Cyber Connections News Roundup: January 1

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 1, 2018

Cybersecurity Trends for 2019: UMUC Faculty Experts Weigh in on What to Expect in the New Year 

As it was when 2018 began, cybersecurity remains a top global priority as we look ahead to 2019, arguably, even more so. We simply need to look back over the past year to see that data breaches have affected just about every aspect of our lives. What can we expect 2019 to bring? Cybersecurity faculty experts at the University of Maryland University College (UMUC) offer five unique industry predictions, trends and priorities for the coming year. Read more.

Maritime Cybersecurity Should Not Be Overlooked

As reported recently on www.pilotonline.com, 70 percent of key maritime industry stakeholders have confidence in the industry’s ability to face cyber attacks, but only 36 percent expressed confidence that their own companies could do the same. These were just two key takeaways from the inaugural Maritime Cybersecurity Survey, conducted by the New Orleans-based law firm Jones Walker LLP. Released in October, 2018, the survey asked senior security and compliance leaders from U.S. maritime companies to gauge the industry’s preparedness for cyber attacks, such as the recent assaults on the ports of San Diego and Barcelona, and the malware attack that cost the shipping giant Maersk more than $300 million last year. Read more.

New Acting Pentagon Chief Is Advocate for Cybersecurity, But Questions Remain

Patrick Shanahan, who will become acting Secretary of Defense on Jan. 1, replacing outgoing Pentagon chief Jim Mattis, has been one of the Pentagon’s top advocates for stronger contractor cybersecurity and IT acquisition, according to a recent article on www.fifthdomain.com. But how Shanahan handles the greater cybersecurity issues we face today, even on a temporary basis, remains an open question that will most likely be tested immediately amid current challenges, such as the alleged hacking campaign from China. Read more.

FINRA Updates Report on Cybersecurity Practices for Broker-Dealers

On December 20, 2018, the Financial Industry Regulatory Authority (FINRA) released a report on cybersecurity practices that continues its efforts to share information that can help broker-dealer firms further develop their cybersecurity programs. This report presents FINRA’s observations regarding effective practices that firms have implemented to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity. Read more.

Cybersecurity Remains Among the Top Health IT Risks for 2019

Business continuity and disaster recovery, cybersecurity, biomedical devices, IT governance, system access management, and system implementation will be the biggest IT risk areas for healthcare organizations in 2019, according to a report from Crowe, a global public accounting, consulting, and technology firm. According to a recent article on www.healthitsecurity.com, cybersecurity will continue to be a top boardroom concern among healthcare organizations in 2019. Notably, biomedical device and IoT security will remain as areas of focus to ensure patient safety, HIPAA compliance, and network security risk. Read more.

Cyber Connections News Roundup: December 18

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 18, 2018

Does the Latest Bitcoin Hoax Mean Ransom Attacks Are on the Rise?

On Dec. 13, school administrators, business owners and others across the U.S. and Canada received emails threatening them to pay $20,000 worth of Bitcoin or risk a deadly explosion. The scam, which put law enforcement agencies and emergency personnel on high alert, represents a shift in the threat landscape, namely as it relates to scale, according to a recent article on http://www.circa.com. Once phoned in, perpetrators now can email thousands of bomb threats and financial scams with one click of the mouse. Ransom attacks are most likely on the rise, as they are seen as an inexpensive and easy way for individuals and nation states to raise money and move that money around. Read more.

Why Satellites Need Cybersecurity Too

Cybersecurity is a threat countries must not overlook when protecting their satellites, according to a recent article on http://www.space.com. Vulnerable to a number of different types of threats and attacks are hard to trace, satellites also have a series of attack points, rather than a single entry point that’s easier to defend. Read more.

Think a Department of Cybersecurity is a Good Idea? Maybe Think Again

A recent report from http://www.defense360.com argues that many of the cybersecurity challenges we face today already have an approach suited to the problem, and none of them involve a Department of Cybersecurity, a disruptive bureaucratic solution that would fail to solve problems and may also add new ones. One notable concern is that turning cybersecurity over to a centralized department runs the risk of a one-size-fits-all technical solution that does not consider the unique risk environments of other agencies. Read more.

