Podcasts Archives - Cyber Protection Magazine

A world surrounded by disconnected data centers

Prediction 2026: Beginning of the end of the WWW

Lou Covey January 20, 2026

As the world stumbles head on into deglobalization we predict national sovereign clouds will replace international access to data. That is good news for in-country corporations and for security companies in specific fields. It may not be so good for large multinational tech firms and people living in authoritarian countries. It may also mean the end of the World Wide Web.

Sovereign clouds used to be referred as proprietary clouds to keep intellectual property (IP) secure. National sovereign clouds today are used to control access to citizens private data. For big tech, multiple governments require organizations to comply with data protection laws requiring specific data residency and management practices. National sovereign clouds facilitate that within the country but create significant complexity for multinational operations. Even within a specific politico-economic bloc like the EU, there are different regulations within the bloc for data security.

In a recent blog post, Cory Doctorow summed up the current business climate caused by geopolitical shifts, "There's finally political space to stop worrying about tariffs and reconsider anti-circumvention laws, to create disenshittification nations that stage raids on the most valuable lines of business of the most profitable companies in world history – Big Tech."

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Malicious actor considering his next act of dysinformation

Defining Dysinformation

Lou Covey November 20, 2025

Happy Holidays – our last issue of the year is out, and it’s all about Disinformation or, as we like to put it: Dysinformation.

Dysinformation is a scourge of society, fueled by social media and malicious actors, but you may not have heard the term spelled this way. Dysinformation simply means “damaging information.” It puts misinformation and disinformation in the same bucket, but what is the difference?

Disinformation

Disinformation is intentional. The authors know it is false and distribute it with the desire to defraud, destabilize and delegitimize issues and individuals. It is often defended as, “Hey, I’m just asking questions.” The first recorded instance of disinformation occurs in Genesis. After Eve explains to the serpent why she should not eat forbidden fruit, the serpent replies “Has God really said…?”

Disinformation authors do not need to prove an allegation. They just need to get a small credulous audience to wonder if what they say is true. If the allegation reflects a particular opinion of the audience, they are more likely to accept the allegation as true. Every piece of disinformation may contain an element of truth to establish the author’s qualifications, but the majority is sheer speculation.

Is cyber training worth the effort?

Lou Covey November 13, 2025

There has been a debate within the cybersecurity industry regarding cyber training effectiveness. On one side are tool providers who claim technology trumps training in securing data, networks, and people. On the other side is the $10-billion cyber training industry, growing at 20 percent per year. That says they must be doing something right.

The real answer is not black and white.
The naysayers point to a recent study done by UC San Diego of its own employee training program. The study said, “Cybersecurity training programs as implemented today by most large companies do little to reduce the risk that employees will fall for phishing scams.” It was a comprehensive study of more than 19,000 university and student employees concluded in the summer of 2025. Seems like a slam dunk, doesn’t it?
Not so fast.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

The problem with proxies

Lou Covey October 31, 2025

Proxies are absolutely crucial to the operation of the internet, but they also represent a clear and present danger to users. Finding that balance is pretty much a full-time job for cybersecurity. The recent Amazon Web Services (AWS) and Microsoft Azure outages are good examples of that.

Amazon explained the outage was caused by “failing intermediaries” monitoring system health, preventing proper traffic routing. Another word for intermediaries is “proxies”. When the monitoring subsystem malfunctioned, health check updates were not propagated properly, causing backend servers to appear offline even when they were active, which invalidated DNS lookups. This created a cascading failure.
Likewise, the Azure outage was caused by a misconfiguration of the proxy Front Door, a global entry point for content delivery network functionality, load balancing, and application acceleration.

How Proxies Function

When a user wants to access a website, the request goes to the proxy server instead of going directly to the internet. The proxy server receives the request, then forwards it to the target website. It modifies the request header to hide the user's original IP address.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Bolaji Ojo and renewed importance of the press

Lou Covey October 23, 2025

Technology journalism, like the rest of journalism,has struggled for most of the 21st century. The advent of AI generated content his restoring the value of professional journalists. It is crucial not just to democracies but to business success.

One of the most prolific and successful technology journalists is Bolaji Ojo. He has headed editorial efforts for the EETimes, AspenCore Media, the recently closed Ojo-Yoshida Report and the now-defunct EBN. Some of those titles may be foreign to people in the cybersecurity world, but not to executives in the electronics world that cybersecurity rests upon. Cyber Protection Magazine's chief editor talked with him this week.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Statue of blind justice holding unbalanced scales

Deepfakes in legal fraud unaddressed

Lou Covey August 28, 2025

Stopping fraud is a major focus of cybersecurity is criminal fraud. Largely, the industry is winning that war. Nowhere is that protection more successful than in combatting deepfake crime, even though industry marketing is geared to promote fear over success. Where deepfakes are causing the real problem is in legal fraud.

