Cyber Connections News Roundup: March 24

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 24, 2020

Bipartisan Committee Delivers Cybersecurity Roadmap

According to a recent report on, on March 11 the Cybersecurity Solarium Commission, a bipartisan committee, released a new U.S. strategy that outlines steps to reshape the U.S.’s approach to cybersecurity and prepare for resiliency and response before a major cyber incident occurs. The report focuses on action, featuring numerous recommendations addressing organizational, policy, and technical issues. A concluding appendix features draft bills that Congress can rapidly act upon to put these ideas into practice and make America more secure. Read more.

Cybersecurity Risks Increase as More Employees and Students Go Online

A recent article on highlights how the dramatic expansion of teleworking by U.S. schools, businesses and government agencies in response to the Coronavirus is raising questions about the capacity and security of the tools many Americans use to connect to vital workplace systems and data. As citizens increasingly log on from home, they are melding their personal technology with professional tools at unprecedented scale. Employers, already concerned about capacity, must now also address the issue of people introducing new potential vulnerabilities into their routines. Read more.

Cybersecurity Experts Band Together to Protect Hospitals

According to an article on, a recent attack on a hospital inspired experts in the infosec community to get involved. After a cyber attack on a Czech hospital last week, cybersecurity professionals from companies in Israel, Europe and North America banded together in their spare time to send threat data to medical organizations to protect them from hackers trying to exploit the COVID-19 crisis. “If anyone is sick enough to use this global crisis to conduct cyber attacks, we need to try to stop them,” said Ohad Zaidenberg, an Israel-based cyber threat researcher. Zaidenberg assembled the ad-hoc group of around 70 malware hunters to gather data on COVID-19-related hacking. Read more.

Can AI Bridge the Cybersecurity Skills Gap?

A recent article on considers artificial intelligence can be the cure to our cybersecurity challenges, or will it make the skills gap even worse with the changing landscape? The 2019/2020 Official Annual Cybersecurity Jobs Report sponsored by Herjavec Group estimates that there will be 3.5 million unfilled cybersecurity jobs globally by the year 2021. AI could serve as an effective way to streamline the identification, analysis, investigation, and prioritization of security alerts. Through the use of AI and analytics techniques, businesses can also create supervised learning, graph analytics, and reasoning processes, along with leveraging the power of AI to automate the data-mining process. Read more.

HHS Adopts a “People Centric” Approach to Cybersecurity

According to a recent article on, the National Institutes of Health is taking a “people-centric approach” to protecting one of the largest government bureaucracies. Through its Optimize IT Security effort, one of eight programs launched throughout Department of Health and Human Services to increase the efficiency and effectiveness of its operations, NIH aims to empower employees with the information they need to identify suspicious behavior, such as phishing emails, and make employees feel comfortable reporting these anomalous activities to cyber personnel. NIH has identified 13 different user groups across the enterprise with access its networks, and is tailoring cyber-awareness approaches to positions such as clinicians, researchers, scientists and emergency management personnel. Read more.

Cyber Connections News Roundup: Feb. 25

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 25, 2020

Data Science Tools Are Helping Cybersecurity Teams Identify Threat Patterns

A recent article on offers insight into the trend of using data science tools to help security operation centers (SOCs) identify attack patterns and increase the chances of detecting threats. The trend is driven by the increase of cheap computing power afforded by the cloud, and the need for more sophisticated defenses against breaches. SOCs are using data science tools to enhance the speed and accuracy with which companies can identify threat patterns and where they lie. Read more.

Recent Ransomware Attack on Natural Gas Facility Serves as Warning to Industrial Companies

An article on reports that the Department of Homeland Security’s cybersecurity agency recently responded to a ransomware attack on a natural gas compression facility that led the organization to shut down its operations for two days. Hackers were able to encrypt data on the unnamed facility’s IT and “operational technology” network, a broad term for a network that oversees industrial processes. As a result, the facility shut down its various assets, including its pipelines, for two days, because it was longer able to read data coming from across its enterprise. Read more.

Accenture’s Upstream Oil and Gas Digital Trends Survey Results Demonstrate Emphasis on Cybersecurity

In related news, the oil and gas sector is investing aggressively in cybersecurity in an effort to protect assets and reputations, according to the recently released results of Accenture’s 2019 Upstream Oil and Gas Digital Trends Survey. In the global survey of 255 industry professionals, cybersecurity emerged as companies’ top investment focus, and the technology driving the greatest impact on business performance. The survey was conducted in early 2019 but the results were only published this month. “As oil companies’ operations come under increasing threat, cyber resilience becomes more important to stakeholders, consumers and government,” said Rich Holsman, a managing director at Accenture who leads the digital practice in the company’s Resources operating group. Read more.

