Cyber Connections News Roundup: October 20

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

October 20

Recent Barnes & Noble Breach Included Customers’ Personal Information

According to a report on www.securitymagazine.com, Barnes & Noble notified customers on Oct. 10 that it had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems and may have affected customers’ personal information. The company said that customers’ payment details had not been exposed, as it uses technology that encrypts all credit cards. The systems impacted did contain email addresses, as well as billing and shipping address, and telephone number if they were supplied by the users. Read more.

Investigators into Twitter Hack Call for Greater Security Regulation

A recent article on https:// techcrunch.com details how an investigation into this summer’s Twitter hack by the New York State Department of Financial Services (NYSDFS) concluded that the social media giant let itself “be duped by a simple social engineering technique.” The NYSDFS report called for greater security regulation for key social media platforms. In the report, the NYSDFS pointed out how quickly regulated cryptocurrency companies acted to prevent the Twitter hackers scamming even more people, arguing the biggest social media platforms have great societal power but no regulated responsibilities to protect users. Read more.

Why You Need to Know the Difference Between Cybersecurity and Cyber Resilience

It goes without saying that cyberattacks, making headlines with increased frequency, according to a recent article on www.forbes.com, can be devastating to companies large and small, causing service disruption, reputational damage and financial distress. bust the loss of personal data can also result in huge fines from regulators. This is why all companies need to invest in cybersecurity and cyber resilience. In a nutshell, cybersecurity describes a company’s ability to protect against and avoid the increasing threat from cyber crime. Meanwhile, cyber resilience refers to a company’s ability to mitigate damage (damage to systems, processes, and reputation), and carry on once systems or data have been compromised. Read more

Is Employee Cybersecurity Training Working?

The theme of this year’s Cybersecurity Awareness Month is “Do Your Part. Be Cyber Smart” to promote and encourage accountability at the personal and corporate level. However, according to a recent article on https://securityboulevard.com, although many organizations provide cybersecurity training/education, 43% of employees are not aware that clicking on a suspicious link or attachment in an email can introduce malware. The publication, citing the “2020 State of Privacy and Security Awareness Report” by Osterman Research and MediaPRO, offers additional statistics that demonstrate that quite often corporate training is not sinking in. Read more.

Financial Institutions Implement Cutting-Edge Technologies to Keep Customers Safe

Financial institutions average $100 billion in losses due to cyber crime each year with hackers targeting multiple access points to customers’ financial data, according to a recent article on https://securityboulevard.com. The publication offers a detailed overview of the technological advances  financial services companies are implementing to protect user data. On the cutting edge of this security are blockchain, triple-entry accounting, and tokenization systems. Blockchains, for example, invented for and popularized by cryptocurrencies like Bitcoin, are highly encrypted and decentralized networks of data. When it comes to financial security, blockchain brings some of the benefits of cryptocurrency to all transactions. Read more.

Cyber Connections News Roundup: August 25

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 25, 2020

Four COVID-era Cybersecurity Threats College and University CISOs Must Tackle

A recent article on https://universitybusiness.com boils the COVID-related cybersecurity threats down to four – phishing, theft of research a rise in the number of employees working remotely and cyber hygiene. The cybersecurity challenges colleges and universities face during the COVID pandemic are growing more in scale rather than in types of risks. Threats on campuses include an increase in phishing attacks, efforts to steal COVID research, and protecting a greater number of employees working remotely. Read more.

Is More Oversight Needed in Financial Sector for Cloud Computing and Cybersecurity

On Aug. 5, the Office of the Comptroller of the Currency (OCC) handed down a cease and desist order to Capital One for its “failure to establish effective risk assessment and management processes before migrating its information technology operations to a cloud operating environment,” according to a recent article on www.forbes.com. Although bank executives are more confident than ever that cybersecurity policies are being well executed, the fear is that they are being lulled into a false sense of security because they have yet to feel the cybersecurity impact of cloud computing. Read more.

