UMGC Cyber Experts Predict Rise in Attacks on Software, Cloud and Critical Infrastructure in the Year Ahead

In this end-of-the-year post we offer a reprint of our annual predictions and trends to watch out for in 2021, featured on the University of Maryland Global Campus Global Media Center back in November.  

UMGC Cyber Experts Predict Rise in Attacks on Software, Cloud and Critical Infrastructure in the Year Ahead

What a year 2020 has been. The Covid-19 pandemic has had an impact on our lives in so many ways—how we work, conduct business, socialize, learn and simply go about our daily routines. It also has affected the security of the workplace and individuals. We have seen a rise in phishing, ransomware and other types of malicious attacks due, in large part, to the dramatic increase in remote work and learning.

Meanwhile, the lead-up to the November 3 election exposed both the real—and imagined—vulnerabilities in the nation’s disparate voting systems. A citizenry that was already anxious about voting during a pandemic also had to sort through a tsunami of news stories questioning the legitimacy of election results and the accuracy and security of our voting process.

Will the cybersecurity concerns of 2020 carry over into the new year?

Here are the top six trends and predictions to watch for in 2021, according to University of Maryland Global Campus cybersecurity faculty experts Valorie King, program director for UMGC Cybersecurity Management and Policy; Bruce DeGrazia, collegiate professor, Cybersecurity Management and Policy; and James Robertson, program director for Cyber DevOps.

From Valorie King, program director, UMGC Cybersecurity Management and Policy

  • Attacks on Remote Workers: Phishing attacks, ransomware, and other types of malicious software-based attacks will create more havoc in the coming year as perpetrators shift their attack vectors and methods to focus on remote workers. Organizations will need to update their incident response plans and procedures to account for attacks against a dispersed workforce that is using an increasing variety of remotely connected and potentially vulnerable devices.
  • Demand for IT Support: In order to protect geographically dispersed IT assets and information as they defend against threats and attacks, organizations with remote workers will need to hire and train more IT technicians and IT help desk personnel who have advanced cybersecurity skills and knowledge. This trend will be fueled by the need to patch and maintain increasing numbers of laptops and other digital devices, the need to remotely install and maintain more software, and the need to set up and then deploy new computers, tablets, phones and other equipment to a remote workforce.

From Bruce DeGrazia, collegiate professor, Cybersecurity Management and Policy

  • State-Sponsored Cyberattacks: The Russians, Chinese, North Koreans and Iranians have already seen how effectively they can create chaos both through cyberattacks and disinformation campaigns. Expect to see further attempts at disruption as these countries test the incoming Biden administration.
  • Attacks on the Utility Infrastructure: We will see a rise in critical infrastructure attacks, particularly to the electrical grid, but also against alternative energy-generating industries as we continue to shift away from fossil fuels. These attacks will soon target alternative energy-generation facilities as they become more prevalent.

From James Robertson, program director for Cyber DevOps

  • Threats to Cloud Security: As more organizations move to the cloud, security issues resulting from poor or expedited implementations will result. Understanding the shared responsibility model—the responsibility for security is shared between the provider and the customer—is key in mitigating these issues.
  • AI Vulnerabilities: Increases in artificial intelligence/machine learning applications will cause an increase in vulnerabilities and weaknesses, including the ability to contaminate training pools, modify validation sets, and create AI systems that learn from previous successful attacks to expedite attacks on other hosts.

Cyber Connections News Roundup: Dec. 15

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 15

The Relationship Between Security Profile and Stock Performance

Is there a connection between a public company’s cybersecurity posture and its stock performance? A recent report by the Journal of Cyber Policy analyzes the relationship between a public company suffering a data breach and a decline in its share price. The paper also seeks to answer whether the converse is true. Does a company with a robust cybersecurity posture enjoy a strong stock performance? The report compares security ratings from SecurityScorecard with 52-week returns on shares for companies in the S&P 500 index, which comprises the shares of 500 large U.S. companies. Read more.

President Signs IoT Security Act

On December 4, 2020, President Trump signed bipartisan legislation establishing minimum security requirements for Internet of Things (“IoT”) devices used by the federal government. The legislation, H.R. 1668, passed the House in September and the Senate in November. According to a report on www.jdsupra.com, the act directs the National Institute of Standards and Technology (NIST) to issue standards for the “appropriate use and management” of IoT devices owned or controlled by federal agencies. NIST is directed to issue these guidelines by March 4, 2021. Read more.

