Top Cyber News MAGAZINE. Troels Oerting

MAGAZINE
TOP CYBER NEWS
JANUARY 2022
WE IN SECURITY
PROTECT HOPE
“KNOW THYSELF” - TEN LEVERS
FOR CYBER RESILIENCE STRATEGY
ARTICLE BY
STEPHANE NAPPO
VICE PRESIDENT and GLOBAL CHIEF INFORMATION
SECURITY OFFICER at GROUPE SEB
TROELS OERTING
EXPERT MEMBER OF INTERPOL
GLOBAL CYBERCRIME EXPERT GROUP
CHAIRMAN OF THE BOARD at BULLWALL
FORMER CHAIRMAN OF THE BOARD OF WORLD
ECONOMIC FORUM CENTRE FOR CYBERSECURITY
,
,
WORKING IN CYBERSECURITY ‘FIRST LINE’ FOR OVER 4 DECADES, TROELS OERTING INFORMS AND EDUCATES CITIZENS, CORPORATIONS,
ADMINISTRATION AND USERS TO ENGAGE MORE ACTIVELY IN SECURING THE INTERNET FROM CRIME

WILL ADJUST
THE WORLD
YEAR TO SHINE
BE YOU
This Is Your
Happy New
TOP CYBER NEWS MAGAZINE - January 2022 - ALL RIGHTS RESERVED 2

WE ARE LIVING IN A WORLD OF DIGITAL FUSION AND CONSTANT CYBER RISK. Everything has become a
target, including banking accounts, credit cards, as much of our financial daily activities that are digitally
interconnected to servers, websites, and devices. Sensitive records, including personal medical histories are all
digitized and shared. All around us are sensors to Internet of Things connected devices expanding hacker
potential attack surfaces.
EVEN OUR INTERPERSONAL COMMUNICATIONS VIA SMARTPHONES AT SOCIAL MEDIA
APPLICATIONS HAVE BECOME A PLAYGROUND FOR CYBER-ATTACKERS. In the past year alone, hundreds
of millions, if not billions of private records from retail corporations, internet companies, and banks, have been
exposed. All critical infrastructure including the electric grid, healthcare, transportation, communications, and
financial networks are vulnerable and have been subject to cyber-attacks. The recent cycle of major industry and
governmental cyber breaches, including Solar Winds that touched agencies across governments and much of the
Fortune 500 companies, are emblematic of growing risks.
WITH THE EXPONENTIAL INTERCONNECTIVITY OF INDUSTRY 4.0 COMES MORE SECURITY AND
PRIVACY VULNERABILITIES. Hackers, criminal networks, and even adversarial nation states are actively
proliferating malware across commercial verticals and government agencies. Last year there was a 350 % increase
in ransomware attacks, much if it aimed against stressed healthcare infrastructures and less protect home offices
resulting from work from home necessities under the Covid19 pandemic.
THE CYBER IMPACT TO OUR DIGITAL FUSION INTERFACE NEEDS TO BE A GLOBAL PRIORITY. Our
algorithmic world becoming more automated by the day catalyzed by the emergence of via machine learning,
artificial, and other technologies. Enhanced and more capable next gen cybersecurity tools and processes will
likely be a core digital element that keeps us safe into the future. We must improve investments in technologies,
processes, and people to better be able to mitigate the multitude of new sophisticated cyber threats on the
horizon in our digitally fused ecosystems.
The Cybersecurity of Digital Fusion
Editorial by Chuck D. BROOKS
President at Brooks Consulting International
Chuck D. BROOKS
President at Brooks Consulting International,
Chuck D. Brooks is a globally recognized thought
leader and subject matter expert Cybersecurity &
Emerging Technologies, a featured speaker at
dozens of conferences & webinars. Mr. Brooks is
serving as Adjunct Faculty at Georgetown
University’s Graduate Applied Intelligence Program
and the Graduate Cybersecurity Programs.

“THIS WORLD
IT NEEDS
HEROES
”
DOESN’T NEED

TROELS ØRTING JØRGENSEN
Troels Ørting Jørgensen, Chairman at Bullwall, Expert Member at INTERPOL
Mr. Ørting is a globally recognized Cyber Security Expert. He has been working in cybersecurity ‘first
line’ for over 4 decades. Throughout career, Mr. Ørting has been working with governments and
corporations to advise on how they react to the increasing international cyber threats, and worked
closely with law enforcement, intelligence services and cyber security businesses.
Formerly, with the Danish National Police, first as Director, Head of the Serious Organised Crime
Agency and then as Director of Operations, Danish Security Intelligence Service; Deputy Head, ICT
Department and Deputy Head, OC Department, Europol, EU’s Police Agency; Head of European
Cybercrime Centre and Head of Europol Counter Terrorist and Financial Intelligence Centre. 2015-18,
Group Chief Information Security Officer (CISO), Barclays. Chaired the EU Financial Cybercrime
Coalition, of which most banks are partners, and has very strong experience in cyber security. Since
2018, Head of the Centre for Cybersecurity, World Economic Forum. Chairman of the Board of World
Economic Forum Centre for Cybersecurity (C4C).
Denmark

