Cybersecurity Trends for 2019: Hear from University of Maryland University College Faculty Experts

As it was when 2018 began, cybersecurity remains a top global priority at year’s end and, arguably, even more so. We simply need to look back over the past year to see that data breaches have affected just about every aspect of our lives. What can we expect 2019 to bring?

Cybersecurity faculty experts at the University of Maryland University College (UMUC) offer five unique industry predictions, trends and priorities for the coming year.

1) A Broader Investment in Leadership and Hiring Strategies:
Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School

Organizations appear poised to realize that cybersecurity executives are needed at the highest levels in order to drive organizational digital strategy. In 2019, we will see boards and CEOs get more engaged in the governance aspects of cybersecurity. We may also see some signs of legislation to hold executives accountable for due diligence.

On the hiring end, because companies are finding it harder to poach qualified workers from other companies, they are likely to start investing more in their people. Organizations will begin to engage in more creative ways to hire, including offering internships and apprenticeships, and grooming and investing in their own workforce. Organizations will also begin to look at qualified people with less experience, especially those who can speak the language of business.

2) GDPR Non-Compliance and Renewed Focus on Election Security
Balakrishnan Dasarathy, program chair, Information Assurance

Several companies will be caught for non-compliance with General Data Protection Regulation (GDPR) and a few of them will be fined heavily. This will send shivers through various industries and businesses that steward customer data and predict their behavior. Home Internet of Things (IoTs) are going make the situation dire. On the upside, this will result in better privacy policies and protection of privacy-related data through adequate cybersecurity measures.

With Democrats controlling the U.S. House of Representatives —and with Marcia Fudge playing a key role in the new House—we will see more scrutiny of both the 2018 midterm and 2016 national election processes and controls. The cybersecurity of election systems, voter registration and disenfranchisement are among the many areas that will get their due attention.

3) Decentralization, Assured Identity & Privacy, and HCI Take Center Stage
Michelle Hansen, collegiate professor, Cybersecurity and Computer Forensics

Blockchain, a model for distributed, decentralized frameworks used for information sharing, has quickly become a popular technology based on its financial uses, such as Bitcoin cryptocurrency. Cybersecurity will focus on securing these types of frameworks so that they are impenetrable and more suitable for businesses.

Authentication schemes and access control systems need to provide assured identity and individuals’ privacy. Flexible signatures, which use a verification algorithm to validate credentials in a quantifiable and trusted manner, will play a critical role with new technologies, including IoT and real-time systems.

Finally, people have long been identified as the weakest link with any information technology, system, or device. This vulnerability will be of great focus soon, as human-computer interaction aims to persuade user activity and mitigate security incidents, such as using new machine integration technologies in identifying users’ phishing susceptibility.

4) Cloud-based Breaches Rise, Machine Learning Gains Larger Role in Carrying Out Attacks
Jimmy Robertson, program chair, Software Development, Security and Computer Science

As more agencies and companies move to the cloud, shortages in skilled personnel who fully understand the shared-responsibility security model will result in more cloud-based security breaches. Putting security first before deployment is a best practice.

The application of artificial intelligence—in particular, machine learning—to both offensive and defensive cyber operations promises to offer more efficient and more effective tools for carrying out attacks that occur at machine speeds.

Resurgence of Battle Tested Attacks
Richard White, PhD, adjunct professor and course chair, Cybersecurity Information Assurance

Ransomware will continue to plague large and small businesses alike. The ransomware paradigm has proven highly successful and extremely profitable for bad actors, so it’s a safe bet that we have not seen the last of these types of attacks.

Phishing attacks also will continue, simply because they are tried and true techniques for duping the good guys into ‘mousing over,’ clicking, or downloading packages that provide a range of services to bad actors, such as credential theft, key stroke logger, remote control, and back door.

We also will see more attacks against entire industries, including watering hole attacks or NotPetys, which are both easy to deploy, present very little risk to the bad guys, and are extremely successful regarding their evil objective. Due to the many attributes associated with these types of attacks, it is likely that we will see similar attacks across 2019. 

 

Cyber Connections News Roundup: December 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 4, 2018

Global Cybersecurity in Healthcare to Reach 10.7 Billion By 2024

According to a report by Zion Market Research, the global cybersecurity in healthcare market was valued at approximately USD 6.6 billion in 2017 and is expected to reach USD 10.7 billion by the end of 2024. Major factors driving the growth of cybersecurity in healthcare include: an increase in cyber attacks; increased use of laptops, mobile devices, and smartphones with healthcare applications; and the introduction of advanced technology solutions. North America and Europe are projected to lead the way in cybersecurity in healthcare globally. Read more.

Will the Marriott Breach Lead to New Cybersecurity Laws?

News of the recent Marriott hotel hack that affected approximately 500 million guests may result in renewed calls for new federal legislation, according to a recent www.mediapost.com report. Senator Ed Markey (D-Mass), for one, is pushing for Congress to pass comprehensive consumer privacy and data security legislation that would require companies to follow strong data security standards, direct them to only collect the data they actually need to service their customer, and create penalties for companies that fail to meet them. Read more.

