Cyber Connections News Roundup: December 31

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 31, 2019

UMGC Cyber Faculty Members’ Predictions for 2020

Cybersecurity faculty members of University of Maryland Global Campus offer their top five trends and predictions for the New Year. As we head into a new decade in the 21st century, one prediction is almost certain. The sophistication and number of cyber attacks perpetrated globally most likely will rise, but some questions remain. Will attackers focus on emerging technologies like artificial intelligence and cloud computing? Will new attack vectors proliferate, replacing the tried and true methods? Read more.

Heading into 2020, Women Still Face Roadblocks in Cybersecurity

A recent podcast on www.threatpost.com examines the challenges and opportunities that women face in the cybersecurity landscape. As the tech industry faces challenges around diversity in general, women are still particularly underrepresented. Threat Post recently sat down with Jessica LaBouve, a pen tester with A-LIGN, to discuss the personal challenges she’s faced in the cybersecurity industry and the opportunities in the space that she sees for improvement. Read more.

U.S. Navy Bans TikTok for Fear of Cybersecurity Threats

According to a recent article on www.digitalmusicnews.com, The United States Navy has issued a blanket ban on the Chinese-owned social media app, TikTok, saying the app may present a cybersecurity threat to service members. A bulletin issued by the Navy said government-issued mobile devices with TikTok installed would be blocked from the Navy Marine Corps Intranet. However, the bulletin did not describe what threat the app may represent. The app is currently part of an ongoing U.S. investigation, despite being popular among teenagers. Read more.

Cino Launches Cybersecurity Program for Hotel Guests

The Marriott International data breach of 2018 highlighted just how vulnerable hotels are to cyber attacks. In response, Cino, a full-service risk management, cybersecurity and training company, has launched a new product designed to protect hotel guests’ personal data from cyber criminals, according to an article on www.hotelmanagement.net. The product, Cyber Safe Travel, is powered by StrikeForce Technology’s military-grade technology. It provides protection for hotel guests’ mobile devices using keystroke encryption, advanced login breach protection and sophisticated screen scraper technologies. In addition, Cyber Safe Travel has a click-jacking attack-warning feature to help mitigate cyber threats. The product was first introduced at the October meeting of the Hotel Financial and Technology Professionals, New York Chapter. Read more.

Cybersecurity for Rural Communities Is Often Neglected

An article on www.arcweb.com points out that while attacks on large U.S. cities have had significant financial and operational impact, these same kinds of attacks, on a much smaller scale, can have a much more significant impact on smaller, more rural communities.  The August 2019 malware attack on 22 Texas communities is a recent example of this. Rural communities often lack the proactive planning and infrastructure to mitigate the damage caused by these threats. In the case of the Texas attacks, many business and financial functions of the communities affected were paralyzed. The article takes an in-depth look at how these communities responded and what must be done in the future to prevent these attacks. Read more.

 

Five Cybersecurity Trends to Watch Out for in 2020

Cybersecurity faculty members of University of Maryland Global Campus offer their top five trends and predictions for the New Year.

As we head into a new decade in the 21st century, one prediction is almost certain. The sophistication and number of cyber attacks perpetrated globally most likely will rise, but some questions remain. Will attackers focus on emerging technologies like artificial intelligence and cloud computing? Will new attack vectors proliferate, replacing the tried and true methods?

Arguably, the greatest challenge in the cybersecurity space for 2020 and beyond will be closing the workforce gap and maintaining a pipeline of skilled cybersecurity experts who are equipped with the tools, skills and leadership experience necessary to combat an ever-changing threat landscape. According to CyberSeek, the US faced a shortfall of almost 314,000 cybersecurity professionals as of January 2019. A recent Frost & Sullivan report predicts that by 2022 the global cybersecurity workforce shortage will reach upwards of 1.8 million unfilled positions.

