Cyber Connections News Roundup: January 29

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 29, 2019

New Law In Australia May Affect Data Security Worldwide

A new law in Australia gives law enforcement authorities the power to compel tech-industry giants like Apple to create tools that would circumvent the encryption built into their products. As reported on http://www.nytimes.com, the law, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, applies only to tech products used or sold in Australia, but its impact could be felt around the world as these so-called “back-doors” expose data to friendly agencies yet may also risk exposure of the same data to not-so-friendly entities. Read more.

New Cybersecurity Coalition Filing Raises Privacy vs. Security Debate

In a similar privacy debate, the Cybersecurity Coalition, a group of companies that specializes in cybersecurity products and policy, recently filed a “request for comment” with the National Technology and Information Administration (NTIA) that states that companies occasionally need to compromise customers’ personal data and privacy in order to protect themselves from cyber threats. The filing, according to a report on www.insidesorces.com, raises the old debate over privacy versus security. In its filing, the Cybersecurity Coalition explains that in order to learn more about cyber attacks and prevent them from happening again, the affected company will share data and “large-scale information” about the threat or attack. Read more.

Congress Debates the Merits of Bug Bounties

Lawmakers on Capitol Hill recently passed the Hack the State Department Act, which offers cash prizes to ethical hackers who undergo background checks in exchange for reports about vulnerabilities in government websites and other Internet tools. However, as reported on http://www.washingtonpost.com, many inside and outside government worry that while congress views bug bounties as useful in exposing vulnerabilities, it may also view them as a replacement for fixing institutional problems in government cybersecurity. Read more.

Cybersecurity Tops List of Concerns Discussed at World Economic Forum

At the recent World Economic Forum, held last week in Davos, Switzerland, cybersecurity was high on the agenda as one of the biggest challenges facing chief executives and political leaders around the world. As reported on www.thenational.ae, leaders discussed the need for a global framework to address the loss of $600 billion annually to cyber crime, according to the Centre for Strategic and International Studies. Read more.

Parents of Teenage Boys Beware: Security Flaw Detected in Fortnite

Researchers at cybersecurity firm Check Point Software have discovered a major security flaw in the popular online video game Fortnite that may have let hackers gain access to player accounts and use their stored credit card information to buy digital goods and then resell them. According to a report on http://fortune.com, the company said it had notified Fortnite’s developer, Epic Games, in November 2018. Epic Games appears to have fixed the flaw in late December, but declined to comment as to whether any user accounts were compromised. Read more.

 

Cyber Connections News Roundup: January 15

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 15, 2018

Cybersecurity Implications of the Government Shutdown Could Have Long-term Implications

Furloughed workers and frozen funding has compromised our nation’s defenses against foreign cyber attackers, according to cyber blogger Joseph Steinberg. As a very basic example, it is highly unlikely that updates and patches are being tested and applied in a timely fashion to all computers that need them. The shutdown is also having a dramatic impact on the ability of key federal departments and agencies, such as the Department of Homeland Security and the National Institute of Standards and Technology, to secure the private sector, according to a recent www.govtech.com report. Read more.

Compliance Costs and Mobile Attacks Top the List of APAC Cyber Predictions for 2019

According to a recent article on www.networksasia.net, China is the top source of security incidents in Asia, accounting for more than one-fifth (22.8%) of them, followed followed by India (18.4%) and Russia (11.3%). These insights were derived from research developed by Ensign InfoSecurity (EIS), from the period of October 2017 to March 2018. Key cybersecurity predictions for the APAC region include: rising compliance costs; growing attacks on mobile, cloud platforms and SCADA systems; an increased influence of artificial intelligence; and an increase in the complexity of attacks. Read more.

