and societal well-being.

4. Pandemic and Strategic Developments The COVID-19 pandemic has left an indelible impact on the deepfake software market. A comprehensive analysis is required to assess the pandemic’s direct and indirect effects on the international and local scales. The use of such a convincing technology can create chaos for the modern world, especially in times when quarantine and self-isolation have become a huge part of society. According to NCC Group, many companies prioritize business continuity, normalizing unusual practices. Remote work prompts quick, short-notice purchases, potentially relaxing financial due diligence. This shift in working dynamics creates opportunities for cyber threats. Deepfake usage, seen before COVID-19, increases, exploiting CEOs’ voices for fraudulent emails. Additionally, the use of deepfake technology has also increased in the ongoing war between nations, especially, Russia-Ukraine and Israel-Palestine.

TheCyberExpress

ISSUE 14

5. Audio Deepfakes Deepfakes pose a significant threat to various industries in 2024. As AI technology advances, the distinction between real and fake becomes increasingly challenging for the average person. Incidents such as a man in China falling victim to a deepfake scam emphasize the urgency to address this issue. Audio deepfakes are another part of the technology that is progressing heavily on the internet. If it gets into the wrong hands, it presents a growing risk to the reliability of voice-based authentication systems and the integrity of audio evidence. The increasing ability to manipulate voices with precision raises concerns about the potential misuse of this technology in creating deceptive audio recordings, contributing to a broader scale of trust issues in communication and potentially impacting legal and security realms where audio evidence is crucial. 6. Political Manipulation The rise of deepfakes for political manipulation is a troubling trend. Public figures may be targeted and manipulate content strategically deployed to spread misinformation, influence elections, or shape public opinion during critical events. The potential consequences include erosion of public trust, compromised political processes, and challenges in discerning genuine information from manipulated content, necessitating a multi-faceted approach involving technological, legal, and educational interventions to mitigate the impact on democratic processes. In a similar instance, political experts at the University of Virginia warn of the threat posed by computer-generated deepfake videos in election campaigns. The Federal Election Commission is considering a proposal to address this concern. Deepfakes, using AI to manipulate voices and appearances, could be used for voter manipulation, with the potential for widespread misinformation and harm to democracy. 7. Evolution of Deepfake Technology Deepfake technology has evolved significantly over the years. Initially emerging in a Reddit forum for face-swapping in explicit content, it has now grown into a mainstream threat. The development of generative adversarial networks (GANs) in 2014 marked a breakthrough, leading to the creation of popular deepfake tools like FaceSwap and DeepFaceLab.

ISSUE 14

TheCyberExpress

The evolving nature of deepfake technology prompts a parallel development of detection tools. Advanced AI algorithms and machine learning models strive to identify subtle cues and anomalies in videos, audio recordings, or other media. These tools are crucial for maintaining the integrity of digital content, providing a defense against the potential harm caused by the malicious use of deepfakes, and offering a means to restore confidence in the authenticity of digital media. 8. Detection and Mitigation Detecting deepfakes remains a challenge due to the computational intensity involved in creating them. Although algorithms exist for detection, none are 100% accurate. Microsoft and other entities have rolled out detection tools, but the race between deepfake technology and detection tools continues. With the growing prevalence of deepfakes, there is a pressing need to intensify efforts to educate the public. Awareness campaigns, educational programs, and accessible tools are essential to help individuals discern between real and manipulated content. This proactive approach empowers users to mitigate the risk that comes with the use of deepfake videos. 9. Voice Cloning and Deepfake go Hand-in-hand The Deepfake and Voice Clone Consumer Sentiment Report for October 2023 sheds light on public perceptions of deepfake and voice cloning. Over 90% of respondents express concern about generative AI technology. Concerns vary across industries, income levels, and platforms, with social media being a primary channel for deepfake exposure. With such a large network the aggressive use of deepakes prompts ethical considerations regarding its development and use. Conversations around responsible practices, potential consequences, and the ethical guidelines governing the creation and dissemination of deepfakes become paramount. Establishing ethical standards is essential to mitigate the potential harm caused by deepfakes, protecting individual privacy, reputation, and societal trust in the era of evolving digital manipulation.

10. Customizable Deepfakes Empowering users with increased control over deepfake creation introduces a new dimension to the ethical and societal implications of this technology. The ability to customize content based on specific characteristics, scenarios, or targeted individuals raises concerns about

potential misuse. The proliferation of personalized content could have far-reaching consequences, necessitating a balance between creative expression and the prevention of harm to individuals or groups through the establishment of ethical guidelines and responsible usage practices.

TheCyberExpress

ISSUE 14

PERSPECTIVES

2023

CYBERSECURITY

LINGO FOR STRONGER DIGITAL DEFENSE - By Samiksha Jain In an era dominated by evolving digital landscapes and persistent cyber threats, the mastery of cybersecurity language is paramount for ensuring robust digital defense. As set the stage to say goodbye to 2023 and welcome 2024, a nuanced understanding of the latest cybersecurity terminology becomes not just beneficial, but essential.

The language of cybersecurity can be compared with a digital sword when it comes to ever-changing environments in cyberspace, where shadows keep both danger and safety. Ending 2023 leads us into a lexical exploration of the complex fabric of cyberslang, where cyber sentinels use secret lingo to secure the virtual world.

This article delves into the intricacies of the dynamic language shaping the forefront of digital security, offering insights and clarity to empower professionals and enthusiasts alike.

