Cyber Connections News Roundup: Dec. 1

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 1

UMGC Cyber Experts Predict Rise in Attacks on Software, Cloud and Critical Infrastructure in 2021

This year, the Covid-19 pandemic has had an impact on how we work, conduct business, socialize, learn and simply go about our daily routines. It also has affected the security of the workplace and individuals with a rise in phishing, ransomware and other types of malicious attacks. Meanwhile, the lead-up to the November 3 election exposed both the real—and imagined—vulnerabilities in the nation’s disparate voting systems. Read our top six trends and predictions to watch for in 2021, according to University of Maryland Global Campus cybersecurity faculty experts Valorie King, program director for UMGC Cybersecurity Management and Policy; Bruce DeGrazia, collegiate professor, Cybersecurity Management and Policy; and James Robertson, program director for Cyber DevOps. Read more.

Is the Healthcare Industry Under Cyber Attack?

According to a recent article on https://threatpost.com, hackers are setting their sights on healthcare. In the article, cyber experts explore why hospitals are being singled out and what any company can do to better protect themselves. Namely, as systems are stretched to the limits by COVID-19 and technology becomes an essential part of everyday patient interactions, hospital and healthcare IT departments have been left to figure out how to make it all work together, safely and securely. And the connectivity of devices within the  hospital is exponentially increasing the attack surface. Read more.

Senate Sends Internet of Things Cybersecurity Improvement Act (H.R. 1668) to President

By a unanimous consent, the U.S. Senate voted to send the IoT Improvement Act to the White House for the President’s signature. As reported on https://cisomag.eccouncil.org, the bill, first introduced in 2017 and reintroduced in 2019, passed the U.S. House of Representatives in September 2020 by voice vote. The new IoT legislation, which is backed by Reps. Will Hurd (R-Tex.), Robin Kelly (D-Ill.), Sens. Mark Warner (D-Va.), and Cory Gardner (R-Colo), mandates the U.S. National Institute of Standards and Technology (NIST) to create recommendations to address cybersecurity issues and release guidelines for government agencies that align with the NIST recommendations. Read more.

Trump Fires CISA’s Krebs, Instrumental in Securing the 2020 Election from Interference and Disinformation

President Donald Trump on Nov. 17 fired Chris Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Krebs, who helped protect the 2020 election from hacking and disinformation, had repeatedly debunked baseless claims from Trump and his allies of widespread electoral fraud while generally avoiding mentioning the president by name, according to an article on www.cyberscoop.com. Trump tweeted Tuesday evening that he fired Krebs because his agency issued a “highly inaccurate” statement that the 2020 election was secure. The White House also forced the resignation of Krebs’ deputy, Matt Travis, on Tuesday evening. Travis’ resignation from CISA makes Brandon Wales, CISA’s executive director, the acting head of the agency. Read more.

Rotating Assignments Will Boost Federal Cyber Workforce Says OPM

The Office of Personnel Management (OPM) is encouraging federal agencies to use rotational cybersecurity assignments to build and sustain a federal cybersecurity workforce and create a pipeline of cybersecurity talent, according to a recent article on www.fedscoop.com. According to a Nov. 18 memo from OPM acting Director Michael Rigas, 120-dayd assignments will allow cybersecurity practitioners to learn new skills through hands on experience and provides the individuals with a more comprehensive understanding of the complexity and depth of cybersecurity work across the Federal Government. Read more.

Cyber Connections News Roundup: Nov. 17

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 17

Continued Learning and Passion are Key Career Success Cyber Professionals Say

Breaking into cybersecurity and choosing the right path, said a trio of former University of Maryland Global Campus students, often depends on one’s academic and professional goals. UMGC graduates Jordan Bennet, Kimberly Mentzell and Tony Punturiero  agreed that the recipe for cyber career success usually includes the combination of early experiences and influencers, continual learning and a passion for the discipline. The three alumni shared their practical experiences in achieving their career aspirations as participants of a late October webinar, moderated by Dianne O’Grady-Cunniff, director of the Maryland Center for Computing Education, that was part of the university’s National Cybersecurity Awareness Month observance. Read more

Department of Defense Names New Cyber Chief

The Department of Defense has announced that has Dave McKeown will be its next chief information security officer (CISO), according to a recent report on www.fedscoop.com. McKeown is a long-time government IT and security official who served most recently at the Department of Justice. He replaces former CISO Jack Wilmer, who departed in July to lead a private security company. Before leading enterprise services at DOJ, McKeown ran enterprise services and cybersecurity for the DOD’s Joint Service Provider, an IT service that, among other things, supplies Wi-Fi to the Pentagon. He is also a retired Air Force officer. Read more.

