Cyber Connections News Roundup: January 15

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 15, 2018

Cybersecurity Implications of the Government Shutdown Could Have Long-term Implications

Furloughed workers and frozen funding has compromised our nation’s defenses against foreign cyber attackers, according to cyber blogger Joseph Steinberg. As a very basic example, it is highly unlikely that updates and patches are being tested and applied in a timely fashion to all computers that need them. The shutdown is also having a dramatic impact on the ability of key federal departments and agencies, such as the Department of Homeland Security and the National Institute of Standards and Technology, to secure the private sector, according to a recent www.govtech.com report. Read more.

Compliance Costs and Mobile Attacks Top the List of APAC Cyber Predictions for 2019

According to a recent article on www.networksasia.net, China is the top source of security incidents in Asia, accounting for more than one-fifth (22.8%) of them, followed followed by India (18.4%) and Russia (11.3%). These insights were derived from research developed by Ensign InfoSecurity (EIS), from the period of October 2017 to March 2018. Key cybersecurity predictions for the APAC region include: rising compliance costs; growing attacks on mobile, cloud platforms and SCADA systems; an increased influence of artificial intelligence; and an increase in the complexity of attacks. Read more.

Airline Industry To Take a More Proactive Stance on Cyber Threats

Airports and airlines are industry leaders when it comes to physical security checks, such as baggage scans, restrictions on liquids, and random passenger searches. But now they are focusing more on online threats, according to a recent www.webtravel.com report. The wake-up call came last year, when Cathay Pacific, British Airways, Delta Air Lines and Singapore Airlines all experienced cybersecurity breaches that exposed the personal data of millions of travellers worldwide. Read more.

U.S. Education Industry’s Cybersecurity Lags Behind 16 Other Sectors

According to a recent http://www.edweek.com article, the education industry has the worst cybersecurity vulnerability among 17 industry sectors. Citing a recent report by SecurityScorecard that surveyed 2,393 companies in the education industry, schools tend to underestimate the need for monitoring and protecting network infrastructures. The growth of computer-based assessments also creates cybersecurity concerns. Read more.

HHS Releases Voluntary Healthcare Cybersecurity Practices

In late December, the Department of Health and Human Services (HHS) released voluntary cybersecurity practices to the healthcare industry with the aim of providing practice guidelines to cost-effectively reduce cybersecurity risks. According to a report on www.healthcare-informatics.com, the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication aims to provide guidance to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems. The publication was produced in response to a mandate set forth by the Cybersecurity Act of 2015 Section 405(d), to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. Read more.

Cyber Connections News Roundup: January 1

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 1, 2018

Cybersecurity Trends for 2019: UMUC Faculty Experts Weigh in on What to Expect in the New Year 

As it was when 2018 began, cybersecurity remains a top global priority as we look ahead to 2019, arguably, even more so. We simply need to look back over the past year to see that data breaches have affected just about every aspect of our lives. What can we expect 2019 to bring? Cybersecurity faculty experts at the University of Maryland University College (UMUC) offer five unique industry predictions, trends and priorities for the coming year. Read more.

Maritime Cybersecurity Should Not Be Overlooked

As reported recently on www.pilotonline.com, 70 percent of key maritime industry stakeholders have confidence in the industry’s ability to face cyber attacks, but only 36 percent expressed confidence that their own companies could do the same. These were just two key takeaways from the inaugural Maritime Cybersecurity Survey, conducted by the New Orleans-based law firm Jones Walker LLP. Released in October, 2018, the survey asked senior security and compliance leaders from U.S. maritime companies to gauge the industry’s preparedness for cyber attacks, such as the recent assaults on the ports of San Diego and Barcelona, and the malware attack that cost the shipping giant Maersk more than $300 million last year. Read more.

New Acting Pentagon Chief Is Advocate for Cybersecurity, But Questions Remain

Patrick Shanahan, who will become acting Secretary of Defense on Jan. 1, replacing outgoing Pentagon chief Jim Mattis, has been one of the Pentagon’s top advocates for stronger contractor cybersecurity and IT acquisition, according to a recent article on www.fifthdomain.com. But how Shanahan handles the greater cybersecurity issues we face today, even on a temporary basis, remains an open question that will most likely be tested immediately amid current challenges, such as the alleged hacking campaign from China. Read more.