Two significant developments in 2019 foresee a big year for us UMGC, too. First, effective July 1, 2019, we changed our name from University of Maryland University College to University of Maryland Global Campus to better communicate our status as a respected state university that brings higher education to working adults no matter where life takes them. Second, with an eye on the future, University of Maryland Global Campus has, through a recent realignment, created a School of Cybersecurity and Information Technology, which will further solidify our leadership role in addressing a rapidly changing menu of competencies and skills needed to work in cybersecurity.

From the faculty of the School of Cybersecurtiy and Information Technology, here are our top five cybersecurity trends we think will impact businesses and consumers in 2020:

  1. Artificial Intelligence (AI) will continue to gain popularity.AI is being touted as a possible solution to many human-centric needs, including more accessible healthcare to national security in the form of military robots.  In 2020 AI will use object detection algorithms to improve neural networks so that they are robust and large scale. By improving the neural networks, AI will become more mainstream, applying algorithms to efficiently process large volumes of data to produce results that improve human lives and enterprise operations.
  2. AI tools will both benefit and hinder cybersecurity. Piggy backing on the gaining popularity of AT, as companies continue to launch easy-to-use artificial intelligence tools and technology, cybersecurity will reap the benefits of added automated protection, but also will suffer from smarter, more efficiently organized attacks.
  3. Blockchain technology will enhance data communication systems. Blockchain technology is projected to make a significant impact in security data communication systems. The issue is leakage of data during transit and at rest, and this solution combines key-value pairs with encrypted values, access control policies, and policy and attribute enforcement engines to mitigate data leakage. Integrating a blockchain platform, such as IBM Hyperledger Fabric, ensures integrity of source data, which is essential to investigate data leakage incidents, and allows verification of data transactions for future analysis.
  4. Standards and regulation for autonomous vehicles. Autonomous vehicles are under development or production at most carmakers, and with multiple manufacturers across the globe, regulations are needed to address potential issues with safety, ethics, and personal privacy.
  5. Cloud attacks will continue to rise. As companies continue to migrate to the cloud, rushed schedules combined with a shortage of highly skilled cloud security professionals will cause an increase in cloud attacks and vulnerabilities.

 

 

Cyber Connections News Roundup: December 17

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 17, 2019

Recent Cyber Attack in New Orleans Highlights Vulnerability of State and Local Governments

According to a report on www.forbes.com and elsewhere, the City of New Orleans  suffered a cybersecurity attack serious enough for Mayor LaToya Cantrell to declare a state of emergency. A cybersecurity incident was detected around 11 a.m on Friday, December 13. As a precautionary measure, the city’s IT department gave the order for all employees to power down computers and disconnect from wi-fi. All city servers were also powered down, and employees were told to unplug any of their devices. This attack follows another that targeted the state of Louisiana in November, at which time school district computers were taken offline, and a state of emergency declared. Read more.

New Strategy Game from Circadence Aims to Stem Rise in Cyber Attacks During the Holiday Season

A recent article on www.10news.com warns of a rise in cybersecurity attacks during the holiday season. Predictably, a spike in online shopping will lead to a larger field of targets and, likely, more opportunities for stolen data, particularly credit card information. “If you’re saying ‘save my credit card information’, that is a risk that you’re taking for that convenience and it might not be worth it,” said Bradley Hayes, chief technology officer of Circadence, a cybersecurity education and training company. To help educate consumers, Circadence has rolled out InCyt, a web-based battle strategy game that allows users to experience the cyber world from both an offensive and defensive point of view. Read more.

Many Businesses Are Using NDAs to Hide Data Breaches

According to recent article on www.techhq.com, European companies are covering data breaches and possibly avoiding multi-dollar fines under the guise of non-disclosure agreements (NDAs). Citing a recent report on www.businessinsider.com, the article said that Europe’s GDPR (General Data Protection Regulation) legislation came into effect in May 2018 and has since then already led to landmark fines, such as that of British Airways— close to US$230 million— while Marriott was handed a US$123 million fine. NDAs, however, allow companies employing the services of cybersecurity firms to keep breaches confidential, as it is not a requirement for cybersecurity firms to report any incidents of data breaches on behalf of their clients. Read more.

Is Privacy Overshadowing Cybersecurity in Our National Debate?