Aramco and Raytheon Cybersecurity Joint Venture A Boon to Job Creation

Saudi Aramco and American defense contractor Raytheon have signed a memorandum of understanding (MoU) to establish a joint venture cybersecurity company, the companies announced on Dec. 14. According to a report on http://www.arabianbusiness.com, the new company will market and provide cybersecurity software and hardware capabilities as well as research and development. The venture also is expected to advance Saudi Arabia’s economic development goals by creating highly skilled jobs in the cybersecurity sector. Read more.

New Mimecast Survey Exposes Lack of Employee Cybersecurity Training

According to a new study by cloud-based email protection company Mimecast, of 1,000 employees who use employer-issued devices, 25 percent of employers do not understand the most common cybersecurity threats against their organizations. Mimecast also found that only 45 percent of businesses put their employees through mandatory, formal cybersecurity training. What does this mean? According to Mimecast, it could indicate that businesses are inherently trusting of their employees. Or, it could also mean that companies simply don’t have the resources or know-how to implement formal cybersecurity training. Read more.

Cybersecurity Trends for 2019: Hear from University of Maryland University College Faculty Experts

As it was when 2018 began, cybersecurity remains a top global priority at year’s end and, arguably, even more so. We simply need to look back over the past year to see that data breaches have affected just about every aspect of our lives. What can we expect 2019 to bring?

Cybersecurity faculty experts at the University of Maryland University College (UMUC) offer five unique industry predictions, trends and priorities for the coming year.

1) A Broader Investment in Leadership and Hiring Strategies:
Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School

Organizations appear poised to realize that cybersecurity executives are needed at the highest levels in order to drive organizational digital strategy. In 2019, we will see boards and CEOs get more engaged in the governance aspects of cybersecurity. We may also see some signs of legislation to hold executives accountable for due diligence.

On the hiring end, because companies are finding it harder to poach qualified workers from other companies, they are likely to start investing more in their people. Organizations will begin to engage in more creative ways to hire, including offering internships and apprenticeships, and grooming and investing in their own workforce. Organizations will also begin to look at qualified people with less experience, especially those who can speak the language of business.

2) GDPR Non-Compliance and Renewed Focus on Election Security
Balakrishnan Dasarathy, program chair, Information Assurance

Several companies will be caught for non-compliance with General Data Protection Regulation (GDPR) and a few of them will be fined heavily. This will send shivers through various industries and businesses that steward customer data and predict their behavior. Home Internet of Things (IoTs) are going make the situation dire. On the upside, this will result in better privacy policies and protection of privacy-related data through adequate cybersecurity measures.

With Democrats controlling the U.S. House of Representatives —and with Marcia Fudge playing a key role in the new House—we will see more scrutiny of both the 2018 midterm and 2016 national election processes and controls. The cybersecurity of election systems, voter registration and disenfranchisement are among the many areas that will get their due attention.

3) Decentralization, Assured Identity & Privacy, and HCI Take Center Stage
Michelle Hansen, collegiate professor, Cybersecurity and Computer Forensics

Blockchain, a model for distributed, decentralized frameworks used for information sharing, has quickly become a popular technology based on its financial uses, such as Bitcoin cryptocurrency. Cybersecurity will focus on securing these types of frameworks so that they are impenetrable and more suitable for businesses.

Authentication schemes and access control systems need to provide assured identity and individuals’ privacy. Flexible signatures, which use a verification algorithm to validate credentials in a quantifiable and trusted manner, will play a critical role with new technologies, including IoT and real-time systems.

Finally, people have long been identified as the weakest link with any information technology, system, or device. This vulnerability will be of great focus soon, as human-computer interaction aims to persuade user activity and mitigate security incidents, such as using new machine integration technologies in identifying users’ phishing susceptibility.

4) Cloud-based Breaches Rise, Machine Learning Gains Larger Role in Carrying Out Attacks
Jimmy Robertson, program chair, Software Development, Security and Computer Science

As more agencies and companies move to the cloud, shortages in skilled personnel who fully understand the shared-responsibility security model will result in more cloud-based security breaches. Putting security first before deployment is a best practice.

The application of artificial intelligence—in particular, machine learning—to both offensive and defensive cyber operations promises to offer more efficient and more effective tools for carrying out attacks that occur at machine speeds.

Resurgence of Battle Tested Attacks
Richard White, PhD, adjunct professor and course chair, Cybersecurity Information Assurance

Ransomware will continue to plague large and small businesses alike. The ransomware paradigm has proven highly successful and extremely profitable for bad actors, so it’s a safe bet that we have not seen the last of these types of attacks.