New (ISC)2 Workforce Study Shows that Cybersecurity Talent Gap Is Narrowing

(ISC)², the nonprofit association of certified cybersecurity professionals – released the findings of its 2020 Cybersecurity Workforce Study. For the first time, the study indicates a year-over-year reduction in the cybersecurity workforce gap, due in part to increased talent entry into the field and uncertain demand due to the economic impact of COVID-19. According to an article on www.securitymagazine.com, the research, conducted from mid-April through June 2020, reveals that the cybersecurity profession experienced substantial growth in its global ranks, increasing to 3.5 million individuals currently working in the field, an addition of 700,000 professionals or 25% more than last year’s workforce estimate. Read more.

New (ISC)2 Perception Study Reveals Barriers to Entry for Cyber Jobs

Meanwhile, a recent article on www.helpnetsecurity.com examines some of the barriers that are preventing job seekers from considering a career in cybersecurity. The recent 2020 (ISC)² Cybersecurity Perception Study asked 2,500 people across the U.S. and the U.K. who don’t currently work in cybersecurity roles and have never worked in the field about how they view cybersecurity workers, whether they would consider entering the field, and what’s stopping them from doing it. Although most participants viewed cybersecurity professionals as smart, technically skilled individuals, only 8% considered working in the field at some point. One of the biggest deterrents to entering the field was the distorted perception that you must highly specialized, technical skills. Read more.

US Seized Domains with Ties to Iranian Influence Campaigns

The U.S. Department of Justice has seized 27 internet domains, including four that the feds say were targeted directly at U.S. audiences, according to a recent report on www.cyberscoop.com. Iran’s Islamic Revolutionary Guard Corps (IRGC) unlawfully used the domains to “covertly influence” opinions in the U.S. and elsewhere, the department said in an announcement on Nov. 4. In early October, the feds seized 92 domains under similar allegations. Later that month, the Treasury Department sanctioned five Iran-linked organizations for spreading disinformation and making other attempts to sow discord in the U.S. Read more.

Cyber Connections News Roundup: Nov. 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 4

Can Our Elections Be Completely Secure?

Bruce deGrazia, University of Maryland Global Campus collegiate professor of cybersecurity management and policy, offered a historical look at the inner workings of voting systems and related cybersecurity challenges in U.S. election processes during an Oct. 19 session of the university’s Cybersecurity Awareness Month webinar series. deGrazia, a former election judge in Chicago, said any system is vulnerable to corruption, hacking or irregularities that might compromise accuracy or security. Apart from apprehension about actual voting systems, hacking and disinformation related to candidates and parties also is of great concern. “Hacking mainly occurs on candidate and party websites,” he said. Read more.

Cyber Attacks on American Hospitals Feared Just as COVID-19 Cases Surge

According to a recent report on www.nytimes.com, hundreds of American hospitals are being targeted in cyberattacks that are intended to take those facilities offline and hold their data hostage in exchange for multimillion-dollar ransom payments, just as coronavirus cases spike across the U.S. Russian hackers, believed to be based in Moscow and St. Petersburg, have been trading a list of more than 400 hospitals they plan to target. On Oct. 28, three government agencies — the F.B.I., the Department of Health and Human Services and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency — warned hospital administrators and security researchers about a “credible threat” of cyberattacks. Read more.

Trustwave Discovers Hacker Selling Information on 186 Million Voters

Global cybersecurity company Trustwave said it has found a hacker selling personally identifying information of more than 200 million Americans, including the voter registration data of 186 million. According to a report on www.nbcnews.com, much of the data identified by Trustwave is publicly available, and almost all of it is the kind that is regularly bought and sold by legitimate businesses. However, that so many names, email addresses, phone numbers and voter registration records were found for sale in bulk on the so-called dark web a highlights how easily criminals and foreign adversaries can deploy it as the FBI said Iran has done recently, by sending emails designed to intimidate voters. Read more.