By decoding the intricacies of 2023 cybersecurity lingo, we aim to equip readers with the knowledge necessary to navigate the ever-changing terrain of online security, fostering a proactive approach to safeguarding digital assets. So, let’s dive in and talk cyber – the cool way!

ISSUE 14

TheCyberExpress

ISSUE 14

PERSPECTIVES New Cybersecurity Terms Arising in 2023 Before exploring the popular cybersecurity lingo of 2023, let’s dive into the terms that have emerged this year, reflecting the ever-evolving landscape of threats and technologies. Zero Trust Network Access (ZTNA): Also known as Software-Defined Perimeter (SDP), ZTNA ensures secure remote access to internal applications. Operating on an adaptive trust model, it grants access based on a needto-know, least-privileged approach dictated by granular policies. This means remote users can securely connect to private apps without being on the network or exposing them to the internet. For example, employees can access sensitive company data through ZTNA, maintaining network integrity. Cybersecurity Posture Management: This term refers to the practice of proactively managing and maintaining an organization’s overall cybersecurity stance. It involves assessing, monitoring, and enhancing security measures to align with the ever-changing threat landscape. Cybersecurity Supply Chain Risk Management (SCRM): SCRM focuses on identifying, assessing, and mitigating risks associated with the supply chain. As cyber threats increasingly exploit vulnerabilities in the supply chain, effective SCRM becomes pivotal in safeguarding organizations against potential compromises. Cloudjacking: Cloudjacking denotes the unauthorized access and control of cloud infrastructure and resources. Perpetrators exploit vulnerabilities in cloud services to compromise data, emphasizing the need for robust cloud security measures. Cybersecurity Risk Quantification (CRQ): CRQ involves assessing and quantifying cybersecurity risks in monetary terms. This approach aids organizations in prioritizing security investments and understanding the financial impact of potential cyber threats. Extended Endpoint Detection and Response (XDR): XDR expands traditional Endpoint Detection and Response capabilities to encompass a broader range of security threats. It provides a comprehensive view of potential risks across various endpoints within an organization’s network. Cybersecurity Meshed Architecture: This architectural concept emphasizes the interconnectedness and collaboration of cybersecurity components. A meshed

ISSUE 14

TheCyberExpress

architecture ensures a more dynamic and adaptive defense strategy against evolving cyber threats. Attack Surface Management (ASM): ASM involves identifying, monitoring, and reducing an organization’s attack surface—the sum of points where an unauthorized entity can attempt to enter or extract data. Effectively managing the attack surface is crucial for minimizing vulnerabilities. Quantum Computing Attacks: As quantum computers gain prominence, the threat of quantum computing attacks looms. These attacks leverage the immense computational power of quantum machines to compromise encryption algorithms, potentially jeopardizing sensitive information and critical systems. Secure Access Service Edge (SASE): SASE represents a cloud-based security architecture that consolidates network security, cloud security, and security operations into a unified platform. This integration facilitates seamless security management across an organization’s entire network, spanning on-premises, cloud, and mobile devices.

Popular Cybersecurity Terms of 2023 Supply Chain Attacks: Supply Chain Attacks entail the exploitation of vulnerabilities in third-party software or services employed by a company, allowing unauthorized access to their systems. In 2023, a significant instance of such an attack was observed with the MOVEit vulnerability, leading to an extensive chain of record-breaking breaches. According to reports, this singular vulnerability inflicted a staggering cost of over US$9.9 billion on businesses, impacting more than 1000 enterprises and affecting the sensitive data of over 60 million individuals. This stark example underscores the profound financial and operational consequences that can result from supply chain vulnerabilities.

Ransomware 2.0: This signifies the evolution of ransomware tactics, incorporating techniques like double extortion (stealing data before encrypting it) and the implementation of “kill switches” for critical infrastructure. These advancements have garnered attention due to their increased sophistication and potential for severe consequences. Cloud-Native Security: This emphasizes designing security measures into cloud applications and infrastructure from the ground up, rather than treating security as an afterthought. This approach ensures a robust and integrated security framework for cloud-based environments. “DR” anything: The prevalence of terms like Cloud DR (Disaster Recovery), Data DR, and Identity DR reflects the growing trend of specialized detection and response solutions for various cybersecurity areas. This indicates a shift towards more targeted and efficient strategies in handling potential threats and vulnerabilities. Open-Source Security Tools: These tools are becoming increasingly sophisticated and popular within the cybersecurity community. While these tools offer valuable resources, there are growing concerns about potential vulnerabilities and challenges related to their maintenance and security. Biometrics & Behavioral Authentication: These are emerging as alternatives to traditional password-based user verification. This approach involves utilizing unique physical attributes like fingerprints, facial features, and even behavioral patterns (such as typing styles) to enhance authentication security. Phishing with Deepfakes: These involves using AIgenerated audio and video to make phishing scams more convincing and targeted. This manipulation of multimedia

elements adds an extra layer of sophistication to social engineering attacks, making them more difficult to detect. Quantum-Resistant Cryptography: These addresses the future threat posed by quantum computing, which has the potential to break current encryption methods. This term encompasses cryptographic techniques designed to withstand quantum attacks, ensuring the ongoing security of sensitive information. AI-Powered Threat Hunting: This leverages advanced machine learning algorithms to proactively identify and mitigate potential cybersecurity threats before they escalate. This approach enhances the efficiency and speed of threat detection and response. Threat Intelligence Orchestration: This involves the integration and automation of threat intelligence feeds into cybersecurity processes. This strategic coordination enables organizations to better manage and streamline their response to emerging threats by leveraging timely and relevant intelligence. Cybersecurity as a Service (CaaS): This involves outsourcing cybersecurity functions to third-party providers, allowing organizations to access a range of security services on a subscription basis. This model enhances flexibility and scalability in managing cybersecurity measures. As we talk cyber—the cool way—let’s carry forward the insights gained from this lexical journey. Armed with knowledge and a proactive mindset, we can collectively contribute to building a more secure digital future. After all, in the world of cybersecurity, understanding the language is the first step toward crafting a vigorous defense against the unseen threats that lie ahead. Stay vigilant, stay informed, and let’s continue the dialogue in the everevolving language of cybersecurity.