CISA Reports Rise in K-12 Ransomware Attacks

According to a recent article on www.statescoop.com, more than half of all ransomware attacks against state and local government entities reported over the past few months have targeted K-12 school systems. This comes from a Dec. 10 alert from the Cybersecurity and Infrastructure Security Agency (CISA). According to the alert, 57% of ransomware incidents reported to in August and September — when new academic years began — affected school districts, compared to 28% in the first seven months of the year. And ransomware events against schools have continued to tick up since September, including an attack last month against the K-12 district in Baltimore County, Maryland, that caused classes to be canceled for several days around the Thanksgiving holiday. Read more.

Proposed Cybersecurity Agenda for Biden Includes Elevating Role of CISA

A recent article on www.fortune.com outlines a proposed cybersecurity agenda for the incoming Biden administration. The authors of the article, Samuel J. Palmisano, retired CEO of IBM and current chairman of the Center for Global Enterprise, and Kiersten E. Todt, managing director of the Cyber Readiness Institute, propose a set of priorities for Biden’s cybersecurity agenda that include, among other objectives, re-examining the organization of the Department of Homeland Security and consider making the Cybersecurity and Infrastructure Security Agency (CISA) a stand-alone agency with increased budget and personnel resources. Read more.

Foreign Governments Most Likely Behind Recent Vaccine Spearphishing Activity

A recent article on www.cyberscoop.com reports that while drug companies are turning their attention from development of a vaccine to deployment, hackers are doing the same. The article reports that IBM researchers recently revealed a global spearphishing campaign aimed at companies involved in the storage and transport of vaccines in temperature-controlled environments. IBM suspects the attackers are tied to a government but doesn’t have enough evidence to determine which one. The IBM findings illustrate how hackers have been targeting pharmaceutical companies involved in vaccines throughout their entire development lifecycle. Read more.

Cyber Connections News Roundup: Dec. 1

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 1

UMGC Cyber Experts Predict Rise in Attacks on Software, Cloud and Critical Infrastructure in 2021

This year, the Covid-19 pandemic has had an impact on how we work, conduct business, socialize, learn and simply go about our daily routines. It also has affected the security of the workplace and individuals with a rise in phishing, ransomware and other types of malicious attacks. Meanwhile, the lead-up to the November 3 election exposed both the real—and imagined—vulnerabilities in the nation’s disparate voting systems. Read our top six trends and predictions to watch for in 2021, according to University of Maryland Global Campus cybersecurity faculty experts Valorie King, program director for UMGC Cybersecurity Management and Policy; Bruce DeGrazia, collegiate professor, Cybersecurity Management and Policy; and James Robertson, program director for Cyber DevOps. Read more.

Is the Healthcare Industry Under Cyber Attack?

According to a recent article on https://threatpost.com, hackers are setting their sights on healthcare. In the article, cyber experts explore why hospitals are being singled out and what any company can do to better protect themselves. Namely, as systems are stretched to the limits by COVID-19 and technology becomes an essential part of everyday patient interactions, hospital and healthcare IT departments have been left to figure out how to make it all work together, safely and securely. And the connectivity of devices within the  hospital is exponentially increasing the attack surface. Read more.

Senate Sends Internet of Things Cybersecurity Improvement Act (H.R. 1668) to President

By a unanimous consent, the U.S. Senate voted to send the IoT Improvement Act to the White House for the President’s signature. As reported on https://cisomag.eccouncil.org, the bill, first introduced in 2017 and reintroduced in 2019, passed the U.S. House of Representatives in September 2020 by voice vote. The new IoT legislation, which is backed by Reps. Will Hurd (R-Tex.), Robin Kelly (D-Ill.), Sens. Mark Warner (D-Va.), and Cory Gardner (R-Colo), mandates the U.S. National Institute of Standards and Technology (NIST) to create recommendations to address cybersecurity issues and release guidelines for government agencies that align with the NIST recommendations. Read more.