Recent State, Local Government Hacking the Result of  Russian Group

Suspected Russian hackers were behind multiple recent intrusions of U.S. state and local computer networks, according to a recent article on www.cyberscoop.com. The group responsible is known as TEMP.Isotope, according to a private advisory distributed by Mandiant, the incident response arm of security company FireEye. The apparent Russian effort to breach state and local networks so close to the U.S. election has had federal officials and private sector experts focused on investigating and remediating the issue. Read more.

Schools Can Employ Low-Cost Tactics to Prevent Cybercrime Starting with Data Security

Schools are particularly vulnerable to cyberattacks right now because they have been forced to completely re-envision and restructure the way they teach students, according to a recent article on https://edtechmagazine.com. A combination of minimal preparation time, changing protocols and tight budgets can create a breeding ground for cybersecurity risks. But K-12 schools can mitigate cybersecurity risks in four steps, starting with revisiting data security. Keeping data secure means understanding exactly what sensitive data you possess, where it lives in your system and who has access to it. Read more.

Cyber Connections News Roundup: October 20

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

October 20

Recent Barnes & Noble Breach Included Customers’ Personal Information

According to a report on www.securitymagazine.com, Barnes & Noble notified customers on Oct. 10 that it had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems and may have affected customers’ personal information. The company said that customers’ payment details had not been exposed, as it uses technology that encrypts all credit cards. The systems impacted did contain email addresses, as well as billing and shipping address, and telephone number if they were supplied by the users. Read more.

Investigators into Twitter Hack Call for Greater Security Regulation

A recent article on https:// techcrunch.com details how an investigation into this summer’s Twitter hack by the New York State Department of Financial Services (NYSDFS) concluded that the social media giant let itself “be duped by a simple social engineering technique.” The NYSDFS report called for greater security regulation for key social media platforms. In the report, the NYSDFS pointed out how quickly regulated cryptocurrency companies acted to prevent the Twitter hackers scamming even more people, arguing the biggest social media platforms have great societal power but no regulated responsibilities to protect users. Read more.

Why You Need to Know the Difference Between Cybersecurity and Cyber Resilience

It goes without saying that cyberattacks, making headlines with increased frequency, according to a recent article on www.forbes.com, can be devastating to companies large and small, causing service disruption, reputational damage and financial distress. bust the loss of personal data can also result in huge fines from regulators. This is why all companies need to invest in cybersecurity and cyber resilience. In a nutshell, cybersecurity describes a company’s ability to protect against and avoid the increasing threat from cyber crime. Meanwhile, cyber resilience refers to a company’s ability to mitigate damage (damage to systems, processes, and reputation), and carry on once systems or data have been compromised. Read more

Is Employee Cybersecurity Training Working?

The theme of this year’s Cybersecurity Awareness Month is “Do Your Part. Be Cyber Smart” to promote and encourage accountability at the personal and corporate level. However, according to a recent article on https://securityboulevard.com, although many organizations provide cybersecurity training/education, 43% of employees are not aware that clicking on a suspicious link or attachment in an email can introduce malware. The publication, citing the “2020 State of Privacy and Security Awareness Report” by Osterman Research and MediaPRO, offers additional statistics that demonstrate that quite often corporate training is not sinking in. Read more.

Financial Institutions Implement Cutting-Edge Technologies to Keep Customers Safe

Financial institutions average $100 billion in losses due to cyber crime each year with hackers targeting multiple access points to customers’ financial data, according to a recent article on https://securityboulevard.com. The publication offers a detailed overview of the technological advances  financial services companies are implementing to protect user data. On the cutting edge of this security are blockchain, triple-entry accounting, and tokenization systems. Blockchains, for example, invented for and popularized by cryptocurrencies like Bitcoin, are highly encrypted and decentralized networks of data. When it comes to financial security, blockchain brings some of the benefits of cryptocurrency to all transactions. Read more.

