Information Technology

The reality of zoonotic pandemics and recovering from them is certainly with us in 2020, and while it will take time to move on from the aftereffects of COVID-19, Australian government agencies Commonwealth Scientific and Industrial Research Organisation (CSIRO) and Austrade have said digital initiatives could allow Australia to recover.
“A generation of Australians will train, work, and live in an economy primarily concerned with rebuilding and recovering from the COVID-19 shock. This will characterise government policy and industry strategy,” the agencies said in the Global trade and investment megatrends report released on Monday.
“Even though the economic conditions are extremely challenging there are good reasons why the Australian and global economies can bounce back. We can achieve the roaring twenties again in the 2020s.”
The report listed a number of actions to help recovery, the first of which is using data science, machine learning, predictive analytics, and natural language processing to boost trade and investment. Using these technologies would allow for a “more tailored and granular analysis” of trade opportunities and ensure recent data is used, the report said.
“Machine learning and AI can be used to help an Australian company determine which export markets are best aligned to their products and services,” the report said.
“Attempting to export into the wrong market can be a costly error. However, exporting into a high demand and rapid-growth market with few competitors can be extremely lucrative.”
Much of the report was concerned with attracting research investment from overseas — perhaps a tacit acknowledgement of the federal government ripping money off the tertiary education sector — while also saying the country needed a campaign led by Austrade and co-ordinated between universities, research organisations, industry, and state and federal agencies that could funnel foreign direct investment (FDI) into research.

“R&D FDI improves the scientific, technological, and research capabilities of a country, which is associated with productivity uplift, which, in turn, leads to increased economic growth and job creation,” the report said.
“The COVID-19 crisis may create a window of opportunity for Australia to meet the R&D needs of companies and governments worldwide.”
Australia should boost its digital exports, the report added, by building on the nation’s “brand profile for trusted, reliable, and high-quality digital solutions”. It said that trust, transparency, reliability, and quality of digital products and services would be increasingly important when competing globally.
“The main opportunity associated with this megatrend is the chance for Australian companies to sell into new export markets for digital products and services,” the report said.
“This applies to the digital technology sector and traditional companies that may convert some, or all, of their product offerings to digital, allowing them to respond to both domestic and global markets. Foreign direct investment could also ramp-up within Australia’s well-established and rapidly growing digital technology sector.”
Australia could also benefit from a safe haven effect, due to the country being able to manage the coronavirus risk and having a relatively well-performing economy despite going into recession with the rest of the world. According to the report, this provides an opportunity for Australian businesses to tap into companies that are looking to diversify supply chains and seeking perceived safer locales. One industry that should trade on the perception of safety is tourism, which has been smashed by the pandemic.
“In the short-to-medium term, we are likely to see governments and citizens worldwide turn to local options and trusted countries for tourism, manufacturing, and services,” it said. “There is likely to be a much stronger economic, trade, and cultural connection to local places during and after the pandemic.”
The report further said businesses needed to think about other potential outbreaks as global trade looks to approach prior levels.
“Digital technology will play a critical role in the rebuild. Telework, telehealth, online retail, online education, and online entertainment are all booming. A vast swathe of economic activity has transferred from the physical world to the virtual world. Much will not go back,” the report said.
“The world has seen 10 years’ worth of digital transformation in the space of a few months.”
The recovery, in both pandemic and economic terms, might be longer than thought, but the report leaned on history to project forwards.
“The 1920s began with the world recovering from a war, the Spanish flu pandemic, and a depression. However, it later emerged as a time of prosperity, rising incomes, and innovation, with antibiotics, electric light, telephones, and radio coming to consumers and making life profoundly different to a decade earlier,” it said.
“The 2020s might see similar changes with quantum computing, energy storage, AI, blockchain, and molecular biology. Emerging technologies today have the potential to boost economic and productivity growth in Australia and internationally.”
The report did not discuss what happened in the decade after the roaring 20s.
Elsewhere, the Department of Communications kicked off on Friday its consultation on a round of grants to promote the commercial use of 5G.
Over the next two years, the government is looking to conduct two rounds of grants worth AU$10 million in total under the Australian 5G Innovation Initiative label, with individual grants looking to be in the range of AU$0.5 million to AU$1 million each. The grants are intended to be used on equipment and installation costs.
“It is not expected that the Initiative’s grants will support significant investment in research and development into 5G applications as the focus of the Initiative is on supporting commercial applications,” the department said.
“There may however be some need to support limited development costs if applications are pre-commercial or specific software is needed to facilitate 5G use cases.”
Submissions to the discussion paper are open until 5pm on December 11, with the expected timeline for grant applications to open in February, with grants to be awarded in May, and winners to report back between May and June 2022.
Related Coverage More