Executive Order Bans Transactions with TikTok, WeChat Parent Companies

President Trump issued two executive orders on Aug. 6 that will ban transactions with Chinese tech companies ByteDance and Tencent as of Sept. 20, according to a report on www.cyberscoop.com. The two companies own the widely popular applications TikTok (owned by ByteDance) and WeChat (owned by Tencent), both of which have been characterized as national security threats. The action against TikTok comes as Microsoft is in talks to purchase the service. Read more.

Scammers Are Using Fake COVID-19 News to Defraud Victims

According to a report on www.cyberscoop.com, scammers are relying on false news articles about the COVID-19 pandemic in an attempt to trick readers into signing up for fake cures. A network of content farm websites are masquerading as legitimate news sites as part of an attempt to scam Americans, according to research published Wednesday by RiskIQ. The company’s research found that several of the advertisements loaded on these fake news sites led to subscription traps. Read more.

Cybersecurity Spending to Reach $123B in 2020

According to a new Gartner study, as reported on www.forbes.com, enterprise spending on cybersecurity continues to grow. While Gartner predicts IT spending will decline by 8% this year, security and risk management (cybersecurity) is predicted to grow 2.4%, down from a projected growth rate of 8.7% earlier this year. Spending on cloud security is predicted to increase by 33% becoming a $585M market this year. Security services are forecast to drive $64.2B in worldwide revenue this year comprising 51.9% of the total market. And data security will grow by 7.2% becoming a $2.8B market this year. Read more.

Cyber Connections News Roundup: August 11

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 11, 2020

UMGC Scholars Offer Keys to Safe School Opening and Course Delivery

The three students recently awarded scholarships by the Center for Security Studies (CSS) at University of Maryland Global Campus (UMGC) through the Department of Defense (DoD) Cybersecurity Scholarship Program have been giving much thought to the novel coronavirus’s impact on schools and how best to provide a quality education through mainly digital means. CSS scholars Olubusayo Ladelokum, Jalynn Middleton and Michael Tillini, who are focusing their academic and professional pursuits on the intersection of digital technology and cybersecurity, said the ongoing public health crisis has exposed some critical concerns about our go-to systems for distance communication and information sharing. For schools to successfully deliver educational material and instruction, they must address three key concerns—communication, security and access. Read more.

Have We Arrived at a Misinformation Tipping Point?

Misinformation, which has existed for centuries, has emerged as a major theme of the current moment, according to a recent article on www.cyberscoop.com. As Americans contend with fallout from the coronavirus pandemic and growing suspicion in societal institutions, false narratives, conspiracy theories, propaganda and the intentional spread of deceptive material have become attached to essentially every major news story, especially ones that focus on our elections. Thirty-five percent of Americans said they believe that misleading information is the biggest threat to election security, more than voter fraud, voter suppression and foreign interference, according to a January NPR/PBS/Marist poll. Meanwhile, 59% of Americans said they were “not confident” in the honesty of U.S. elections, according to a 2019 Gallup poll. Read more.

New Check Point Study Shows that Cybersecurity Lags Behind Cloud Migration

A recent article on www.techrepublic.com reports that the public cloud market is expected to grow during the remainder of 2020. This year, the market for public cloud services is expected to increase by 6.3% according to a recent Gartner report. However, cloud deployment comes with its own set of risks and difficulties for enterprises. On Monday, Check Point, in partnership with Cybersecurity Insiders, released the annual 2020 Cloud Security Report. The key findings show that cloud migrations and deployments among organizations are racing ahead of their security teams’ abilities to defend them against attacks and breaches. Read more.

Growing Concern Over Ransomware Attacks Could Impact November Election

According to a recent article on www.startribune.com, federal authorities say one of the biggest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The FBI and Department of Homeland Security have issued advisories to local governments, including recommendations for preventing attacks. The fear is that ransomware attacks could affect voting systems directly, but even if an attack fails to disrupt elections, it could nonetheless negatively impact confidence in the vote. Read more.

New ISSA/ESG Study Reveals a Deepening of the Cybersecurity Skills Crisis

The fourth annual global study from the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) found a deepening of the cybersecurity skills crisis. Forty-five percent of respondents in the study stated that the cybersecurity skills shortage and its associated impacts have only gotten worse over the past few years. The top ramifications of the skills shortage for organizations (or cybersecurity teams) include an increasing workload, unfilled open job requisitions, and an inability to learn or use cybersecurity technologies to their full potential, putting organizations at significant risk. Why has nothing changed? Read more.