Cyber Connections News Roundup: October 6

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

October 6

UMGC Recognizes Cybersecurity Awareness Month with a Jam-Packed Webinar Series

How safe is the election process from hacking? How can schools best provide a quality education through digital means? How has remote education and work increased cyber exposure? During the month of October, University of Maryland Global Campus cyber faculty and industry guests will share their insights into these topics and many more as we recognize and promote Cybersecurity Awareness Month with a webinar series to promote online safety and best practices. Learn more.

Supply Chain Attacks and Credential and Identity Theft Top List of Financial Services Cyber Threats

According to a recent article on www.securitymagazine.com, malicious threat actors continue to take advantage of financial services organizations as they reconfigure vulnerable supply chains and offer more digital experiences. Summarizing a new Accenture report, “2020 Future Cyber Threats: The latest extreme but plausible threat scenarios in financial services,” working from home has also opened a pandora’s box of new attack vectors and workforce challenges — including those from insider threats. The Accenture report is based on research by the Accenture cyber threat intelligence team and highlights its top six threats. Read more.

Twitter Hires New Cyber Chief after Well Publicized Breach

Following its well-publicized breach in July, Twitter has hired Rinki Sethi as its new chief information security officer (CISO), according to a recent report on https://techcrunch.com. Sethi served as CISO at cloud data dmanagement company Rubrik, and previously worked in cybersecurity roles at IBM, Palo Alto Networks and Intuit. In the new role at Twitter, overseeing the company’s information security practices and policies, Sethi will report to platform lead Nick Tornow. Sethi also serves as an advisor to several startups, including LevelOps and Authomize, and cybersecurity organizations, including Women in Cybersecurity. Read more.

House Passes Cyber Grant Program for State and Local Governments

The U.S. House of Representatives on Wednesday passed legislation to create a new federal grant program supporting state and local government cybersecurity efforts, according to a recent report on https://statescoop.com. The State and Local Cybersecurity Improvement Act, introduced in February and initially sponsored by a bipartisan group of members of the House Homeland Security Committee, directs the Department of Homeland Security to distribute $400 million annually to states, which could then redistribute their awards to local entities to defend themselves from online threats. Read more.

Healthcare Organizations Fall Short on Cybersecurity

A recent article on https://securityboulevard.com discusses the findings of the annual report by cybersecurity healthcare services provider CynergisTek, Moving Forward: Setting the Direction, released last week and based on the risk assessments performed across 300 organizations. This year’s report found that just 44% of healthcare providers — hospital and health systems, hospitals, physician practices, ACOs, and Business Associates — met the criteria details within the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF). Some organizations, the report found, actually lost ground. The report found that just having a bigger budget didn’t necessarily mean better security outcomes. Interestingly, some organizations with bigger budgets performed more poorly than their smaller counterparts who had less to invest. Read more.

Cyber Connections News Roundup: September 22

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

September 22

Sen. Warner Urges Additional Protection for K-12 Schools Against Cyber Attacks

According to a recent report on https://augustafreepress.com, U.S. Sen. Mark R. Warner (D-VA) is urging the U.S. Department of Education to develop guidance and disseminate best practices for K-12 schools and institutions of higher education and to work with school districts to develop a comprehensive, risk-based funding request from Congress. The request follows a ransom ware incident at Fairfax County Public Schools, the largest school system in Virginia. In a letter to Education Secretary Betsy DeVos, Sen. Warner recommended providing schools with guidance, including awareness campaigns, risk management, threat mitigation, cybersecurity posture reviews, and resiliency. Read more.

Veterans Administration Hit With Data Breach

The Department of Veterans Affairs notified veterans Monday morning of a data breach that resulted in the exposure of 46,000 veterans’ personal information. According to a report on www.fedscoop.com, the breach appears to have stemmed from unauthorized users accessing an application within the Financial Service Center (FSC) to steal payment away from community health care providers. Malicious actors used social engineering techniques and exploited authentication protocols to gain access to the system. Read more.