TheCyberExpress

ISSUE 14

ROUND UP

Monthly Roundup: Wrapping Up 2023 on High Alert! Approaching 2024, the cybersecurity domain remains an evolving industry — constantly adapting to new technologies to fight cybercrime. Despite the industry’s rapid transformation, challenges persist as hackers also continue to evolve! As we bid adieu to 2023, there have been several hacking incidents — some too gigantic to ignore and some that never saw the light of the day.

ISSUE 14

TheCyberExpress

In the dynamic interplay where artificial intelligence serves as a key force for cybersecurity experts and malicious hackers alike, The Cyber Express brings up this exclusive monthly roundup, highlighting some of the most prominent and lesser known cyberattacks throughout the globe.

The Monthly Round-Up

Cameron McKenna Nabarro Olswang LLP Confronts Cyberattack

On December 19, 2023, international law firm Cameron McKenna Nabarro Olswang LLP (CMS) fell victim to a LockBit cyberattack, compromising storage servers in Spain. The attackers, claiming a 500GB data theft, posted details of the breach on LockBit’s dark web blog, asserting possession of “all confidential information in the USA.” CMS, one of the world’s largest law firms with 6,000 lawyers across 81 global offices, faced criticism in the UK for assisting Russian billionaires amid the Ukraine invasion. LockBit, emerging in 2019, has become a prominent ransomware group, executing 1,400 attacks globally. The breach includes data on financial crimes, corporate information, and employee details.

TheCyberExpress

ISSUE 14

ROUND UP

Iranian Petrol Stations Hit by Cyber Strike Iran’s Oil Minister, Javad Owji, confirmed a nationwide cyberattack on petrol stations, with 70% initially disrupted, later reduced to 1,650 operational out of 3,800. A group, allegedly linked to Israel, named “Predatory Sparrow,” claimed responsibility, stating the controlled attack aimed to avoid emergency service damage.

ISSUE 14

TheCyberExpress

The cyber strike, responding to perceived regional aggression, targeted Iran’s petrol stations, rail networks, and steel factories. Israeli officials neither confirmed nor denied involvement. Iran’s civil defense agency is investigating, considering various causes for the disruptions.

VF Corp Targeted in Cybersecurity Breach VF Corp., owner of brands like Vans and The North Face, disclosed a cyberattack disrupting online order fulfillment during the crucial holiday shopping season. The Denver-based company, acknowledging the material impact on operations, faces challenges in processing and fulfilling orders due to encrypted IT systems and data theft by hackers. Although customers were able to place orders online, VF Corp. is actively managing disruptions by temporarily moving some operations offline. The company emphasizes efforts to restore affected IT systems while addressing cybersecurity concerns.

TheCyberExpress

ISSUE 14

ROUND UP

Campbell County Schools Confirms Ransomware Attack Campbell County Schools revealed a ransomware incident jeopardizing personal data, including names, Social Security numbers, and financial account details of select employees. Following the cyberattack, the district engaged local law enforcement to secure the network and initiate an investigation. Results confirmed an “unauthorized actor” accessed specific files containing employee information. The affected employees received notification letters, and the district has introduced additional security measures to fortify its network. Concerned individuals are encouraged to inquire about the incident by calling 888-983-0152 or contacting the school district directly.

ISSUE 14

TheCyberExpress

Ontario Library, London Public Library, Hit by Cyberattack A cyber incident has caused a major system outage at the London Public Library, disrupting electronic borrowing and the website. The outage began on December 13, forcing three branches to close. Library CEO Michael Ciccone acknowledged their critical role for Londoners and pledged to keep the public informed through social media. Cybersecurity experts are investigating, but the incident’s full impact remains uncertain. This follows a similar cybersecurity incident at the Toronto Public Library on October 28, involving the theft of employee data. The Carson, Glanworth, and Lambeth branches stayed closed, while in-person borrowing was available at other branches without wifi access.

TheCyberExpress

ISSUE 14

ROUND UP

Russian Tax Authority Faces Alleged Ukrainian Cyber Strike Ukraine’s defense intelligence directorate (GUR) alleges a successful cyberattack on Russia’s state tax service, claiming to infect and destroy thousands of servers. GUR asserts breaking into key central and regional servers, causing the “complete destruction” of Russia’s federal tax infrastructure. The attack reportedly paralyzed internet connections between Moscow’s central office and regional branches, with the tax service struggling for four days to restore operations. GUR predicted a month-long paralysis, asserting irreparable damage. Unverified by independent sources, Russia remains silent, and the tax service has not responded.