“WE, IN SECURITY, SHOULD NOT PROMOTE FEAR – BUT PROTECT HOPE”
BEFORE THE GLOBAL PANDEMIC HIT THE WORLD IN SPRING 2020, the digital transformation
increased speed and magnitude. Fuelled by super-drivers like mobile/5G, IoT, Cloud and AI the
number of users, applications, storage, connections and algorithms outpaced what we had seen
before. The huge possibilities provided by the Internet created a ‘tech’ environment attracting the
best brains the World could produce and geopolitical tensions between China, Russia, EU and US
intensified the regional competition on ‘who controls the Internet’ and the subsequent influence,
growth and wealth.
THE GLOBAL COVID PANDEMIC FORCED US TO MOVE APPROXIMATELY 1.2 BN WORKERS
FROM THEIR OFFICES to work from homes in order to keep the wheels spinning. Internet
enabled communication tools substituted physical meetings, teaching, marketing, trading, reading,
accounting, watching and demand for online services surged and Accenture has estimated that
globally we went through 3 years normal speedy digital transformation in just 3 months. This will
continue. We will not go back to the ‘old days’ even after we get a vaccine. We will continue to work
remotely – not necessarily from home but from anywhere. Both employers and employees have
seen the benefits of this new flexible work-regime providing support from working both from offices
and from anywhere.
“In the future everything will be connected, everything will be sensing, everything will be
stored and everything will be used, sold or utilised in other ways”
We, In Security, Protect Hope
Author: Troels OERTING

THE FUTURE will provide more positive opportunities for the global, and connected, citizen – for
businesses, education, healthcare, sustainability, climate, transparency and democracy. But it will also
present challenges to security, privacy, integrity and trust.
TRUST between the citizen and consumer on one side and governments and corporations on the other
side. Who can we entrust with our digital footprints and other assets, will our data become a commodity
including face recognition and other tracking and can we believe what we read or see? Will someone
‘hack’ opinions in the future and influence elections and public debate negatively?
THE NATION STATES normally regulate the level of domestic crime through the 3 P’s. Prevention,
Protection and Prosecution.
Due to the current lack of trust between states and governments – it is not possible for global law
enforcement to cooperate when fighting cybercrime.
“In reality cybercrime is presently a risk-free crime. Secondly, we have not been able
to agree on the ‘rules of the game’ for State Actors covert operations on the Internet
and in reality no written or unwritten rules regulate these operations”
“ WE HAVE NO CYBER GENEVA CONVENTION ”
By the Hon. Troels OERTING
By Troels OERTING

THE WORLD GETS MORE HYPER-CONNECTED AT PACE, BUT THE GOVERNANCE AROUND
THIS DEVELOPMENT DOES NOT MOVE
BASED ON THIS - we, as citizens, corporations, administration and users need to engage more actively
in securing the Internet from crime and regulating rules around privacy and integrity.
A few areas of importance come to mind:
The starting point must be a coalition of the willing who understand that sharing is caring.
SECURITY STAFF SHOULD STOP TALKING A ‘TRIBAL LANGUAGE’ and engage in a real discussion with
the public, the C-level and decision makers. If they do not understand what we say, we speak the wrong
language. As in many other areas the biggest improvement is always based on hygiene.
BACK TO BASIC. We need to focus on basic defence and risk based graduation of our overall security
posture. If you are not a VIP or your company is not in the hair-cross of foreign intelligence, the biggest
threat to your cybersecurity is from cybercriminals. Cybercriminals do not hack for fun and will not
invest 1 dollar to steal 50 cents. They might use advanced tools but they will be automated and if they
do not find the anticipated weaknesses - they will move on to the next target.
By Troels OERTING

THE TRICK IS TO HAVE A SECURITY LEVEL ABOVE THE CRIMINAL THRESHOLD
READING THROUGH THE VARIOUS PREDICTIONS FOR 2022 from multiple cybersecurity
companies and security agencies. A bit ‘the same procedure as last year’ and you feel you have read it
before. But no need we fool ourselves. 2022 will, for many reasons, be worse than 2021 in my opinion.
WIDER DISTRIBUTED IT ACCESS DUE TO WFH. More ransomware and affiliated crime with same
modus, fast development and distribution of advanced tools inside organized cyber crime networks,
more anti privacy and spy tools available and not least increasing geopolitical tension including with
Russia, China, Iran, North Korea, Ukraine and more.
ON THE POSITIVE SIDE IS THE SIGN that ‘the good guys’ - especially in private business - are
increasingly working together and sharing much more quality insight in real time to boost cyber defense
and resilience. And in the wider digital development we need to have a much closer look at ‘surveillance
capitalism’ and the mis-use of our digital footprints combined with fake news that will enable autocratic
and populist ‘leaders’ to hack ‘hearts and minds’ and influence elections, war and peace.
WE WILL PREVAIL but I fear 2022 will be a tough year on the digital security front. I wish us all good
luck and a Happy New Year and cross my fingers for more sectorial and cross sectorial cooperation
between likeminded.
HUMANITY WILL SURVIVE THE INTERNET. It will be a bumpy road. We better buckle up and get
started.
“ I AM A BORN OPTIMIST AND WISH US ALL GOOD LUCK “
By Troels OERTING
THE TONE FROM THE TOP IS IMPORTANT. We
are all dependent of the Internet and security and
privacy should be part of our personal and
corporate DNA. Create alliances, work
together, share best practice, develop and
innovate responsible and with security,
privacy and integrity in mind. Start
prevention early and realise it is a long
lasting effort.

