Cyber Connections News Roundup: March 26

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 26, 2019

Building an Effective Cybersecurity Program Starts with the Perimeter

Cybersecurity is not a device, a recent article on www.forbes.com reminds us. No matter the size of your business, an effective cybersecurity program starts with defining and protecting your perimeter, much like you would with your personal property. Defining and defending the perimeter is one pillar of a successful program. Others include understanding your data, controlling access to that data, training, and providing assurance to all stakeholders that the data is protected. Read more.

K-12 Leaders Must Fully Embrace Cybersecrurity

As schools continue to adopt leading-edge technology for teaching, learning, and operations, a lack of cybersecurity expertise at the top may introduce new risks to school district operations, according to an article on www.edweek.com. Local K-12 schools were reported to have the least mature cybersecurity risk-management practices of any state or local government agency, according to a review by the Multi-State Information Sharing & Analysis Center. Similarly, a survey published last year by the National School Boards Association found that school officials are less prepared for cyber attacks than their peers in private sector companies. To combat attacks, superintendents and school board members jointly embrace their cybersecurity governance responsibilities. Read more.

Cyber Competitions Play a Central Role in Closing the Skills Gap

Cybersecurity competitions such as hackathons are among the key activities students can do to get ready to enter the job market, according to a recent article on www.securityboulevard.com. In addition to providing hands-on training to detect security vulnerabilities, competitions offer a number of other not-so-visible benefits for aspiring cybersecurity professionals as they prepare to succeed in the job market and their careers, such as team building, critical thinking and gender parity. Read more.

Federal Cybersecurity Laws Still Face Challenges as States See Progress

A recent report on www.thehill.com suggests that the 2020 presidential race may help advance the issue of cybersecurity standards at the federal level as the legislative records of three top Democratic hopefuls, Sen. Kamala Harris (D-Calif.), Sen. Kirsten Gillibrand (D-N.Y.), and Sen. Elizabeth Warren (D-Mass.), could bring cybersecurity to the forefront. Encouraging as this may be, the report also points out that standardizing cybersecurity practices at the federal level also faces significant challenges, such as jurisdiction issues and the siloing of best practices among federal agencies. Fortunately we’re seeing progress at the state level with regard to proposed regulations. Read more.

Congress Introduces Bill to Address IoT Security

As reported on www.securitytoday.com and elsewhere, members of the U.S. Senate and House of Representatives introduced on March 11 the Internet of Things Cybersecurity Improvement Act, a bill that proposes to bring legislative action to improve cybersecurity in the emerging technology. The Act aims to address the national security threat posed by insecure IoT devices by requiring a bare minimum of security standards for any device used by the federal government. The bill would not establish security standards for IoT companies across the board, just those that want to sell to the U.S. government. Read more.

 

 

Cyber Connections News Roundup: March 12

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 12, 2019

Hackers Penetrate Three U.S. Colleges

Hackers recently breached admissions files at three private colleges, Oberlin College in Ohio, Grinnell College in Iowa and Hamilton College in New York. According to a www.washingtonpost.com report, applicants to each of the three colleges received a suspicious email offering them the chance to buy their admission files. For a fee, the sender promised access to confidential information in the applicant’s file, including comments from admissions officers and a tentative decision. The emails demanded thousands of dollars in ransom from prospective students for personal information the hackers claimed to have stolen. Read more.

New Study Predicts Steep Growth in Cybersecurity Market

According to a new study by Absolute Markets Insights, the cybersecurity market will grow at a CAGR of 13.5 percent over the forecast years (2019 – 2027). Cyber attacks, predicted as the fastest growing type of crime worldwide during this period, are predicted to drive this increase. Emerging technologies, such as machine learning and big data, are also increasingly causing several industries to become more vulnerable to exploitation and cyber-attacks. Read more.

