Cyber Connections News Roundup: April 9

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 9, 2019

The Legal Industry Must Do More to Address Cyber Threats

Part one of a recent two-part article on www.abovethelaw.com focuses on the cybersecurity risk landscape in the legal industry and what attorneys and firms can do to reduce their exposure to threats and attacks. Considering the value of the information exchanged between client and attorney, including material related to intellectual property, and mergers and acquisitions, it’s reasonable to understand why law firms are particularly vulnerable to breaches and attacks. The article cites two major examples – the breach of 11.5 million documents from Panama-based law firm Mossack Fonseca in 2016 and the 2017 ransom ware attack on DLA Piper. Part two of the article will focus on what firms and attorneys can do to protect their data and mitigate risk. Read more.

The Skills Cybersecurity Pros Need to Develop to Complete in 2019

Regardless of the talent shortage that exits in the cybersecurity industry, professionals still need to gain an edge to compete for the top positions and highest salaries. To help, the website www.darkreading.com offers six sills cyber pros need to in 2019 to stand out. Coding, data science and privacy expertise rank high on the list of the areas of expertise today’s cyber pros should consider honing. Read more.

The State of Cybersecurity in Education: It’s a People Problem

Institutions of higher education face a dilemma, according to a recent article on https://edscoop.com. Restricting users in order to secure networks means limiting the collaborative nature of higher education. The real problem among educational institutions is human error. According to a 2018 report published by the consultancy EdTech Strategies, 54 percent of all digital data breach incidents experienced by K-12 schools were directly carried out or caused by members of the affected school community. Further frustrating schools’ cybersecurity, according to the article, is the open nature of many schools’ networks. The bottom line is that investment in technology and upgrades are not enough to eradicate threats. Read more.

The Emergence of 5G Networks and the Impact on Cybersecurity

As major network operators roll out their 5G plans,  it’s clear that a new era of connectivity is upon us with  5G playing a leading role in shaping our future, according to an article on www.techradar.com. According global telecom company Ericsson, in just five years’ time over 1.5 billion of us will be connected to 5G. In the meantime, the IT community has been voicing its concerns for the cybersecurity landscape. The widespread opinion is that 2G, 3G and 4G were designed for people, whereas 5G is  designed for the Internet of Things (IoT). Given this scenario, it is more important than ever than companies reevaluate their security strategies. Read more.

Companies Will Invest More in Cybersecurity if They Understand the Real Cost of an Attack

According to IBM, the average cost of a cybersecurity breach is now at $3,860,000, a 6.4 percent increase in their estimate for 2017. Perhaps if we examine the cost of a cyber attack to a business, we may do more to address future threats. A recent article on https://hub.packtpub.com puts the cost of an attack in real numbers to help us gain a better understanding of the impact on the bottom line. The article, an excerpt from the book Hands-On Cybersecurity for Financeby Dr. Erdal Ozkaya and Milad Aslaner, uses cost to motivate organizations to come up with better tools and strategies to prevent attacks. Read more.

Closing the Gender Gap: Assured Identity and Personal Privacy Take Center Stage

By Michelle Hansen

This year’s International Women’s Day theme, “Balance for Better,” calls for gender parity. Closing the gender gap, according to a 2017 World Economic Forum report, is a key to economic development and “the growth, competitiveness and future-readiness of economies and businesses worldwide.”

The report estimates that closing the gender gap in economic participation by 25 percent between 2017 and 2025 will result in a US $5.3 trillion increase in the global GDP. A key factor in women’s ability to contribute to the global economy is their ability to access mobile technology, including handheld devices and wireless Internet connectivity.

Such access can empower more women to become part of the global business world. But leveraging mobile technology to advance the world economy requires an information-managed process focused on security.

The ubiquitous nature of mobile devices provides the paradigm by which our society works, plays, communicates and stays connected. The paradigm with mobile computing involves the computation of information based on user movement and encounter. Smart devices are both personalized, as with smartphones and wearables, and embedded, as with sensors and Internet of Things appliances. All these connected conveniences create pervasive information systems that go where we go, record what we do, and easily connect to any wireless network in range—all without most people knowing it is happening.

Secure human behaviors empowered by publically available information will guide the users of smart technology in protecting their identity and privacy. Human behavior is repetitive and predictable; therefore, people need to be diligent in using mobile devices, downloading apps and content, and wirelessly connecting to the Internet by using prevention, deterrence, and defense. (PDD).

Protecting personal data from nefarious activity starts with choosing behavior over technology. Users who practice personal security tradecraft techniques to mitigate exposure will develop secure habits and behaviors. Furthermore, this practice alleviates a false sense of security based on technology alone. There are four truisms that can be exploited:

  1. Each of us has a distinct pattern of behavior.
  2. If another party has access to your data, you must assume a compromised posture.
  3. Increasing the levels of security, both in behavior and technology, will increase probability of threat detection.
  4. When it comes to defense, simplicity is good, as complexity induces vulnerability.

The use of mobile devices and smartphones in particular exposes both data we have stored and data that is captured by installed apps, towers and networking hardware, and the devices themselves. Hackers can access user data while in transit along insecure connections, as well as through apps that have been installed on personal devices. In 2018, T-Mobile reported that millions of its users had data stolen, including passwords, home addresses, email accounts, and address books.

Assured identity and privacy is protected by authentication and access control systems used to verify account credentials. Email services and apps, device PINs, and network resources including the Internet of Things and real-time systems all use accounts for access and validation.

In constant balance is the need for confidence and trust of users and online entities, with the need to protect the privacy rights of these users and entities. Researchers and businesses continue to look at options for strengthening systems, including using role-based access control (RBAC), biometrics, pervasive surveillance (“Panoptic Effects”), privacy-protecting transformations of data, privacy-protecting data mining methods, privacy regulation (e.g., HIPAA and COPPA), oblivious multiparty computation, and trusted proxy research.

One promising new technology is the use of flexible signatures, whereby a verification algorithm is used to validate credentials in a systematic manner that is quantifiable and trusted. Ultimately, the level to which a person can be confident that their data, identity and privacy are protected is a direct correlation to their own efforts to stay informed of threats and vulnerabilities, and actions to minimize vulnerabilities based on behavior.

March is Women’s History Month, an appropriate time to highlight the link between technology and gender parity. Access to all information systems, technologies and connectivity is essential to women’s full economic participation in the global economy. According to USAID, providing online and mobile access to 600 million women could contribute $18 billion to GDP growth in 144 developing countries. But arriving a full participation must go hand in hand with building awareness around behaviors and threat vulnerabilities, and establishing identity and privacy through trusted authentication and access control systems.

As more and more women adopt mobile technology to advance their position in the global economy, they also can have a significant influence on individual privacy and identity by demonstrating safe behaviors and choices, including choosing secure connections to the Internet, safeguarding confidential information, and avoiding malicious third-party apps.

HansenAbout the Author

Michelle Hansen is collegiate professor of cybersecurity and computer forensics at University of Maryland University College.