Predictive Techniques in AI Key to Identifying Cyber Attacks

Artificial Intelligence (AI) systems can have three kinds of impact, according to a recent article on www.analyticsinsight.net. AI can grow cyber threats (amount); change the character of these dangers; and present new and obscure dangers. AI-fueled cyber attacks could likewise be available in more powerful, finely targeted and advanced activities. Accordingly, in a mix of defensive techniques and cyber threat detection, AI will move towards predictive techniques that can identify Intrusion Detection Systems (IDS) pointed toward recognizing illegal activity within a computer or network, or spam or phishing with two-factor authentication systems. Read more.

Chinese and Iranian State-backed Hackers Target Biden and Trump

According to a report on www.cyberscoop.com, hackers linked with the Chinese government tried to breach associates of the Joe Biden campaign, while hackers with reported connections to the Iranian government targeted President Donald Trump’s reelection campaign, Microsoft warned Thursday. The Chinese hacking group, which Microsoft calls Zirconium, has attacked high-profile individuals associated with the election. Meanwhile, Phosphorous, the Iranian group, has continued to try to break into the personal accounts of Trump campaign associates. The hacking attempts against the Biden and Trump campaigns were unsuccessful, Microsoft said. Read more.

White House Issues Cybersecurity Principles to Protect Investment in Space

The Space Policy Directive-5, signed by President Trump on Sept. 4, details a list of recommended best practices for securing the information systems, networks and radio-frequency-dependent wireless communication channels that together power US space systems, according to a recent article on www.infosecurity-magazine.com. Examples of malicious cyber-activities harmful to space operations include: spoofing sensor data; corrupting sensor systems; jamming or sending unauthorized commands for guidance and control; injecting malicious code; and conducting denial-of-service attacks. Among the recommended best practice principles was the use of risk-based, cybersecurity-informed engineering. Read more.

Cyber Connections News Roundup: September 8

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

September 8

Hackers Drain $7.5 Million from Jewish Federation of Greater Washington

An article on www.washingtonpost.com reports that the Jewish Federation of Greater Washington was hacked recently, which drained $7.5 million from its endowment fund and funneled the money into international accounts. The North Bethesda, Md.-based nonprofit, which works with more than 100 organizations, first discovered the hack Aug. 4, when its IT contractor detected suspicious activity in an employee’s email account. According to the article, the initial attack targeted an employee using a personal computer while working from home. Read more.

Sixteen-Year-Old Junior Arrested for Hacking Miami-Dade Online School System

Just as schools across the country began educating students online, police in Miami-Dade County, Florida arrested a Miami high school student on Sept. 3 for allegedly carrying out a series of cyber attacks targeting Miami-Dade County Public Schools’ online learning system. According to a recent article on https://abcnews.go.com, a 16-year-old junior at South Miami Senior High School in Miami-Dade County, Florida, carried out several Distributed Denial-of-Service attacks that disrupted teaching and learning across the district. Read more.

Understanding Cybersecurity Shortfalls is Key to Mitigating Remote Learning Risks

Online courses, whether hybrid in-person and online instruction or entirely remote, can create major cybersecurity risks, according to a recent article on https://edtechmagazine.com. To defend against threats, colleges and universities must keep up with evolving security postures in a rapidly changing cybersecurity landscape. This article looks at some common online-learning security shortfalls, including: a lack of IT funding; a lack of trust in digitally delivered higher education; and a lack of preparation in cybersecurity issues related to online learning. Read more.

Russia Ramps Up Attacks on Mail-in Voting

According to a recent article on www.cyberscoop.com, the Russian government continues to attack mail-in voting and sow divisions among voters leading up to the U.S. election. According a Department of Homeland Security memo, Russia will continue amplifying criticism of vote-by-mail amid the COVID-19 pandemic in an effort to undermine public trust in the electoral process. Moscow’s denigration of the vote-by-mail process mirrors criticisms leveled by President Trump, who has baselessly claimed that mail-in voting can lead to widespread fraud. Read more.

Are Small Businesses More Likely Targets of Cyber Criminals

A new survey by the National Cyber Security Alliance (NCSA) found that the majority of small businesses believe they are targets of cybercriminals. The Zogby Analytics survey, which was commissioned by the NCSA, polled 1,006 small business decision makers and revealed that 88% of small businesses believe that they are at least a somewhat likely target for cybercriminals, including almost half (46%) who believe they are a very likely target. Read more.