A recent article on www.slate.com asks if cybersecurity has taken a backseat to privacy in our current national debate, mainly as a result of policy makers conflating the two issues and claiming to be addressing both. The article notes that privacy and cybersecurity are distinct. Privacy provides users with control over how businesses collect, use, and share their information. Cybersecurity prevents unauthorized parties from accessing, altering, or rendering unavailable their data, information systems, or connected devices. While congress focuses on passing a national privacy law, the U.S. lacks a comprehensive set of laws to protect information and critical systems from hackers. Read more.

New Cybersecurity Requirements from DoD Aim to Secure Supply Chain

According to the Department of Defense (www.defense.gov), by June 2020, industry will see cybersecurity requirements included as part of new requests for information, which typically serve as one of the first steps in the awarding of new defense contracts. According to Ellen Lord, the undersecretary of defense for acquisition and sustainment, a new cybersecurity maturity model certification (CMMC) program will help ensure that companies doing business with the department meet important cybersecurity requirements. The goal is a unified standard to secure the entire DoD supply chain. Read more.

 

Cyber Connections News Roundup: December 3

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 3, 2019

Cybersecurity Among Top Challenges for U.S. Postal Service

Cybersecurity ranks among the top critical management challenges of the United States Post Office (USPS), according to a recent article on www.meritalk.com. The USPS’s Semiannual Report to Congress, released on Nov. 25, warns that IT modernization leaves the agency vulnerable to cyber threats. “As information technology and the cyber threat landscape evolves, security continues to be an ongoing challenge,” according to the report. Read more.

New China Cryptography Law Raises Concerns Over Data Protection

A recent report on www.gatestoneinstitute.org has enumerated several concerns about China’s Cryptography Law, which becomes effective on January 1, 2020. The new law demonstrates Beijing’s “determination to seize from foreign companies all their communications, data, and other information stored in electronic form in China.” Under the new law, Chinese officials will be permitted to share seized information with state enterprises, which has given rise to questions about how these enterprises will be able to use that information against their foreign competitors. Read more.

Healthcare Data Breaches Cost Industry $4 Billion, 2020 Will Be Worse

According to a new survey by Black Book Market Research LLC, 96% of IT professionals agree that data attackers are outpacing their medical enterprises, holding providers at a disadvantage in responding to vulnerabilities. The company surveyed more than 2,876 security professionals from 733 provider organizations to identify gaps, vulnerabilities and deficiencies that persist in keeping hospitals and physicians vulnerable to cyber attacks. Thus far in 2019, healthcare providers continued to be the most targeted organizations for industry cybersecurity breaches with nearly 4 out of 5 breaches, whereas successful attacks on health insurers and plans maintained with more sophisticated information security solutions with little change year to year. Read more.

New Bipartisan Cybersecurity Bill Aims to Improve Coordination Between States and DHS

On November 21, the Senate unanimously passed the State and Local Government Cybersecurity Act, a bill that directs the Department of Homeland Security to assist state and local governments with cybersecurity. According to an article on www.fifthdomain.com, the bill, introduced by Sens. Gary Peters, D-Mich, and Rob Portman, R-Ohio, aims to improve cybersecurity coordination between states and DHS through the department’s National Cybersecurity and Communications Integration Center (NCCIC). It allows the NCCIC to provide state and local officials with access to security tools and procedures, as well as participation in joint cybersecurity exercises. Read more.

Misaligned Market Incentives Are Main Roadblock to Satellite Cybersecurity

The satellite sector is under constant cyber attack, according to a recent article on www.satellitetoday.com covering a panel at the recent CyberSat 2019 conference. Panelists at a session on “emerging threats to the satellite sector” claim that Nation-state hackers aim to degrade U.S. space capabilities in order to cripple its economy or defeat its military when they need to. But the panelists agreed that the hardest thing to combat is misaligned market incentives in the sector. “Cybersecurity is costly and the incentive structure in the industry often doesn’t reward investments in it,” said Andrew D’Uva, president of the Providence Access Company, a communication satellite services firm. Read more.