Image: Element5 Digital
Claims that “voting on the blockchain” would increase election security have been found wanting and even dubbed “misleading” by researchers from Massachusetts Institute of Technology (MIT).
In their paper Going from Bad to Worse: From Internet Voting to Blockchain Voting [PDF] published on Monday, they wrote that internet and blockchain-based voting would “greatly increase the risk of undetectable, nation-scale election failures”.
“I haven’t yet seen a blockchain system that I would trust with a county-fair jellybean count, much less a presidential election,” said the senior author, Institute Professor Ron Rivest of MIT’s renowned Computer Science and Artificial Intelligence Laboratory.
Rivest is best known as the “R” in the RSA encryption algorithm.
The paper analyses and systematises previous research on the security risks of voting systems, both online and offline, and comes to a clear conclusion.
Blockchain technology doesn’t solve the fundamental security problems suffered by all electronic voting systems, and may introduce even more problems, the researchers wrote.
Blockchain solutions are “ripe” for what they call “serious failures”. These are situations where election results might have been changed, either through error or by an attacker. The change might be undetectable, or even if it’s detected, the only solution would be to run a whole new election.

“Exposing our election systems to such serious failures is too high a price to pay for the convenience of voting from our phones,” they wrote.
“What good is it to vote conveniently on your phone if you obtain little or no assurance that your vote will be counted correctly, or at all?”
In any event, electronic systems of any kind, blockchain or not, are more susceptible to large-scale attacks because exploiting a single vulnerability could impact every ballot at once.
The physical nature of mail-in ballots or in-person voting is much harder to exploit.
The researchers proposed five minimal election security requirements: Ballot secrecy, to help prevent intimidation or vote-buying; software independence, so the result can be verified with something like a paper trail; voter-verifiable ballots, where the voters themselves can see that their vote has been correctly recorded; contestability, where someone who detects an error can convince others that the error is real; and some sort of auditing process.
At this point in time, the researchers argued, only paper ballots allow voters to directly verify that their ballot accurately represents their intended vote.
The paper also lists more that 40 “critical questions” which need to be asked about any proposed voting systems when assessing their security.
These range from understanding roles and capabilities of stakeholders and adversaries, to how many people would have to be corrupted to steal an election, to the fine-grained operational details of privacy protection, transparency, and legal constraints.
One of the researchers’ core concepts is evidence-based elections.
“A key goal of an election is to prove to the losing party that they did, in fact, lose,” they wrote. 
“An election system must therefore provide convincing evidence to all parties that the election result is correct, even in the face of intense scrutiny.”
According to Dr Vanessa Teague, an Australian cryptographer with a particular interest in voting system security, evidence is “critically important” and “building evidence remotely is really, really hard”.
“The more we study this problem, the more we learn that one little thing on a list of 50 questions might actually turn out to be really, really hard to solve,” she told ZDNet.
Teague and her various colleagues have repeatedly found flaws in election systems used in Switzerland, the US, Australia, and elsewhere.
“Many, many things can go badly wrong, even in carefully-designed systems implemented by people who know what they’re doing,” she said.
“The systems being used in practice that I’ve seen are generally neither.”
As your correspondent detailed four years ago, electronic voting of any kind is still the wrong answer to the wrong question.
Persistent calls to adopt electronic voting focus on speedy results and a perception of modernity, rather than the democratic fundamentals of national elections.
Trustworthy electronic voting means solving subtle issues of trustworthy software, trustworthy hardware, and trustworthy human-run processes.
As this new MIT paper shows, adding blockchain solves none of these problems.
Related Coverage More