“AS ORGANIZATIONS REASSESS THEIR PURPOSE, they are turning to technology to drive the
changes they need to make. Yet this technology must be managed correctly if it is to deliver the
benefits that stakeholders expect. By adhering to the principles of Tech for Life, those who create and
use technology can ensure it continues to be a force for good.
THROUGHOUT HISTORY, TECHNOLOGY HAS HELPED US MEET CHALLENGES. It has been an engine
for greater prosperity, equality and health. The printing press, the steam engine and the development
of electrical power have all transformed our world for the better. Today, whether augmenting our work
with robots, connecting us to our loved ones around the world or using Machine Learning to improve
tumor detection rates, technology has the potential to be an even greater force for good. Indeed,
technology is the force that will drive the transformation that organizations must undergo as they
develop a wider purpose.
FACED WITH EVEN THE GREATEST CHALLENGES ON THE PLANET, TECHNOLOGY IS
PROVIDING SOLUTIONS. We have the technology to make electricity sustainable, cheap and
available for all. To deliver this requires both the adoption of existing technologies as well as intelligent
electricity distribution and storage solutions.
AS LEADERS, WE MUST USE TECHNOLOGY CORRECTLY if we are to meet the expectations of
our new stakeholders. Yet we have seen how technology is open to abuse, misuse and malicious
intent. And, with the benefit of historical perspective, we have seen how many of the noble uses to
which technology has initially been put have given rise to unwelcome and unforeseen consequences.”
Tech For Life
Jim Hagemann SNABE
Chairman at Siemens (D), Chairman at A.P.
Moller - Maersk (DK), and Vice-Chairman
at Allianz (D). Serves as a Member of the
Board of Trustees at the World Economic
Forum; Adjunct Professor at Copenhagen
Business School (CBS). Former Co-Chief
Executive Officer of SAP. Master’s in
Operational Research from the University of
Aarhus, Denmark.
Jim Hagemann SNABE
Chairman at Siemens AG

Rhythm for security: Siemens' ProductCERT team regularly
informs its customers about current security vulnerabilities in
Siemens products and provides solutions to eliminate them.
The ProductCERT is connected – globally
Cybersecurity at

AS ORGANIZATIONS AND INDIVIDUALS EXPAND
THEIR CLOUD FOOTPRINT and leverage cloud
services out of necessity, digital identity has
become the true perimeter and key to protecting
the assets we value most. It’s no longer possible to
have a strong security posture without developing a
security architecture centered on digital identity and
the tenets of ZERO TRUST.
CLOUD ENVIRONMENTS OFFER MULTIPLE WAYS
TO MANAGE IDENTITY, and how we treat it needs
to be a foundational component of a cloud security
program. To ensure comprehensive oversight and
enable effective digital identity controls, it’s
necessary to have the right layers of governance
and tools in place to reduce the possibility of
leaving an open door for attackers.
IDENTITY PLAYS A ROLE IN EVERYTHING - from
people, to processes, to technology - and with our
growing digital environments, there is a continual
shift in our thinking of what digital identity is. In the
past we may have associated identity with a human
user and attributes like a name, number, or badge.
Now, the indicators used to assess identity include
things like behaviors and biometrics and the
definition of what is an identity includes things like
laptops, phones, APIs and Bots. All of these make
up what I like to call the “IDENTITY OF THINGS”.
“Identity is the gateway to cloud services and with the
rise of interconnectedness, digital transformation, and
API first strategies, digital identity has become even
more susceptible to attacks”
Identity in Depth
Securing the Digital IoT
(Identity of Things)
Author: Shinesa CAMBRIC
“Over the course of history, the greatest minds: scientists, philanthropists, educators, politicians, leaders,
philosophers, were fascinated with the way human brain works. From Michelangelo to Lomonosov, from
DaVinci to Einstein, there have been numerous attempts to uncover the mystery of human mind and to
replicate its working first through simple mechanical devices and later, in the 20th century, through
computing machines, software and robots.” ~ Marina L. Gavrilova and Roman V. Yampolskiy
A RECENT TECHCRUNCH REPORT indicated that
API calls through the Google Cloud Platform rose
47% from last year and that the platform now
handles about 2.2 trillion API calls a year, and in a
survey included in Salt Security’s "The State of API
Security – Q1 2021" report, they found that 91% of
surveyed participants had experienced an API
security incident in the past year.
DIGITAL IDENTITY IS CLEARLY THE GATEWAY TO
CLOUD SERVICES and as such, has become more
susceptible to attacks. The increased importance of
securing digital identities has become highly visible
in things such as Broken Access Control now being
named #1 on the OWASP (Open Web Application
Security Project) top 10 list of application security
risks.
“As our concept of identity matures and moves
beyond the traditional, to build a good identity
defense program we have to go beyond traditional
security defense thinking”
“RELYING SOLELY ON PASSWORDS AND FIREWALL
CONTROLS IS A RECIPE FOR TROUBLE”
“Expanding the way we secure identity requires we
look beyond the “who” of an identity. We also need
to consider the “how”, “when”, “what”, and “where”
of digital connectivity.”
ALTHOUGH MULTI-FACTOR AUTHENTICATION
(MFA) IS AN IMPORTANT IDENTITY CONTROL,
believing that MFA is the cure-all for protecting
identity can lull you into a false sense of security.

