Although somewhat obvious, the World Economic Forum, in partnership with Marsh McLennan, SK Group and Zurich Insurance Group, recently issued its 16th edition of the Global Risks Report (the Report), which analyzes “the risks from societal fractures—manifested through persistent and emerging risks to human health, rising unemployment, widening digital divides, youth disillusionment, and geopolitical fragmentation” and determined that cyber-attacks are “key threats of the next decade.”

The Report outlines severe risks, including the COVID-19 pandemic, debt crises, climate change and a host of other predicted ailments, and cybersecurity is one of the top risks. The Report has mentioned cyber-attacks as a risk since 2012, and certainly the risk today is far more widespread than it has been in the past.

Cybersecurity failure is listed as a “top risk by likelihood” over the next decade. IT infrastructure breakdown is “among the highest impact risks of the next decade.” Weaving through the Evolving Risks Landscape Chart, cyber-attacks and data fraud or theft have jumped to the top of the list as a cluster.

In preparing for the global risks outlined in the Report, the World Economic Forum, although calling the risks outlined in the report “dire,” surmised that in contemplating the next crisis after COVID-19, “[T]he response to COVID-19 offers four governance opportunities to strengthen the overall resilience of countries, businesses and the international community: (1) formulating analytical frameworks that take a holistic and systems-based view of risk impacts; (2) investing in high-profile “risk champions” to encourage national leadership and international co-operation; (3) improving risk communications and combating misinformation; and (4) exploring new forms of public-private partnership on risk preparedness.”

Although the Report is brutally honest and transparent in its predictions, it perhaps is a snapshot in the future for business leaders to consider when planning strategies for business long term, including managing top risks by likelihood and impact to the organization. This would obviously include cybersecurity preparedness and resilience.

Binary Check Ad Blocker Security News

Reuters reported this week that two hospitals in England are using blockchain technology to track the storage and supply of COVID-19 vaccines. According to Reuters, this is one of the first such initiatives in the world.

The report stated that the hospitals are using a distributed ledger, a type of blockchain that uses independent computers, to share, replicate, and synchronize data in electronic ledgers in real time.

The hope is that the use of these blockchain systems will assist in monitoring the status of vaccines and keep track of vaccine shipments “from factory freezer to shots in the arm.”

The Federal Trade Commission (FTC) is warning small businesses that they are being targeted by scammers through a new coronavirus-related scam. The scam “starts with an email that claims to come from the ‘Small Business Administration Office of Disaster Assistance.’ It says you’re eligible for a loan of up to $250,000 and asks for personal information like birth date and Social Security number.”

Unfortunately, many small businesses have been dramatically affected by the coronavirus and are seeking assistance to help retain their employees employed and keep their doors open for business. However, governmental agencies will never send an email advising you that you are eligible for a loan and will never ask for your Social Security number over email. Such material is sent through the mail and on official applications and letterhead.

In addition, governmental agencies will not call to advise you that you have been accepted for relief or ask you for your personal information over the phone. These are scams intended to get you to tell them your Social Security number so the caller can open up credit card or other accounts in your name without your knowledge.

The same is true for scam websites offering assistance with small business loans. If you need to apply for a loan, go to a trusted entity that you have done business with before. Scammers are using the coronavirus, the need for relief, and the government’s Disaster Loan program to fraudulently obtain funds from unwary small business owners. Be wary of these scams and websites and report any fraud to the FTC.

In this episode of the podcast (#199), sponsored by LastPass, we’re joined by Barry McMahon, a Senior Global Product Marketing Manager at LogMeIn, to talk about data from that company that weighs the security impact of poor password policies and what a “passwordless” future might look like. In our first segment, we speak with Sareth Ben of Securonix about how massive layoffs that have resulted from the COVID pandemic put organizations at far greater risk of data theft.


The COVID Pandemic has done more than scramble our daily routines, school schedules and family vacations. It has also scrambled the security programs of organizations large and small, first by shifting work from corporate offices to thousands or tens of thousands of home offices, and then by transforming the workforce itself through layoffs and furloughs.

In this episode of the podcast, we did deep COVID’s lesser discussed legacy of enterprise insecurity.

Layoffs and Lost Data

We’ve read a lot about the cyber risks of Zoom (see our interview with Patrick Wardle) or remote offices. But one of the less-mentioned cyber risks engendered by COVID are the mass layoffs that have hit companies in sectors like retail, travel and hospitality, where business models have been upended by the pandemic. The Department of Labor said on Friday that employers eliminated 140,000 jobs in December alone. Since February 2020, employment in leisure and hospitality is down by some 3.9 million jobs, the Department estimates. If data compiled by our next guest is to be believed, many of those departing workers took company data and intellectual property out the door with them. 

Shareth Ben is the executive director of field engineering at Securonix. That company has assembled a report on insider threats that found that most employees take some data with them. Some of that is inadvertent – but much of it is not.

While data loss detection has long been a “thing” in the technology industry, Ben notes that evolving technologies like machine learning and AI are making it easier to spot patterns of behavior that correlate with data theft- for example: spotting employees who are preparing to leave a company and take sensitive information with them. In this discussion, Shareth and I talk about the Securonix study on data theft, how common the problem is and how COVID and the layoffs stemming from the pandemic have exacerbated the insider data theft problem. 

It’s Not The Passwords…But How We Use Them

Nobody likes passwords but getting rid of them is harder than it seems. Even in 2021, User names and passwords are part and parcel of establishing access to online services – cloud based or otherwise. But all those passwords pose major challenges for enterprise security. Data from LastPass suggest that the average organization IT department spends up to 5 person hours a week just to assist with password problems of users – almost a full day of work. 

Barry McMahon a senior global product marketing manager at LastPass and LogMeIn. McMahon says that, despite talk of a “password less” future, traditional passwords aren’t going anywhere anytime soon. But that doesn’t mean that the current password regime of re-used passwords and sticky notes can’t be improved drastically – including by leveraging some of the advanced security features of smart phones and other consumer electronics. Passwords aren’t the problem, so much as how we’re using them, he said. 

To start off, I ask Barry about some of the research LastPass has conducted on the password problem in enterprises. Barry McMahon a senior global product marketing manager at LastPass and LogMeIn.


(*) Disclosure: This podcast was sponsored by LastPass, a LogMeIn brand. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.

Let’s take a look at the lessons learned in 2020 and where the drone industry might be heading in 2021. Here are some key takeaways from the past year:

  • Continued Industry Maturity: In 2020, drones are now seen as more of a tool than a novel piece of technology. That means that we will likely see a shift from tests and pilot programs to real logistical operations.
  • Industry Regulations and Policy Changes: The new year will likely bring less restrictions and regulations for beyond-visual-line-of-sight flights. We have already seen more of this in 2020 (with the pandemic being a driving factor for loosened restrictions and BVLOS operations), and now that this trend has taken off, it will likely continue. Note that in 2021, the new EU drone regulations will come into effect, too.
  • COVID-19’s Impact on the Industry: The pandemic has brought lessons and new values to light for the critical infrastructure of companies operating drones. Because of this increase in drone use over the past year, it is likely that many more companies will adopt drones into their daily functions over the coming years as well. The efficiency, safety and effectiveness of drones has come to light during this unimaginable year.
  • More delivery drones will likely hit the skies.
  • More real-time image and video capturing by drones leveraging artificial intelligence (AI).

As the demand for drones continues in 2021, expect to see a surge of innovation to meet the various enterprise needs and address regulations. On to the new year.