Heading 1

You can edit text on your website by double clicking on a text box on your website. Alternatively, when you select a text box a settings menu will appear. Selecting 'Edit Text' from this menu will also allow you to edit the text within this text box. Remember to keep your wording friendly, approachable and easy to understand as if you were talking to your customer

Cyber In security News


July 2019
Warner Blasts Administration on 5G Missteps
China has taken the lead on developing a next-generation 5G wireless network. And unless the United States government does a better job, there may be a large price to pay.
     That was the message that Sen. Mark Warner (D-Va.) delivered in a speech in June at the Council on Foreign Relations. Warner blamed both the Trump and Obama administrations for complacency.
     Unless the federal government ramps up its efforts and invests more resources in cybersecurity and technology research, Warner said, American companies may be more susceptible to Chinese spying, and China could also take the lead on the development of artificial intelligence and quantum computing.
     Warner also urged intelligence agencies to share more information about Chinese hacking with U.S. companies to help them protect themselves.
     Read more from The Washington Post.
Florida City Pays Big Ransom
We keep reading about cities that are hit with ransomware attacks, but then hold the line and refuse to pay. One could get the impression that no municipalities capitulate.
    But that would be wrong.
    In June, the city of Riviera Beach, Fla. (population 35,000) paid a $600,000 ransom to unlock its computer systems.
    The development highlights the surge of ransomware attacks, and the tricky calculations that go into deciding how to respond. The payment may sound quite large, but the cost of not paying is almost always much larger.
     This is not to say, however, that paying is necessarily smarter or more cost-effective.
     Read more from The Washington Post.
Baltimore’s Response to Ransomware
Hampered by Lack of Cooperation
There are lots of ways that cooperation can benefit victims of ransomware attacks. And failure to cooperate can just as often hamper them. A closer look at the recent attack on Baltimore suggests that there was a missed opportunity—and lessons from which other cities can learn.
     The issue came up during a Maryland Cybersecurity Council meeting in May, not long after the attack on Baltimore made headlines. Maryland’s chief information security officer said that the state’s IT department was ready and eager to help the city in the wake of the attack, but it was difficult to communicate with Baltimore’s team during the first week.
     It wasn’t due to crippled technology, the CISO explained. It was because they had never established a working relationship before the attack, and so there was a lack of trust.
     The result was that the city struggled to respond with a relatively small team and budget, and was not able to take advantage of the state’s enhanced resources in a timely fashion.
     Read more from Government Technology.
AI to Counter Phishing
Phishing attacks can be hard to counter. Training can be effective, but there are always new employees between trainings. And there are always others who somehow miss the boat. And research suggests that training is only effective if it’s repeated every few months.
     Sounds grim. But what if they can be defeated electronically? 
     Three cybersecurity startups are betting that they can. And each uses artificial intelligence to anticipate scams before they’re sprung. The gambit is that machine learning will allow the startups to stay ahead of the bad guys.
     There’s money that says the startups are on to something. All three have secured venture capital.
     Read more from Fortune.
June 2019
Cybersecurity Vendors Are Sharing Intel
Corporations have begun to share cyber threat information with each other, often with the encouragement of government agencies with which they also exchange intelligence. But there’s another important alliance of sometime-competitors that hasn’t gotten much publicity.
     Cybersecurity companies have formed a nonprofit of their own specifically to share information they can pool to help protect their clients. It’s called the Cyber Threat Alliance (CTA), and its members are some of the biggest companies in the industry. They include Cisco, Fortinet, McAfee, Palo Alto Networks and Symantec.
     It started as an informal agreement in 2014 among four companies in 2014. They wrote a white paper about their idea, which attracted lots of attention in the field, and in early 2017 they launched the nonprofit.
     As nation-states began to pose the largest threats, the companies realized that they were not going to be able to thwart them alone. Nor is the U.S. government likely to be able to do so without help, the CTA maintains. That’s why the alliance may prove crucial in the cybersecurity battles ahead.
     Read more from The Washington Post.
The Business Case for Cybersecurity
A consensus seems to be building that cybersecurity is not just a good practice and the right thing to do, but good for business. And that seems to be buttressed by all the new regulations like the EU’s General Data Protection Regulation and the California Consumer Privacy Act.
     But there’s one problem. How do you prove it?  How do you measure it?
     If one indication of cybersecurity is the absence of breaches or losses, is this the data we should be counting?
     It’s a particularly thorny topic for insurance companies, which depend on their actuarial tables.