Cyber Connections News Roundup: August 25

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 25, 2020

Four COVID-era Cybersecurity Threats College and University CISOs Must Tackle

A recent article on https://universitybusiness.com boils the COVID-related cybersecurity threats down to four – phishing, theft of research a rise in the number of employees working remotely and cyber hygiene. The cybersecurity challenges colleges and universities face during the COVID pandemic are growing more in scale rather than in types of risks. Threats on campuses include an increase in phishing attacks, efforts to steal COVID research, and protecting a greater number of employees working remotely. Read more.

Is More Oversight Needed in Financial Sector for Cloud Computing and Cybersecurity

On Aug. 5, the Office of the Comptroller of the Currency (OCC) handed down a cease and desist order to Capital One for its “failure to establish effective risk assessment and management processes before migrating its information technology operations to a cloud operating environment,” according to a recent article on www.forbes.com. Although bank executives are more confident than ever that cybersecurity policies are being well executed, the fear is that they are being lulled into a false sense of security because they have yet to feel the cybersecurity impact of cloud computing. Read more.

Executive Order Bans Transactions with TikTok, WeChat Parent Companies

President Trump issued two executive orders on Aug. 6 that will ban transactions with Chinese tech companies ByteDance and Tencent as of Sept. 20, according to a report on www.cyberscoop.com. The two companies own the widely popular applications TikTok (owned by ByteDance) and WeChat (owned by Tencent), both of which have been characterized as national security threats. The action against TikTok comes as Microsoft is in talks to purchase the service. Read more.

Scammers Are Using Fake COVID-19 News to Defraud Victims

According to a report on www.cyberscoop.com, scammers are relying on false news articles about the COVID-19 pandemic in an attempt to trick readers into signing up for fake cures. A network of content farm websites are masquerading as legitimate news sites as part of an attempt to scam Americans, according to research published Wednesday by RiskIQ. The company’s research found that several of the advertisements loaded on these fake news sites led to subscription traps. Read more.

Cybersecurity Spending to Reach $123B in 2020

According to a new Gartner study, as reported on www.forbes.com, enterprise spending on cybersecurity continues to grow. While Gartner predicts IT spending will decline by 8% this year, security and risk management (cybersecurity) is predicted to grow 2.4%, down from a projected growth rate of 8.7% earlier this year. Spending on cloud security is predicted to increase by 33% becoming a $585M market this year. Security services are forecast to drive $64.2B in worldwide revenue this year comprising 51.9% of the total market. And data security will grow by 7.2% becoming a $2.8B market this year. Read more.

Cyber Connections News Roundup: August 11

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 11, 2020

UMGC Scholars Offer Keys to Safe School Opening and Course Delivery

The three students recently awarded scholarships by the Center for Security Studies (CSS) at University of Maryland Global Campus (UMGC) through the Department of Defense (DoD) Cybersecurity Scholarship Program have been giving much thought to the novel coronavirus’s impact on schools and how best to provide a quality education through mainly digital means. CSS scholars Olubusayo Ladelokum, Jalynn Middleton and Michael Tillini, who are focusing their academic and professional pursuits on the intersection of digital technology and cybersecurity, said the ongoing public health crisis has exposed some critical concerns about our go-to systems for distance communication and information sharing. For schools to successfully deliver educational material and instruction, they must address three key concerns—communication, security and access. Read more.

Have We Arrived at a Misinformation Tipping Point?

Misinformation, which has existed for centuries, has emerged as a major theme of the current moment, according to a recent article on www.cyberscoop.com. As Americans contend with fallout from the coronavirus pandemic and growing suspicion in societal institutions, false narratives, conspiracy theories, propaganda and the intentional spread of deceptive material have become attached to essentially every major news story, especially ones that focus on our elections. Thirty-five percent of Americans said they believe that misleading information is the biggest threat to election security, more than voter fraud, voter suppression and foreign interference, according to a January NPR/PBS/Marist poll. Meanwhile, 59% of Americans said they were “not confident” in the honesty of U.S. elections, according to a 2019 Gallup poll. Read more.