ISSUE 14

TheCyberExpress

Ukraine’s Kyivstar Hit by Cyber Assault Ukraine’s major mobile network operator, Kyivstar, faces the largest cyberattack since Russia’s 2022 war onset, disrupting services for over half the population. The attack, damaging IT infrastructure, jeopardizes air raid alerts in Kyiv. CEO Oleksandr Komarov attributes the assault to the ongoing conflict, stating they physically shut down Kyivstar to counter the virtual intrusion. While Killnet, a Russian hacktivist group, claims responsibility on Telegram, providing no evidence, Kyivstar assures user data integrity. The Ukrainian military remains unaffected, and the Security Service of Ukraine investigates potential involvement by Russian security services. Kyivstar aims to restore services fully soon.

TheCyberExpress

ISSUE 14

ROUND UP

Ransomware Attack Targets Vermont’s MTSD School District The Milton Town School District (MTSD) in Vermont recently experienced a ransomware attack on December 11, 2023, which resulted in the encryption and locking of several files on the MTSD server. In response to this cyberattack, the school district quickly notified the relevant authorities and initiated an immediate response. To address the situation, MTSD is working in collaboration with the VT School Boards Insurance Trust, which is responsible for providing insurance coverage and technical support, particularly in cybersecurity matters. This collaboration includes conducting a forensic investigation to identify any compromised files and guiding MTSD through the process of rebuilding and securely restoring the locked files. Importantly, the student information system, email system, and classroom learning management systems have remained fully operational throughout this incident, ensuring minimal disruption to the academic environment.

ISSUE 14

TheCyberExpress

Cyberattack on Stockholm’s EasyPark EasyPark discovered a cyberattack on December 10, 2023, leading to a breach of non-sensitive customer data. Swift actions were taken to halt the attack, maintain service operations, and notify authorities. Security measures, including external experts, were reinforced. Affected customers were contacted, with accessed information limited to partial credit card details. However, these details cannot be used for payments. EasyPark emphasizes vigilance against phishing attempts. The company expresses deep apologies, reaffirming its commitment to privacy and ongoing efforts to regain trust.

TheCyberExpress

ISSUE 14

ROUND UP

Cyberattack Strikes UK Travel Agency Hotelplan Hotelplan UK investigated a cyberattack, leading to the temporary isolation and shutdown of key systems, affecting brands like Inghams and Explore Worldwide. The disruption, identified as a cybersecurity incident, prompted a thorough investigation, and the company is diligently working to restore normal service levels. CEO Joe Ponte assured no impact on booked holidays and trips, with teams striving around the clock to resume optimal operations. Workarounds are implemented to minimize disruption, though delays are possible. Ponte apologized for any inconvenience, expressed gratitude for support, and noted that different brands may fully recover at varying times.

ISSUE 14

TheCyberExpress

Florida’s Rumble Video Portal Caught in a Cyberattack Rumble, a popular video hosting platform, confirmed a cyberattack that disrupted services. CEO Chris Pavlovski revealed the unprecedented nature of the attack, suggesting potential political motives related to posted J6 videos. While services are gradually returning to normal, residual issues persist globally. Rumble proactively implemented measures and thanked cybersecurity partners and users for their patience. The incident, met with an outpouring of user support, highlights the importance of cybersecurity in defending platforms that champion free speech. The cyberattack prompts a broader conversation about technology’s vulnerability to external pressures in maintaining open dialogue online.

TheCyberExpress

ISSUE 14

ROUND UP

Cyberattack Targets Italy’s Westpole Data Center On December 8, suspicious activity was detected at Westpole Data Center in Italy, leading to disruptions in IT systems for Westpole and its clients. Immediate emergency measures were initiated, with no evidence of data exfiltration. Collaborating with partners, Westpole strengthened security, implemented mitigation measures, and contained the situation. By December 15, the problem was contained, but some customers still faced disruptions. On December 19, over 60% of customers resumed normal operations. By December 20, more than 80% had returned to normal, with Westpole committed to fully normalizing systems promptly.

ISSUE 14

TheCyberExpress

Australian University UOW Data Breach Leads to Unauthorized Access The University of Wollongong (UOW) faced a cyberattack revealing a data breach where individuals’ data was accessed. UOW worked to contain the breach that may impact both staff and students. The incident, detected and contained on December 10, prompted an investigation into the cause and extent of the issue. While normal operations continue, the university is committed to keeping the affected parties informed. Regulators and authorities were notified, and external experts are engaged to support the university’s efforts.

TheCyberExpress

ISSUE 14

ROUND UP

California’s Glendale School District Hit by Cyberattack Glendale Unified School District in Southern California faced a recent ransomware incident, urging caution for parents and students. Over 1,600 U.S. schools were affected between 2016 and 2022, according to the U.S. Government Accountability Office.

ISSUE 14

TheCyberExpress

Professor Clifford Neuman advised vigilance against phishing, avoiding password sharing, refraining from downloading unfamiliar software on school devices and discontinuing the use of school-connected electronics post-cyberattack. Neuman emphasized the prolonged recovery, urging schools to prioritize cybersecurity despite potential disruptions to educational instruction.

California’s Dameron Hospital Targeted in Cyberattack Dameron Hospital in Stockton investigated a cyberattack, leading to the rescheduling of some patient procedures. While patient care operations, including the emergency department, remain normal, the hospital labels it a “data security incident” affecting certain network systems. The hospital promptly responded, initiating investigations and securing systems. External cybersecurity experts are engaged in the response. Dameron Hospital continues healthcare services, rescheduling some procedures to ensure seamless care. The nonprofit community hospital, with over 200 beds, serves San Joaquin County residents. Specifics about the attack’s timing and compromised systems were not disclosed in the hospital’s statement on the incident.