Cyber Connections News Roundup: July 28

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 28, 2020

What Does a Reinvention of Cybersecurity Look Like?

According to a recent article on https://techcrunch.com, organizations are spending more money on cybersecurity and feeling less secure, and that was before the COVID-19 pandemic required our workforce to become more mobile and distributed. As a result, organizations must adopt a platform approach to scaling and delivering cybersecurity that looks at security holistically, from the data center to the edge to multiple clouds. Read more.

With the Ushering in of 5G Technology Comes New Cybersecurity Concerns

5G technology opens the door to progress in cloud-native networks and creates opportunities for new commercial services that leverage artificial intelligence and data warehouse accessibility, according to an article on https://securityboulevard.com. But ushering in 5G technology is open to several cybersecurity concerns. The major downside is two-fold: a diminished presence of choke points and a growing number of entry points, specifically related to the proliferation of devices connected to the Internet of Things (IoT). Read more.

Garmin Hit By Ransomware Attack

According to a recent report on www.techcrunch.com, an ongoing global outage at sport and fitness tech giant Garmin was caused by a ransomware attack. The incident began late Wednesday, July 22, and continued through the weekend, causing a disruption to the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices. The attack also took down flyGarmin, the company’s aviation navigation and route-planning service. Two sources, who spoke on the condition of anonymity, told TechCrunch that Garmin was trying to bring its network back online after the ransomware attack. Read more.

Russian Government Hackers Targeting Coronavirus Vaccine Research

A recent article on www.cyberscoop.com examines Russia’s attempt to breach corona virus research programs in the U.S., U.K. and Canada. According to the U.K.’s National Cyber Security Centre (NCSC), the hacking is aimed predominantly at “government, diplomatic, think-tank, healthcare and energy targets.” The Cyberscoop article also delves into the “why?” According to the article, state-backed hackers worldwide are interested in targeting research on coronavirus-related vaccines and treatments because the first lab to produce a vaccine will have a success story to use as a geopolitical advantage. Read more.

Colorado Sen. Gardner Urges Action on Cyber Threats from Russia and China

According to a press release on his official website as well as a report on www.coloradopolitics.com, U.S. Sen. Cory Gardner (R-CO), on July 24, called for immediate action to protect U.S. cybersecurity infrastructure from Russia and China, particularly as it relates to the COVID-19 pandemic. Gardner is chairman of the Senate Foreign Relations Subcommittee on East Asia, the Pacific and International Cybersecurity Policy. He directed his pleas to FBI Director Chris Wray and Chris Krebs, the director of the Cybersecurity and Infrastructure Security Agency, citing the U.K’s National Cyber Security Centre (NCSC) report outlining Russian interference in COVID-19 vaccine development. Read more.

 

Cyber Connections News Roundup: July 14

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 14, 2020

Google Takes Bans Spyware Technology that Promotes Domestic Violence

According to a recent report on www.cyberscoop.com, Google will no longer allow advertisements or marketing in its network that promote spyware and surveillance technology used for intimate partner surveillance. More commonly known as stalkerware, these applications can facilitate and exacerbate domestic violence, monitoring a target’s texts, phone calls, browsing history, geolocation and social media history. The policy update intends to bar advertisements or marketing in Google’s ad network that perpetuates this kind of surveillance without targets’ consent. Read more.

Most Organizations Fall Victim to Public Cloud Cybersecurity Incidents According to Sophos Report

According to a new market research report from British security software and hardware provider, Sophos, 70% of organizations hosting data or workloads in the public cloud experienced a security incident in the last year with multi-cloud organizations reporting up to twice as many incidents as single platform adopters. Specifically, the company’s research found that 70% of organizations reported they were hit by malware, ransom ware, data theft, account compromise attempts, or crypto-jacking in the last year. Research, based on interviews with 3,521 IT managers hosting data and workloads in the public cloud, also found that data loss/leakage is the number one concern for organizations. Read more.