Trump Fires CISA’s Krebs, Instrumental in Securing the 2020 Election from Interference and Disinformation

President Donald Trump on Nov. 17 fired Chris Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Krebs, who helped protect the 2020 election from hacking and disinformation, had repeatedly debunked baseless claims from Trump and his allies of widespread electoral fraud while generally avoiding mentioning the president by name, according to an article on www.cyberscoop.com. Trump tweeted Tuesday evening that he fired Krebs because his agency issued a “highly inaccurate” statement that the 2020 election was secure. The White House also forced the resignation of Krebs’ deputy, Matt Travis, on Tuesday evening. Travis’ resignation from CISA makes Brandon Wales, CISA’s executive director, the acting head of the agency. Read more.

Rotating Assignments Will Boost Federal Cyber Workforce Says OPM

The Office of Personnel Management (OPM) is encouraging federal agencies to use rotational cybersecurity assignments to build and sustain a federal cybersecurity workforce and create a pipeline of cybersecurity talent, according to a recent article on www.fedscoop.com. According to a Nov. 18 memo from OPM acting Director Michael Rigas, 120-dayd assignments will allow cybersecurity practitioners to learn new skills through hands on experience and provides the individuals with a more comprehensive understanding of the complexity and depth of cybersecurity work across the Federal Government. Read more.

Cyber Connections News Roundup: October 6

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

October 6

UMGC Recognizes Cybersecurity Awareness Month with a Jam-Packed Webinar Series

How safe is the election process from hacking? How can schools best provide a quality education through digital means? How has remote education and work increased cyber exposure? During the month of October, University of Maryland Global Campus cyber faculty and industry guests will share their insights into these topics and many more as we recognize and promote Cybersecurity Awareness Month with a webinar series to promote online safety and best practices. Learn more.

Supply Chain Attacks and Credential and Identity Theft Top List of Financial Services Cyber Threats

According to a recent article on www.securitymagazine.com, malicious threat actors continue to take advantage of financial services organizations as they reconfigure vulnerable supply chains and offer more digital experiences. Summarizing a new Accenture report, “2020 Future Cyber Threats: The latest extreme but plausible threat scenarios in financial services,” working from home has also opened a pandora’s box of new attack vectors and workforce challenges — including those from insider threats. The Accenture report is based on research by the Accenture cyber threat intelligence team and highlights its top six threats. Read more.

Twitter Hires New Cyber Chief after Well Publicized Breach

Following its well-publicized breach in July, Twitter has hired Rinki Sethi as its new chief information security officer (CISO), according to a recent report on https://techcrunch.com. Sethi served as CISO at cloud data dmanagement company Rubrik, and previously worked in cybersecurity roles at IBM, Palo Alto Networks and Intuit. In the new role at Twitter, overseeing the company’s information security practices and policies, Sethi will report to platform lead Nick Tornow. Sethi also serves as an advisor to several startups, including LevelOps and Authomize, and cybersecurity organizations, including Women in Cybersecurity. Read more.

House Passes Cyber Grant Program for State and Local Governments

The U.S. House of Representatives on Wednesday passed legislation to create a new federal grant program supporting state and local government cybersecurity efforts, according to a recent report on https://statescoop.com. The State and Local Cybersecurity Improvement Act, introduced in February and initially sponsored by a bipartisan group of members of the House Homeland Security Committee, directs the Department of Homeland Security to distribute $400 million annually to states, which could then redistribute their awards to local entities to defend themselves from online threats. Read more.

Healthcare Organizations Fall Short on Cybersecurity

A recent article on https://securityboulevard.com discusses the findings of the annual report by cybersecurity healthcare services provider CynergisTek, Moving Forward: Setting the Direction, released last week and based on the risk assessments performed across 300 organizations. This year’s report found that just 44% of healthcare providers — hospital and health systems, hospitals, physician practices, ACOs, and Business Associates — met the criteria details within the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF). Some organizations, the report found, actually lost ground. The report found that just having a bigger budget didn’t necessarily mean better security outcomes. Interestingly, some organizations with bigger budgets performed more poorly than their smaller counterparts who had less to invest. Read more.

Cyber Connections News Roundup: September 8

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

September 8

Hackers Drain $7.5 Million from Jewish Federation of Greater Washington

An article on www.washingtonpost.com reports that the Jewish Federation of Greater Washington was hacked recently, which drained $7.5 million from its endowment fund and funneled the money into international accounts. The North Bethesda, Md.-based nonprofit, which works with more than 100 organizations, first discovered the hack Aug. 4, when its IT contractor detected suspicious activity in an employee’s email account. According to the article, the initial attack targeted an employee using a personal computer while working from home. Read more.

