Cyber Connections News Roundup: Feb. 9

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 9

Biden’s Cybersecurity Call to Action

According to a recent article on www.fedscoop.com, a recent memo from the Biden administration calls for federal agencies with foreign policy and national security missions to modernize to ensure officials performing those roles have the latest technologies at their disposal. Biden‘s memo, issued on Feb. 4, calls for recruiting and retaining technical talent that will strengthen the national security and foreign policy workforce. The memo also establishes an Interagency Working Group on the National Security Workforce chaired by the principal deputy national security adviser with deputy directors of the Office of Management and Budget, Office of Personnel Management, and Office of Science and Technology Policy serving as vice chairs. Read more.

Cybersecurity Continues to Gain Boardroom Presence

According to a recent report on www.financialchannel.com, Gartner predicts that by 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today. According to the Gartner 2020 Board of Directors Survey, cybersecurity-related risk is rated as the second-highest source of risk for the enterprise, following regulatory compliance risk. Hence, many boards of directors are forming dedicated committees that allow for discussion of cybersecurity matters in a confidential environment, led by someone deemed suitably qualified. Read more.

FDA Appoints Medical Device Cybersecurity Director

The Food and Drug Administration has appointed Kevin Fu, a University of Michigan associate professor, to serve a one-year term as acting director of medical device cybersecurity at the agency’s Center for Devices and Radiological Health. According to a report on www.medtechdive.com, Fu is a long-time security advocate and researcher will serve as an “expert in residence” and the FDA’s first medical device cyber chief in CDRH’s Office of Strategic Partnerships and Technology Innovation. Read more.

To Ramp Up Cybersecurity Training Think Industrial Revolution

A recent article on www.forbes.com suggests we look back to the Industrial Revolution to better understand the relationship between automation and people and how that relates to cybersecurity training. Back then, companies built factories and invested in new manufacturing technologies, but they still required training people to operate the machinery. Today, this is the same problem we face in cybersecurity. Companies have invested heavily in automation to compensate for the lack of available experts, we still need qualified security professionals to use the tools, interpret the signals and gather intelligence. But cybersecurity is different, requiring a much broader skill set and big picture view. Read more.

The Ransomware One Percent Club

A recent article on www.cyberscoop.com examines how the ransomware industry is developing its own version of the 1%, where a small number of players enjoy most of the wealth. Cybercrime investigators are suggesting that the trend of increasingly large ransomware cash demands and attack frequency is not the work of a large number of criminals, but instead the result of a specialized black market economy, in which hackers will different skill sets collaborate on a breach, then split the proceeds. A relatively small number of attack groups actually seem to make up most of that black market economy, offering their malicious software on a rental basis and then taking a sizable chunk of the profits and relying on money laundering to cover their tracks. Read more.