New Check Point Study Shows that Cybersecurity Lags Behind Cloud Migration

A recent article on www.techrepublic.com reports that the public cloud market is expected to grow during the remainder of 2020. This year, the market for public cloud services is expected to increase by 6.3% according to a recent Gartner report. However, cloud deployment comes with its own set of risks and difficulties for enterprises. On Monday, Check Point, in partnership with Cybersecurity Insiders, released the annual 2020 Cloud Security Report. The key findings show that cloud migrations and deployments among organizations are racing ahead of their security teams’ abilities to defend them against attacks and breaches. Read more.

Growing Concern Over Ransomware Attacks Could Impact November Election

According to a recent article on www.startribune.com, federal authorities say one of the biggest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The FBI and Department of Homeland Security have issued advisories to local governments, including recommendations for preventing attacks. The fear is that ransomware attacks could affect voting systems directly, but even if an attack fails to disrupt elections, it could nonetheless negatively impact confidence in the vote. Read more.

New ISSA/ESG Study Reveals a Deepening of the Cybersecurity Skills Crisis

The fourth annual global study from the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) found a deepening of the cybersecurity skills crisis. Forty-five percent of respondents in the study stated that the cybersecurity skills shortage and its associated impacts have only gotten worse over the past few years. The top ramifications of the skills shortage for organizations (or cybersecurity teams) include an increasing workload, unfilled open job requisitions, and an inability to learn or use cybersecurity technologies to their full potential, putting organizations at significant risk. Why has nothing changed? Read more.

Cyber Connections News Roundup: July 28

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 28, 2020

What Does a Reinvention of Cybersecurity Look Like?

According to a recent article on https://techcrunch.com, organizations are spending more money on cybersecurity and feeling less secure, and that was before the COVID-19 pandemic required our workforce to become more mobile and distributed. As a result, organizations must adopt a platform approach to scaling and delivering cybersecurity that looks at security holistically, from the data center to the edge to multiple clouds. Read more.

With the Ushering in of 5G Technology Comes New Cybersecurity Concerns

5G technology opens the door to progress in cloud-native networks and creates opportunities for new commercial services that leverage artificial intelligence and data warehouse accessibility, according to an article on https://securityboulevard.com. But ushering in 5G technology is open to several cybersecurity concerns. The major downside is two-fold: a diminished presence of choke points and a growing number of entry points, specifically related to the proliferation of devices connected to the Internet of Things (IoT). Read more.

Garmin Hit By Ransomware Attack

According to a recent report on www.techcrunch.com, an ongoing global outage at sport and fitness tech giant Garmin was caused by a ransomware attack. The incident began late Wednesday, July 22, and continued through the weekend, causing a disruption to the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices. The attack also took down flyGarmin, the company’s aviation navigation and route-planning service. Two sources, who spoke on the condition of anonymity, told TechCrunch that Garmin was trying to bring its network back online after the ransomware attack. Read more.

Russian Government Hackers Targeting Coronavirus Vaccine Research

A recent article on www.cyberscoop.com examines Russia’s attempt to breach corona virus research programs in the U.S., U.K. and Canada. According to the U.K.’s National Cyber Security Centre (NCSC), the hacking is aimed predominantly at “government, diplomatic, think-tank, healthcare and energy targets.” The Cyberscoop article also delves into the “why?” According to the article, state-backed hackers worldwide are interested in targeting research on coronavirus-related vaccines and treatments because the first lab to produce a vaccine will have a success story to use as a geopolitical advantage. Read more.

Colorado Sen. Gardner Urges Action on Cyber Threats from Russia and China

According to a press release on his official website as well as a report on www.coloradopolitics.com, U.S. Sen. Cory Gardner (R-CO), on July 24, called for immediate action to protect U.S. cybersecurity infrastructure from Russia and China, particularly as it relates to the COVID-19 pandemic. Gardner is chairman of the Senate Foreign Relations Subcommittee on East Asia, the Pacific and International Cybersecurity Policy. He directed his pleas to FBI Director Chris Wray and Chris Krebs, the director of the Cybersecurity and Infrastructure Security Agency, citing the U.K’s National Cyber Security Centre (NCSC) report outlining Russian interference in COVID-19 vaccine development. Read more.