Airline Industry To Take a More Proactive Stance on Cyber Threats

Airports and airlines are industry leaders when it comes to physical security checks, such as baggage scans, restrictions on liquids, and random passenger searches. But now they are focusing more on online threats, according to a recent www.webtravel.com report. The wake-up call came last year, when Cathay Pacific, British Airways, Delta Air Lines and Singapore Airlines all experienced cybersecurity breaches that exposed the personal data of millions of travellers worldwide. Read more.

U.S. Education Industry’s Cybersecurity Lags Behind 16 Other Sectors

According to a recent http://www.edweek.com article, the education industry has the worst cybersecurity vulnerability among 17 industry sectors. Citing a recent report by SecurityScorecard that surveyed 2,393 companies in the education industry, schools tend to underestimate the need for monitoring and protecting network infrastructures. The growth of computer-based assessments also creates cybersecurity concerns. Read more.

HHS Releases Voluntary Healthcare Cybersecurity Practices

In late December, the Department of Health and Human Services (HHS) released voluntary cybersecurity practices to the healthcare industry with the aim of providing practice guidelines to cost-effectively reduce cybersecurity risks. According to a report on www.healthcare-informatics.com, the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication aims to provide guidance to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems. The publication was produced in response to a mandate set forth by the Cybersecurity Act of 2015 Section 405(d), to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. Read more.

Cyber Connections News Roundup: January 1

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 1, 2018

Cybersecurity Trends for 2019: UMUC Faculty Experts Weigh in on What to Expect in the New Year 

As it was when 2018 began, cybersecurity remains a top global priority as we look ahead to 2019, arguably, even more so. We simply need to look back over the past year to see that data breaches have affected just about every aspect of our lives. What can we expect 2019 to bring? Cybersecurity faculty experts at the University of Maryland University College (UMUC) offer five unique industry predictions, trends and priorities for the coming year. Read more.

Maritime Cybersecurity Should Not Be Overlooked

As reported recently on www.pilotonline.com, 70 percent of key maritime industry stakeholders have confidence in the industry’s ability to face cyber attacks, but only 36 percent expressed confidence that their own companies could do the same. These were just two key takeaways from the inaugural Maritime Cybersecurity Survey, conducted by the New Orleans-based law firm Jones Walker LLP. Released in October, 2018, the survey asked senior security and compliance leaders from U.S. maritime companies to gauge the industry’s preparedness for cyber attacks, such as the recent assaults on the ports of San Diego and Barcelona, and the malware attack that cost the shipping giant Maersk more than $300 million last year. Read more.

New Acting Pentagon Chief Is Advocate for Cybersecurity, But Questions Remain

Patrick Shanahan, who will become acting Secretary of Defense on Jan. 1, replacing outgoing Pentagon chief Jim Mattis, has been one of the Pentagon’s top advocates for stronger contractor cybersecurity and IT acquisition, according to a recent article on www.fifthdomain.com. But how Shanahan handles the greater cybersecurity issues we face today, even on a temporary basis, remains an open question that will most likely be tested immediately amid current challenges, such as the alleged hacking campaign from China. Read more.

FINRA Updates Report on Cybersecurity Practices for Broker-Dealers

On December 20, 2018, the Financial Industry Regulatory Authority (FINRA) released a report on cybersecurity practices that continues its efforts to share information that can help broker-dealer firms further develop their cybersecurity programs. This report presents FINRA’s observations regarding effective practices that firms have implemented to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity. Read more.

Cybersecurity Remains Among the Top Health IT Risks for 2019

Business continuity and disaster recovery, cybersecurity, biomedical devices, IT governance, system access management, and system implementation will be the biggest IT risk areas for healthcare organizations in 2019, according to a report from Crowe, a global public accounting, consulting, and technology firm. According to a recent article on www.healthitsecurity.com, cybersecurity will continue to be a top boardroom concern among healthcare organizations in 2019. Notably, biomedical device and IoT security will remain as areas of focus to ensure patient safety, HIPAA compliance, and network security risk. Read more.