TheCyberExpress

ISSUE 14

ROUND UP

Cyberattack Targets Koh Brothers Eco Koh Brothers Eco Engineering faced a recent cyberattack with unauthorized access and encryption in certain subsidiaries’ servers. While an ongoing investigation suggests control over the incident, the sustainable engineering solutions provider cannot fully assess the impact on the group and its operations. The group’s business remains operational, and prompt measures, including server disconnection and engagement of incident response experts, were taken to contain the situation. Shareholders are advised to refrain from prejudicial actions, and the company commits to updating them on material developments related to the cyberattack.

ISSUE 14

TheCyberExpress

Israel’s Ziv Medical Center Hit by Cyber Assault Hackers, allegedly linked to Iran, claimed the theft of 100,000 IDF medical records during a cyberattack on Ziv Medical Center in Safed, Israel. Over 500 gigabytes of data, including hundreds of thousands of records, were purportedly stolen. This marks Ziv’s third cyberattack in four months.

However, the hacker group on Telegram asserted their success in stealing medical documents, sharing screenshots dating back to 2022, raising concerns about the security of patient information.

The Health Ministry and Israel National Cyber Directorate confirmed a suspected cyberattack but reassured that it was promptly identified and contained, with no impact on operations.

TheCyberExpress

ISSUE 14

ROUND UP

Australia/New Zealand Nissan Branch Targeted in Cyberattack Nissan investigated a cyberattack on its systems in Australia and New Zealand, potentially leading to a data breach with hackers accessing personal information. While details remain undisclosed, Nissan Oceania, covering distribution, marketing, and services, warned customers of a potential data breach and the risk of scams. The company deployed its global incident response team to assess the impact and investigate potential unauthorized access to personal information. Nissan assures that its dealers’ network remains unaffected, encouraging customers to submit queries without delays. Although website functionality is seemingly intact, the automaker is working to restore affected systems.

ISSUE 14

TheCyberExpress

ISSUE 14

SCOOP

World CyberCon India 2023

Ignites a Digital Revolution in Its Second Triumph The city of Mumbai played host to the second edition of World CyberCon India 2023 on December 1, 2023, at the prestigious Hotel Sahara Star. Organized by The

Cyber Express by Cyble, this event convened top minds in cybersecurity to explore the theme “Securing India’s Digital Future: Challenges and Solutions.”

“We are here to celebrate the leaders and pioneers of cybersecurity, who tirelessly work to safeguard our digital landscapes. We are here to nurture and applaud an incredible community – a community united by a common goal to make the world a safer place,” expressed Augustin Kurian, Editor-in-Chief, The Cyber Express.

ISSUE 14

TheCyberExpress

ISSUE 14

SCOOP

The event’s pinnacle was marked by the distinguished presence of Brijesh Singh, Principal Secretary to the CM at the Chief Minister Secretariat, Mantralaya, Mumbai, who honored the occasion as the Chief Guest. Known for his pivotal role in shaping cybersecurity policies, Brijesh Singh shared valuable insights into the evolution of cybersecurity in India. During his speech, Singh stressed the necessity of a comprehensive national strategy, emphasizing the importance of strong procurement frameworks. He encouraged participants to explore adopting virtual Aadhaar, emphasizing its potential to elevate security measures. Additionally, Singh placed a strong emphasis on the necessity of government cybersecurity, stressing the importance of safeguarding digital infrastructure in the face of evolving threats.

Brijesh Singh, Principal Secretary to the CM at the Chief Minister Secretariat, Mantralaya, Mumbai Singh’s address echoed the transformative power of technology, emphasizing the crucial role of a comprehensive National Cyber Security Policy and Framework in fostering digital resilience.

“Government digital infrastructure is distinct from corporate profit centers because trust is of paramount importance. Therefore, cybersecurity in government systems is critical, as a breach in security would constitute a breach of trust. Consequently, it is imperative to establish standards, policies, frameworks, and adherence to the latest cybersecurity guidelines across the entire government. This includes a comprehensive understanding of threat intelligence to secure the system in a manner that is globally recognized as the best,” opined Singh.

ISSUE 14

TheCyberExpress

Gaining Insights from Panel Discussions Gaining valuable insights was at the forefront of the World CyberCon India event, where engaging panel discussions delved into critical cybersecurity topics.

The discussion on “Ransomware Rundown: Strategies for Prevention, Mitigation, and Recovery” featured Dr. Yusuf Hashmi, Ramesh Gurram, Nirav Hiradhar, Hitesh Mulani, and Sabarinathan Sampath (Moderator), offering strategic insights.

In the panel titled “Beyond the Surface: Navigating the Deep and Dark Web for Threat Intelligence,” industry experts, including Balaji Kapsikar, Beenu Arora, Col Kapil Jaiswal, Dr. Mahesh Juttiyavar, and Ankit Sharma (Moderator), provided profound perspectives.

The panel on “Empowering Cyber Sentinels: The Crucial Role of AI and ML in Defending Cyberspace” brought together Kiran Belsekar, Vijay Kumar Verma, Amitabh Bhardwaj, Pooja Shimpi, and Venkata Satish Guttula (Moderator), shedding light on the pivotal role of AI and ML in cybersecurity defense.

“Reflecting on the profound discussions at World CyberCon in Mumbai, where innovation and collaboration converged, I am inspired by the strides we’ve made to fortify our digital future. At Cyble, we remain committed to pioneering solutions that empower a resilient cyber landscape, safeguarding businesses and individuals alike. Together, let us navigate the ever-evolving cyber realm with vigilance and innovation,” said Beenu Arora, CEO and Co-Founder, Cyble Inc.