Digital fraud represents 0.02 percent of all fraud claims according the National Crime Insurance Bureau (NCIB). While there is evidence that criminal use of AI is increasing the number of attacks, the number of successful attacks is too low to warrant recording.

Deepfake crime a trifle

The FBI’s Internet Crime Complaint Center (IC3) lumps all forms of online fraud into a single category. Even so, the IC3 fielded 859,532 complaints of suspected internet crime in 2024. Of those complaints, 256,256 incidents resulted in actual monetary losses, representing an average loss of $19,372 per complaint. Overall, the reported losses exceeded $16.6 billion, a 33% increase from 2023. However, the top three cybercrimes in 2024 reported to IC3 were phishing/spoofing, extortion, and personal data breaches. None of those required the use of deepfake technology, and rarely did.

Extrapolating the data from NCIB with IC3’s indicates successful deepfake fraud cases were less than 50 in total in 2024 with 94% of those occurring during a spike of activity between November and December 2024.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

NASA rendering of newly discovered black hole, analogous to the black hole in AI agents

AI chaos creates MCP hole

Lou Covey August 14, 2025

The AI industry is an absolute mess. The technologies necessary for its operation are siloed and opaque to customers without the technical skills to understand them. The chaos of model context protocol (MCP) adoption is a case in point.

Anthropic’s created MCP and released last November). The companies chatbot, Claude, said the protocol “bridges the gap between AI models and the external world.” More simply, it is an AI application integrator. MCP servers are supposed to do this securely without giving access to sensitive areas of a user's computer or network. Multiple reports from security researchers say it fails miserably in that effort. That makes current agentic AI technology development dangerous. Undaunted, corporate momentum and boardroom ignorance is driving it forward.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Cybersecurity companies underinsured?

Lou Covey July 22, 2025

Data breaches are a major concern to businesses and governments around the world. So one would think that carrying cyber insurance would be a given. It is not, especially for one particular classification of industry: Cybersecurity.

According to Munich Re, a risk analysis firm, 87% of companies lack coverage. Ransomware payouts doubled to $1.1B in 2023, according to Chainalysis. That’s probably why the cyber insurance industry is booming. The market hit $14B in 2023 and is set to double to $29B by 2027.

Large firms are more likely to carry insurance than small to medium companies (SMCs), even though they are more likely to be targeted by cybercriminals. However, small companies are more likely to carry much larger limits than larger companies.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

An evolution of bots from ELIZA, to worms and viruses, to the king of Bots Elon Musk

A brief history of bots

Lou Covey June 5, 2025

Bots have been around for more than half a century to automate repetitive tasks and provide services on early internet platforms. The first was ELIZA, developed as a research project in 1966 at the Massachusetts Institute of Technology (MIT) the goal was to simulate conversations with a human being. ELIZA conversed with users, although it did not understand what the user was saying. Artificial intelligence chatbots are much more sophisticated versions of ELIZA, but still lack human comprehension.

Bots not replacements

The purpose of ELIZA was to determine if computers could replace psychoanalysts. Consequentially, it was the first time the prediction that computer could replace humans had some hard evidence. Today, there are mental-health AI applications with not much better results than ELIZA but projected to have a $8 billion market by 2032.

In 1988, the earliest broad use of bots was Internet Relay Chat (IRC) automating user list management, searches, and providing services like weather updates or game scores. But these were not known as bots at the time. They were called automations and still required a human interface to operate,

Premium Membership Required

You must be a Premium member to access this content.

Join Now

Already a member? Log in here

Zero Trust: easy concept, hard to implement

Lou Covey May 23, 2025

Last week, Dr. Zero Trust, AKA Dr. Chase Cunningham, posted in Linkedin that he was fed up with people who say they don’t understand Zero Trust. To a certain extent, I feel his frustration.
Journalists understand the concept. We have a decades-old saying, “If your mother says she loves you, check it out.” It doesn’t get more zero trust than that.
The problem is that while it’s easy to understand as a concept, it isn’t easy to build a zero trust infrastructure, especially with the misleading gobbledygook most cybersecurity companies put out. Cunningham says there are hundred of books and articles on the subject. He’s right, of course. The question is, which one do you choose?
At the RSAC Conference, We sat down and briefly talked with Dale Hoak, CISO for RegScale, about how easy it is to understand Zero Trust