The largest free trade agreement in history was signed over the weekend, with 15 countries in the Asia Pacific region agreeing to be signatories. In total, the agreement will cover 30% of the world’s GDP and population to surpass the Trans-Pacific Partnership in scale.
The signatories involved are Australia, China, Japan, New Zealand, South Korea, and the 10 members of ASEAN, including Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam.
The signatories’ leaders agreed to the terms of the Regional Comprehensive Economic Partnership (RCEP) at the Association of South-East Asian Nations (ASEAN) summit in Bangkok last year, with the agreement being officially signed on Sunday. In a joint statement, the signatories said the trade deal would play an important role in plans to recover from the pandemic and help build the region’s resilience through an “inclusive and sustainable post-pandemic economic recovery process”.
“In light of the adverse impact of the pandemic on our economies, and our people’s livelihood and well-being, the signing of the RCEP Agreement demonstrates our strong commitment to supporting economic recovery, inclusive development, job creation, and strengthening regional supply chains,” the signatories said in the joint statement.
The RCEP will primarily focus on standardising trade rules across countries in a bid to make it easier for people to do business. For example, the RCEP will enforce a new single set of rules for accessing preferential tariffs in any of the 15 RCEP markets. 
RCEP countries will also create a new framework of rules for telecommunications that build on ASEAN’s existing free trade agreements that focus on improving access and use of public telecommunications systems and access to essential telecommunications facilities. The new framework will also ensure RCEP countries do not discriminate against each other in providing access to submarine cable systems.
In terms of cybersecurity, RCEP countries have committed to collaborating and exchanging information on best practices for dealing with cybersecurity incidents and building the capacity of authorities to respond. When drafting the RCEP, signatory countries said they recognised that cooperation with each other was crucial for preventing cybersecurity attacks.   

The RCEP also includes commitments to ensure that signatories do not prevent business data and information from being transferred across borders. In addition, the RCEP includes commitments to prevent countries from imposing measures that require computing facilities to be located within their own territories. These commitments will not apply to the financial services sector, however, and also include exceptions for measures implemented for national security or other public policy reasons.
Signatory countries will also work together on a range of issues, including helping small and medium-sized enterprises overcome obstacles in using electronic commerce, encouraging the development of practices that enhance consumer confidence, and targeted cooperation on research, training, capacity building and technical assistance. To address this, Australia will commit AU$46 million to provide technical assistance and capacity building to help eligible ASEAN countries implement their RCEP commitments.
Other changes include a new scope for trade in services throughout the region including across telecommunications, professional, and financial services; improved mechanisms for tackling non-tariff barriers, including in areas such as customs procedures, quarantine, and technical standards; greater investment certainty for businesses; new rules on ecommerce to make it easier for businesses to trade online; a common set of rules on intellectual property; and agreed rules of origin that are aimed at increasing the competitiveness of signatory markets within regional production chains.  
The RCEP, which took eight years to negotiate, was previously intended to include India as well. India pulled out of negotiations last year, however, due to concerns surrounding how the agreement would impact its agricultural sector. Despite India’s withdrawal, the joint statement from the signatories said it was welcome to enter into the RCEP agreement.
Related Coverage More

Technology companies in Brazil are moving towards recovery in 2021, with cloud computing, analytics and security being the three key areas of investment for buyers, according to a new study by analyst firm IDC.
According to the IDC WW COVID-19 – Impact on IT Spending Survey report carried out in June 2020 and updated in September, a more optimist outlook has been noticed of late. In June, 48% of the Brazilian companies polled said they immersed in the crisis, while the number has dropped to 14% in September.
When it comes to IT budgets, 42% of the Brazilian organizations surveyed said their spending for the coming year will be greater than what was forecast before Covid-19, while 22% will stick to their forecast and 36% said budgets should decrease in the coming year.
According to the IDC study, IT spending in Brazil in a pre-Covid scenario 19 had been enjoying growth of 6%. Currently, growth has dropped to about 2.8%. The analyst firm argued that despite the drop, the fact there is still growth reiterates that companies will continue to invest in IT.
For 2021, IDC growth predictions before the pandemic surpassed 9% and have been readjusted to 6.8%. In Infrastructure as a Service (IaaS), for example, pre-pandemic projections pointed to a 38.8% growth in spending and the forecast is now close to 26.9%.
Companies will still invest in managed and support services in Brazil, even if at a slow pace, the analyst firm said. The same is not likely to happen in the server and storage segment, which, according to IDC, had been shrinking even before the pandemic.
On the other hand, sectors such as cloud have been bullish in Brazil. Separate research carried out by the Regional Center for Studies on the Development of the Information Society (Cetic.br), the research arm of the Brazilian Network Information Centre (NIC.br), show an evolution in usage when comparing the last edition of the research in 2017 and the numbers from 2019.