Sixteen-Year-Old Junior Arrested for Hacking Miami-Dade Online School System

Just as schools across the country began educating students online, police in Miami-Dade County, Florida arrested a Miami high school student on Sept. 3 for allegedly carrying out a series of cyber attacks targeting Miami-Dade County Public Schools’ online learning system. According to a recent article on https://abcnews.go.com, a 16-year-old junior at South Miami Senior High School in Miami-Dade County, Florida, carried out several Distributed Denial-of-Service attacks that disrupted teaching and learning across the district. Read more.

Understanding Cybersecurity Shortfalls is Key to Mitigating Remote Learning Risks

Online courses, whether hybrid in-person and online instruction or entirely remote, can create major cybersecurity risks, according to a recent article on https://edtechmagazine.com. To defend against threats, colleges and universities must keep up with evolving security postures in a rapidly changing cybersecurity landscape. This article looks at some common online-learning security shortfalls, including: a lack of IT funding; a lack of trust in digitally delivered higher education; and a lack of preparation in cybersecurity issues related to online learning. Read more.

Russia Ramps Up Attacks on Mail-in Voting

According to a recent article on www.cyberscoop.com, the Russian government continues to attack mail-in voting and sow divisions among voters leading up to the U.S. election. According a Department of Homeland Security memo, Russia will continue amplifying criticism of vote-by-mail amid the COVID-19 pandemic in an effort to undermine public trust in the electoral process. Moscow’s denigration of the vote-by-mail process mirrors criticisms leveled by President Trump, who has baselessly claimed that mail-in voting can lead to widespread fraud. Read more.

Are Small Businesses More Likely Targets of Cyber Criminals

A new survey by the National Cyber Security Alliance (NCSA) found that the majority of small businesses believe they are targets of cybercriminals. The Zogby Analytics survey, which was commissioned by the NCSA, polled 1,006 small business decision makers and revealed that 88% of small businesses believe that they are at least a somewhat likely target for cybercriminals, including almost half (46%) who believe they are a very likely target. Read more.

Cyber Connections News Roundup: August 11

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 11, 2020

UMGC Scholars Offer Keys to Safe School Opening and Course Delivery

The three students recently awarded scholarships by the Center for Security Studies (CSS) at University of Maryland Global Campus (UMGC) through the Department of Defense (DoD) Cybersecurity Scholarship Program have been giving much thought to the novel coronavirus’s impact on schools and how best to provide a quality education through mainly digital means. CSS scholars Olubusayo Ladelokum, Jalynn Middleton and Michael Tillini, who are focusing their academic and professional pursuits on the intersection of digital technology and cybersecurity, said the ongoing public health crisis has exposed some critical concerns about our go-to systems for distance communication and information sharing. For schools to successfully deliver educational material and instruction, they must address three key concerns—communication, security and access. Read more.

Have We Arrived at a Misinformation Tipping Point?

Misinformation, which has existed for centuries, has emerged as a major theme of the current moment, according to a recent article on www.cyberscoop.com. As Americans contend with fallout from the coronavirus pandemic and growing suspicion in societal institutions, false narratives, conspiracy theories, propaganda and the intentional spread of deceptive material have become attached to essentially every major news story, especially ones that focus on our elections. Thirty-five percent of Americans said they believe that misleading information is the biggest threat to election security, more than voter fraud, voter suppression and foreign interference, according to a January NPR/PBS/Marist poll. Meanwhile, 59% of Americans said they were “not confident” in the honesty of U.S. elections, according to a 2019 Gallup poll. Read more.

New Check Point Study Shows that Cybersecurity Lags Behind Cloud Migration

A recent article on www.techrepublic.com reports that the public cloud market is expected to grow during the remainder of 2020. This year, the market for public cloud services is expected to increase by 6.3% according to a recent Gartner report. However, cloud deployment comes with its own set of risks and difficulties for enterprises. On Monday, Check Point, in partnership with Cybersecurity Insiders, released the annual 2020 Cloud Security Report. The key findings show that cloud migrations and deployments among organizations are racing ahead of their security teams’ abilities to defend them against attacks and breaches. Read more.