AT&T Launches Cybersecurity Division

AT&T announced at last week’s RSA Conference (March 4-8) a new standalone security division, AT&T Cybersecurity. The new unit, according to a recent report on www.sdxcentral.com, combines technology and threat intelligence from Alien Vault, which A&T acquired last year, and AT&T’s security consulting and managed services. AT&T also announced that it has become the first North American operator to join the Global Telco Security Alliance, a group launched last year by Etisalat, Singtel, SoftBank, and Telefónica to share threat intelligence and security best practices. Read more.

Winning the War on Cybersecurity Starts Young

In a recent opinion post on www.forbes.com, Danny Pehar, managing director of security awareness at Cytelligence, maintains that instilling cybersecurity knowledge and awareness in the next generation of Internet users is the key to making progress in winning the war on cybersecurity. Sharing digital information has become such a big part of our every day lives that it has become vital that we teach children how to determine whether or not certain information is sensitive and how it needs to be protected. The bottom line, according to Pehar, is teaching young people about risk. “Everything in cybersecurity begins and ends with the understanding that if you have data, then you have cyber risk,” he said. Read more.

Should Selling Products Now Mean Selling Trust?

A recent article Harvard Business Review article illuminates two conflicting trends: an increased reliance on software and technology in just about every aspect of our lives and the inherent privacy and security vulnerabilities that come with the territory. More and more companies are adopting the philosophy that successfully selling products means selling trust – the ability safeguard the relationship with customers by being honest about the dangers of data in the digital age. Read more.

Cyber Connections News Roundup: February 26

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 26, 2019

Expect Supply Chain Cybersecurity to Take Center Stage at Upcoming RSAC 2019

According to a recent report on www.techtarget.com, supply chain and infrastructure security are expected be the main focus of this year’s RSA Conference from March 4-8 at the Moscone Center in San Francisco. RSAC 2019. According to Britta Glade, senior content manager for RSAC, the most popular topic submissions this year were third-party risk and supply chain cybersecurity; network architecture and infrastructure changes; geopolitics; privacy; and frameworks. The conference agenda features seven sessions that primarily focus on supply chain issues. Read more.

DNC Issues Updated Cybersecurity Recommendations Ahead of 2020 Election

The Democratic National Committee has issued updated cybersecurity recommendations to prevent a recurrence of the hacking that affected the 2016 elections, according to an article on www.washingtontimes.com. The DNC’s six-page “security checklist” contains steps for campaigns to safeguards their devices and accounts. The latest checklist, which updates similar guidance issued ahead of the 2018 midterm races, repeats earlier advice, such as using password managers and securing accounts with two-factor authentication, and adds new measures, such as reviewing privacy settings of social media accounts and answering online security questions without disclosing sensitive information. Read more.

Latest HIMSS Survey Points to Growing Influence of Security Leaders

A recent summary of the 2019 HIMSS U.S. Leadership Workforce Survey on http://www.healthleadersmedia.com suggests that rising cybersecurity, privacy, and security concerns in hospitals may overshadow other technology projects. Among the key takeaways for hospitals is the emergence of information security leaders as the third influential member of hospital IT leadership teams—following CIOs and senior clinical IT leaders, which may create tensions for some organizations. Read more.

Are the Responsibilities of Today’s CISO Taking a Mental Health Toll?

No doubt, stress is a big part of the job of a Chief Information Security Officer (CISO). But a new global study of cybersecurity professionals may reveal the true extent to which the stresses and pressures of the job may negatively impact the health of today’s CISO. In an article on www.forbes.com about a new survey, Life Inside the Perimeter: Understanding the Modern CISO report, commissioned by Nominet, 17 percent of respondents said that they had turned to medication or alcohol to help deal with that stress. Perhaps more alarming is that 91 percent of the CISOs surveyed said the levels of stress they were suffering was moderate or high and 60 percent rarely disconnected from their work role. Where does this stress come from? According to the survey, mainly from a lack of engagement with the C-Suite and the board. Read more.

