Cyber Connections News Roundup: July 30

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 30, 2019

New Orleans Governor Issues First Ever Statewide Cybersecurity Emergency

Governor John Bel Edwards has issued a statewide emergency declaration following a cybersecurity attack on several school systems in North Louisiana, according to a recent report on wwl.radio.com. This is the first activation of Louisiana’s emergency support function relating to cybersecurity. Kenneth Donnelly, senior coordinating official for the Louisiana Cybersecurity Commission, said the state was first made aware of a malware attack on July 23. The New Orleans Office of Homeland Security and Emergency Preparedness, along with Information Technology and Innovation, is monitoring the situation and is in close contact with the Governor’s Office of Homeland Security and Emergency Preparedness and law enforcement partners at the local, state and federal level. Read more.

NSA Creates New Cybersecurity Arm to Combat Foreign Threats

According to a report on www.nextgov.com, the National Security Agency (NSA) will create a new cybersecurity “directorate” to unify NSA’s foreign intelligence and cyber defense missions, and prevent and eradicate threats to national security systems and the defense industrial base. Anne Neuberger, who has been leading the NSA’s Russia Small Group, has been tapped to lead the new directorate, which will become operational on Oct. 1. Neuberger led the NSA’s election security efforts for the 2018 midterms, having served as the NSA’s first chief risk officer. Read more.

IoT Cybersecurity Improvement Act Calls for Deployment Standards

The IoT Cybersecurity Improvement Act of 2019, co-sponsored by Reps. Robin Kelly (D-Ill.) and Will Hurd (R-Texas), would require the National Institute of Standards and Technology (NIST) to issue guidelines for the secure development, configuration and management of IoT devices, according to a recent article on www.techtarget.com. It would also require the federal government to comply with these NIST standards. Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance at the Graduate School at the University of Maryland University College, was quoted in the article in support of the bill. “We need government intervention,” he said. Dasarathy said that the bill would provide appropriate IoT security guidance to chief information security officers (CISOs) and other organizational executives. “Right now many CISOs struggle to determine adequate security,” he said. Read more.

Industrial Cybersecurity Emerging as Frontline of Cyber Attacks

According to a report on www.businesswire.com, the number of cybersecurity-related incidents occurring around industrial systems and operational technology is on the rise. Industrial cybersecurity is therefore emerging as the frontline defense to address such threats. Urmez Daver, vice president and global head of Industrial Cybersecurity, TÜV Rheinland Group, speaking at the recent Secure Summit APAC 2019 in Hong Kong on July 11, said that emerging cybersecurity standards will provide the right level of guidance to enterprises to manage cyber risk, which is often best achieved when safety, security and privacy are engineered by design. Read more.

Israel to Provide Cybersecurity Training to Students with Autism

A first of its kind cybersecurity training course for people with disabilities has opened in Israel, led and financed by the National Cyber Directorate and the Welfare and Social Services Ministry, according to a report on www.timesofisrael.com. In an effort to expand the pool of talent in the industry, Ram Levy, CEO of cybersecurity company Konfidas, initiated the training to enable people with disabilities to integrate into the cybersecurity field. The first cohort of the course will include 16 students on the autism spectrum, aged 21 and up. Read more.

 

 

Cyber Connections News Roundup: July 16

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 16, 2019

New ISA Cybersecurity Alliance Established to Accelerate Education, Readiness, and Knowledge Sharing

The International Society of Automation (ISA) has created an open, collaborative forum to advance cybersecurity awareness, readiness, and knowledge sharing. According to a recent report on Yahoo Finance, the ISA Global Cybersecurity Alliance will bring together a global group of stakeholders from end-user companies, control system vendors, IT and OT infrastructure providers, system integrators, and others affiliated with global industry to benefit everyone, especially the communities in which we operate and serve. Read more.