by Shinesa CAMBRIC
There are multiple studies regarding the number of
admins and highly privileged users who fail to turn
on MFA for their accounts, which highlights why
protecting digital identity requires a layered
approach. In the case of failure of one control, a
layered approach ensures you have other controls
in place to protect and defend access to important
assets.
DEFENSE IN DEPTH requires that we shift our
thinking to an “assume breach” mentality and build
in multiple security layers to protect from inevitable
attacks. In a digital environment, we should apply
this same approach to identity and its
corresponding attributes of access, authorization,
and authentication, creating the concept of
“IDENTITY IN DEPTH”.
SO HOW DO ORGANIZATIONS BEGIN BUILDING
AN IDENTITY IN DEPTH STRATEGY?
THEY SHOULD START by assessing their digital
identity security posture, defenses, and controls.
There are a few fundamental identity pillars to
review, as well as probing questions that will need
to be answered.
In terms of pillars, a DIGITAL IDENTITY ROADMAP
needs to be created for the areas of IDENTITY
GOVERNANCE (includes defining process, visibility,
auditing, logging), ACCESS MANAGEMENT
(includes provisioning, adaptive access, device
management), AUTHENTICATION (includes SSO,
MFA, Federation, SAML, verifiable identities), and
PRIVILEGED ACCOUNT MANAGEMENT (includes
admin users, high privileged roles).
THE PLAN AROUND EACH OF THESE AREAS
SHOULD ADDRESS protecting identity from both
the outside in (external attackers) and inside out
(insider risk), given that the impact of insider
threats can be just as damaging as attacks coming
from outside an organization. While building out a
strategy for these pillars, organizations should ask
several questions to establish boundaries around
the identities in their environment.
• WHO OR WHAT is on the other side of a given
connection or performing some activity?
• WHERE is the connection coming from?
• WHERE should it NOT be coming from?
• WHY is access required by the identity
connecting and for how long?
• WHEN should connectivity be taking place?
AN ORGANIZATION SHOULD INVEST TIME in
periodically assessing the maturity of their identity
program and alignment with a ZERO TRUST
ARCHITECTURE.
• THEY SHOULD UNDERSTAND THE POTENTIAL
IMPACT to their environment of maintaining
identities in various sources, using centralized
versus decentralized management approaches, and
the impact of multi-cloud environments on their
identity strategy.
• NEXT, IT WILL BE IMPORTANT TO INVEST IN THE
RIGHT TOOLING to help assess all the identities and
recertify access on a regular basis.
• INVENTORY all application/environment entry points
and trust boundaries
• BUILD a baseline of behaviors to detect behavioral
anomalies for all identities, and
• ENSURE logging is properly enabled and retained for
identifying and detecting suspicious behavior. Finally,
organizations should
• IDENTIFY privileged and over privileged users who
may be a risk to the company both from insider
threats and account takeovers.
With these items in mind, organizations will have a
STRONG FOUNDATION to begin building their IDENTITY
IN DEPTH STRATEGY and implementing LAYERED
PROTECTION for the keys to their DIGITAL KINGDOM.
13
TOP CYBER NEWS MAGAZINE - January 2022 - ALL RIGHTS RESERVED

SHINESA CAMBRIC
Shinesa CAMBRIC,(CCSP, CISSP, CISA, CISM, CDPSE) is a Cloud Security, Compliance, and
Identity Architect with strategic expertise in technical design and implementation of security
architecture and controls.
She currently works as a Principal Program Manager with Microsoft and her experience includes
designing identity management and governance solutions for cloud based platforms, building
insider threat programs, and providing unique subject matter expertise on the intersection of
governance, risk, and compliance with IT and application security.
She currently serves as the training lead for the Dallas chapter of Women’s Society of Cyberjutsu, a
member of the operational team for non-profit group CloudGirls (cloudgirls.org), as a job task and
cloud certification content advisor for CertNexus and CompTIA, and as an identity champion for
Identity Defined Security Alliance (IDSA).
Shinesa is an active member of
several other organizations, including
Women in Cyber Security (WiCyS),
ISACA, ISC2, Information Systems
Security Association (ISSA),
International Association of Privacy
Professionals (IAPP), AnitaB,
Executive Women’s Forum, and the
Identity Management Institute.

The ABCs of
A - AWARENESS – Awaken from the slumber that you could be tricked into falling victim to
some malicious software or social engineering scheme that is targeting you or your organization.
B - BELIEF – Be responsible for your behavior in that you can take proactive measures to protect
your personal information and the data that is entrusted to you by others in business and
personal relationships.
C - CHARACTER – Create a unique trusted quality based upon individual and collective
experiences to collaborate in creating positive cybersecurity culture for everyone.
More than the ABCs of Cybersecurity Culture, My DREAM is for a unified CYBER SOCIETY. It is
my hope that the ABCs for Cybersecurity Culture will spark conversations. It is my desire that
these thoughts will promote more collaboration. In the final outcome, collaboration will produce
a unified CYBER SOCIETY forged to help protect all organizations, nations and citizens from the
debilitating impact of cybercrime.
Cyber Security Culture
by Victor L. Malloy “Vic”