     Read more in Business 2 Community.
The Trump Administration Indicts Alleged Chinese Hackers
It’s hard to remember all of the companies that have been hit by cyberattacks. But the health insurer Anthem still stands out. In 2015, a massive data breach compromised the personal information of 78 million patients.
     Last month two Chinese citizens were indicted by the U.S. Department of Justice, which alleged that they were part of a “sophisticated China-based hacking group.”
     The indictments are the fourth time that the Trump Administration has indicted Chinese nationals in the past 18 months. That is the most of any nation.
     While the accused hackers are unlikely to travel to the United States, and thus will almost certainly never face prosecution, the indictments were intended to send a message to the alleged hackers, and their government, that they are being held accountable.
     Read more from The Washington Post.
CISA Employees Asked to Work on the Border Crisis
The Cybersecurity and Infrastructure Security Agency (CISA) has a daunting job to do, given the vulnerability of the country’s infrastructure and the volume of cyberattacks. But now it has another problem: holding onto its employees.
     It’s difficult enough for federal agencies involved in technology to retain their top people, given the salaries they can often command if they leave for jobs in the private sector. And CISA has had to deal with that challenge. But now a new twist has come from within.
     In May, Acting Secretary Kevin McAleenan of the U.S. Department of Homeland Security asked CISA to send “volunteers” to help deal with the country’s border crisis. And the agency has begun to comply.
     CISA Director Christopher Krebs testified at a recent House hearing that 10 CISA employees had deployed to the border.
     Democrats on the House Homeland Security Committee were critical of the request. Committee Chairman Bennie Thompson (D-Miss.) told reporters that CISA already has 360 vacancies, and questioned the wisdom of creating more by deploying existing employees elsewhere.
     Read more from The Hill.
CISA Director Christopher Krebs
May 2019
The Cybersecurity Dance on the Hill
The challenges cybersecurity poses can give rise to strange scenarios. We depend on government agencies to encourage companies to secure their data, and to penalize them when they’re negligent. But we frequently learn that some government agencies are negligent themselves.  
     It was particularly troubling to learn that one of them is the U.S. Department of Health and Human Services, since health care data contains so much sensitive information. But an Office of Inspector General report seems to leave little doubt that HHS has serious deficiencies.
     The other part of the story is that we know that many of our aging politicians are far from knowledgeable about, and comfortable with, technology. But they are frequently the ones who must call to account entities with poor security.
     And so it was that in April, Senate Finance Committee Chairman Chuck Grassley (R-Iowa) sent a letter to HHS Secretary Alex Azar demanding that he provide information about the department’s cybersecurity policies, and asking him to explain the lapses.
     Read more from Health IT Security.
Chuck Grassley
IBM Study Reveals Widespread Cybersecurity Deficiencies
In April, IBM Security announced the results of a global study of cybersecurity preparedness, and the news was not encouraging. IBM hired the Ponemon Institute to conduct the research, and it found that 77 percent of the respondents do not have an incident response plan that is consistently applied across the company.
     That wasn’t all. More than half said they don’t test their plans regularly.
      “Failing to have a plan is a plan to fail,” said Ted Julian, VP of product management and co-founder of IBM Resilient.
     Read more from CISOMAG.
KKR’s Phishing Experiment
Private Equity giant KKR has been investing in cybersecurity companies for a while. And doing quite well. But in an April story in Fortune, there was an interesting revelation about its own vulnerability.
     In a Q&A that was part of the article, KKR Managing Director Vini Letteri was talking about the high percentage of breaches that result from human error.  Then he said this:

"I think I can share this; as part of our diligence, we worked with our [chief security officer] to actually launch a phishing attack on a subset of KKR employees. We think this place is full of high-integrity, intelligent people—and even then, over a third of the employees that we sent it out to went ahead and clicked on the malicious email. We brought that up in the investment committee meeting, and it became so obvious that if, in a place like this, people still need to go through that sort of training, then it’s got to be broadly applicable out in the marketplace."

Read more from Fortune.
Vini Letteri
The Big Problem with Cybersecurity Research
How do companies defend themselves against cyberattacks? And what seems to be most effective?
     Great research topics, right? But there’s a very big problem with cybersecurity research. Companies are not providing enough raw data to researchers. They claim they have concerns about privacy.
     And to make matters worse, researchers who do manage to get ahold of data rarely share it with other researchers when they’re done—which is not the norm, scientists say.
     The dearth of quality research may explain in part why the state of cybersecurity has shown few signs of improvement in recent years, and may be getting worse.
     Read more from The Washington Post.