Artificial Intelligence in Cybersecurity Expected to Surpass $38 Billion

A recent report from Markets and Markets predicts that the artificial intelligence (AI) in cybersecurity market will reach USD 38.2 billion by 2026 from USD 8.8 billion in 2019, at the highest CAGR of 23.3%. Major drivers for the market’s growth include: the growing adoption of IoT and increasing number of connected devices; rising instances of cyber threats; growing concerns of data privacy; and an increasing vulnerability of Wi-Fi networks to security threats. Read more.

New Indiana University Cyber Clinic to Serve as Mid-West Hub for Training

According to an article on https://meritalkslg.com/, Indiana University (IU) will establish the IU Cybersecurity Clinic to address cyber threats on the state and local level. IU said the clinic would serve as a Midwest hub for cyber training. Funding for the new clinic comes from a $340,000 grant from the William and Flora Hewlett Foundation and matching funds up to $225,000 from the Indiana Economic Development Corp. Read more.

U.S. Coast Responds to Recent Safety Alert With Cybersecurity Recommendations

On July 8, the U.S. Coast Guard issued a safety alert to report an incident in February whereby a deep draft vessel on an international voyage bound for the Port of New York and New Jersey reported that it was experiencing a significant cyber incident impacting its shipboard network, according to a recent report on www.marinelog.com. The Coast Guard responded to the incident by establishing a set of recommendations for vessels and facility owners to improve cybersecurity. Read more.

Maryland Department of Labor Reports Cybersecurity Incident

A recent report on https://www.nbcwashington.com/ details efforts by the Maryland Department of Labor to notify roughly 78,000 customers about potential unauthorized activity in two of its database systems. On July 5, the department reported that some personal information might have been accessed without authorization, but that an investigation by the department has not found any misuse of data. Read more.

 

 

Cyber Connections News Roundup: July 2

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 2, 2019

Hacking Risk to Medtronic Insulin Pumps Exposes Vulnerabilities IoT Medical Devices

According to a report on www.forbes.com, the U.S. Food and Drug Administration (FDA) warned recently that a number of insulin pumps from Medtronic MiniMed might be at risk of a cybersecurity breach. According to the FDA, Medtronic is recalling affected MiniMed pump and providing alternative insulin pumps to patients. The Medtronic recall illustrates the increase in vulnerabilities of such medical devices as more and more go online and shift to IoT and wearables. Read more.

NIST Releases Guide to Managing Cybersecurity Risks Posed by IoT

Health IT Security reports that on June 25 the National Institute of Standards and Technology (NIST) released a guide to managing the privacy and cybersecurity risks posed by IoT, the first in a planned series on IoT designed to help both federal and private sector organizations shore up IoT vulnerabilities. In October 2018 NIST issued a draft IoT report, which laid out the top considerations that can impact the management of IoT devices across the enterprise. The guide released last week builds on the initial report and is designed to serve as a foundation for a planned series on more specific IoT assets. Read more.

M&A Deals Hamstrung by Cybersecurity

According to a recent report by Forescout Technologies titled The Role of Cybersecurity in M&A Diligence, half of IT decision makers (53%) found critical cybersecurity issues that put mergers or acquisition deals in jeopardy during their initial assessments, according to Forescout Technologies’ survey of 2,700 executives. Furthermore, undisclosed data breaches represent an immediate deal-breaker for their company’s M&A strategy, according to 73% of surveyed decision makers. Acquiring a company, only to find critical cybersecurity issues down the line, made 65% of decision-makers feel buyer’s remorse once the deal closed. Read more.

Maryland Gov. Hogan Hires Cybersecurity Chief

Gov. Larry Hogan (R) has named Maryland’s first statewide chief information security officer, part of an effort to boost defenses against cybersecurity threats, according to a recent report on www.washingtonpost.com. John Evans, who had served as the chief information security officer for the state Department of Information Technology since October, will lead the newly created Office of Security Management and chair the Maryland Cybersecurity Coordinating Council, a panel made up of nearly a dozen agency heads. The move comes just after a powerful ransomware attack nearly paralyzed the city government for the past month. Read more.