On 23 June 2021, THE EUROPEAN UNION (EU)
COMMISSION published its recommendation on
building a JOINT CYBER UNIT that would enhance
cybersecurity across the EU, stating that “the
purpose of this Recommendation is to identify the
actions necessary to coordinate EU efforts to
prevent, detect, discourage, deter, mitigate and
respond to large-scale cyber incidents and crises
through a Joint Cyber Unit.”
The recommendation further states the time frame
for the Joint Cyber Unit to become operational as
of 30 JUNE 2022. On 6 October 2021, the
Horizontal Working Party on Cyber Issues (HWPCI)
agreed on a need to further engage in developing
the EU cybersecurity crisis management framework
by exploring the potential of a Joint Cyber Unit and
defining the process and possible roles and
responsibilities that would be associated with this
initiative.
The consideration for a Joint Cyber Unit initiative
comes as the number of cyberattacks on the EU
organizations and Member States increases.
The EU Independent
Cyber Operational Capability
THE EUROPEAN UNION AGENCY FOR NETWORK
AND INFORMATION SECURITY (ENISA) reported
230,000 new malware infections were detected
every day between January 2019 to April 2020, and
EUROPOL's 2021 report on organized crime shows
an increase in the number of attacks against public
institutions, large companies and on local
governments and ministries.
Attacks are also increasing against public sector
organizations in healthcare and education, as well
as businesses in manufacturing, finance, energy,
and transport. These cyberattacks have not only
targeted EU institutions and bodies, but also the
critical infrastructure of Member States.
THE CYBERATTACKS have not only been about
infecting institutions but information sources
also indicate that some attacks are facilitating
DISINFORMATION OR CYBER ESPIONAGE.
Germany's Foreign Ministry published a report
in early September that attacks attributed to an
Eastern European State Actor are combining
conventional cyberattacks with disinformation in
order to influence elections.
Author: Prof. Annita Larissa SCIACOVELLI

Additionally, a report by Cybereason revealed that
an Asian State Actor operation, active since 2017,
used cyberattacks as a way to gain and maintain
continuous access to telecommunication providers
and collect sensitive information by further
compromising high-profile business assets.
We’ve reviewed some insights on the drives for a
joint cyber unit. Now let’s take a look at THE LEGAL
FRAMEWORK supporting such an initiative. In the
recommendation for establishing the joint cyber
unit, the commission highlights Article 7 of
Regulation (EU) 2019/881 of the European
Parliament as a supporting legal basis for a joint
task force. The first time this idea was presented
was by Ursula von der Leyen in her Political
Guidelines for the Next European Commission
2019-2024.
ALTHOUGH ENISA IS A POLICY AND
INFORMATION SHARING ENTITY, guidelines would
require the joint unit to work closely with them on
supporting the following objectives:
• TO DEVELOP and maintain a high level of
expertise; assist the Union institutions in
developing policies;
• ASSIST the Union institutions and the Member
States in implementing the policies;
• ASSIST the Union and the Member States in
enhancing and strengthening their capability
and preparedness to prevent, detect and
respond to network and information security
problems and incidents; and
• USE ITS EXPERTISE to stimulate broad
cooperation between actors from the public
and private sectors.
FURTHERING THE INITIATIVE, THE EU CYBER
SECURITY STRATEGY 2020 IDENTIFIES THE MAIN
STEPS TO ESTABLISH THE UNIT. These steps
include:
• MAPPING available capabilities at a national
and EU level;
• ESTABLISHING a framework for structured
cooperation and assistance; and finally
• IMPLEMENTING the framework by utilizing
resources provided by joint unit participants.
In addition to Article 7 of Regulation (EU) 2019/881
of the European Parliament that provides a legal
basis for a joint unit, Article 1 of NIS2 Directive
further elaborates (Article 19) on providing EU
coordinated risk assessments of critical supply
chains. This means that a joint cooperation group
would need to fulfil these activities in cooperation
with the Commission and ENISA.
Another brick in building the legal framework
comes from the Commission's Recommendation
for a Coordinated Response to Large Scale
Cybersecurity Incidents and Crises.
Clause 15 refers to the EU level and states that the
key actors involved in response to cybersecurity
crises include the NIS Directive, Computer Security
Incident Response Teams (CSIRTs) network, in
addition to ENISA, the European Cybercrime Centre
at Europol (Europol/EC3), and other relevant EU
Bodies.
From the above analysis, THERE IS A CLEAR
LEGAL FOUNDATION AND INCENTIVE FOR THE
ESTABLISHMENT OF THE PROPOSED JOINT
CYBER UNIT.
The EU foreign affairs representative Joseph Borrell
stated that “The need for more European defence
has never been as much evident as today after the
events in Afghanistan.”
European frustration after the withdrawal of US
troops from Afghanistan has renewed calls for an
EU military force and in Borrell’s view the EU needs
to create a “rapid response force” of 5,000 soldiers.
While the ambitious vision for a full-scale EU
military force is being discussed, creating a joint
cyber task force can serve as a pilot for the grand
plan.
by Prof. Annita Larissa SCIACOVELLI