Cyber Connections News Roundup: December 18

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 18, 2018

Does the Latest Bitcoin Hoax Mean Ransom Attacks Are on the Rise?

On Dec. 13, school administrators, business owners and others across the U.S. and Canada received emails threatening them to pay $20,000 worth of Bitcoin or risk a deadly explosion. The scam, which put law enforcement agencies and emergency personnel on high alert, represents a shift in the threat landscape, namely as it relates to scale, according to a recent article on http://www.circa.com. Once phoned in, perpetrators now can email thousands of bomb threats and financial scams with one click of the mouse. Ransom attacks are most likely on the rise, as they are seen as an inexpensive and easy way for individuals and nation states to raise money and move that money around. Read more.

Why Satellites Need Cybersecurity Too

Cybersecurity is a threat countries must not overlook when protecting their satellites, according to a recent article on http://www.space.com. Vulnerable to a number of different types of threats and attacks are hard to trace, satellites also have a series of attack points, rather than a single entry point that’s easier to defend. Read more.

Think a Department of Cybersecurity is a Good Idea? Maybe Think Again

A recent report from http://www.defense360.com argues that many of the cybersecurity challenges we face today already have an approach suited to the problem, and none of them involve a Department of Cybersecurity, a disruptive bureaucratic solution that would fail to solve problems and may also add new ones. One notable concern is that turning cybersecurity over to a centralized department runs the risk of a one-size-fits-all technical solution that does not consider the unique risk environments of other agencies. Read more.

Aramco and Raytheon Cybersecurity Joint Venture A Boon to Job Creation

Saudi Aramco and American defense contractor Raytheon have signed a memorandum of understanding (MoU) to establish a joint venture cybersecurity company, the companies announced on Dec. 14. According to a report on http://www.arabianbusiness.com, the new company will market and provide cybersecurity software and hardware capabilities as well as research and development. The venture also is expected to advance Saudi Arabia’s economic development goals by creating highly skilled jobs in the cybersecurity sector. Read more.

New Mimecast Survey Exposes Lack of Employee Cybersecurity Training

According to a new study by cloud-based email protection company Mimecast, of 1,000 employees who use employer-issued devices, 25 percent of employers do not understand the most common cybersecurity threats against their organizations. Mimecast also found that only 45 percent of businesses put their employees through mandatory, formal cybersecurity training. What does this mean? According to Mimecast, it could indicate that businesses are inherently trusting of their employees. Or, it could also mean that companies simply don’t have the resources or know-how to implement formal cybersecurity training. Read more.

Cybersecurity Trends for 2019: Hear from University of Maryland University College Faculty Experts

As it was when 2018 began, cybersecurity remains a top global priority at year’s end and, arguably, even more so. We simply need to look back over the past year to see that data breaches have affected just about every aspect of our lives. What can we expect 2019 to bring?

Cybersecurity faculty experts at the University of Maryland University College (UMUC) offer five unique industry predictions, trends and priorities for the coming year.

1) A Broader Investment in Leadership and Hiring Strategies:
Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School

Organizations appear poised to realize that cybersecurity executives are needed at the highest levels in order to drive organizational digital strategy. In 2019, we will see boards and CEOs get more engaged in the governance aspects of cybersecurity. We may also see some signs of legislation to hold executives accountable for due diligence.

On the hiring end, because companies are finding it harder to poach qualified workers from other companies, they are likely to start investing more in their people. Organizations will begin to engage in more creative ways to hire, including offering internships and apprenticeships, and grooming and investing in their own workforce. Organizations will also begin to look at qualified people with less experience, especially those who can speak the language of business.

2) GDPR Non-Compliance and Renewed Focus on Election Security
Balakrishnan Dasarathy, program chair, Information Assurance

Several companies will be caught for non-compliance with General Data Protection Regulation (GDPR) and a few of them will be fined heavily. This will send shivers through various industries and businesses that steward customer data and predict their behavior. Home Internet of Things (IoTs) are going make the situation dire. On the upside, this will result in better privacy policies and protection of privacy-related data through adequate cybersecurity measures.