Iranian Hackers Ramp Up Cyber Campaigns Against U.S.

A recent article on www.time.com details how Iran has increased its offensive cyber attacks against the U.S. government and critical infrastructure as tensions have grown between the two nations. The article describes how hackers believed to be working for the Iranian government have targeted U.S. government agencies, as well as sectors of the economy, including oil and gas via spear-phishing emails, according to cybersecurity tracking companies CrowdStrike and FireEye. The cyber offensive is the latest chapter in the U.S. and Iran’s ongoing cyber operations targeting the others. Read more.

 

Cyber Connections News Roundup: June 18

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 18, 2019

Anheuser-Busch to Open Cybersecurity Unit

Anheuser-Busch InBev (AB InBev), the world’s largest beer maker, plans to open a cybersecurity unit in Israel to help protect itself from a growing number of attacks, according to a recent report on www.yahoo.com. AB InBev, the maker Budweiser, Corona and Stella Artois among numerous other brands, will begin focusing on analyzing threats and potential attacks out its Tel Aviv hub. Read more.

U.S. Customs and Border Data Breach Raises Privacy Concerns

U.S. Customs and Border Protection reported on June 10 that photos of travelers had been compromised as part of a cyber attack. As reported on www.washingtonpost.com, among other news outlets, the breach has raised concerns over how expanded surveillance efforts could imperil the privacy of private citizens. Customs officials said that the images included photos of people’s faces and license plates. Read more.

Hackers Set Sights on US Power Grid

According to a recent report on www.upi.com, a group of hackers has targeted the US power grid over the past several months but has so far been unable to trigger any outages or other incidents. The cybersecurity firm, Dragos, has been tracking the hacker group known as Xenotime or the Triton actor for months as it scans the US electrical grid looking for weaknesses. The group is known for its Triton malware, which was responsible for disabling the cybersecurity systems at Saudi Arabia’s Petro Rabigh oil refinery in 2017. Read more.

Deep Fake Videos Not Just a Threat to Election Campaigns

In a video interview on www.foxbusiness.com, Joseph Loomis, founder of CyberSponse, warned that US corporations are becoming more susceptible to the threat and harm caused by bogus online videos. The consequences of a misleading video about a product release, for example, can, according to Loomis, have a long-lasting negative impact on a publicly traded company. A fake video could influence investors and devastate a brand and stock prices. Read more.

Will the Future of Cybersecurity Rely on Artificial Intelligence?

According to a recent article on www.csoonline.com, artificial intelligence will likely be at the forefront of the next wave of cybersecurity tools. The article cites a growing number of experts who believe that new technology based on machine learning and artificial intelligence (AI) will play a key role in computer, network and data security. Most legacy cybersecurity tools require human interaction or configuration. The advancement of AI means that companies will be able to rely on smart tools to handle the bulk of event monitoring and incident response so that software will be able to recognize patterns in web requests and automatically block those that could be a threat. Read more.

 

 

Cyber Connections News Roundup: June 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 4, 2019

Startup BlueVoyant Raises $82.5 Million at a Valuation in Excess of $400 Million

According to a recent article on www.techcrunch.com, New York based cybersecurity startup BlueVoyant, a provider of managed security, professional services and, threat intelligence, has raised $82.5 million in a Series B round of funding at a valuation in excess of $430 million. The funding is coming from a range of new and existing investors that includes fintech giant Fiserv. Read more.

Cybersecurity Stands to Benefit from Advancements in AI

An article on www.globalsign.com reports that cybersecurity may be one of the key beneficiaries of advancements in artificial intelligence (AI). AI, for example, can be used to detect imminent threats by collecting data from different logs and records and identifying new threats that are being spread by hackers. AI can also identify malware and spyware trends by analyzing data across multiple channels. AI lets users detect malware systems faster and before they can do damage on a large scale. Read more.