The EU Commission recommendation on
building a Joint Cyber Unit to enhance
cybersecurity across the European Union, is
exactly what is needed. However, before we
proceed, we will need to first define a clear
mission.
In my view THE MISSION STATEMENT OF THE
JOINT CYBER UNIT should be as follows:
• COLLECT AND ASSESS intelligence on cyber
threats to the EU and Member States;
• CONDUCT defensive and offensive operations
to defend and foil cyberattacks on the EU
organizations and support the defense of EU
Member States;
• SUPPORT the anti-cyberterrorism, anti-
cybercrime, and anti-influence operations - in
cooperation with EUROPOL and Member
States;
• COORDINATE all operational activities with
Cyber Agencies of Member States and other
relevant bodies and Initiate international
cooperation for offensive and defensive
operations.
Considering all the factors, forming the European
Union (EU) independent cyber force will not be an
easy task. However,…
…BUILDING UPON THE INTEGRAL CAPABILITIES
OF ENISA will help while establishing a full force
development process to create, establish, and
sustain an enhanced set of intelligence and
operational functions that are capable of defending
and protecting against cyber attacks.
by Prof. Annita Larissa SCIACOVELLI

PROF. ANNITA LARISSA SCIACOVELLI
As a professor of international law at the University of Bari Aldo Moro in Italy (UNIBA), a
cybersecurity specialist and a teacher of international law at the University of International
Studies of Rome (UNINT), Prof. Adv. Annita Larissa Sciacovelli actively works to influence
the legal, cyber, and intelligence communities.
In addition to her position at UNIBA, Prof. Sciacovelli researched cybersecurity in the Cyber
Security Program at the Institute for National Security Studies, Tel Aviv University, Israel.
She is a registered lawyer with the Bar Association of Bari
and an active member of several organizations,
including the Advisory Board of the International
Institute for Peace in Vienna, the Cyber Security
and Warfare Commission of the Italian
Intelligence Society, the Italian Society of
International and EU Law, and is the current
Vice President of GP4AI (Global
Professionals for Artificial Intelligence).
Prof. Sciacovelli is also a member of the
scientific committee for the Journal of
Criminal Law and Globalization.
19
TOP CYBER NEWS MAGAZINE - January 2022 - ALL RIGHTS RESERVED

WHEN
BOARDROOM
the CISO
HAS
POWERFUL INFLUENCE

"Know Thyself"
Ten Levers For Cyber Resilience Strategy
THE ANCIENT GREEK APHORISM "KNOW THYSELF" (Greek: γνῶθι σεαυτόν, transliterated: gnōthi seauton; also ...
σαυτόν … sauton with the ε contracted), is one of the Delphic maxims and was first inscribed in the pronaos (forecourt)
of the Temple of Apollo at Delphi according to the Greek writer Pausanias. The phrase was later expounded upon by the
philosopher Socrates who taught that: “AN UNEXAMINED LIFE IS NOT WORTH LIVING”.
The rapid shift from analog to digital technology enables opportunities for the global economy. However, it also
creates new geopolitical threats and serious risk for corporates activities and prosperity. The business,
technology and threat fast evolution poses challenges in implementing effective cyber resilience strategy.
Software constantly evolves, leading to new issues and vulnerabilities for cyber-attacks. Furthermore, IT
infrastructure evolves, from on-premise systems to the cloud which introduces a new set of design and
implementation issues resulting in new risks.
“In such a changing and uncertain paradigm, the first reflex is often trying to manage the
unmanageable complexity and unpredictable threats. An alternative and effective approach
is to get to “know thyself”, discover your own weaknesses, identify your data and business
assets and their attractiveness or sensitivity to potential cyber threats”.
“Security, like life, has the colors that you give it.”
~ Stéphane NAPPO
AN UNEXAMINED BUSINESS TRANSFORMATION STRATEGY IS NOT WORTH IMPLEMENTING. To
facilitate and maintain the confidentiality, integrity, and availability of data and business operations, consider
creating roadmaps to digital transformation; designing a reliable system, where your security strategy is a part
of your digital transformation strategy. People are an imperative part of the system.
IN ESSENCE, AUTOMATION SHOULD NEVER CREATE A FUNCTION BY ITSELF. In the aim of preserving
corporate identity and user/customer experience, automation must be driven by a clear functional need and
relevant compliance knowledge. For automation (just a tool) to provide a global vision, monitoring,
interoperability, traceability, orchestration and steering features, NEW holistic and strategic vision is required.
To preserve corporate identity and adequate user experience, automation must be driven by a clear functional
need and relevant compliance knowledge.
Author: Stéphane NAPPO

AS TRULY SUCCESSFUL BUSINESS DECISION MAKING relies on a balance between deliberate &
instinctive thinking, so does successful digital transformation rely on interconnectedness &
interdependence of the state of the art technologies.
IN INFORMATION AND CYBER SECURITY, to identify adversaries; to find unknown security
vulnerabilities; to reduce cyber risks and envision potential future threat landscape
is CRUCIAL. To understand, develop and cultivate remarkable resilience is VITAL.
HAVE IN PLACE AN EVER EVOLVING CYBER RESILIENCE BLUEPRINT. Arm your business in the
face of future cyber threats. Mind the systemic nature of a cyber threat landscape.
'Know thyself' to increase your cyber-resilience.
STRIVE TO INFORM AND EDUCATE. Education has always been a profit-enabler for individuals
and the corporation. Education, both conception and delivery, must evolve quickly and
radically to keep pace with digital transition. Education is a part of the digital equation.
TEN LEVERS FOR CYBER RESILIENCE STRATEGY
While Identify, Protect, Detect, Respond and Recover remain fundamental keys,
these ten levers are crucial to achieve an effective cyber resilience:
• ALIGN information and security strategy with business digital transformation strategy.
• ADOPT a comprehensive cyber risk management attitude.
• IDENTIFY the most critical information and assets.
• FIND AND MANAGE vulnerabilities.
• REDUCE cyber risks in projects and production.
• OPTIMIZE strategically chosen systems reliability.
• EVOLVE your security to a prevention-based strategic architecture.
• PLEDGE to employ the state of the art digital and defence solutions.
• INSTRUCT regularly your teams to empower and strengthen their resilience.
• SCALE your success by sharing the knowledge and intelligence.
by Stéphane NAPPO