FINRA Updates Report on Cybersecurity Practices for Broker-Dealers

On December 20, 2018, the Financial Industry Regulatory Authority (FINRA) released a report on cybersecurity practices that continues its efforts to share information that can help broker-dealer firms further develop their cybersecurity programs. This report presents FINRA’s observations regarding effective practices that firms have implemented to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity. Read more.

Cybersecurity Remains Among the Top Health IT Risks for 2019

Business continuity and disaster recovery, cybersecurity, biomedical devices, IT governance, system access management, and system implementation will be the biggest IT risk areas for healthcare organizations in 2019, according to a report from Crowe, a global public accounting, consulting, and technology firm. According to a recent article on www.healthitsecurity.com, cybersecurity will continue to be a top boardroom concern among healthcare organizations in 2019. Notably, biomedical device and IoT security will remain as areas of focus to ensure patient safety, HIPAA compliance, and network security risk. Read more.

Cyber Connections News Roundup: December 18

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 18, 2018

Does the Latest Bitcoin Hoax Mean Ransom Attacks Are on the Rise?

On Dec. 13, school administrators, business owners and others across the U.S. and Canada received emails threatening them to pay $20,000 worth of Bitcoin or risk a deadly explosion. The scam, which put law enforcement agencies and emergency personnel on high alert, represents a shift in the threat landscape, namely as it relates to scale, according to a recent article on http://www.circa.com. Once phoned in, perpetrators now can email thousands of bomb threats and financial scams with one click of the mouse. Ransom attacks are most likely on the rise, as they are seen as an inexpensive and easy way for individuals and nation states to raise money and move that money around. Read more.

Why Satellites Need Cybersecurity Too

Cybersecurity is a threat countries must not overlook when protecting their satellites, according to a recent article on http://www.space.com. Vulnerable to a number of different types of threats and attacks are hard to trace, satellites also have a series of attack points, rather than a single entry point that’s easier to defend. Read more.

Think a Department of Cybersecurity is a Good Idea? Maybe Think Again

A recent report from http://www.defense360.com argues that many of the cybersecurity challenges we face today already have an approach suited to the problem, and none of them involve a Department of Cybersecurity, a disruptive bureaucratic solution that would fail to solve problems and may also add new ones. One notable concern is that turning cybersecurity over to a centralized department runs the risk of a one-size-fits-all technical solution that does not consider the unique risk environments of other agencies. Read more.

Aramco and Raytheon Cybersecurity Joint Venture A Boon to Job Creation

Saudi Aramco and American defense contractor Raytheon have signed a memorandum of understanding (MoU) to establish a joint venture cybersecurity company, the companies announced on Dec. 14. According to a report on http://www.arabianbusiness.com, the new company will market and provide cybersecurity software and hardware capabilities as well as research and development. The venture also is expected to advance Saudi Arabia’s economic development goals by creating highly skilled jobs in the cybersecurity sector. Read more.

New Mimecast Survey Exposes Lack of Employee Cybersecurity Training

According to a new study by cloud-based email protection company Mimecast, of 1,000 employees who use employer-issued devices, 25 percent of employers do not understand the most common cybersecurity threats against their organizations. Mimecast also found that only 45 percent of businesses put their employees through mandatory, formal cybersecurity training. What does this mean? According to Mimecast, it could indicate that businesses are inherently trusting of their employees. Or, it could also mean that companies simply don’t have the resources or know-how to implement formal cybersecurity training. Read more.

Cybersecurity Trends for 2019: Hear from University of Maryland University College Faculty Experts

As it was when 2018 began, cybersecurity remains a top global priority at year’s end and, arguably, even more so. We simply need to look back over the past year to see that data breaches have affected just about every aspect of our lives. What can we expect 2019 to bring?

Cybersecurity faculty experts at the University of Maryland University College (UMUC) offer five unique industry predictions, trends and priorities for the coming year.

1) A Broader Investment in Leadership and Hiring Strategies:
Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School

Organizations appear poised to realize that cybersecurity executives are needed at the highest levels in order to drive organizational digital strategy. In 2019, we will see boards and CEOs get more engaged in the governance aspects of cybersecurity. We may also see some signs of legislation to hold executives accountable for due diligence.

On the hiring end, because companies are finding it harder to poach qualified workers from other companies, they are likely to start investing more in their people. Organizations will begin to engage in more creative ways to hire, including offering internships and apprenticeships, and grooming and investing in their own workforce. Organizations will also begin to look at qualified people with less experience, especially those who can speak the language of business.

