Cyber Connections News Roundup: June 29

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 29

Cyber Insurance May Be Hurting Efforts to Quell the Proliferation of Ransomware Attacks

A recent article on www.zdnet.com suggests that cyber insurance may be helping perpetuate ransomware. Designed to protect organizations against the fallout of cyberattacks, some critics argue that insurance encourages ransomware victims to simply pay the ransom demand that will then be covered by the insurers, rather than have adequate security to deter hackers in the first place. Insurers argue that it’s the customer that makes any decision to pay the ransom, not the insurer. A recent paper by UK-based defense think tank Royal United Services Institute (RUSI). this practice isn’t just encouraging cyber criminals, it’s also not sustainable for the cyber insurance industry. Read more.

Russian SolarWinds Hackers Are at it Again

State-sponsored Russian hackers compromised a Microsoft customer support representative’s account, leveraging that access to try to hack other customers, according to a recent report on www.cyberscoop.com. The same group, which Microsoft calls Nobelium and is known as APT 29 and Cozy Bear, is the primary suspect in the SolarWinds attack, a hack in which spies also breached nine U.S. federal agencies and scores of technology companies. The alleged Russian hackers used information-stealing malware to infect a customer support machine, then used data found on that device to target IT companies, government agencies and non-government organizations and think tanks. Targets were in 36 countries. Learn more.

Blackberry Transforms its Business to Focus on Cybersecurity

According to a recent report on www.msspalert.com, Blackberry has reorganized its software and services business around the two groups — specifically, the Internet of Things (IoT) and cybersecurity. The IoT business unit involves such BlackBerry technologies as QNX, IVY, Certicom, Jarvis and Radar. Meanwhile, the cybersecurity business unit spans BlackBerry’s Spark endpoint security and endpoint management product, UEM, as well as AtHoc, the critical event management software, and Secusmart, secure voice and text product. Read more.

Bipartisan Bill Introduced to Promote Cybersecurity Literacy

A bipartisan group of U.S. House members introduced legislation to establish a cybersecurity literacy and public awareness campaign. According to a report on www.channelfutures.com, U.S. Rep. Adam Kinzinger of Illinois leads the cybersecurity literacy initiative. U.S. representatives of both parties from Florida, California, Texas and Pennsylvania are co-sponsoring the bill, called the American Cybersecurity Literacy Act. The legislation would require the National Telecommunications and Information Administration (NTIA) to establish a cybersecurity literacy campaign to help promote understanding of how to stay safe online and prevent successful cyberattacks. It would also include lessons on how to identify malicious phishing emails, the need to change passwords often and use multifactor authentication (MFA) on sensitive accounts. Read more.

Embracing Neurodiversity Will Help Close the Cybersecurity Skills Gap

A recent article on www.techcrunch.com explains how embracing neurodiversity can help address the cybersecurity skills gap and strengthening your own security team by embracing different minds and perspectives. Neurodiversity is a concept that views the spectrum of neurological differences —ADHD, autism, dyslexia, Tourette’s and other cognitive and developmental disorders — as natural variations of the human brain. The article argues that to have a chance at closing the cybersecurity skills gap, we would benefit from people with a variety of different abilities and thought processes. For example, many people with autism are pattern thinkers and are highly detail-oriented. This allows someone in a threat-hunting position to find those subtle differences between malicious and non-malicious code and catch the threats that automated tools might miss. Read more.