In the discussion on “Securing the Future: IoT Security Challenges and Solutions in India,” industry experts including Ambarish Kumar Singh, Harshad Mengle, Vijay Devnath, Abhishek Bakshi, and Akshay Garkel (Moderator) deliberated on IoT security challenges and solutions.

N S Nappinai, Advocate, Supreme Court, and Founder – Cyber Saath

Beenu Arora, CEO and Co-Founder, Cyble Inc.

TheCyberExpress

ISSUE 14

SCOOP

Complementing these discussions were industry sessions, including “Navigating the Digital Frontier: Insights into the Proposed Digital India Act & Cybercrime Laws” with N S Nappinai, Advocate, Supreme Court and Founder – Cyber Saath. Apart from these sessions on topics such as social engineering and phishing, supply chain security best

practices, and more, featuring industry leaders like Dipesh Kaura, Country Head- India and SAARC, Cyble Inc, Abhishek Mathur, Sr. Group Manager – (I&E), Wartsila Indi, and Hilal Ahmad Lone, CISO, Razorpay. These sessions collectively contributed to a comprehensive exploration of cybersecurity challenges and solutions.

THE CYBER EXPRESS TEAM Overall, World CyberCon India was a resounding success, providing a valuable platform for discussion and collaboration on the most critical cybersecurity issues facing India today. The event was a testament to the hard work and dedication of the organizing team, and it is sure to be remembered as one of the premier cybersecurity events in India.

ISSUE 14

TheCyberExpress

As the curtains draw on this successful edition, World CyberCon India extends its gratitude to all participants, sponsors, and partners for contributing to the event’s success. The knowledge shared and connections forged during the event are integral to advancing India’s cybersecurity resilience.

TheCyberExpress

ISSUE 14

INSIDER

LET’S TALK CYBERSECURITY: WISDOM FROM

WORLD CYBERCON INDIA As we bid farewell to 2023, the cybersecurity space stands at a pivotal juncture, teeming with innovations, challenges, and opportunities. The recently concluded second edition of the World CyberCon, hosted by The Cyber Express, offered a rare glimpse into this dynamic field through the eyes of its foremost experts.

ISSUE 14

TheCyberExpress

In a series of insightful interviews, these seasoned leaders shared their insights and predictions. They touched on an array of critical topics, such as crisis management, the rise of AI-powered frauds, the evolving deepfake technology, the protection of vital infrastructure, the intricacies of cyber law, and the potential of AI/ML.

Additionally, they provided a sneak peek into the trends of 2024. This feature aims to distil their collective wisdom and foresight, offering a comprehensive overview of what lies ahead in the cybersecurity domain, equipping readers with the knowledge to navigate the upcoming year’s challenges and opportunities.

TheCyberExpress

ISSUE 14

INSIDER

On Crisis Management

On Safeguarding Critical Infrastructure

On Deepfake Technology

Dr. Yusuf Hashmi

Kapil Jaiswal

Balaji Kapsikar

In safeguarding national institutes and critical infrastructure, two fundamental strategies emerge: isolation of sensitive systems from the internet and the recognition of a second envelope of protection for vital entities beyond government purview. As the landscape evolves, the emphasis shifts to fortifying sectors like healthcare and finance, acknowledging their stake in national well-being, requiring regulatory guidance and industry compliance while leveraging advanced technologies like AI and machine learning for defensive cybersecurity measures. Protecting our national institutes isn’t just a task, it’s a strategy. From defending the known to safeguarding the vital, our approach must encompass both regulation and innovation. In this era where cybersecurity isn’t a choice but a necessity, the future hinges on our ability to outpace, outthink, and outsmart the very technology challenging our defenses.

Of course, it is artificial intelligence and machine learning that are included in the deepfake technology and since we are now already starting a live into the technological era deepfake technology is also now getting easily accessible to any users and it happened recently like after ChatGPT introduction. People are getting more familiar with many AI-generated tools like AI-generated images or AI-generated deepfake videos. Scammers especially are very much using this technology to kind of scam your close ones. sDeepfake is now getting more popular as a kind of scamming tool as well. This can be easily misused as well and if it is, let’s say, with the AI, even if you have a photograph of the child, you can increase the age by using the AI and after that age or the adult age you can kind of create a deep fake video out of that. So, some of these things may happen and especially if it is for teenage girls or something, those deepfake videos can be showcased as a sextortion kind of attack and used as a use against them.

Group CISO at Jubilant Bhartia Group As a CISO or a leader, maintaining a composed demeanor is crucial when dealing with situations like data breaches. Stay calm, grasp the actual problem, pinpoint the breach’s location, and then chart your course of action. Keep your colleagues and stakeholders informed throughout the process, assuring them that an investigation is underway. It’s essential to avoid unnecessary panic by thoroughly understanding the situation before communicating with your team. Once satisfied with your assessment, proceed with the necessary steps.

ISSUE 14

TheCyberExpress

CISO & Director Research (InfoSec & AI/ML), Government of India Official

Head of Technology & Cyber Risk, Funding Societies Singapore

On Cyber Law Nappinai N S

Advocate, Supreme Court, Founder-Cyber Saathi Effective cyber protection involves understanding the breadth of personal data usage online and the necessity for stringent data protection laws. These laws safeguard against unauthorized data collection and misuse, ensuring data is used only for its intended purpose. Additionally, cyber laws not only protect individuals but also provide a framework for businesses, enabling compliance and legitimacy in their operations. A comprehensive approach involves education, policy contributions, and leveraging legal remedies, empowering victims of cyberbullying and digital exploitation with support groups, awareness, and legal recourse

On Usage of AI/ML Jaspal Singh Sawhney

Chief Information Security and Privacy Officer at Tata Communications The use of AI/ML by threat actors and the industry presents a unique challenge for cyber defenders because you have to protect against what the bad guys are doing using this technology, while also protecting the business logic and generative engines for enterprises solving their business problems using AI/ ML.