2) GDPR Non-Compliance and Renewed Focus on Election Security
Balakrishnan Dasarathy, program chair, Information Assurance

Several companies will be caught for non-compliance with General Data Protection Regulation (GDPR) and a few of them will be fined heavily. This will send shivers through various industries and businesses that steward customer data and predict their behavior. Home Internet of Things (IoTs) are going make the situation dire. On the upside, this will result in better privacy policies and protection of privacy-related data through adequate cybersecurity measures.

With Democrats controlling the U.S. House of Representatives —and with Marcia Fudge playing a key role in the new House—we will see more scrutiny of both the 2018 midterm and 2016 national election processes and controls. The cybersecurity of election systems, voter registration and disenfranchisement are among the many areas that will get their due attention.

3) Decentralization, Assured Identity & Privacy, and HCI Take Center Stage
Michelle Hansen, collegiate professor, Cybersecurity and Computer Forensics

Blockchain, a model for distributed, decentralized frameworks used for information sharing, has quickly become a popular technology based on its financial uses, such as Bitcoin cryptocurrency. Cybersecurity will focus on securing these types of frameworks so that they are impenetrable and more suitable for businesses.

Authentication schemes and access control systems need to provide assured identity and individuals’ privacy. Flexible signatures, which use a verification algorithm to validate credentials in a quantifiable and trusted manner, will play a critical role with new technologies, including IoT and real-time systems.

Finally, people have long been identified as the weakest link with any information technology, system, or device. This vulnerability will be of great focus soon, as human-computer interaction aims to persuade user activity and mitigate security incidents, such as using new machine integration technologies in identifying users’ phishing susceptibility.

4) Cloud-based Breaches Rise, Machine Learning Gains Larger Role in Carrying Out Attacks
Jimmy Robertson, program chair, Software Development, Security and Computer Science

As more agencies and companies move to the cloud, shortages in skilled personnel who fully understand the shared-responsibility security model will result in more cloud-based security breaches. Putting security first before deployment is a best practice.

The application of artificial intelligence—in particular, machine learning—to both offensive and defensive cyber operations promises to offer more efficient and more effective tools for carrying out attacks that occur at machine speeds.

Resurgence of Battle Tested Attacks
Richard White, PhD, adjunct professor and course chair, Cybersecurity Information Assurance

Ransomware will continue to plague large and small businesses alike. The ransomware paradigm has proven highly successful and extremely profitable for bad actors, so it’s a safe bet that we have not seen the last of these types of attacks.

Phishing attacks also will continue, simply because they are tried and true techniques for duping the good guys into ‘mousing over,’ clicking, or downloading packages that provide a range of services to bad actors, such as credential theft, key stroke logger, remote control, and back door.

We also will see more attacks against entire industries, including watering hole attacks or NotPetys, which are both easy to deploy, present very little risk to the bad guys, and are extremely successful regarding their evil objective. Due to the many attributes associated with these types of attacks, it is likely that we will see similar attacks across 2019. 

 

Cyber Connections News Roundup: December 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 4, 2018

Global Cybersecurity in Healthcare to Reach 10.7 Billion By 2024

According to a report by Zion Market Research, the global cybersecurity in healthcare market was valued at approximately USD 6.6 billion in 2017 and is expected to reach USD 10.7 billion by the end of 2024. Major factors driving the growth of cybersecurity in healthcare include: an increase in cyber attacks; increased use of laptops, mobile devices, and smartphones with healthcare applications; and the introduction of advanced technology solutions. North America and Europe are projected to lead the way in cybersecurity in healthcare globally. Read more.

Will the Marriott Breach Lead to New Cybersecurity Laws?

News of the recent Marriott hotel hack that affected approximately 500 million guests may result in renewed calls for new federal legislation, according to a recent www.mediapost.com report. Senator Ed Markey (D-Mass), for one, is pushing for Congress to pass comprehensive consumer privacy and data security legislation that would require companies to follow strong data security standards, direct them to only collect the data they actually need to service their customer, and create penalties for companies that fail to meet them. Read more.