Growing Concern Over Ransomware Attacks Could Impact November Election

According to a recent article on www.startribune.com, federal authorities say one of the biggest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The FBI and Department of Homeland Security have issued advisories to local governments, including recommendations for preventing attacks. The fear is that ransomware attacks could affect voting systems directly, but even if an attack fails to disrupt elections, it could nonetheless negatively impact confidence in the vote. Read more.

New ISSA/ESG Study Reveals a Deepening of the Cybersecurity Skills Crisis

The fourth annual global study from the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) found a deepening of the cybersecurity skills crisis. Forty-five percent of respondents in the study stated that the cybersecurity skills shortage and its associated impacts have only gotten worse over the past few years. The top ramifications of the skills shortage for organizations (or cybersecurity teams) include an increasing workload, unfilled open job requisitions, and an inability to learn or use cybersecurity technologies to their full potential, putting organizations at significant risk. Why has nothing changed? Read more.

Cyber Connections News Roundup: May 5

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 5, 2020

Cybersecurity Positions Shift During Pandemic

A recent article on www.techtarget.com reports that cybersecurity job functions have changed and that cyber attacks are on the rise. According to the (ISC)2 COVID-19 Cybersecurity Pulse Survey, conducted in April, found that 81% of cybersecurity professionals said their job function has changed during the COVID-19 pandemic, while at the same time, 23% reported cyber attacks at their organizations have increased since transitioning to remote work. While 81% of respondents said their organizations view security as an essential function right now, 47% said they have been taken off some or all of their typical security duties to assist with other IT-related tasks. Read more.

NSA Provides Cybersecurity Guidance, Assessments for COVID-19 Telework

The National Security Agency (NSA) recently provided guidance to help organizations select and safely use collaboration services to support the increase in remote work during the COVID-19 pandemic, according to a recent article on https://healthitsecurity.com. The guide is designed to help organizations and the workforce to make more informed decisions about choosing collaborative technologies and associated risk exposure. The guide is aimed at government employees, but healthcare providers will be able to benefit from the resources as well, as many providers have shifted to tele-health solutions. Read more.

Burden of Zoom Security Falls Largely on Users

From “Zoombombing” to sharing user information with Facebook and leaking data to LinkedIn, a recent article on www.digitalprivacy.com highlights the flaws in the Zoom platform, which has taken off during the COVID-19 social distancing as millions are staying home for work and school, and points to users’ writing their own encryption as a major pitfall. Programmers in China, for example, wrote their own encryption code for the platform, using a security standard far more vulnerable than the widely accepted AES-256 encryption method approved by the U.S. government. The article quotes Michelle Hansen, a professor of cybersecurity at University of Maryland Global Campus, who maintained, “While Zoom has made significant improvements to secure their platform, the responsibility is at the user’s discretion.” She advised users to treat your meeting as your house. “Be a good host, manage your guest list and use settings to mitigate possible risks.” Read more.

Hackers Hit “Smart” Parking Meters

According to an article on https://statescoop.com, CivicSmart, a company that sells “smart” parking meters and technology used by parking-enforcement agencies, was recently the victim of a ransom ware attack that also exposed some of its internal files on a website maintained by the hackers responsible. The Milwaukee-based firm was hit last month with a form of ransom ware known alternatively as Sodinokibi or REvil. The incident, noticed in March by the Israeli security firm Under the Breach, suggested that attackers were preparing to publish as much as 159 gigabytes of data taken from CivicStart. Read more.

15% of Small Businesses Experienced a Cyber Threat in 2019

An article on www.securitymagazine.com, citing new information from The Manifest’s Data Safety for Small Businesses: 2020 Cybersecurity Statistics report, claims that nearly one-fifth of small businesses (15 percent) say they experienced either a hack (seven percent), virus (five percent), or data breach (three percent) in 2019. The Manifest surveyed 383 small business owners and managers to better understand the challenges they had with cybersecurity in 2019 and how they plan to approach cybersecurity in the future. The most popular strategies for small businesses are limiting employee access to data (46 percent) and encrypting data (44 percent). Read more.