CDSA Releases First TV, Film Cybersecurity Guidelines

The Content Delivery and Security Association (CDSA), which advocates for protection of media content, has issued its first TV and film security guidelines, notably focusing on cybersecurity. The goal of the guidelines is to create an industry security standard for preventing and otherwise defending against the unauthorized or unintentional access to intellectual property in an era of evolving security threats, particularly cyber threats, according to an article on www.broadcastingcable.com. The guidelines are billed as a must-have for any producer or crewmember that needs to secure their intellectual property on-set, near-set or on-location. Read more.

 

 

 

Cyber Connections News Roundup: February 12

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 12, 2019

Strategic Alignment Top Concern for CISOs in the New Year

In a recent article on http://www.techtarget.com, chief information security officers (CISOs) from a variety of industries weighed in on their top priorities for 2019, which focus mainly on aligning their objectives with their organization’s strategic roadmap. In the article, Mansur Hasib, chair of the cybersecurity technology program in The Graduate School at UMUC, said that CISOs should develop strategic plans based on what the business needs and on its appetite for risk. Read more.

K-12 Schools Experienced 100-Plus Cyber Attacks in 2018

According to an article on http://www.campussafetymagazine.com, U.S. K-12 schools experienced 122 cyber attacks last year at 119 K-12 public education institutions, averaging out to an attack every three days, according to a new report on the misuse of technology in U.S. public schools from the K-12 Cybersecurity Resource Center. The report also found that data breaches were the most common type of attack, making up 46.7 percent of the 2018 cyber incidents in K-12 schools. Read more.

Could Huawei’s Access to 5G Expand China’s Surveillance State?

In a recent report on www.washingtonpost.com the Rob Strayer, the State Department’s top cyber official, said that allowing Huawei and other Chinese companies into next-generation 5-G telecommunications networks may allow Beijing to expand its surveillance state around much of the globe. The argument from Strayer makes a compelling case against Huawei’s inclusion in 5G networks and supports pressure by U.S. officials to ban the Chinese telecom giant from 5G in Canada, Britain, Europe and elsewhere. Read more.

Automotive Cybersecurity Market to Reach USD 912 billion by 2026

According to a new report by Acumen Research and Consulting, a provider of market intelligence and consulting services to information technology among other markets, the automotive cybersecurity market’s current worth is nearly USD 191 million and projected to reach USD 912 million by 2026. The overall spending on cybersecurity, according to the report, is expanding to keep pace with the rise in cybercrimes and malware assaults. As a result, the automotive sector has rolled out new capabilities, but a surge in cybercrime is driving the need for efficient automotive cybersecurity solutions over the forecast period. Read more.

New Synopsys/SAE Study Highlights Risks in the Automotive Industry

In a survey conducted by the Ponemon Institute, Synopsis, Inc. and SAE International found that automotive manufacturers and suppliers are struggling to incorporate cybersecurity best practices throughout product development life cycle. Titled “Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices” and based on a survey of global automotive manufacturers and suppliers, the report also reavealed that the majority of automotive professionals have concerns that their organizations’ cybersecurity practices are not keeping pace with evolving technologies. Moreover, many organizations lack an established cybersecurity program or team. Read more.

 

Don’t Let Romance Scams Spoil Your Valentine’s Day

By Dr. Richard White

Valentine’s Day is for romance and connection, but scammers are skilled at using emotion as a social engineering tool.

In my book “CYBERCRIME: The Madness Behind the Methods,” I explain in detail how social engineering manipulates how we see and hear what we want to believe. In turn, dopamine released in the brain reinforces our new actualized belief.

There are five areas where scammers are most successful at engineering our beliefs and driving our actions through emotional connections.

1. Email and Phishing scams are always a threat. When romance is in the air, concerns for security may take a back seat to the excitement of finding the perfect romantic gift.

For example, scammers develop ads designed to lure victims to malicious websites or steal their credit card information with promises of gift cards, great discounts or a gift you never knew existed. Be wary of unknown companies and always verify the validity of a company before clicking a link.

2. Facebook and social media are powerful marketing sights for scammers. Perpetrators use the power of search algorithms to seek out the right victims for their scam and ads you clicked in the past combined with your search patterns allow just the right ad to be placed on your screen.