 

Cyber Connections News Roundup: November 19

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 19, 2019

Retail Industry Is Under Cyber Attack According to New Report

The retail industry is experiencing more breaches than any other industry in 2019, according to a new report by threat intelligence company IntSights, titled Cyber(attack) Monday: Hackers Target the Retail Industry as E-Commerce Thrives. High employee turnover, online and in-store locations, and increasing regulations guiding the sector toward protecting consumers are contributing factors for a high –pressure state, according to the report. Some of the top challenges to the retail industry in 2019 include: emerging dark web underground communities targeting retailers; and point-of-sale (POS) malware, web apps, and ransom ware. Read more.

FDA Works with Patients and Experts to Strengthen Device Cybersecurity

In a recent article on www.fda.gov, Amy Abernethy, principal deputy commissioner and acting chief information officer and Suzanne B. Schwartz, deputy director, Office of Strategic Partnerships and Technology Innovation, Center for Devices and Radiological Health, discuss how the U.S. Food and Drug Administration is working to address the cybersecurity risks associated with medical devices that are increasingly more advanced and interconnected. Over the past six years, the FDA has strengthened its relationships with cybersecurity experts, manufacturers and other federal government agencies to ensure security. More recently, the FDA has been engaging with patients and patient advocacy groups in order to balance patient needs with cybersecurity concerns. Read more.

DHS Offers Cybersecurity Recommendations for Small Healthcare Providers

The Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA) has released best-practice cybersecurity recommendations to help small healthcare provider organizations bolster their security programs, according to a recent article on www.healthitsecurity.com. The guidelines are aimed at helping small- and medium-sized provider organizations with basic security mechanisms, given their limited resources. CISA developed the recommendations in partnership with small businesses and smaller government agencies. Read more.

AT&T Poll on 5G Cybersecurity Challenges Points to Shared Security Model

Software-defined networking, authentication and a shared security model were the key takeaways from a new report from AT&T Cybersecurity on 5G. The ninth annual Cybersecurity Insights Report was based on interviews with 704 cybersecurity professionals across various markets (from North America, India, Australia, and the United Kingdom), all from companies with over 500 employees and all interviewed in August and September 2019. According to the survey, 72.5% of the respondents said their level of concern about 5G security was high or medium-high. According to an article on www.multichannel.com, a big reason for a shared security model for 5G is the number of IoT devices–billions–that will be connected. Read more.

TikTok Under Increasing Cybersecurity Scrutiny

TikTok, the Chinese-owned social media platform, has experienced a meteoric rise in popularity over the past two years, but now competitors and lawmakers are calling the app a potential threat to national security. According to a recent report on www.businessinsider.com, Kiersten Todt, a former cybersecurity advisor to President Obama, said she believes those concerns are warranted. Todt attributes the risk to the near-unilateral control the Chinese government holds over local companies and its demonstrated interest in collecting peoples’ data. Read more.

 

Cyber Connections News Roundup: November 5

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 5, 2019

Chinese APT Group Hacked State Institutions in Six Countries

A Chinese-speaking advanced persistent threat (APT) group, Calypso, has actively been targeting state institutions in six countries, hacking network perimeters and injecting a program to gain access to internal networks, according to a report from researchers at Positive Technologies Expert Security Center. According to an article on www.scmagazine.com, in one attack, the malfeasants, who are believed to have originated in Asia, used PlugX malware, a signature of APT groups from China and some of the attackers inadvertently revealed their IP addresses from Chinese providers. Institutions in India were hit the hardest, followed by Brazil and Kazakhstan, Russia and Thailand and Turkey. Read more.

Military Cybersecurity Market Expected to Grow to $16 Billion by 2023

According to a new Frost & Sullivan study titled “Global Military Cybersecurity Market, Forecast to 2023,” that market is projected to increase at a compound annual growth rate (CAGR) of 3.6% to reach $16.01 billion by 2023. This growth, according to the report, will be the result of global defense industry investment in disruptive technologies and platforms that are driving changes in military cybersecurity requirements. “Militaries across the globe are budgeting for and pursuing the development of new enabling, next-generation technologies for cybersecurity,” said Ryan Pinto, Research Analyst, Frost & Sullivan. Read more.