With Democrats controlling the U.S. House of Representatives —and with Marcia Fudge playing a key role in the new House—we will see more scrutiny of both the 2018 midterm and 2016 national election processes and controls. The cybersecurity of election systems, voter registration and disenfranchisement are among the many areas that will get their due attention.

3) Decentralization, Assured Identity & Privacy, and HCI Take Center Stage
Michelle Hansen, collegiate professor, Cybersecurity and Computer Forensics

Blockchain, a model for distributed, decentralized frameworks used for information sharing, has quickly become a popular technology based on its financial uses, such as Bitcoin cryptocurrency. Cybersecurity will focus on securing these types of frameworks so that they are impenetrable and more suitable for businesses.

Authentication schemes and access control systems need to provide assured identity and individuals’ privacy. Flexible signatures, which use a verification algorithm to validate credentials in a quantifiable and trusted manner, will play a critical role with new technologies, including IoT and real-time systems.

Finally, people have long been identified as the weakest link with any information technology, system, or device. This vulnerability will be of great focus soon, as human-computer interaction aims to persuade user activity and mitigate security incidents, such as using new machine integration technologies in identifying users’ phishing susceptibility.

4) Cloud-based Breaches Rise, Machine Learning Gains Larger Role in Carrying Out Attacks
Jimmy Robertson, program chair, Software Development, Security and Computer Science

As more agencies and companies move to the cloud, shortages in skilled personnel who fully understand the shared-responsibility security model will result in more cloud-based security breaches. Putting security first before deployment is a best practice.

The application of artificial intelligence—in particular, machine learning—to both offensive and defensive cyber operations promises to offer more efficient and more effective tools for carrying out attacks that occur at machine speeds.

Resurgence of Battle Tested Attacks
Richard White, PhD, adjunct professor and course chair, Cybersecurity Information Assurance

Ransomware will continue to plague large and small businesses alike. The ransomware paradigm has proven highly successful and extremely profitable for bad actors, so it’s a safe bet that we have not seen the last of these types of attacks.

Phishing attacks also will continue, simply because they are tried and true techniques for duping the good guys into ‘mousing over,’ clicking, or downloading packages that provide a range of services to bad actors, such as credential theft, key stroke logger, remote control, and back door.

We also will see more attacks against entire industries, including watering hole attacks or NotPetys, which are both easy to deploy, present very little risk to the bad guys, and are extremely successful regarding their evil objective. Due to the many attributes associated with these types of attacks, it is likely that we will see similar attacks across 2019. 

 

Cyber Connections News Roundup: December 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 4, 2018

Global Cybersecurity in Healthcare to Reach 10.7 Billion By 2024

According to a report by Zion Market Research, the global cybersecurity in healthcare market was valued at approximately USD 6.6 billion in 2017 and is expected to reach USD 10.7 billion by the end of 2024. Major factors driving the growth of cybersecurity in healthcare include: an increase in cyber attacks; increased use of laptops, mobile devices, and smartphones with healthcare applications; and the introduction of advanced technology solutions. North America and Europe are projected to lead the way in cybersecurity in healthcare globally. Read more.

Will the Marriott Breach Lead to New Cybersecurity Laws?

News of the recent Marriott hotel hack that affected approximately 500 million guests may result in renewed calls for new federal legislation, according to a recent www.mediapost.com report. Senator Ed Markey (D-Mass), for one, is pushing for Congress to pass comprehensive consumer privacy and data security legislation that would require companies to follow strong data security standards, direct them to only collect the data they actually need to service their customer, and create penalties for companies that fail to meet them. Read more.