Will the 2020 Census Be the Next Big Target for Hackers?

An article on details how lawmakers are growing concerned about hacking dangers targeting the 2020 Census after a watchdog detailed a number of cybersecurity challenges that should have been addresses already. A report released by the Government Accountability Office warns that the hacking danger could be compounded by social media misinformation spread by U.S. adversaries or pranksters falsely claiming that census data is corrupted or the count is rigged. Read more.

Tripwire Survey Sheds Light What Companies Are Doing to Bridge the Cybersecurity Skills Gap

Cybersecurity firm Tripwire recently announced the results a survey that examined how organizations and security pros are experiencing skills gap issues. The survey findings, based on the responses from 342 security professionals, revealed that 83 percent of respondents feel more overworked going into 2020 than they were in 2019. Moreover, according to the survey, 85 percent of respondents acknowledged that it became more difficult over the past few years to hire skilled cybersecurity professionals. Around 46 percent stated that they plan to use more managed services in 2020, and more than 50 percent of respondents said they will invest more cybersecurity training for their staff. Read more.

Cyber Connections News Roundup: Feb. 11

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 11, 2020

Iowa Caucuses Fall Victim to Faulty App

A recent article on laid out the issues involved in the coding error an app used to count vote totals in the Democratic caucuses in Iowa delayed the release of final tallies. Although the data collected by the app was sound, it was reporting only a portion of that data to party headquarters due a coding issue with its reporting system, the party explained in a statement. As it turned out, the app, developed by Shadow, a company that builds political tools and platforms, was reporting only a portion of data to party headquarters due to the coding issue. It appears that the app was rushed to market without adequate testing. Bruce deGrazia, program chair for cybersecurity management and policy at the University of Maryland Global Campus in Adelphi, Maryland, quoted in the article, said, “It was tested for two months. It should have been tested for far longer than that.” He added, “You don’t bring something like this out in the middle of an election cycle.” Read more.

Pentagon Rolls Out New Cybersecurity Standards

The U.S. Department of Defense (DoD) recently published a new set of cybersecurity standards, known as the Cybersecurity Maturity Model Certification (CMMC) version 1.0, according to a recent article on The new standards will require defense companies to adhere to a set of rules and mandates in order to do business with the DoD. The CMMC standards specify five different cybersecurity levels ranging from basic cyber hygiene requirements to detailed lists of security controls. Read more.

CISA Lacks Election Security Readiness, According to GAO Report

A recent article on sounds the alarm on election security, notably that the Cybersecurity and Infrastructure Security Agency (CISA), which provides state and local election officials with federal assistance, education and information sharing about how to safeguard U.S. voting infrastructure from possible interference has not created a clear plan to respond to possible Election Day security incidents. According to a recent Government Accountability Office (GAO) report, despite three years of work meant to improve security, CISA still is not well positioned to execute a nationwide strategy for securing election infrastructure prior to the start of the 2020 election cycle. Read more.

Cyber Criminals Are Taking Advantage of the Coronavirus to Spread Malware

A recent article on reports that cyber criminals are taking advantage of the coronavirus outbreak, and using it to spread malware. According to a new report by IBM X-Force Exchange, the practice of leveraging worldwide events by basing malicious emails on current important topics is common among cyber criminals. X-Force discovered the first campaign of this type, in which the outbreak of a biological virus is used as a means to distribute a computer virus. The emails appear to be sent by a disability welfare service provider in Japan, says IBM. The text briefly states that there have been reports of coronavirus patients in the Gifu prefecture in Japan and urges the reader to view the attached document. Read more.

Insider Threats Costing Companies Over $11 Million Annually

Proofpoint, Inc., a cybersecurity and compliance company, recently released Cost of Insider Threats 2020 Global Report, which identifies the costs and trends associated with negligent, compromised, and malicious insiders. The study found that, on average, impacted organizations spent $11.45 million annually on overall insider threat remediation and took 77 days to contain each incident. The report, commissioned with The Ponemon Institute and co-sponsored by IBM, surveyed nearly 1,000 IT and IT security practitioners across North America, Europe, Middle East, Africa, and Asia-Pacific. Read more.


Cyber Connections News Roundup: Jan. 28

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 28, 2020

Measuring Artificial Intelligence-Based Cybersecurity Readiness

A recent article on offers a look at how enterprises today can measure their readiness for adoption and implementation of artificial intelligence-based cybersecurity solutions. Because AI in the area of cybersecurity is relatively new, many organizations are hesitant to adopt it for their enterprises. As AI-based cybersecurity begins to pay dividends for some, it is wise to understand some parameters that can help gauge whether or not to make the leap into adoption. Read more.