According to the research, cloud-based storage grew from 25% to 38%. Enterprise software in the cloud has increased from 20% to 27% in two years, as well as the use of cloud processing capacity, which went from 16% to 23% over the same period. More

Cryptocurrency borrowing and lending service Akropolis says a hacker used a “flash loan” attack against its platform and stole roughly $2 million worth of Dai cryptocurrency.

The attack took place yesterday afternoon (GMT timezone), and Akropolis admins paused all transactions on the platform to prevent further losses.
Akropolis says that while it hired two firms to investigate the incident, neither company was able to pinpoint the attack vectors used in the exploit.
Nonetheless, the intrusion was identified as a “flash loan” attack.
Flash loan attacks have become common against cryptocurrency services running DeFi (decentralized finance) platforms that allow users to borrow or loan using cryptocurrency, speculate on price variations, and earn interest on cryptocurrency savings-like accounts.
Flash loan attacks take place when hackers loan funds from a DeFi platform (like Akropolis) but then use exploits in the platform code to escape the loan mechanism and get away with the funds.
These attacks have been growing in numbers since early February this year, and one of the biggest flash loan attacks took place last month, in October, when hackers stole $24 million worth of cryptocurrency assets from DeFi service Harvest Finance.

The good news is that Akropolis says it has already identified the attacker’s Ethereum account, which would allow it to track funds as they move around the blockchain.
The DeFi platform says it already notified major cryptocurrency exchanges about the hack and the attacker’s wallet in an attempt to have funds frozen and prevent the attacker from laundering funds into other forms of cryptocurrencies, lose the investigators’ tracks, and cash out the funds.
Akropolis said it is currently exploring ways to reimburse users for the loss. More

While hackers are often associated with criminal acts and interest in hacking may not be encouraged — especially at younger ages — the difference between white hat and black hat activities is important to remember. 
 These days, with cyberattacks increasing in scope and complexity, we need professional, ethical hackers to help protect the day-to-day services we all use, and when it comes to younger people especially with an interest in this field, a gift or two to encourage their entry into this world could be a great idea this holiday season. 
Below, we have created a list of themed gifts relating to this profession, ranging from clothing to challenging pieces of kit, that the hacker in your life will enjoy, no matter their age or experience level.

A must-have for new skills

One of the best places to start if you’re interested in cybersecurity is research, including the history of hacking, general threat landscape, and career options. For someone keen on the field, the Hacker Playbook 3: Practical Guide To Penetration Testing, authored by Peter Kim, is considered a must-read for those interested in new techniques and obtaining new skills.
$25 at Amazon

Another must-read

Another book for every hacker’s shelf that could make a great gift this year is Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers. Written by Andy Greenberg, the author explores cyberattacks that have posed a threat to national and global security. 
$13 at Amazon

A hands-on gift to get started with programming

A more practical gift over Christmas 2020 for the hacker in your life is the Raspberry Pi 400, one of the latest models of the tiny PC. Suitable for those starting out with programming, the budget-friendly device comes in a keyboard format and is equipped with 4GB RAM. A few cables, a monitor, and a mouse, and you’re good to go.
$100 at Canakit

For those interested in network security

The WiFi Pineapple Mark VII is a serious piece of kit for the automation of Wi-Fi network auditing and analysis. Available as a budget-friendly starter product all the way up to enterprise readiness, the device also features a range of useful apps and remote access capabilities.
$99 at Hak5 Amazon

Novelty wear

For a fun gift this year for the hacker in your life, perhaps a trip over to Zero Day clothing is in order. The company offers a range of clothing for men and women plastered with cybersecurity-related slogans, cartoons, and quotes. 
View Now at Zero Day clothing

Subscription boxes to keep DIY enthusiasts and hackers busy

HackerBoxes is an interesting idea and something that could not only keep hackers entertained over the coming months, but also provide a way to challenge themselves. A gift subscription offers projects, components, modules, tools and items ranging from PCBs, transmitters, and capacitors that change every month.
$44 at HackerBoxes