TheCyberExpress

ISSUE 14

INSIDER

On Cybersecurity Trends 2024 Hilal Ahmad Lone

Milin Shah

Vijay Devnath

I think FinTech companies have, like, they’ve always been vulnerable to multiple different attacks. Primarily, like distributed denial of service, phishing, and, like, faking up apps and picking up domains and things like that. So, I think that’s a trend that we’re actually seeing right now. And of course, like the supply chain, as well. So, vendor risk is always going to be.”

In 2024 we will see major developments across the entire technology sector, not just cybersecurity. There will be a rise in the demand for AI and ML industry as well as supply chain, and the automation that goes along with them. Apart from this, people will be moving from on-premises to cloud. Considering all these new changes, I see there will be major cybersecurity developments till the year 2025 in the fields of AI, zero-trust-architecture, cloud security, also the amalgamation of AI and human element will further intensify cybersecurity risks.

We will be introducing a lot of new services to the railway passengers as well as in the goods segment in 2024. The automation will increase in railways where tracking individual consignments will also be possible. All these automations also present multiple maintenance related challenges for data, privacy, and security issues. We also understand that we need to upgrade our technology at par with other sectors like the airlines. We are also trying to integrate with other service providers like the road, taxi services, and even the food providers. Although currently all our partners are not fully armed with the adequate IT systems to properly integrate the storage and protection of data required for providing proper transportation services in railways, but we are moving forward towards our goal.

Chief Information Security Officer (CISO) of Razorpay

Vaibhav Patkar

Independent Cybersecurity Consultant

Cyber Security Consultant and Advisor

Adv Puneet Bhasin AI, ML, and Deep Learning are the three terms that will be affecting the upcoming year’s trends. It is going to be a daunting task to keep up-to-date with these trends, but of course not impossible. Earlier spotting phishing sites was easier, but nowadays with AI and ML, these are getting improved every day, which is frightening for a common man. Tools are available for almost everything, anyone can go and make whatever changes they want to make to someone’s face and exploit it. But on the other hand, the same tools can also be used for a good cause. We can have forums where experts can come together and turn the tables.”

ISSUE 14

TheCyberExpress

Cyber Law Expert- Proprietor/ Founder at Cyberjure Legal Consulting I predict there will be more AI based frauds in 2024. This could happen in multiple ways namely voice, morphed photos. AI will help in making fake audio-visual content more convincing (realistic) bringing better results for hackers. This will happen a lot in 2024, until and unless people are adequately educated about it and don’t fall prey. The trend of Indian organizations, primarily financial organizations being targeted in cybercrime will also continue.

Group GM and CISO at the Center for Railway Information Systems

On Ransomware Surge Sabrinathan Sampath

Chief Strategy Officer at Wire 19 Ransomware attacks are growing heavily, Cyble also reported a 115% increase in cyberattacks compared to the last year. It is very important for organizations to be well prepared. Employees are the weakest link in the entire security chain, proper training is important for employees to understand where the weakness lies, and how to react to such scenarios. Hackers are getting very advanced; it is important for organizations to be well equipped to be able to train their employees against them. There also needs to be an intergovernment collaboration for sharing cybersecurity intel related to ransomware. They also need to help organizations to train in order to react to such situations and elements.

TheCyberExpress

ISSUE 14

Cyber Expr SCOOP

CYBER EXPRESS AWARDS:

Meet the Tech Titans and Digital Mavericks of the Year Step into the glitz and glamour of the award night with a swift glimpse through captivating images, capturing the essence of an unforgettable evening honoring these cybersecurity trailblazers at The Cyber Express Awards.

ISSUE 14

TheCyberExpress

ress wards Cyber Sentry Standouts: The Top CISOs of 2023 in BFSI

Priyanka Ramakrishnan Sunder

Basil Dange

Vice President - Risk Planning, Strategy and Governance, SMFG India

CISO, Aditya Birla Sun Life AMC Ltd

Jayashree Naik

Bhagwatiprasad Dubey

Head of Cyber Security Silicon Valley Bank

AVP - CISO, Axis Mutual Fund

Ramesh Gurram

Nirav Hiradhar

CISO, MCX (Multi Commodity Exchange of India Ltd.)

CISO, UTI Retirement Solutions Ltd

Melwyn Rebeiro Head GRC & CISO, Julius Baer

TheCyberExpress

ISSUE 14

Cyber Expr SCOOP

FMCG Cyber Chiefs: The Cyber Express Top CISOs of 2023 (FMCG) Nikhil Bhushan Head - IT / CISO, Travel Food Services Pvt Ltd

Securing Tomorrow: The Cyber Express Top CISOs of 2023 (IT Services and IT Consulting)

Avinash Dharmadhikari

Mahendra Soni

CISO, Persistent Systems Ltd

Vice President & Head - Information Security, AQM

Fueling Cybersecurity: The Cyber Express Top CISOs of 2023 (Oil & Gas)

Sachin Gupta CISO, Nayara Energy

ISSUE 14

TheCyberExpress

Jnana Ranjan Dash Head - Information Security, HPCL-Mittal Energy Limited

ress wards Manufacturing’s Finest Cybersecurity Leaders: The Cyber Express Top CISOs of 2023 (Manufacturing)

Amit Joshi

Ambarish Kumar Singh

CISO, Adani Enterprise

CISO, Godrej & Boyce Mfg. Co. Ltd.