Three Arrested in Indonesia for Magecart Attack

According to a report on, police in Indonesia have arrested three men accused of inserting malicious code into e-commerce websites to steal shoppers’ payment data, an emerging hacking technique known as a Magecart-style attack. Interpol announced on Jan. 27 it coordinated a law enforcement operation that identified hundreds of websites that had been infected with malicious software used to collect customers’ financial data and personal details. The Magecart attack relies on a malicious tool that attacks the JavaScript programming language, the digital equivalent of a “smash-and-grab robbery.” Read more.

A Rise in Crypto Wars Predicted at Word Economic Forum

A blog post on, as part of the World Economic Forum’s annual meeting, predicts that more data will be created and collected than ever before, making policy attempts to protect this data more urgent. Data borders will continue to be drawn. As a result, crypto wars will proliferate as tech companies increasingly find it difficult to resist government calls for back doors to their systems. Moreover, as internet users increase in emerging economies the same challenges of disinformation and cyber attacks experienced in more cyber-advanced countries will occur, the article predicts. Read more.

Bezos Hack Signals Rise in Commercial Tools

An article on offers the Saudi hacking campaign (thought to have been orchestrated by the Saudi Crown Prince Mohammed bin Salman in 2018) compromised the cellphone of Amazon founder and Washington Post owner Jeff Bezos as an example of how even someone of Bezos’s stature can be hacked with off-the-shelf tools. The escalation in the way nations use commercial hacking tools is fueling calls from officials and experts to ban the international sale of spyware, according to the article. Read more.

Senate Bill Would Require State Cybersecurity Coordinators

According to a recent article on, bipartisan legislation introduced in the Senate on January 17 would create a federal program to bolster response to cyber attacks in states by installing cybersecurity coordinators. Under the Cybersecurity State Coordinator Act, sponsored by Sens. Maggie Hassan, D-N.H., Gary Peters, D-Mich., John Cornyn, R-Texas and Rob Portman, R-Ohio, the program would fall under the umbrella of the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and would facilitate threat information-sharing as well as boost coordination between state and federal governments. Read more.

2020 Cybersecurity Threats & Detection: An Interview with Two UMGC Cybersecurity Faculty Experts

As we enter the second decade of the 21st century, we enter a world that is more connected than ever before, and developments in technology are progressing faster than our ability to secure them. Michelle Hansen and Valorie King of the School of Cybersecurity and Information Technology at University of Maryland Global Campus offer their insights into the current threat landscape and what cybersecurity professionals need to do to defend against aggressive attacks.

In a recent blog post on, a comprehensive directory of programs and careers in the fields of digital forensics and cybersecurity, Hansen and King share their insights into the technologies that are vulnerable to cyber attack, the influence of moral reasoning in cybersecurity, and which cybersecurity skills are most in demand.

“Cybersecurity threats and attacks have advanced at scale with the progressions of technology. With every new device and emerging telecommunications development come new vulnerabilities for exploitation.”

— Dr. Michelle Hansen, collegiate faculty, Information Systems Management at UMGC

“Cybercrime has become CaaS or Cybercrime-as-a Service. Exploit packages (pre-written applications used to attack systems and networks) have transitioned towards a Platform-as-a-Service model where attackers can rent time on computing infrastructures that support and deliver attacks.”

— Dr. Valorie King, program director, Cybersecurity Management and Policy at UMGC

Read the full interview.

Cyber Connections News Roundup: Jan. 14

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

January 14, 2020

Cyber Experts Warn of Threats After Iran Attacks

Many experts, including Dave Schroeder, a University of Wisconsin-Madison cybersecurity professor, predict that Iranian cyber bots or other foreign actors may retaliate following the recent attacks. In an interview on WMTV of Madison, Wisconsin, Schroeder, whose main focus is Iran cybersecurity, noted that in the immediate aftermath of the U.S. strike, “we saw Twitter start to be flooded with propaganda, misinformation, disinformation.” Schroeder said that cyber attacks took flight and pro-Iranian bots and trolls started spreading false narratives about the U.S. following the airstrike that killed Iran’s top general. Read more.

The Convergence of IT and OT Devices Ushers in Wave of New Risks

The rapid convergence of IT (internet technology) and OT (operational technology), which traditionally operated in two separate worlds, is creating cybersecurity gaps, according to a recent article on Roughly 50 percent of industrial assets will be connected to some sort of network or Internet-based data-collection system by 2020, but because many OT systems were never designed for remote or Web access, not all connectivity exposures were considered, thus creating a major security challenge and operational risk that the manufacturing industry will need to address in 2020 and beyond. Read more.