Cyber Connections News Roundup: April 21

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 21, 2020

Key Democrats Push for Cybersecurity Funding in Next Covid-19 Relief Package

Four Democrats are urging House leadership to support additional cybersecurity funding for state and local governments in the next coronavirus relief package, according to a report on http://gcn.com. In an April 13 letter, House Homeland Security Committee Chair Bennie Thompson (D-Miss.), Cybersecurity and Infrastructure Protection Subcommittee Chair Cedric Richmond (D-La.) and Reps. Dutch Ruppersberger (D-Md.) and Derek Kilmer (D-Wash.) asked Congress for $400 million in cybersecurity grants to help state and local governments deal with escalating ransom ware, phishing and other cyber attacks during the coronavirus pandemic. Read more.

Staying Cybersafe During the Coronavirus Crisis

Faculty members from University of Maryland Global Campus School of Cybersecurity and Information Technology have offered their recommendations for staying safe during these uncertain times. Condensing their tips down to five essentials, they advise to: beware of scammers; check web addresses for authoritative sites; check and verify links to government agencies sent via email; check bank account statements frequently; beware of scam phone calls; and reach out to trusted friends and family when in doubt. Read more.

Will Virus Tracking Infringe on Privacy Rights?

According to an article on www.washingtonpost.com, experts are warning that increased surveillance programs used to track the Covid-19 virus may do long-term damage to U.S. privacy rights. Other nations, including South Korea and Israel, have used tracking data including cellphone location information and facial recognition tools to power their pandemic responses. But similar efforts in the United States could amount to a major erosion of civil liberties. Read more.

Accenture Makes Third Cybersecurity Acquisition of this Year

An article on www.accountingtoday.com reports that professional services firm Accenture has acquired Revolutionary Security for an undisclosed sum, making it the third cybersecurity purchase for the firm this year. Revolutionary Security provides cybersecurity services for critical infrastructure sectors, including financial services. The unforeseen consequence of the COVID-19 pandemic played a role in the Accenture’s decision to invest further in cybersecurity and Accenture’s desire to keep its clients safe from cyber threats. Read more.

Is the Internet Ready for Online Voting? Most Experts Say “No”

Internet technologies are set to play a critical role in the 2020 presidential election, but how? A recent article on www.cyberscoop.com explores to what extent the internet is ready for online voting. How each state chooses to conduct the 2020 election is now shaping up as a partisan battleground. House Speaker Rep. Nancy Pelosi, D-Calif., wants to invest in a “vote-by-mail” election in order to secure the integrity of the election. Many experts suggest that the alternative, online voting, would be too risky. Dan Guido, CEO of Trail of Bits, quoted in the article, believes that using a mobile phone to mark a ballot, for example, would mean “trusting every computer between you and the election official to correctly record your preference and there are any number of points at which remote marking of ballots could be interfered with.” Read more.

Cyber Connections News Roundup: April 7

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 7, 2020

Cybersecurity and the Coronavirus: Is there a Silver Lining?

In a recent opinion piece on www.stripes.com, Jesse Varsalone, associate professor of Computer Networks and Cybersecurity at University of Maryland Global Campus, asks whether today’s pandemic might offer us an opportunity to take steps toward a larger solution to the nation’s cybersecurity challenges. “We now know we must always be on the offensive to prepare for and protect against the next crisis,” he said. “Hospitals will plan for greater capacity. Schools at all levels — K-12 through university — now understand that they must be able to “go virtual” overnight so that learning is not disrupted. And companies will be ready for an increase in telework with security controls already in place.” Read more.

Spread of Coronavirus Raises Data Privacy Concerns

A recent article on www.fedscoop.com highlights the privacy concerns that the response to the coronavirus pandemic has raised. The outbreak has put tech and telecom companies in a position where they can disclose, without individuals’ consent, large amounts of data about them to the federal government. The Stored Communications Act, for example, includes emergency exceptions permitting companies’ release of personal data for government experimentation. The spread of the coronavirus could see data shared at an unprecedented scale. Read more.

More States to Expand Mobile Voting Against Cybersecurity Concerns

According to an article on www.washingtonpost.com, a number of states are planning to dramatically expand their use of mobile voting in response to the coronavirus pandemic – even as cybersecurity experts warn such systems are unproven and too vulnerable to hacking. West Virginia became the first to try statewide mobile voting for military and overseas voters in 2018 and has already announced it will expand to voters with disabilities during its upcoming primary June 9. Cybersecurity experts have warned that mobile voting lacks basic protections to ensure votes haven’t been manipulated by hackers. Read more.