Stéphane NAPPO
“"The five most efficient cyber defenders are: Anticipation,
Education, Detection, Reaction and Resilience.”
~ Stéphane NAPPO
Senior-level cybersecurity executive with over two decades worth of experience in international finance,
banking, digital services, and industry, Stéphane Nappo is a multicultural leader and renowned Global Chief
Information Security Officer.
Mr. Nappo is a vice president and global chief information security officer at ‘Groupe SEB’, a global market
leader in the household equipment sector present in more than 150 countries around the world. Previously, he
was Global Chief Information Security Officer at Société Générale International Banking and Financial Services
responsible for cybersecurity of 40 major banks in 67 countries, and Group Information Security Officer at
OVHCloud, world class actor and European leader in cloud computing, with a presence in 138 countries.
As a proactive business strategist and advocate for the constructive deployment and implementation of digital
technologies, Mr. Nappo assembles talented, professional, and skills-based teams to carry an organization’s
transformation. He helps them locate, seize and embrace emerging business opportunities, all while providing
oversight, direction, and guidance.
Passionate about people, risk management, and problem solving, he has a genuine interest in others and is a
fond believer in strong communication, active listening, and flexibility, all geared towards working together for
a common goal. His innovative research, investigative analytical methodologies, and managerial international
experience have allowed him to develop and implement proactive and defensive cybersecurity strategies for a
wide range of stakeholders.
Mr. Nappo operates at the cutting edge of technology and innovative business models, integrating the issues
of culture, risk, innovation, and even chaos to solve the problems he encountered. Stéphane would rather
create the news instead of following trends, opinions, and the norms. This is how he has been able to teach,
examine, and work with hundreds of talented and devoted cybersecurity professionals around the globe.
Committed to share his knowledge through writing and public speaking, he has both the thirst to learn and
discover anything he can about reducing cyber risks around the world.
One of his favorite quotes is: "Le savoir est la seule matière qui s'accroit lorsqu'on la partage".

Social Listening
How is your brand perceived in social media? Find the
conversations, people, and topics that are relevant to your
market.
With NodeXL’s Twitter & other importers, you can
quickly find leads, get brand signals, analyze competitors,
anticipate threats and crises to your business and brand
reputation.
Sentiment Analysis
The applications of sentiment analysis are broad and
powerful. The ability to extract insights from social data is
a practice that is being widely adopted by organizations
across the world.
Sentiment Analysis enables you to anticipate threats and
crises to your business and brand reputation. Shifts in
sentiment on social media have been shown to correlate
with shifts in the stock market.
Network Visualization
Visualize your own network graph. Choose from various
layout algorithms. Set the color, shape, size, label, and
opacity of vertices and edges. See a range of example
network visualizations at the NodeXL Graph Gallery!
Automation & White-Labeling
The NodeXL scheduler can automatically harvest,
visualize and analyze data from social networks. The
results can be emailed to you, or your clients and branded
with your company identity.
Influencer Identification & Analysis
Influencer marketing is an arbitrage – with brands seeing a
return of $6 for every $1 spent. Use social network
analysis (SNA) to identify key actors (niche influencers,
connectors, hubs) in the social eco-systems most relevant
to you and your business.
Content Analysis & Ideation
Discover, create and share the right content at the right
time with the right audience.
Quickly find, import and analyze relevant, interesting data
using social network importers. NodeXL can perform
Text Analysis, Sentiment Analysis, Time Series Analysis
and produce reports of top items: Words/Word
pairs/URLs/Hashtags.
Advanced Network Metrics
Measure influence based on PageRank, Betweenness
Centrality, Closeness Centrality, Eigenvector Centrality
and more.
Great Customer Support
Got a technical issue or question about NodeXL? No
Problem! Our team is always on hand to answer questions
or handle technical issues. Email:
info@smrfoundation.org
NodeXL is the ‘Swiss Army Knife’ for Marketers & Brands Working in Digital
Extract, analyze and visualize data from social networks like Twitter & Youtube in Microsoft Office Excel™.
Leverage powerful Social Network Analysis (SNA) techniques to gain valuable data, insights and understanding of the
digital eco-systems surrounding any niche to drive your business forward – in just a few clicks!
Contact Us
Follow us
Phone: +1-425-241-9105
Email: info@smrfoundation.org
Working Days/Hours: Mon - Fri / 8:00 AM - 6:00 PM GMT-8 (California)
Competitor Analysis
Use NodeXL to harvest and analyze social data from the
social-media eco-system surrounding your competitors’
brands.
With an accurate network model of interactions NodeXL
Pro enables you to break down and quantify the effect of
competitors’ social media initiatives and tactics in terms of
performance and reach.
Track Emerging Trends, Memes &
Consumer Sentiment
NodeXL can be scheduled to regularly harvest social data
from various importers based on keywords and phrases
relevant to your business. Get automated detailed reports
on what’s hot and what’s not in your niche – at a
frequency that suits you.
Leverage the power of reactive marketing by keeping your
finger on the pulse of trends and news!
Social Data Reporting
NodeXL provides advanced reporting functionality: find
top influencers, the best performing content and content
types, along with the most linked-to URLs, hashtag
analysis and more.
And More!
Our team is constantly adding new data importers,
exporters, integrations and features to NodeXL. Got a
feature request? Get in touch!
24