Dell Computer Breach Most Likely Avoided Data Extraction

US-based computer hardware manufacturer Dell announced on Nov. 9 that an unauthorized intruder (or intruders) attempted to extract Dell.com customer information from its systems, such as customer names, email addresses, and hashed passwords. The company stated in a press release that its internal investigations found no conclusive evidence that any data was extracted. According to a www.zdnet.com report, Dell is still investigating the incident, but said the breach wasn’t extensive, with the company’s engineers detecting the intrusion on the same day it happened. Read more.

Russian Hackers Back in Action After Midterms

According to a recent article on www.thehill.com, Russian hackers carried out a widespread campaign that targeted the federal government, media outlets and think tanks after the Nov. 6 midterm elections. American officials detected activity by a Kremlin-linked hacking group that took place days after the polls closed. The article suggested that the post-midterm attacks are a sign that hackers are exploring the new political landscape now that Democrats will be in control of the House starting in January. Read more.

What Is the Role of the SEC in Cybersecurity Regulation?

A recent article posted on www.lawfareblog.com examines the relationship of the Securities and Exchange Commission (SEC) and cybersecurity regulation. According to a White House Council of Economic Advisers report released earlier this year, malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. Yet, despite major breaches like the Equifax hack, Congress has not passed new legislation, even though SEC leadership has acknowledged that the greatest threat to our markets right now is the cyber threat. What should the role of the SEC be in regulating cybersecurity? Read more.

Cyber Connections News Roundup: November 20

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 20, 2018

Trump Inks Bill for New DHS Cybersecurity Agency

On Friday, Nov. 16, President Trump signed into law a bill that establishes the Department of Homeland Security (DHS) as the main agency overseeing civilian cybersecurity. The DHS’s cybersecurity branch, known as the Cybersecurity and Infrastructure Security Agency (CISA), will now be elevated to the same stature as other units within DHS, such as Secret Service or the Federal Emergency Management Agency (FEMA). Read more.

Why Are Millennials Such a Big Workplace Cybersecurity Risk?

According to a recent research study by SailPoint, a provider of identity governance solutions, nearly 90% of 18–25 year-olds breaks the most basic of security rules, such as reusing passwords across different accounts. According to an article about the report on www.informationage.com, more than half (55%) of survey respondents stated their IT department is a source of inconvenience, which leads employees to skirt IT policies. The SailPoint study is based on interviews with 1,600 employees at organizations with at least 1,000 employees across Australia, France, Germany, Italy, Spain, the United Kingdom and the United States. Read more.

Cybersecurity Moonshot Closer to Becoming a Reality

As reported on www.thehill.com, members of the President’s National Security Telecommunications Advisory Committee (NSTAC) voted to move forward with its cybersecurity “moonshot” by sending its 56-page report to the White House on November 14. The report calls for the Trump administration to establish a council and executive director to make cybersecurity a priority for the federal government, U.S. businesses and American citizens. Read more.

Schools Must Do a Better Job Defining Path to Cybersecurity Careers

Student panelists at the Nov. 8 symposium “Attacking the Roots of Cyber (In) Security: The Role of Education,” organized by Cyber Center for Education & Innovation (CCEI)–Home of the National Cryptologic Museum (NCM) and hosted by University of Maryland University College (UMUC), agree that educators need to do a better job defining the path toward cybersecurity careers. The panel, moderated by Dr. Karen Salmon, the superintendent of the Maryland State Department of Education, included high school seniors, a current college student and a recent graduate of the UMUC master’s program in digital forensics and cyber investigation. Read more.

U.S. Among Countries Absent from 50-Plus Nation Cybersecurity Pact

On Monday, Nov. 12, French President Emmanuel Macron released an international agreement on cybersecurity principles Monday as part of the Paris Peace Forum. As reported on www.axios.com, the original signatories the Paris Call for Trust and Security in Cyberspace included more than 50 nations, 130 private sector groups and 90 charitable groups and universities, but key absentees include the United States, Russia, China, North Korea, Iran and Israel, a country that already has a large domestic cybersecurity industry. Read more.

 

Securing the Cloud Is a Shared Responsibility

Cloud computing—using a network of remote servers hosted on the Internet to store, manage, and process data—is an attractive solution for business owners and government agencies from a security standpoint. If used properly, cloud computing can result in fewer security concerns and greater cost savings. But what about security?

Last month at CyberMaryland 2018, Jimmy Robertson, program chair, Computer Science and Software Development and Security at University of Maryland University College, sat down with us to explain how cloud security is a shared responsibility among all stakeholders and to offer his  insights into the security implications of moving into the cloud. Watch the video below:

Cyber Connections News Roundup: November 6

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 6, 2018

Why Does Cybersecurity Have to Be So Hard?

According to a three-part series on http://www.forbes.com, the main reason is a lack of maturity in enterprise security operations. In a typical organization, insufficient skills at the tier 1 level to handle the response to most security events and incidents leads to excessive escalations to tier 2 and tier 3 support that are inadequately staffed to handle the volume. And because cybersecurity is in its infancy, by comparison to other IT areas, there is far less institutional knowledge to be shared with security operations recruits. Read more.