Middle East and Africa Cybersecurity Market Expect to Take Off

A new report featured on www.researchandmarkets.com predicts that the Middle East and Africa cybersecurity markets will expand at a CAGR of 11.9 percent and is expected to be valued at USD 23.4 billion by 2023. Contributing to this rise is the digitization in verticals such as banking, financial services, government, and the oil and gas industries, which has triggered the risk of cyber attacks. The main reason for the cybersecurity market’s exponential growth rate is improved awareness, and the adoption of various cybersecurity services that are needed to safeguard smart grid devices, digitized businesses, and IoT-based smart cities. Read more.

New Cybersecurity Legislation Aims to Secure Nation’s Election

Sens. Amy Klobuchar, D-Minn., and Susan Collins, R-Maine, introduced legislation to secure the nation’s elections by providing training to state and local election officials, according to a report on www.brainerddispatch.com. The “Invest in Our Democracy Act of 2019” would direct the Election Assistance Commission to provide grants in support of continuing education in election administration or cybersecurity for election officials and employees. The Act would establish a grant program administered by the Election Assistance Commission to cover up to 75 percent of the cost of the yearly tuition of election officials and employees who are enrolled in an accredited certificate program for election administration or cybersecurity. The Act would also provide $1 million for fiscal year 2021 and such sums necessary for each fiscal year between 2022 and 2028. Read more.

Poor Cybersecurity Can Do Damage Beyond Your Bottom Line

A recent article on www.securityboulevard.com enumerates the ways poor cybersecurity measures could harm your business. For example, your initial impression may be that weak cybersecurity only affects your organization, but a lack in cybersecurity can also be problematic for an organization’s customers and wider markets. Companies can steer clear of this fault by taking a top-down approach to cybersecurity. Read more.

 

Cyber Connections News Roundup: May 21

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 21, 2019

States Make Strides In Cybersecurity But Is it Enough?

On https://www.govtech.com, blogger Dan Lohrmann offered a report from the National Governors Association Center for Best Practices’ third National Summit on State Cybersecurity (May 14-15, 2019 at the Shreveport Convention Center). The event convened state homeland security advisors, chief information officers, chief information security officers, governors’ policy advisors, National Guard leaders and others to explore cybersecurity challenges and promising practices. Overall, Lohrmann observed “a sense of how far the nation has come regarding cybersecurity, tempered by a recognition of how much more needs to be done.” He also highlighted comments from keynote speaker Chris Krebs, director, Cybersecurity & Infrastructure Security Agency, U.S. Department of Homeland Security, who discussed the actions of Russia during the 2016 election and reminded the audience that ransomware and a host of other cyber trends are also top priorities of the administration. Read more.

IoT Is Major Driver in Growth of Artificial Intelligence Market

According to a new report from B2B research provider MarketsandMarkets, the artificial intelligence in cybersecurity market is projected to reach USD 38.2 billion by 2026 from USD 8.8 billion in 2019. Major drivers for the market’s growth include the adoption of IoT. Other factors are the increasing number of connected devices, rising instances of cyber threats, and increasing vulnerability of Wi-Fi networks to security threats. According to the report, titled “The Artificial Intelligence in Cybersecurity Market,” opportunities include the growing need for cloud-based security solutions and the increased use of social media for business functions. Read more.

The Intersection of Trade Wars and Cybersecurity

A recent article on www.forbes.com highlights the potential for foreign adversaries to create and exploit vulnerabilities in information and communications technology and services. In light of the current trade war with China, the administration has banned two Chinese technology companies from entering U.S. markets. The Commerce Department added Huawei, the telecom equipment giant, to the Bureau of Industry and Security’s “Entity List,” a designation that bars firms from doing business with U.S. companies without a special license from the bureau. Prior to that move, the FCC voted unanimously to deny China Mobile’s application to provide telecommunications services in the United States. Read more.

The Evolution of the Utilities Industry Could Mean a Rise in Cyber Threats

The evolution of the utilities industry to a “smart infrastructure” that relies on digitized equipment and connectivity across devices, plants, and systems will most likely result in a growing number of cybersecurity threats, according to a recent article on www.helpnetsecurity.com. Current security policies of many utilities have not evolved in step with this evolution and could leave companies vulnerable. Of the six risks enumerated in this article, boundary protection tops the list. Read more.