Avinash Tiwari

Hitesh Mulani VP & Group CISO, Mahindra & Mahindra Group

CISO, Pidilite Industries Ltd

Cyber Sentinel of 2023: The Cyber Express Cybersecurity Person of 2023 (India)

Prasad Badiwale

Group CISO, Aditya Birla Management Corporation

TheCyberExpress

ISSUE 14

Cyber Expr SCOOP

Championing Cyber Inclusion: The Cyber Express Cybersecurity Diversity and Inclusion Advocates of 2023

Pooja Shimpi Founder & CEO, Sybernow

Milin Nitin Shah

Advocate Puneet Bhasin

Asst Vice President, SitusAMC

Founder, Cyberjure Legal Consulting

Leading the Digital Defense: The Cyber Express Top Cybersecurity Influencers of 2023

Venkata Satish Guttula Co-Founder & CISO, CyberXGen

100 ISSUE 14

TheCyberExpress

Praveen Singh CSO, Cyberpwn Technologies

ress wards Leading the Digital Defense: The Cyber Express Top Cybersecurity Influencers of 2023

Abhishek Mathur Sr. Group Manager - (I&E), Wärtsilä India

Santosh Kumar Tripathi

Director, Information Security and Compliance, Virsec Systems, Inc

Muzammil Ahmed Shaikh

Vijay Kumar Verma Senior VP and Head Cyber Security Engineering, Jio Platforms Ltd

Associate Director | Cyber Security, ANB Global Solutions Private Limited

Balaji Kapsikar

Hilal Ahmad Lone

Head of Technology & Cyber Risk, Funding Societies Pte ltd

CISO, Razorpay

Sachin Arvind Kawalkar Global CISO, Neeyamo

TheCyberExpress

ISSUE 14 101

BOTTOMLINE

Leaders’ Take on

WORLD CYBERCON INDIA 2023

102 ISSUE 14

TheCyberExpress

Vaibhav Pandya

Information Security Consultant & vCISO Kudos on your outstanding contribution to the 2nd Edition of World CyberCon hosted at Hotel Sahara Star, Mumbai on December 1, 2023. Your expertise in cybersecurity, threat intelligence, artificial intelligence, and machine learning truly shone during the event. While the occasion was undeniably impactful, streamlining the content for brevity could amplify its effectiveness. Your continued dedication to refining and delivering insightful content is highly appreciated. For future events, consider a more concise format to enhance focus and impact. Keep up the exceptional work!

Kavitha Srinivasulu

Board Member, Women in CyberSecurity (WiCyS) India I am very happy and overwhelmed to receive the honourable award of “The Cybersecurity Diversity and Inclusion Advocate” from The World CyberCon 2nd edition in 2023. Thanks to the juries and the entire Team for giving me this recognition. This is a real booster to continue to focus on my passion to build a safe and secured environment.

Praveen Singh

Co-Founder & CSO, CyberPWN Technologies Thank you The Cyber Express by Cyble this honor. The event was a resounding success, featuring distinguished leaders in the field of cybersecurity and a series of informative sessions on cybersecurity topics. The event provided a valuable opportunity for attendees to gain insights into the latest trends and best practices in cybersecurity. The sessions were well-structured and engaging, and the speakers were knowledgeable and articulate. Overall, the event was a testament to the importance of cybersecurity in today’s business and academic landscape and a valuable resource for anyone seeking to stay up-todate on this critical topic.

TheCyberExpress

ISSUE 14 103

BOTTOMLINE

Sameer Gemawat

Creative Director & Co-Founder, SyberNow A great show by The Cyber Express by Cyble on December 1st, 2023 hashtag#cybercon2023. It was my pleasure to be a part of this hashtag#insightful & extremely well-organized hashtag#event & learn about the latest and greatest in hashtag #cybersecurity.

Nirav Hiradhar

CISO, UTI Retirement solutions Ltd A first is always special. Thank you The Cyber Express by Cyble for the recognition and opportunity to network with the greatest of minds. It was a wonderful event and kudos for all the arrangement.

Bhagwatiprasad Dubey

AVP - Chief Information Security Officer - (CISO), Axis Mutual Fund Happy to attend and take part in the event and would like the same to continue.

Ambarish Kumar Singh

Chief Information Security Officer (CISO) at Godrej & Boyce It is indeed an honour and privilege to receive “ The Cyber Express Top CISOs of 2023 (Manufacturing)” from the Cyber Express. I would like to thank the jury and the Cyber Express team for this recognition.

Jayashree Naik

Head of Cybersecurity India, CISO at Silicon Valley Bank Thankyou The Cyber Express by Cyble for this recognition to the entire CyberSecurity team at Silicon Valley Bank and having this very insightful event and amazing panel discussions on topics which are future facing for all CISOs in India and Global.

104 ISSUE 14

TheCyberExpress

ISSUE 14 105

106 ISSUE 14

TheCyberExpress

ISSUE 14 107

SCAN AND STAY UPDATED WITH REAL TIME CYBERSECURITY NEWS To advertise with us, write to: marketing@thecyberexpress.com

The Cyber Express - January 2024

Articles inside

VIEWPOINT

From The Editor’s DESK