Scammers’ ads may look legitimate and their products or services may be real, but their goal is to steal your information or take your payment without delivering merchandise. Remember that social media platforms are designed to get people to respond to ads. Don’t click on an ad until you research the company with a Google search or the Better Business Bureau to ensure trustworthiness.

3. Fake profiles are a common problem on dating sites. Leading up to and during Valentine’s Day, scammers up their romantic game to establish online relationships. Remember, people tend to see and hear what they want to believe.

A common scam involves a U.S. citizen or service member who is living abroad but soon to return home, conveniently right near were you live. Once the online relationship is established, the scammer comes up with an issue and needs your financial assistance to return home.

4. Variations of the Nigerian prince scam abound. This scam involves receiving something amazing in exchange for documentation, money or a credit card number.

You receive some type of communication from a person searching for someone with your name who claims to be a long-lost love, family member, or special someone who got away. But he or she is not sure you’re the right person, so asks you to provide information to prove who you are.

Remember who is at risk here, and that you are the one putting yourself out there—possibly in harm’s way. Slow down, think and verify whom you are dealing with.

5. Compromised websites are a great way to spread malware. A website may be real and belong to a legitimate business or person, but it may have been hacked.

Be careful with any type of site that is open to the public for posting comments. Anyone can post a link that will direct you to malware or a compromised website. Whether an advertisement, a product review, or a personal ad from someone searching for you, do not let your emotions get the better of you and do not rush into something out of pure excitement. Research links before clicking on them and don’t ever post personal information online.

Also, don’t forget about the things you can do to mitigate your risk. Here are five:

  1. Always be mindful of phishing emails and attachments. If a link seems to be exactly what you are looking for, beware. Scammers may have targeted you.
  2. Many websites will allow you to test a link before you click on it, such as checkshortURL.com, virusdesk.kaspersky.com/, and scanurl.net/. These sites will let you know if the link has been reported as malicious or if malware was found on the site. Always test a link before clicking on it.
  3. Be careful when sharing personal or financial information with someone you have not met personally.
  4. Protect your privacy when using an online dating site. Do not use the same username and email address used for your normal daily activity and never put your full name on your profile.
  5. Never go off-site to use personal email or instant messaging. Social media and dating sites have a communication platform designed to protect you and keep your information private.

Finally, if you do have a need to send money overseas please follow this advice: Wiring money is the same as sending cash. It is gone as soon as it is sent. The most secure way to send money to a U.S. citizen abroad is through the U.S. State Department. To find out more about this and other options for sending money abroad go to http://www.travel.state.gov and visit the international travel section or contact Western Union and ask about this program.

Remember, your best defense online is combining awareness of cyber threats and risks with recognizing your own personal bias in the moment. Ultimately, if you are not completely comfortable with an email or website, then leave it alone.

Happy Valentine’s Day!

Dr. Richard White is an adjunct professor of cybersecurity and information assurance at University of Maryland University College (UMUC) and the author of Cybercrime: The Madness Behind the Method.”

Cyber Connections News Roundup: January 29

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 29, 2019

New Law In Australia May Affect Data Security Worldwide

A new law in Australia gives law enforcement authorities the power to compel tech-industry giants like Apple to create tools that would circumvent the encryption built into their products. As reported on http://www.nytimes.com, the law, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, applies only to tech products used or sold in Australia, but its impact could be felt around the world as these so-called “back-doors” expose data to friendly agencies yet may also risk exposure of the same data to not-so-friendly entities. Read more.

New Cybersecurity Coalition Filing Raises Privacy vs. Security Debate

In a similar privacy debate, the Cybersecurity Coalition, a group of companies that specializes in cybersecurity products and policy, recently filed a “request for comment” with the National Technology and Information Administration (NTIA) that states that companies occasionally need to compromise customers’ personal data and privacy in order to protect themselves from cyber threats. The filing, according to a report on www.insidesorces.com, raises the old debate over privacy versus security. In its filing, the Cybersecurity Coalition explains that in order to learn more about cyber attacks and prevent them from happening again, the affected company will share data and “large-scale information” about the threat or attack. Read more.