Zoom Takes Front and Center During Move to Online Learning

Some school districts around the country have started to ban the use of Zoom for online learning from home during the coronavirus crisis because of growing concerns about security, according to a recent report on www.washingtonpost.com. But in addition to the widely reported security issues, the FBI has issued a warning to the public about the “hijacking” of online classrooms and teleconferences, according to an article on www.edscoop.com. “Zoombombing” doesn’t exploit software vulnerabilities in the Zoom platform, but instead takes advantage of faculty’s inexperience with the tool by taking control of calls using Zoom’s screen-sharing function. Read more.

Women Make Gains in Cybersecurity Workforce but Lag in Leadership Positions

An article on http://securityboulevard.com, citing the 2019 Women in Cybersecurity Study, reports that women now represent 24% of the total cybersecurity workforce, up from 11% in 2017. However, when it comes to holding leadership positions in cybersecurity, the number is significantly smaller, according to several female executives interviewed for the article. Lisa Plaggemier, chief strategist at MediaPRO, suggested, “It’s because we don’t raise our hands. We wait until we’re 100% ready to take a leadership role before we apply or make our desires known.” Read more.

Cyber Connections News Roundup: March 24

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 24, 2020

Bipartisan Committee Delivers Cybersecurity Roadmap

According to a recent report on www.securityboulevard.com, on March 11 the Cybersecurity Solarium Commission, a bipartisan committee, released a new U.S. strategy that outlines steps to reshape the U.S.’s approach to cybersecurity and prepare for resiliency and response before a major cyber incident occurs. The report focuses on action, featuring numerous recommendations addressing organizational, policy, and technical issues. A concluding appendix features draft bills that Congress can rapidly act upon to put these ideas into practice and make America more secure. Read more.

Cybersecurity Risks Increase as More Employees and Students Go Online

A recent article on www.theatlantavoice.com highlights how the dramatic expansion of teleworking by U.S. schools, businesses and government agencies in response to the Coronavirus is raising questions about the capacity and security of the tools many Americans use to connect to vital workplace systems and data. As citizens increasingly log on from home, they are melding their personal technology with professional tools at unprecedented scale. Employers, already concerned about capacity, must now also address the issue of people introducing new potential vulnerabilities into their routines. Read more.

Cybersecurity Experts Band Together to Protect Hospitals

According to an article on www.cyberscoop.com, a recent attack on a hospital inspired experts in the infosec community to get involved. After a cyber attack on a Czech hospital last week, cybersecurity professionals from companies in Israel, Europe and North America banded together in their spare time to send threat data to medical organizations to protect them from hackers trying to exploit the COVID-19 crisis. “If anyone is sick enough to use this global crisis to conduct cyber attacks, we need to try to stop them,” said Ohad Zaidenberg, an Israel-based cyber threat researcher. Zaidenberg assembled the ad-hoc group of around 70 malware hunters to gather data on COVID-19-related hacking. Read more.

Can AI Bridge the Cybersecurity Skills Gap?

A recent article on https://analyticsindiamag.com considers artificial intelligence can be the cure to our cybersecurity challenges, or will it make the skills gap even worse with the changing landscape? The 2019/2020 Official Annual Cybersecurity Jobs Report sponsored by Herjavec Group estimates that there will be 3.5 million unfilled cybersecurity jobs globally by the year 2021. AI could serve as an effective way to streamline the identification, analysis, investigation, and prioritization of security alerts. Through the use of AI and analytics techniques, businesses can also create supervised learning, graph analytics, and reasoning processes, along with leveraging the power of AI to automate the data-mining process. Read more.

HHS Adopts a “People Centric” Approach to Cybersecurity

According to a recent article on https://federalnewsnetwork.com, the National Institutes of Health is taking a “people-centric approach” to protecting one of the largest government bureaucracies. Through its Optimize IT Security effort, one of eight programs launched throughout Department of Health and Human Services to increase the efficiency and effectiveness of its operations, NIH aims to empower employees with the information they need to identify suspicious behavior, such as phishing emails, and make employees feel comfortable reporting these anomalous activities to cyber personnel. NIH has identified 13 different user groups across the enterprise with access its networks, and is tailoring cyber-awareness approaches to positions such as clinicians, researchers, scientists and emergency management personnel. Read more.