New Voting Machines Vulnerable to Hacking

According to a Washington Post report, new voting machines that hundreds of districts will use for the first time in 2020 don’t have enough safeguards against hacking by Russia and other U.S. adversaries, according to a study from researchers at the University of Michigan. The study provides an independent review of the machines called ballot-marking devices, or BMDs, which at least 18 percent of the country’s districts will use as their default voting machines in November. The results, according to the Post article, are a major blow for voting machine companies and election officials, who have touted BMDs as a secure option in the wake of Russia’s 2016 efforts to compromise U.S. election infrastructure. Read more.

Latest Accenture Acquisition Signals Dominance in Managed Security Services Sector

Accenture Security plans to acquire Symantec’s Cyber Security Services business from Broadcom, according to multiple reports, including an article on No financial terms were disclosed regarding the acquisition, but the deal is expected to close in March 2020. The deal is the latest in a long line of acquisitions by Accenture Security in the threat intelligence and cybersecurity fields. Already in Accenture’s cyber-stable are déjà vu, Security, iDefense, Maglan, Redcore, Arismore, and FusionX. With this latest acquisition, Accenture Security will become one of the main players on the managed security services stage. Read more.

New Survey Offers Insight into Constraints in Cybersecurity Salaries

According to a report on, despite a shortage of cybersecurity expertise, a global salary survey of 1,324 cybersecurity professionals found nearly half the respondents (48%) earn less than $50,000 a year. Only 36% earn more than $70,000 a year, according to the survey, conducted by Cynet, a provider of tools for detecting breaches. The survey also found that cybersecurity professionals with the same level of experience generally make equivalent salaries regardless of whether they have a degree in computer science or a related engineering field. The report also noted that people who transitioned from an IT occupation to a cybersecurity position earned more than their peers who started out in cybersecurity. Read more.



Cyber Connections News Roundup: December 31

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 31, 2019

UMGC Cyber Faculty Members’ Predictions for 2020

Cybersecurity faculty members of University of Maryland Global Campus offer their top five trends and predictions for the New Year. As we head into a new decade in the 21st century, one prediction is almost certain. The sophistication and number of cyber attacks perpetrated globally most likely will rise, but some questions remain. Will attackers focus on emerging technologies like artificial intelligence and cloud computing? Will new attack vectors proliferate, replacing the tried and true methods? Read more.

Heading into 2020, Women Still Face Roadblocks in Cybersecurity

A recent podcast on examines the challenges and opportunities that women face in the cybersecurity landscape. As the tech industry faces challenges around diversity in general, women are still particularly underrepresented. Threat Post recently sat down with Jessica LaBouve, a pen tester with A-LIGN, to discuss the personal challenges she’s faced in the cybersecurity industry and the opportunities in the space that she sees for improvement. Read more.

U.S. Navy Bans TikTok for Fear of Cybersecurity Threats

According to a recent article on, The United States Navy has issued a blanket ban on the Chinese-owned social media app, TikTok, saying the app may present a cybersecurity threat to service members. A bulletin issued by the Navy said government-issued mobile devices with TikTok installed would be blocked from the Navy Marine Corps Intranet. However, the bulletin did not describe what threat the app may represent. The app is currently part of an ongoing U.S. investigation, despite being popular among teenagers. Read more.

Cino Launches Cybersecurity Program for Hotel Guests

The Marriott International data breach of 2018 highlighted just how vulnerable hotels are to cyber attacks. In response, Cino, a full-service risk management, cybersecurity and training company, has launched a new product designed to protect hotel guests’ personal data from cyber criminals, according to an article on The product, Cyber Safe Travel, is powered by StrikeForce Technology’s military-grade technology. It provides protection for hotel guests’ mobile devices using keystroke encryption, advanced login breach protection and sophisticated screen scraper technologies. In addition, Cyber Safe Travel has a click-jacking attack-warning feature to help mitigate cyber threats. The product was first introduced at the October meeting of the Hotel Financial and Technology Professionals, New York Chapter. Read more.

Cybersecurity for Rural Communities Is Often Neglected

An article on points out that while attacks on large U.S. cities have had significant financial and operational impact, these same kinds of attacks, on a much smaller scale, can have a much more significant impact on smaller, more rural communities.  The August 2019 malware attack on 22 Texas communities is a recent example of this. Rural communities often lack the proactive planning and infrastructure to mitigate the damage caused by these threats. In the case of the Texas attacks, many business and financial functions of the communities affected were paralyzed. The article takes an in-depth look at how these communities responded and what must be done in the future to prevent these attacks. Read more.