Congress Debates the Merits of Bug Bounties

Lawmakers on Capitol Hill recently passed the Hack the State Department Act, which offers cash prizes to ethical hackers who undergo background checks in exchange for reports about vulnerabilities in government websites and other Internet tools. However, as reported on http://www.washingtonpost.com, many inside and outside government worry that while congress views bug bounties as useful in exposing vulnerabilities, it may also view them as a replacement for fixing institutional problems in government cybersecurity. Read more.

Cybersecurity Tops List of Concerns Discussed at World Economic Forum

At the recent World Economic Forum, held last week in Davos, Switzerland, cybersecurity was high on the agenda as one of the biggest challenges facing chief executives and political leaders around the world. As reported on www.thenational.ae, leaders discussed the need for a global framework to address the loss of $600 billion annually to cyber crime, according to the Centre for Strategic and International Studies. Read more.

Parents of Teenage Boys Beware: Security Flaw Detected in Fortnite

Researchers at cybersecurity firm Check Point Software have discovered a major security flaw in the popular online video game Fortnite that may have let hackers gain access to player accounts and use their stored credit card information to buy digital goods and then resell them. According to a report on http://fortune.com, the company said it had notified Fortnite’s developer, Epic Games, in November 2018. Epic Games appears to have fixed the flaw in late December, but declined to comment as to whether any user accounts were compromised. Read more.

 

Cyber Connections News Roundup: January 15

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 15, 2018

Cybersecurity Implications of the Government Shutdown Could Have Long-term Implications

Furloughed workers and frozen funding has compromised our nation’s defenses against foreign cyber attackers, according to cyber blogger Joseph Steinberg. As a very basic example, it is highly unlikely that updates and patches are being tested and applied in a timely fashion to all computers that need them. The shutdown is also having a dramatic impact on the ability of key federal departments and agencies, such as the Department of Homeland Security and the National Institute of Standards and Technology, to secure the private sector, according to a recent www.govtech.com report. Read more.

Compliance Costs and Mobile Attacks Top the List of APAC Cyber Predictions for 2019

According to a recent article on www.networksasia.net, China is the top source of security incidents in Asia, accounting for more than one-fifth (22.8%) of them, followed followed by India (18.4%) and Russia (11.3%). These insights were derived from research developed by Ensign InfoSecurity (EIS), from the period of October 2017 to March 2018. Key cybersecurity predictions for the APAC region include: rising compliance costs; growing attacks on mobile, cloud platforms and SCADA systems; an increased influence of artificial intelligence; and an increase in the complexity of attacks. Read more.

Airline Industry To Take a More Proactive Stance on Cyber Threats

Airports and airlines are industry leaders when it comes to physical security checks, such as baggage scans, restrictions on liquids, and random passenger searches. But now they are focusing more on online threats, according to a recent www.webtravel.com report. The wake-up call came last year, when Cathay Pacific, British Airways, Delta Air Lines and Singapore Airlines all experienced cybersecurity breaches that exposed the personal data of millions of travellers worldwide. Read more.

U.S. Education Industry’s Cybersecurity Lags Behind 16 Other Sectors

According to a recent http://www.edweek.com article, the education industry has the worst cybersecurity vulnerability among 17 industry sectors. Citing a recent report by SecurityScorecard that surveyed 2,393 companies in the education industry, schools tend to underestimate the need for monitoring and protecting network infrastructures. The growth of computer-based assessments also creates cybersecurity concerns. Read more.

HHS Releases Voluntary Healthcare Cybersecurity Practices

In late December, the Department of Health and Human Services (HHS) released voluntary cybersecurity practices to the healthcare industry with the aim of providing practice guidelines to cost-effectively reduce cybersecurity risks. According to a report on www.healthcare-informatics.com, the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication aims to provide guidance to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems. The publication was produced in response to a mandate set forth by the Cybersecurity Act of 2015 Section 405(d), to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. Read more.