Most Employees Take Responsibility for Cybersecurity But Fall Short on Following Best Practices

The security firm Trend Micro, in a recent survey of more than 13,000 remote workers across 27 countries, found that most employees claim awareness of cybersecurity best practices but still fall short on abiding by them. According to a recent article on www.techrepublic.com, the findings of the survey highlighted a disconnect between employees being more aware of risks and them putting this knowledge into practice. For example, 72% of respondents claimed to have gained better cybersecurity awareness during the pandemic, with 81% agreeing that workplace cybersecurity falls partly on their shoulders. However, 56% of employees admitted to using a non-work application on a work device, with 66% admitting to uploading corporate data to that application. Read more.

Brazil Becomes Hot Bed for Cyber Crime

As deaths from COVID-19 surge in Brazil, so to are cyber crimes. Cyber criminals have set up new infrastructure to scam people who are desperate for relief, according to a recent article on http://www.cyberscoop.com. IBM has uncovered nearly 700 malicious websites related to COVID-19, the disease caused by the virus, in recent months. The criminals are impersonating government apps used to sign up for financial relief and sending people a flurry of text and email messages asking them to hand over their data. Read more.

U.S. Must Prepare for Adversaries to Take Advantage of Voting Challenges in a COVID-19 World

A recent commentary on www.baltimoresun.com warns that the cyber threats to voting systems may in fact elevate as adversaries see an opportunity to disrupt systems during the COVID-19 crisis. In addition to keeping poll workers and voters safe from viral transmission, there is a second major risk, according the article: how to keep the election itself secure from cyber threats. As states rush equip precincts with high-speed optical ballot scanners and distribute vote-by-mail request forms, election officials must continue to safeguard their IT infrastructure, including voter registration databases, electronic poll books used to check in voters, and websites publishing vital information about changes to voting processes. Read more.

Cyber Connections News Roundup: June 16

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 16, 2020

New Verizon Report Stresses Endpoint Security

A recent analysis of Verizon’s 2020 Data Breach Investigations Report (DBIR) on www.forbes.com makes the case that if organizations had more autonomous endpoints, many of the most costly breaches could be averted. The report, based on an analysis of 157,525 incidents, of which 3,950 were confirmed data breaches, establishes that organized crime-funded cybercriminals are relentless in searching out unprotected endpoints and exploiting them for financial gain. Read more.

Recent Senate Bill to Allow National Guard to Work Across State Lines on Cybersecurity

A Senate bill introduced on Friday, June 12 aims to create a pilot program in which National Guard units would be allowed to help respond remotely to cyber attacks that occur outside their home states, according to a recent article on https://statescoop.com. Introduced by Sen. Gary Peters, the ranking Democrat on the Senate Homeland Security and Governmental Affairs Committee, the National Guard Cyber Interoperability Act of 2020 would permit the secretaries of the Army and the Air Force to launch a pilot program in which one state’s National Guard could assist one of its counterparts with cybersecurity training and incident response. Read more.

Zoom to Use Google Security Service to Protect Users

According to a report on www.crn.com, Zoom Video Communications is in talks with Google’s cloud division to use one of its cybersecurity services as another layer of protection for its 300 million daily meeting participants. The article states that Zoom plans to use the Google security service to alerts users to the dangers of clicking on links associated with malicious websites. Zoom could use the Google service to flag links to websites that scammers send to users through Zoom’s chat function if the two companies reach a deal, the report said, citing two people with direct knowledge of the matter. As more users have flocked to Zoom this year, data privacy concerns around the easy-to-use, cloud-based platform have grown. As a result, Zoom has embarked on a 90-day security enhancement plan to boost the security of its offerings. Read more.

Healthcare and Cybersecurity Can Learn from Each Other

An article on www.forbes.com suggests that healthcare and cybersecurity, both aimed at keeping people safe and lowering the risk of infection, can learn from each other. Both are tasked with fighting viruses and getting to the root of the problem. Critical for both industries is an emphasis on accurate diagnostics. The article goes on to focus on three preventative measures common to both cybersecurity and healthcare: using proper diagnostic tools; adopting a risk-based approach to analyzing which data or systems are the most vulnerable and/or likely to come under attack; and performing a kill chain analysis, a post mortem to figure out what went wrong and, in the case of a hacker, determine how it entered the system. Read more.