Defining and Deploying a Cybersecurity Culture Is an Ever-Evolving Challenge

A recent article on https://cybersecurity.isaca.org/ by Luis Emilio Alvarez-Dionisi, Ph.D. and Nelly Urrego-Baquero offers a path forward, but the authors concede: “Having a cybersecurity culture is a dynamic process that demands continuous attention.” The main objective of cybersecurity culture is to develop and implement a cybersecurity culture ecosystem to support cybersecurity. Sharing the experience of establishing an advanced social and psychological groundwork may help support cybersecurity. Deploying a cybersecurity culture requires senior leadership buy in. The board of directors and senior management must decide to support and enable a cybersecurity shield to mitigate the risk associated with cyber attacks. Read more.

 

 

Cyber Connections News Roundup: May 7

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 7, 2019

New Cybersecurity Executive Order Focuses on Jobs and Talent Pipeline

On May 11, President Trump issued Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” to improve the Nation’s cyber posture and capabilities in the face of intensifying cybersecurity threats. The order laid a number of federal initiatives, including standardizing job listings to help cybersecurity workers more easily move between the Department of Homeland Security and other agencies and establishing awards for elementary and secondary school educators who foster cybersecurity talent. Read more.

Finance CEOs Are Increasingly Worried About Cyber Attacks

The CEOs of some of the top financial institutions in the US, according to a recent article on https://markets.businessinsider.com, are increasingly worried about the risk of a cybersecurity attack on the nation’s financial system. Speaking at the Milken Global Institute, David Hunt, CEO of Prudential Global Investment Management, sees the next financial crisis coming from an attack on the infrastructure of the financial markets. JPMorgan CEO Jamie Dimon said cybersecurity “may very well be the biggest threat to the US financial system.” JPMorgan has stepped up its cybersecurity efforts after a 2014 cyber attack impacted 76 million households and seven million small businesses. Read more.

More Spending on Cybersecurity from Finance Sector

The finance sector is responding to concerns about cyber attacks, as described in the paragraph above, by investing more in  combating them. According to a recent survey conducted online in fall 2018 by San Diego-based Financial Services Information Sharing and Analysis Center in conjunction with the cyber risk services practice of Deloitte Touche Tohmatsu Ltd., financial institutions spend an average of 10 percent of their information technology budgets on cybersecurity. The survey of banks, insurers, investment management firms and other financial institutions, revealed that the defining characteristics of organizations that have achieved cybersecurity’s highest maturity level, as defined by the National Institute of Standards and Technology. These include securing the involvement of top executives and the board; raising cybersecurity awareness within the organization beyond the IT department; and aligning cybersecurity efforts more closely with the company’s business strategy. Read more.

Local Economy and Talent Are Driving Growth Maryland’s Cyber Economy

A recent article on https://technical.ly/baltimore/ points to economic and local talent factors as key drivers of Maryland cybersecurity’s economic growth. The growth of tech in general has resulted in a greater need for protection. And Maryland, with its close proximity to the federal government, has for a long time been the home for people who have been working on the protection side for a long time. Meanwhile, the state is offering incentives to help cybersecurity companies. Last year, for example, the Cybersecurity Association of Maryland encouraged legislation to provide tax credits for investors and companies that “Buy Maryland Cybersecurity” within the state. Read more.

Marketing Teams Are Unsung Heroes of Cybersecurity Success

According to a recent article on www.techrepublic.com, when digital assets are breached, it is the marketing department that is on the front line of relaying the company’s position going forward to affected customers and the media. Marketers must become educated in the threat landscape and understand how to communicate the company’s response to customers, according to Norman Guadagno, senior VP of marketing and chief evangelist at Carbonite. Guadagno shares his tips with fellow marketers in a recent Medium article titled “Marketers, You Will Be Hacked.” Read more.