Dell Computer Breach Most Likely Avoided Data Extraction

US-based computer hardware manufacturer Dell announced on Nov. 9 that an unauthorized intruder (or intruders) attempted to extract Dell.com customer information from its systems, such as customer names, email addresses, and hashed passwords. The company stated in a press release that its internal investigations found no conclusive evidence that any data was extracted. According to a www.zdnet.com report, Dell is still investigating the incident, but said the breach wasn’t extensive, with the company’s engineers detecting the intrusion on the same day it happened. Read more.

Russian Hackers Back in Action After Midterms

According to a recent article on www.thehill.com, Russian hackers carried out a widespread campaign that targeted the federal government, media outlets and think tanks after the Nov. 6 midterm elections. American officials detected activity by a Kremlin-linked hacking group that took place days after the polls closed. The article suggested that the post-midterm attacks are a sign that hackers are exploring the new political landscape now that Democrats will be in control of the House starting in January. Read more.

What Is the Role of the SEC in Cybersecurity Regulation?

A recent article posted on www.lawfareblog.com examines the relationship of the Securities and Exchange Commission (SEC) and cybersecurity regulation. According to a White House Council of Economic Advisers report released earlier this year, malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. Yet, despite major breaches like the Equifax hack, Congress has not passed new legislation, even though SEC leadership has acknowledged that the greatest threat to our markets right now is the cyber threat. What should the role of the SEC be in regulating cybersecurity? Read more.

Cyber Connections News Roundup: November 6

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 6, 2018

Why Does Cybersecurity Have to Be So Hard?

According to a three-part series on http://www.forbes.com, the main reason is a lack of maturity in enterprise security operations. In a typical organization, insufficient skills at the tier 1 level to handle the response to most security events and incidents leads to excessive escalations to tier 2 and tier 3 support that are inadequately staffed to handle the volume. And because cybersecurity is in its infancy, by comparison to other IT areas, there is far less institutional knowledge to be shared with security operations recruits. Read more.

FDA Called Out on Deficient Plans to Secure Medical Devices

The U.S. Health & Human Services Department’s inspector general last month flagged the Food and Drug Administration (FDA) for its “deficient” plans and processes to ensure medical device cybersecurity, according to a recent report on http://www.massdevice.com. According to an HHS report, the FDA had not adequately tested its ability to respond to emergencies resulting from cybersecurity events in medical devices. Moreover, in two of 19 district offices, the FDA had not established written standard operating procedures to address recalls of medical devices vulnerable to cyber threats. Read more.

Talk of Cybersecurity Concerns Dominates Recent Law Practice Conference

Cybersecurity is a growing concern among practicing lawyers, according recent coverage of the College of Law Practice Management’s Futures Conference on http://www.abovethelaw.com. One of the statistics shared during the conference, at which discussion of cybersecurity dominated, was that one third of law firms with 10-99 lawyers suffered from a cyber breach in 2017. Read more. Read more.

How Utility Companies Can Combat Cybersecurity Threats

The recent indictments of seven intelligence officers from the Russian Main Intelligence Directorate of the General Staff (GRU) on charges of hacking computers associated with anti-doping sports organizations should serve wake-up call to utility companies in the US and abroad. . The hacking, as it turned out, was not limited to the anti-doping organizations. Allegedly, it extended to an international chemical weapons lab and a global electric company. A recent article on http://www.tdworld.com offers utility companies five tips they can take to combat cyber threats. Read more.

New NSF Investments Focus on Cybersecurity Programs

The National Science Foundation (NSF) Secure and Trustworthy Cyberspace (SaTC) program has announced new support for a diverse, $78.2 million portfolio of more than 225 new projects in 32 states spanning a broad range of research and education topics, including artificial intelligence, cryptography, network security, privacy, and usability. According to a recent report on www.scienmag.com, the new portfolio features an award for the Center for Trustworthy Machine Learning (CTML), which will address challenges in cybersecurity science and engineering. Read more.

How Secure Are Our Election Systems?

Some final thoughts leading up to the November 8 mid-term elections from UMUC Cybersecurity expert Balakrishnan Dasarathy.

Can our election systems be hacked? In 2018, as we move closer to the mid-term elections, a more pointed and compelling question might very well be, in the wake of election hacking and continued interference, can U.S. citizens trust our election results?

We caught up with Balakrishnan Dasarathy, professor and program chair of Cybersecurity and Information Assurance at University of Maryland University College, at last week’s CyberMaryland 2018 event to get his thoughts (see video below) leading up to the 2018 mid-terms.

See the video below or read his Dasarathy’s full analysis of election security.