FDA Called Out on Deficient Plans to Secure Medical Devices

The U.S. Health & Human Services Department’s inspector general last month flagged the Food and Drug Administration (FDA) for its “deficient” plans and processes to ensure medical device cybersecurity, according to a recent report on http://www.massdevice.com. According to an HHS report, the FDA had not adequately tested its ability to respond to emergencies resulting from cybersecurity events in medical devices. Moreover, in two of 19 district offices, the FDA had not established written standard operating procedures to address recalls of medical devices vulnerable to cyber threats. Read more.

Talk of Cybersecurity Concerns Dominates Recent Law Practice Conference

Cybersecurity is a growing concern among practicing lawyers, according recent coverage of the College of Law Practice Management’s Futures Conference on http://www.abovethelaw.com. One of the statistics shared during the conference, at which discussion of cybersecurity dominated, was that one third of law firms with 10-99 lawyers suffered from a cyber breach in 2017. Read more. Read more.

How Utility Companies Can Combat Cybersecurity Threats

The recent indictments of seven intelligence officers from the Russian Main Intelligence Directorate of the General Staff (GRU) on charges of hacking computers associated with anti-doping sports organizations should serve wake-up call to utility companies in the US and abroad. . The hacking, as it turned out, was not limited to the anti-doping organizations. Allegedly, it extended to an international chemical weapons lab and a global electric company. A recent article on http://www.tdworld.com offers utility companies five tips they can take to combat cyber threats. Read more.

New NSF Investments Focus on Cybersecurity Programs

The National Science Foundation (NSF) Secure and Trustworthy Cyberspace (SaTC) program has announced new support for a diverse, $78.2 million portfolio of more than 225 new projects in 32 states spanning a broad range of research and education topics, including artificial intelligence, cryptography, network security, privacy, and usability. According to a recent report on www.scienmag.com, the new portfolio features an award for the Center for Trustworthy Machine Learning (CTML), which will address challenges in cybersecurity science and engineering. Read more.

Cyber Connections News Roundup: October 23

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

October 23, 2018

Cybersecurity Workforce Gap Approaches Three Million Globally

According to a recent (ISC)2 study, the cybersecurity workforce gap has widened to roughly three million across North America, Latin America, Asia-Pacific (APAC), and Europe, the Middle East and Africa (EMEA). As recently reported on www.securityboulevard.com, the largest deficiency of cybersecurity professionals is seen in the APAC region where economies are growing and new cybersecurity and data privacy laws are being enacted. Read more.

FDA Updates Pre-Market Guidance to Include Cybersecurity Recommendations for Internet-Connected Devices

The Food and Drug Administration (FDA) has released a draft of its updated pre-market guidance for medical devices to include internet-connected products. The guidance, last updated in 2014, provides medical device manufacturers with information they should gather when submitting products for pre-market review. One key update to the guidance, according to an article on www.beckershospitalreview.com, involves asking manufacturers of internet-connected medical devices to provide customers with a list of commercial and off-the-shelf software and hardware components in a device that could be susceptible to vulnerabilities. Read more.

Facebook Unveils “War Room” to Help Prevent Election Interference

Facebook has established a “war room” to help prevent election interference and address threats in the upcoming midterms. According to a recent report on www.cbsnews.com, the war room aims to streamline decision-making by helping threat intelligence teams work more effectively with outside partners, including state and federal election officials as well as companies that might recognize threat patterns. Read more.

A Post-Brexit Britain Faces Potential Cybersecurity Shortcomings

On March 29, 2019, the UK will exit the European Union (EU) unless a deal can be struck. Against this backdrop of deal/no deal uncertainty, according to an article on www.forbes.com, the cybersecurity industry worries about the post-Brexit threat landscape, mainly because most of UK’s cybersecurity professionals reside outside the country. Whether or not a deal between the EU and the UK can be struck between now and March 29 of next year, the impact on cybersecurity in the UK may be considerable. Read more.

Federal Government Launches Pipeline Cybersecurity Effort

The federal government is launching a new effort to better protect oil and gas pipelines against cyber attacks. The Department of Energy (DOE) and the Department of Homeland Security (DHS) recently co-chaired a meeting of the Oil and Natural Gas Subsector Coordinating Council in an effort to address cybersecurity threats to pipelines. As reported on www.utilitydive.com, the groups launched the Pipeline Security Initiative (PSI) to leverage federal government expertise with industry knowledge to address the growing threats to the nation’s energy system. Read more.

 

 

How Secure Are Our Election Systems?

Some final thoughts leading up to the November 8 mid-term elections from UMUC Cybersecurity expert Balakrishnan Dasarathy.

Can our election systems be hacked? In 2018, as we move closer to the mid-term elections, a more pointed and compelling question might very well be, in the wake of election hacking and continued interference, can U.S. citizens trust our election results?

We caught up with Balakrishnan Dasarathy, professor and program chair of Cybersecurity and Information Assurance at University of Maryland University College, at last week’s CyberMaryland 2018 event to get his thoughts (see video below) leading up to the 2018 mid-terms.

See the video below or read his Dasarathy’s full analysis of election security.