R Street Offers Free Resource for Measuring Cybersecurity

Cybersecurity experts often complain about the lack of a well-defined system for measuring cybersecurity in an objective, quantifiable, and comparative manner. R Street, a non-profit, nonpartisan, public policy research organization, has published a compendium (a downloadable PDF) of sources to fill this gap. R Street’s Institute National Security and Cybersecurity Program has developed a partial bibliography that compiles a baseline of existing disparate measurement efforts. The goal of the document is to provide a systematic overview of the field that is both technically literate and of use to decision-makers in the public and private sectors. Read more.

Will the EU Seize the Global Lead On Cybersecurity?

The European Union (EU) has undertaken cybersecurity activities over the past six years that make the case that it is about to usurp the U.S.’s presumed role as the global leader on cybersecurity, according to a recent article on www.forbes.com. Notably, it has already established cybersecurity requirements for Operators of Essential Services (OES – essentially critical infrastructure companies) and digital service providers (DSPs), and it has launched a certification framework for digital products, services, and processes. Read more.

The Construction Industry Must Pay Attention to Cybersecurity Risks

A recent article on www.bizjournals.com points out that while technology, energy, and healthcare industries seem to regularly make headlines relating to massive, nationwide cyber breaches, construction companies are exposed to the same risks. Temporary workspaces where employees and contractors commonly use project management software to track job status and collaborate with external vendors maybe at risk. In these workspaces, highly confidential plans, blueprints, bids, financial information, and even personally identifiable information (PII) – like full names and social security numbers – are vulnerable. Read more.

 

 

 

Cyber Connections News Roundup: October 22

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

October 22, 2019

It’s National Cybersecurity Awareness Month: UMGC Students, Alumni and Faculty Experts Share Their Tips for Staying Safe

Check out our University of Maryland Global Campus three-part video series offering tips and insights to help you understand and secure your digital profile at home and at work. Read more.

Making the Case for a Risk-Based Approach to Cybersecurity in the Financial Services Industry

We have no definable network perimeter to protect, according to a recent article on www.securityboulevard.com. With thousands of mobile devices connecting to networks through cloud-based applications that access critical and sensitive data from a variety of hybrid cloud environments, the article supports the argument that it’s time to adopt a truly risk-based approach to cybersecurity to enable us to focus on protecting data itself, rather than on endpoints, networks, and identity. Read more.

Supply Chain Hacks Are On the Rise for Phishing Scams

According to Verizon’s latest Data Breach Investigations Report, email is the channel used in 94% of attacks where hackers target executives for phishing schemes. A recent article on https://netlibsecurity.com describes how hackers are now employing creative approaches to what are known as “supply chain” attacks, which use an organization’s associates, like outsourcing companies, to spread their attacks across that entity’s network of partners and vendors. Read more.

Is Insurance a Viable Solution to Growing Cybersecurity Challenges?

A recent article on www.insurancejournal.com makes the case. Given the increasing frequency of cyber breaches, along with the presence of more varied and evolving threats, how do we address the perpetual uncertainty about whether the cybersecurity industry can protect us? The article argues that since cybersecurity providers can’t guarantee the effectiveness of a cyber solution, and since it is difficult to accurately quantify the cost/benefit of a cyber strategy, then cybersecurity insurance may provide the path toward a way to reduce risk and incentivize clients to take preventative measures. Read more.

Open Cybersecurity Alliance Aims to Unite a Fragmented Landscape with Common, Open Source Code and Practices

On October 8, 2019, the OASIS international consortium announced the Open Cybersecurity Alliance (OCA), an industry initiative to bring interoperability and data sharing across cybersecurity products. IBM and McAfee have contributed the initial open source content and code. Formed under the auspices of OASIS, OCA brings together organizations and individuals from around the world to develop open source security technologies, which can freely exchange information, insights, analytics, and orchestrated responses. Read more.