25
Ally of the Year
Awards 2022
Call for Nomination now OPEN
until February 28th
the United Cybersecurity Alliance and Inteligenca opened nominations for the
Ally of the Year 2022 awards in 11 categories
➢ COMPANY AYA 2022
➢ MALE ALLY OF THE YEAR 2022
➢ EDUCATOR AYA 2022
➢ INVESTOR AYA 2022
➢ PEOPLE'S CHOICE AYA 2022
➢ PROGRAM AYA 2022
➢ NON-PROFIT AYA 2022
➢ RECRUITER AYA 2022
➢ MEDIA AYA 2022
➢ PHILANTHROPY AYA 2022
➢ DEI CHAMPION AYA 2022
Nominate here https://leadmind.inteligenca.com/aya-2022/
The awards ceremony will take place at the RSA conference in
San-Francisco on June 5th, 2022.
Ally of the Year awards celebrate those who are going an extra mile to
build an inclusive work environment by using their influence,
knowledge, and organizational capital to advocate for women.
25

After
Word
We are living in a complex and messy system which cannot be controlled. Where every solution creates
a NEW problem.
WHY IS CYBERSECURITY SO HARD?
• It is not just a technical problem
• The rules of cyberspace are different from the physical world’s
• Cybersecurity law, policy, and practice are not yet fully developed
• There's not enough manpower in the world to make sure networks are 100% secure 100% of the
time, especially with the prevalence of a cloud-based infrastructure
• The definition of cybersecurity is at odds with management
• The training for personnel is often the first budget cut in a fiscal year
• The people making the decisions often do not understand the nature of the problem nor the
technical issues at the lowest level.
THE TECHNOLOGIES OF TOMORROW are at the heart of our daily life and work. Concurrently, you
cannot teach understanding, you construct it. Now is the time for calm, rational, holistic planning and
methodical action. Time for diversity and inclusion. Time for emerging technologies to create and add
positive values in societies and bring return on capital and human capital invested globally. Time to
embrace Augmented and Artificial Intelligence solving the humanity’s most burning problems. Time for
women to step on the dance floor of emerging technologies and cybersecurity industries. Reskilling is a
great issue. Inclusion is as important as innovation. We will have to go into learning mode, be willing to
be taught, by each other and by the systems, keeping in mind and making sure that trust, security and
ethics in technology is essential in the decades to come.
“LET’S FACE IT, THE UNIVERSE IS MESSY, IT IS NONLINEAR, TURBULENT, AND CHAOTIC.
Nevertheless, it is dynamic and fast moving in all directions at once. It spends it time in a transient
behavior on its way to somewhere else, not in mathematically neat equilibrium, for example entropy. It
self-organizes and evolves without any inputs from external sources. Thus, creating diversity, not
uniformity. That is what makes the world interesting, that is what makes it beautiful, beautiful, and that is
what makes it work.”
References: Donella Meadows. Dancing With Systems. Versions of this piece have been published in Whole Earth, winter 2001 and
The Systems Thinker, Vol. 13, No. 2 (March 2002). Retrieved from https://www.mendeley.com/guides/web-citation-guide
Ludmila M-B

Editor-In-Chief
TOP CYBER
NEWS
MAGAZINE
and
RAISE THE
CYBERSECURITY
CURTAIN!
Ludmila Morozova-Buss
Doctoral Student at
Capitol Technology University

MAGAZINE
TOP CYBER NEWS
PUT TECHNOLOGY AT THE FOREFRONT OF THE BUSINESS
Human Centered Communication Of
Technology, Innovation, and Cybersecurity
«It is time to stop being naive when it comes to cyber security.»
Jim Hagemann SNABE
Chairman,
Siemens AG and A.P.
«Rather than fearing or ignoring cyber-attacks, organizations should take them on
head-first. Organizations need to ensure cyber resiliency and regularly test their
security postures. In times of hyper-converged infrastructure platforms and
technologies, hyper-converged problems strive to create hyper-converged
solutions.»
Stéphane NAPPO
Vice President and Chief Information Security Officer
Groupe SEB
«Our technologies transform the everyday, by empowering our customers to create
agile factories, intelligent buildings and energy grids, sustainable transportation,
and better healthcare systems.» «Since we have a lead position in industrial
digitalization, we very quickly recognized that cybersecurity is an integral part of the
digital revolution. The industrial Internet of Things (IIoT) would be inconceivable
without cybersecurity.»
Dr. Roland BUSCH
President and Chief Executive Officer
Siemens AG

Top Cyber News MAGAZINE. Troels Oerting

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a Top Cyber News MAGAZINE. Troels Oerting

Semelhante a Top Cyber News MAGAZINE. Troels Oerting (20)

Mais de TopCyberNewsMAGAZINE

Mais de TopCyberNewsMAGAZINE (8)

Último

Último (20)

Top Cyber News MAGAZINE. Troels Oerting