Beware of Contract Tracing Apps Posing as Malware

According to a recent report on www.cyberscoop.com, twelve applications posing as coronavirus contact tracing apps available outside mainstream marketplaces are designed to steal personal and financial information from unwitting Android users. Apps meant to impersonate official government tracing apps from countries including Italy, Russia and Singapore trigger malicious software capable of collecting a range of data from user’s devices, yet another example of hackers exploiting the global pandemic to steal information from users who believed they were downloading an app designed to measure the prevalence of COVID-19 in their community. Read more.

Cyber Connections News Roundup: May 19

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 19, 2020

COVID-19 Increases Cybersecurity Challenges for Hospitals

A recent interview on www.securityboulevard.com with Jonathan Langer, CEO of Medigate, a provider of security for medical devices, sheds new light on the cybersecurity risks that healthcare organizations are facing as a result of the COVID-19 pandemic. Hospitals are adding dozens or even hundreds of new devices to their networks to meet the needs of increased patient care. Many also are operating field hospitals and testing sites on top of their existing environments. For example, the Cleveland Clinic saw more than 60,000 tele-medicine visits in March alone, an increase of more than 1,700% over its average. The addition of new networks, wireless access points, devices and tele-medicine capabilities brings new risks, according to Langer.  Read more.

Companies Can Employ Chatbots to Mitigate Cybersecurity Risks During Rise in Remote Working

“Chatbots,” the ubiquitous virtual agents used to field customer questions, may now help address many work-from-home cybersecurity challenges such as secure end-to-end encryption and user authentication, according to an article on www.securityintelligence.com. The same chatbots used to answer customer questions can be used to help employees connect with security professionals to resolve issues, and also allow security teams to track logins and user activity, manage user authorization, and engage employees in security awareness training, among other tasks. Read more.

U.S. Accuses Chinese Hackers of Trying to Steal Coronavirus Research

According to a recent report on www.cyberscoop.com, the Department of Homeland Security and the FBI accused hackers linked with the Chinese government of attempting to steal U.S. research into a coronavirus vaccine. According to a statement from the DHS, “the FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by PRC-affiliated cyber actors and non-traditional collectors.” The statement goes on to say that these actors have tried to obtain public health data related to vaccines, treatments, and testing. The DHS has urged medical research organizations to be vigilant and report suspicious cyber activity. Read more.

Texas Courts Hit with Ransomware Attack

The Texas judicial system, according to a recent article on www.statescoop.com, was forced on May 15 to take some of its servers and websites offline last week after being targeted by a ransomware attack. The Texas Office of Court Administration, which provides IT services to state courts, didn’t specify what kind of ransomware was used to target the judicial servers, but reported that the ransomware was “caught” and that no ransom would be paid. Friday’s ransomware attack was the latest that Texas’ state and local agencies have faced over the past year. Last August, 23 cities and towns were simultaneously hit by a ransomware attack through a common managed service provider. Read more.

COVID-19 Puts Election Security at Risk

Russian hackers could target election officials working from home, according to an article on www.washingtonpost.com. Some possible scenarios include: spreading rumors about coronavirus outbreaks at polling sites to deter people from showing up on Election Day or launching disinformation campaigns claiming elections have been delayed or canceled entirely because of the virus. These are two scenarios that the University of Southern California’s Election Security Initiative is tackling as it races to conduct virtual training programs for campaign and election officials across all 50 states before November. The bottom line, according to the article, is that every aspect of securing elections is now far harder during the pandemic. Read more.

Cyber Connections News Roundup: May 5

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 5, 2020

Cybersecurity Positions Shift During Pandemic

A recent article on www.techtarget.com reports that cybersecurity job functions have changed and that cyber attacks are on the rise. According to the (ISC)2 COVID-19 Cybersecurity Pulse Survey, conducted in April, found that 81% of cybersecurity professionals said their job function has changed during the COVID-19 pandemic, while at the same time, 23% reported cyber attacks at their organizations have increased since transitioning to remote work. While 81% of respondents said their organizations view security as an essential function right now, 47% said they have been taken off some or all of their typical security duties to assist with other IT-related tasks. Read more.