Phishing attacks also will continue, simply because they are tried and true techniques for duping the good guys into ‘mousing over,’ clicking, or downloading packages that provide a range of services to bad actors, such as credential theft, key stroke logger, remote control, and back door.

We also will see more attacks against entire industries, including watering hole attacks or NotPetys, which are both easy to deploy, present very little risk to the bad guys, and are extremely successful regarding their evil objective. Due to the many attributes associated with these types of attacks, it is likely that we will see similar attacks across 2019. 

 

Cyber Connections News Roundup: December 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 4, 2018

Global Cybersecurity in Healthcare to Reach 10.7 Billion By 2024

According to a report by Zion Market Research, the global cybersecurity in healthcare market was valued at approximately USD 6.6 billion in 2017 and is expected to reach USD 10.7 billion by the end of 2024. Major factors driving the growth of cybersecurity in healthcare include: an increase in cyber attacks; increased use of laptops, mobile devices, and smartphones with healthcare applications; and the introduction of advanced technology solutions. North America and Europe are projected to lead the way in cybersecurity in healthcare globally. Read more.

Will the Marriott Breach Lead to New Cybersecurity Laws?

News of the recent Marriott hotel hack that affected approximately 500 million guests may result in renewed calls for new federal legislation, according to a recent www.mediapost.com report. Senator Ed Markey (D-Mass), for one, is pushing for Congress to pass comprehensive consumer privacy and data security legislation that would require companies to follow strong data security standards, direct them to only collect the data they actually need to service their customer, and create penalties for companies that fail to meet them. Read more.

Dell Computer Breach Most Likely Avoided Data Extraction

US-based computer hardware manufacturer Dell announced on Nov. 9 that an unauthorized intruder (or intruders) attempted to extract Dell.com customer information from its systems, such as customer names, email addresses, and hashed passwords. The company stated in a press release that its internal investigations found no conclusive evidence that any data was extracted. According to a www.zdnet.com report, Dell is still investigating the incident, but said the breach wasn’t extensive, with the company’s engineers detecting the intrusion on the same day it happened. Read more.

Russian Hackers Back in Action After Midterms

According to a recent article on www.thehill.com, Russian hackers carried out a widespread campaign that targeted the federal government, media outlets and think tanks after the Nov. 6 midterm elections. American officials detected activity by a Kremlin-linked hacking group that took place days after the polls closed. The article suggested that the post-midterm attacks are a sign that hackers are exploring the new political landscape now that Democrats will be in control of the House starting in January. Read more.

What Is the Role of the SEC in Cybersecurity Regulation?

A recent article posted on www.lawfareblog.com examines the relationship of the Securities and Exchange Commission (SEC) and cybersecurity regulation. According to a White House Council of Economic Advisers report released earlier this year, malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. Yet, despite major breaches like the Equifax hack, Congress has not passed new legislation, even though SEC leadership has acknowledged that the greatest threat to our markets right now is the cyber threat. What should the role of the SEC be in regulating cybersecurity? Read more.

Cyber Connections News Roundup: November 20

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 20, 2018

Trump Inks Bill for New DHS Cybersecurity Agency

On Friday, Nov. 16, President Trump signed into law a bill that establishes the Department of Homeland Security (DHS) as the main agency overseeing civilian cybersecurity. The DHS’s cybersecurity branch, known as the Cybersecurity and Infrastructure Security Agency (CISA), will now be elevated to the same stature as other units within DHS, such as Secret Service or the Federal Emergency Management Agency (FEMA). Read more.

Why Are Millennials Such a Big Workplace Cybersecurity Risk?

According to a recent research study by SailPoint, a provider of identity governance solutions, nearly 90% of 18–25 year-olds breaks the most basic of security rules, such as reusing passwords across different accounts. According to an article about the report on www.informationage.com, more than half (55%) of survey respondents stated their IT department is a source of inconvenience, which leads employees to skirt IT policies. The SailPoint study is based on interviews with 1,600 employees at organizations with at least 1,000 employees across Australia, France, Germany, Italy, Spain, the United Kingdom and the United States. Read more.

Cybersecurity Moonshot Closer to Becoming a Reality

As reported on www.thehill.com, members of the President’s National Security Telecommunications Advisory Committee (NSTAC) voted to move forward with its cybersecurity “moonshot” by sending its 56-page report to the White House on November 14. The report calls for the Trump administration to establish a council and executive director to make cybersecurity a priority for the federal government, U.S. businesses and American citizens. Read more.