A gift for radio signal exploration

KerberosSDR is a 4-tuner phase-coherent RTL-SDR software defined radio perfect for any hacker or enthusiast’s toolkit. The radio kit, which uses custom software to operate, can be used for applications including radio direction finding, passive radar applications, and beam forming.
$249 at Othernet

Kit for serious network, signal enthusiasts

The HackRF One bundle is a software-defined radio which is described as “acting like a computer sound card.” The gadget can interact with a range of radio signals including those transmitted by Bluetooth, Wi-Fi, and mobile devices.
$319 at Amazon

An investment, and a gift

The Hak5 Essentials kit would make a fantastic gift this Christmas. Although pricey, this kit should be considered an investment item that contains everything hackers need to get started. The Hak5 bundle includes a WiFi Pineapple, USB Rubber Ducky, Shark Jack, Packet Squirrel, and a variety of cables and other accessories.
$279 at Hak5

For novelty

A small stocking filler or novelty gift — with no serious meaning attached — could simply be a cybersecurity and hacker-themed sticker bundle. More suitable for younger enthusiasts to plaster over their laptop, the bundle on Amazon is available for only $5.99.
$5 at Amazon
Need more gift ideas?
Check out our ZDNet Recommends directory or Holiday Gifts hub for some more inspiration. 
Our sister sites also have the following gift guides: 

ZDNet Recommends More

Image: Emin Baycan
Microsoft says it detected three state-sponsored hacking operations (also known as APTs) that have launched cyber-attacks on at least seven prominent companies involved in COVID-19 vaccines research and treatments.

Special feature

Cyberwar and the Future of Cybersecurity
Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Read More

Microsoft traced the attacks back to one threat actor in Russia and two North Korean hacking groups.
Known as Strontium (aka Fancy Bear, APT28), the Russian group has employed password spraying and brute-force login attempts to obtain login credentials, break into victim accounts, and steal sensitive information.
The first North Korean group, known as Zinc (or the Lazarus Group), has primarily relied on spear-phishing email campaigns by sending messages with fabricated job descriptions, pretending to be recruiters, and targeting employees working at the targeted companies.
The second North Korean threat actor, known as Cerium, appears to be a new group. Microsoft says Cerium engaged in spear-phishing attacks with email lures using Covid-19 themes while pretending to be representatives from the World Health Organization.
Microsoft says these attacks targeted vaccine makers that have COVID-19 vaccines in various stages of clinical trials, a clinical research organization involved in trials, and one that developed a COVID-19 test.
The companies were located in Canada, France, India, South Korea, and the United States, according to Microsoft.
A call to the international community

These attacks represent just the latest in a long line of incidents that have targeted healthcare organizations during one of the most trying times in recent years. While healthcare organizations have been dealing with one of the most widespread pandemics in recent decades, hacking groups have taken advantage of the global crisis to increase their activity, sometimes targeting the organizations that were supposed to help fight this pandemic.
Instead of focusing on providing care to patients, hospitals have had to deal with ransomware attacks — such as those in the US, Germany, the Czech Republic, Spain, or Thailand.
Instead of focusing on researching a vaccine or treatment plan, pharma companies have had to deal with intrusions into their networks — such as Moderna, Dr.Reddy, or Lupin.
Across the summer, several organizations, like the Oxford Institute for Ethics, Law and Armed Conflict, and the CyberPeace Institute, have made calls to the world’s governments to protect healthcare organizations against hackers.
The organizations asked governments to agree on regulation, rules, and principles to prevent attacks from taking place or punish those that take part in targeting the healthcare orgs, citing the universal human rights law as the basis for creating a no-cyber-attack zone around the health sector
Today, Microsoft President Brad Smith, plans to make a similar call to the world’s leaders at the virtual Paris Peace Forum.
“Microsoft is calling on the world’s leaders to affirm that international law protects healthcare facilities and to take action to enforce the law,” said today Tom Burt, Microsoft Vice President for Customer Security & Trust, in a blog post on Microsoft’s website.
“We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate–or even facilitate –within their borders.”
Uphill battle
But experts in international politics don’t believe these types of calls will ever lead to any progress in establishing international norms prohibiting attacks on healthcare, or any other sector.
“In my opinion, there is no chance in hell that these calls and statements will create enough political pressure to force governments around the world to fulfill their due diligence in cyberspace,” Stefan Soesanto, Senior Cyber Defence Researcher at the Center for Security Studies at the Swiss Federal Institute of Technology (ETH) in Zurich, told ZDNet today.
“Most governments actually don’t have the capacity and capability to do so, other government simply don’t care, and probably a fraction of governments actually welcome this activity when it doesn’t happen within their territory,” Soesanto added.
“There is probably also a very strong strategic and tactical incentive to prevent the establishment of a no-cyber attack zone altogether. Because once it is established in the health sector, then other critical infrastructure sectors will follow. In the end, everything will be normatively deemed untouchable.
“Also, if we look at the state of cybersecurity within the healthcare sector —which is dismay both in the US and Europe—, these normative calls and statements seem to be an attempt to push the problem of IT security onto ransomware groups and APT abroad. (i.e., ‘if they don’t target us than we will be fine’),” Soesanto said.
“I think that logic is inherently flawed and even dangerous because then hospitals and research institutes lose all accountability for their own security posture and failures.” More