NSA Provides Cybersecurity Guidance, Assessments for COVID-19 Telework

The National Security Agency (NSA) recently provided guidance to help organizations select and safely use collaboration services to support the increase in remote work during the COVID-19 pandemic, according to a recent article on https://healthitsecurity.com. The guide is designed to help organizations and the workforce to make more informed decisions about choosing collaborative technologies and associated risk exposure. The guide is aimed at government employees, but healthcare providers will be able to benefit from the resources as well, as many providers have shifted to tele-health solutions. Read more.

Burden of Zoom Security Falls Largely on Users

From “Zoombombing” to sharing user information with Facebook and leaking data to LinkedIn, a recent article on www.digitalprivacy.com highlights the flaws in the Zoom platform, which has taken off during the COVID-19 social distancing as millions are staying home for work and school, and points to users’ writing their own encryption as a major pitfall. Programmers in China, for example, wrote their own encryption code for the platform, using a security standard far more vulnerable than the widely accepted AES-256 encryption method approved by the U.S. government. The article quotes Michelle Hansen, a professor of cybersecurity at University of Maryland Global Campus, who maintained, “While Zoom has made significant improvements to secure their platform, the responsibility is at the user’s discretion.” She advised users to treat your meeting as your house. “Be a good host, manage your guest list and use settings to mitigate possible risks.” Read more.

Hackers Hit “Smart” Parking Meters

According to an article on https://statescoop.com, CivicSmart, a company that sells “smart” parking meters and technology used by parking-enforcement agencies, was recently the victim of a ransom ware attack that also exposed some of its internal files on a website maintained by the hackers responsible. The Milwaukee-based firm was hit last month with a form of ransom ware known alternatively as Sodinokibi or REvil. The incident, noticed in March by the Israeli security firm Under the Breach, suggested that attackers were preparing to publish as much as 159 gigabytes of data taken from CivicStart. Read more.

15% of Small Businesses Experienced a Cyber Threat in 2019

An article on www.securitymagazine.com, citing new information from The Manifest’s Data Safety for Small Businesses: 2020 Cybersecurity Statistics report, claims that nearly one-fifth of small businesses (15 percent) say they experienced either a hack (seven percent), virus (five percent), or data breach (three percent) in 2019. The Manifest surveyed 383 small business owners and managers to better understand the challenges they had with cybersecurity in 2019 and how they plan to approach cybersecurity in the future. The most popular strategies for small businesses are limiting employee access to data (46 percent) and encrypting data (44 percent). Read more.

Cyber Connections News Roundup: April 21

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 21, 2020

Key Democrats Push for Cybersecurity Funding in Next Covid-19 Relief Package

Four Democrats are urging House leadership to support additional cybersecurity funding for state and local governments in the next coronavirus relief package, according to a report on http://gcn.com. In an April 13 letter, House Homeland Security Committee Chair Bennie Thompson (D-Miss.), Cybersecurity and Infrastructure Protection Subcommittee Chair Cedric Richmond (D-La.) and Reps. Dutch Ruppersberger (D-Md.) and Derek Kilmer (D-Wash.) asked Congress for $400 million in cybersecurity grants to help state and local governments deal with escalating ransom ware, phishing and other cyber attacks during the coronavirus pandemic. Read more.

Staying Cybersafe During the Coronavirus Crisis

Faculty members from University of Maryland Global Campus School of Cybersecurity and Information Technology have offered their recommendations for staying safe during these uncertain times. Condensing their tips down to five essentials, they advise to: beware of scammers; check web addresses for authoritative sites; check and verify links to government agencies sent via email; check bank account statements frequently; beware of scam phone calls; and reach out to trusted friends and family when in doubt. Read more.

Will Virus Tracking Infringe on Privacy Rights?

According to an article on www.washingtonpost.com, experts are warning that increased surveillance programs used to track the Covid-19 virus may do long-term damage to U.S. privacy rights. Other nations, including South Korea and Israel, have used tracking data including cellphone location information and facial recognition tools to power their pandemic responses. But similar efforts in the United States could amount to a major erosion of civil liberties. Read more.