Schools Must Do a Better Job Defining Path to Cybersecurity Careers

Student panelists at the Nov. 8 symposium “Attacking the Roots of Cyber (In) Security: The Role of Education,” organized by Cyber Center for Education & Innovation (CCEI)–Home of the National Cryptologic Museum (NCM) and hosted by University of Maryland University College (UMUC), agree that educators need to do a better job defining the path toward cybersecurity careers. The panel, moderated by Dr. Karen Salmon, the superintendent of the Maryland State Department of Education, included high school seniors, a current college student and a recent graduate of the UMUC master’s program in digital forensics and cyber investigation. Read more.

U.S. Among Countries Absent from 50-Plus Nation Cybersecurity Pact

On Monday, Nov. 12, French President Emmanuel Macron released an international agreement on cybersecurity principles Monday as part of the Paris Peace Forum. As reported on www.axios.com, the original signatories the Paris Call for Trust and Security in Cyberspace included more than 50 nations, 130 private sector groups and 90 charitable groups and universities, but key absentees include the United States, Russia, China, North Korea, Iran and Israel, a country that already has a large domestic cybersecurity industry. Read more.

 

Securing the Cloud Is a Shared Responsibility

Cloud computing—using a network of remote servers hosted on the Internet to store, manage, and process data—is an attractive solution for business owners and government agencies from a security standpoint. If used properly, cloud computing can result in fewer security concerns and greater cost savings. But what about security?

Last month at CyberMaryland 2018, Jimmy Robertson, program chair, Computer Science and Software Development and Security at University of Maryland University College, sat down with us to explain how cloud security is a shared responsibility among all stakeholders and to offer his  insights into the security implications of moving into the cloud. Watch the video below:

Cyber Connections News Roundup: November 6

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 6, 2018

Why Does Cybersecurity Have to Be So Hard?

According to a three-part series on http://www.forbes.com, the main reason is a lack of maturity in enterprise security operations. In a typical organization, insufficient skills at the tier 1 level to handle the response to most security events and incidents leads to excessive escalations to tier 2 and tier 3 support that are inadequately staffed to handle the volume. And because cybersecurity is in its infancy, by comparison to other IT areas, there is far less institutional knowledge to be shared with security operations recruits. Read more.

FDA Called Out on Deficient Plans to Secure Medical Devices

The U.S. Health & Human Services Department’s inspector general last month flagged the Food and Drug Administration (FDA) for its “deficient” plans and processes to ensure medical device cybersecurity, according to a recent report on http://www.massdevice.com. According to an HHS report, the FDA had not adequately tested its ability to respond to emergencies resulting from cybersecurity events in medical devices. Moreover, in two of 19 district offices, the FDA had not established written standard operating procedures to address recalls of medical devices vulnerable to cyber threats. Read more.

Talk of Cybersecurity Concerns Dominates Recent Law Practice Conference

Cybersecurity is a growing concern among practicing lawyers, according recent coverage of the College of Law Practice Management’s Futures Conference on http://www.abovethelaw.com. One of the statistics shared during the conference, at which discussion of cybersecurity dominated, was that one third of law firms with 10-99 lawyers suffered from a cyber breach in 2017. Read more. Read more.

How Utility Companies Can Combat Cybersecurity Threats

The recent indictments of seven intelligence officers from the Russian Main Intelligence Directorate of the General Staff (GRU) on charges of hacking computers associated with anti-doping sports organizations should serve wake-up call to utility companies in the US and abroad. . The hacking, as it turned out, was not limited to the anti-doping organizations. Allegedly, it extended to an international chemical weapons lab and a global electric company. A recent article on http://www.tdworld.com offers utility companies five tips they can take to combat cyber threats. Read more.

New NSF Investments Focus on Cybersecurity Programs

The National Science Foundation (NSF) Secure and Trustworthy Cyberspace (SaTC) program has announced new support for a diverse, $78.2 million portfolio of more than 225 new projects in 32 states spanning a broad range of research and education topics, including artificial intelligence, cryptography, network security, privacy, and usability. According to a recent report on www.scienmag.com, the new portfolio features an award for the Center for Trustworthy Machine Learning (CTML), which will address challenges in cybersecurity science and engineering. Read more.