Ransomware has become a major threat to the manufacturing industry as cyber-criminal groups increasingly take an interest in targeting the industrial control systems (ICS) that manage operations.
According to analysis by cybersecurity researchers at security company Dragos, the number of publicly recorded ransomware attacks against manufacturing has tripled in the last year alone.

More on privacy

While a lot of manufacturing relies on traditional IT, some elements of manufacturing relies on ICS when mass-producing products – and that’s an area that several hacking groups are actively looking to target.
SEE: Network security policy (TechRepublic Premium)
That’s potentially very troubling because the interconnected nature of the manufacturing supply chain means that if one factory gets taken down by a cyberattack, it could have wide-ranging consequences.
For example, if a manufacturing facility that mass produces medicines or other health products was hit by a ransomware attack, that could have knock-on impacts for the healthcare sector as a whole.
It’s this level of threat that has led cybersecurity researchers at Dragos to describe ransomware with the ability to disrupt industrial processes as the “biggest threat” to manufacturing operations – and at least five hacking groups are actively targeting or demonstrating interest in manufacturing.

For cyber criminals, manufacturing makes a highly strategic target because in many cases these are operations that can’t afford to be out of action for a long period of time, so they could be more likely to give in to the demands of the attackers and pay hundreds of thousands of dollars in bitcoin in exchange for getting the network back.
“Manufacturing requires significant uptime in order to meet production and any attack that causes downtime can cost a lot of money. Thus, they may be more inclined to pay attackers,” Selena Larson, intelligence analyst for Dragos, told ZDNet.
“Additionally, manufacturing operations don’t necessarily have the most robust cybersecurity operations and may make interesting targets of opportunity for adversaries,” she added.
The nature of manufacturing means industrial and networking assets are often exposed to the internet, providing avenues for hacking groups and ransomware gangs to gain access to the network via remote access technology such as remote desktop protocol (RDP) and VPN services or vulnerabilities in unpatched systems.
As of October 2020, the company said there were at least 108 advisories containing 262 vulnerabilities impacting industrial equipment found in manufacturing environments during the course of this year alone, many of which potentially leave networks vulnerable to ransomware and other cyberattacks.
“Unfortunately, unpatched vulnerabilities that can enable initial access will always be an issue. Testing and applying patches as soon as practicable is very important for preventing exploitation,” said Larson.
SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)
Cyber criminals are deploying ransomware because it’s often the quickest and easiest way to make money from compromising a large network. But by gaining enough control of the network to deploy ransomware, hackers will often also be able to access intellectual property and sensitive data that also resides within the network.
That could potentially lead to hacking groups using ransomware as a smokescreen for cyberattacks designed to steal intellectual property, which could be extremely damaging to victims in the long run.
“Gaining visibility into the OT environment is very crucial – you can’t protect what you don’t know exists,” said Larson.
That means taking steps such as conducting regular architecture reviews to identify assets, ensuring devices and services are kept up to date, and conducting “crown jewel analysis” to identify potential weaknesses that could disrupt business continuity.
MORE ON CYBERSECURITY More