Accenture Makes Third Cybersecurity Acquisition of this Year

An article on www.accountingtoday.com reports that professional services firm Accenture has acquired Revolutionary Security for an undisclosed sum, making it the third cybersecurity purchase for the firm this year. Revolutionary Security provides cybersecurity services for critical infrastructure sectors, including financial services. The unforeseen consequence of the COVID-19 pandemic played a role in the Accenture’s decision to invest further in cybersecurity and Accenture’s desire to keep its clients safe from cyber threats. Read more.

Is the Internet Ready for Online Voting? Most Experts Say “No”

Internet technologies are set to play a critical role in the 2020 presidential election, but how? A recent article on www.cyberscoop.com explores to what extent the internet is ready for online voting. How each state chooses to conduct the 2020 election is now shaping up as a partisan battleground. House Speaker Rep. Nancy Pelosi, D-Calif., wants to invest in a “vote-by-mail” election in order to secure the integrity of the election. Many experts suggest that the alternative, online voting, would be too risky. Dan Guido, CEO of Trail of Bits, quoted in the article, believes that using a mobile phone to mark a ballot, for example, would mean “trusting every computer between you and the election official to correctly record your preference and there are any number of points at which remote marking of ballots could be interfered with.” Read more.

Cyber Connections News Roundup: April 7

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 7, 2020

Cybersecurity and the Coronavirus: Is there a Silver Lining?

In a recent opinion piece on www.stripes.com, Jesse Varsalone, associate professor of Computer Networks and Cybersecurity at University of Maryland Global Campus, asks whether today’s pandemic might offer us an opportunity to take steps toward a larger solution to the nation’s cybersecurity challenges. “We now know we must always be on the offensive to prepare for and protect against the next crisis,” he said. “Hospitals will plan for greater capacity. Schools at all levels — K-12 through university — now understand that they must be able to “go virtual” overnight so that learning is not disrupted. And companies will be ready for an increase in telework with security controls already in place.” Read more.

Spread of Coronavirus Raises Data Privacy Concerns

A recent article on www.fedscoop.com highlights the privacy concerns that the response to the coronavirus pandemic has raised. The outbreak has put tech and telecom companies in a position where they can disclose, without individuals’ consent, large amounts of data about them to the federal government. The Stored Communications Act, for example, includes emergency exceptions permitting companies’ release of personal data for government experimentation. The spread of the coronavirus could see data shared at an unprecedented scale. Read more.

More States to Expand Mobile Voting Against Cybersecurity Concerns

According to an article on www.washingtonpost.com, a number of states are planning to dramatically expand their use of mobile voting in response to the coronavirus pandemic – even as cybersecurity experts warn such systems are unproven and too vulnerable to hacking. West Virginia became the first to try statewide mobile voting for military and overseas voters in 2018 and has already announced it will expand to voters with disabilities during its upcoming primary June 9. Cybersecurity experts have warned that mobile voting lacks basic protections to ensure votes haven’t been manipulated by hackers. Read more.

Zoom Takes Front and Center During Move to Online Learning

Some school districts around the country have started to ban the use of Zoom for online learning from home during the coronavirus crisis because of growing concerns about security, according to a recent report on www.washingtonpost.com. But in addition to the widely reported security issues, the FBI has issued a warning to the public about the “hijacking” of online classrooms and teleconferences, according to an article on www.edscoop.com. “Zoombombing” doesn’t exploit software vulnerabilities in the Zoom platform, but instead takes advantage of faculty’s inexperience with the tool by taking control of calls using Zoom’s screen-sharing function. Read more.

Women Make Gains in Cybersecurity Workforce but Lag in Leadership Positions

An article on http://securityboulevard.com, citing the 2019 Women in Cybersecurity Study, reports that women now represent 24% of the total cybersecurity workforce, up from 11% in 2017. However, when it comes to holding leadership positions in cybersecurity, the number is significantly smaller, according to several female executives interviewed for the article. Lisa Plaggemier, chief strategist at MediaPRO, suggested, “It’s because we don’t raise our hands. We wait until we’re 100% ready to take a leadership role before we apply or make our desires known.” Read more.