Dell Computer Breach Most Likely Avoided Data Extraction

US-based computer hardware manufacturer Dell announced on Nov. 9 that an unauthorized intruder (or intruders) attempted to extract Dell.com customer information from its systems, such as customer names, email addresses, and hashed passwords. The company stated in a press release that its internal investigations found no conclusive evidence that any data was extracted. According to a www.zdnet.com report, Dell is still investigating the incident, but said the breach wasn’t extensive, with the company’s engineers detecting the intrusion on the same day it happened. Read more.

Russian Hackers Back in Action After Midterms

According to a recent article on www.thehill.com, Russian hackers carried out a widespread campaign that targeted the federal government, media outlets and think tanks after the Nov. 6 midterm elections. American officials detected activity by a Kremlin-linked hacking group that took place days after the polls closed. The article suggested that the post-midterm attacks are a sign that hackers are exploring the new political landscape now that Democrats will be in control of the House starting in January. Read more.

What Is the Role of the SEC in Cybersecurity Regulation?

A recent article posted on www.lawfareblog.com examines the relationship of the Securities and Exchange Commission (SEC) and cybersecurity regulation. According to a White House Council of Economic Advisers report released earlier this year, malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. Yet, despite major breaches like the Equifax hack, Congress has not passed new legislation, even though SEC leadership has acknowledged that the greatest threat to our markets right now is the cyber threat. What should the role of the SEC be in regulating cybersecurity? Read more.

Cyber Connections News Roundup: November 20

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 20, 2018

Trump Inks Bill for New DHS Cybersecurity Agency

On Friday, Nov. 16, President Trump signed into law a bill that establishes the Department of Homeland Security (DHS) as the main agency overseeing civilian cybersecurity. The DHS’s cybersecurity branch, known as the Cybersecurity and Infrastructure Security Agency (CISA), will now be elevated to the same stature as other units within DHS, such as Secret Service or the Federal Emergency Management Agency (FEMA). Read more.

Why Are Millennials Such a Big Workplace Cybersecurity Risk?

According to a recent research study by SailPoint, a provider of identity governance solutions, nearly 90% of 18–25 year-olds breaks the most basic of security rules, such as reusing passwords across different accounts. According to an article about the report on www.informationage.com, more than half (55%) of survey respondents stated their IT department is a source of inconvenience, which leads employees to skirt IT policies. The SailPoint study is based on interviews with 1,600 employees at organizations with at least 1,000 employees across Australia, France, Germany, Italy, Spain, the United Kingdom and the United States. Read more.

Cybersecurity Moonshot Closer to Becoming a Reality

As reported on www.thehill.com, members of the President’s National Security Telecommunications Advisory Committee (NSTAC) voted to move forward with its cybersecurity “moonshot” by sending its 56-page report to the White House on November 14. The report calls for the Trump administration to establish a council and executive director to make cybersecurity a priority for the federal government, U.S. businesses and American citizens. Read more.

Schools Must Do a Better Job Defining Path to Cybersecurity Careers

Student panelists at the Nov. 8 symposium “Attacking the Roots of Cyber (In) Security: The Role of Education,” organized by Cyber Center for Education & Innovation (CCEI)–Home of the National Cryptologic Museum (NCM) and hosted by University of Maryland University College (UMUC), agree that educators need to do a better job defining the path toward cybersecurity careers. The panel, moderated by Dr. Karen Salmon, the superintendent of the Maryland State Department of Education, included high school seniors, a current college student and a recent graduate of the UMUC master’s program in digital forensics and cyber investigation. Read more.

U.S. Among Countries Absent from 50-Plus Nation Cybersecurity Pact

On Monday, Nov. 12, French President Emmanuel Macron released an international agreement on cybersecurity principles Monday as part of the Paris Peace Forum. As reported on www.axios.com, the original signatories the Paris Call for Trust and Security in Cyberspace included more than 50 nations, 130 private sector groups and 90 charitable groups and universities, but key absentees include the United States, Russia, China, North Korea, Iran and Israel, a country that already has a large domestic cybersecurity industry. Read more.