Cyber Connections News Roundup: December 31

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 31, 2019

UMGC Cyber Faculty Members’ Predictions for 2020

Cybersecurity faculty members of University of Maryland Global Campus offer their top five trends and predictions for the New Year. As we head into a new decade in the 21st century, one prediction is almost certain. The sophistication and number of cyber attacks perpetrated globally most likely will rise, but some questions remain. Will attackers focus on emerging technologies like artificial intelligence and cloud computing? Will new attack vectors proliferate, replacing the tried and true methods? Read more.

Heading into 2020, Women Still Face Roadblocks in Cybersecurity

A recent podcast on www.threatpost.com examines the challenges and opportunities that women face in the cybersecurity landscape. As the tech industry faces challenges around diversity in general, women are still particularly underrepresented. Threat Post recently sat down with Jessica LaBouve, a pen tester with A-LIGN, to discuss the personal challenges she’s faced in the cybersecurity industry and the opportunities in the space that she sees for improvement. Read more.

U.S. Navy Bans TikTok for Fear of Cybersecurity Threats

According to a recent article on www.digitalmusicnews.com, The United States Navy has issued a blanket ban on the Chinese-owned social media app, TikTok, saying the app may present a cybersecurity threat to service members. A bulletin issued by the Navy said government-issued mobile devices with TikTok installed would be blocked from the Navy Marine Corps Intranet. However, the bulletin did not describe what threat the app may represent. The app is currently part of an ongoing U.S. investigation, despite being popular among teenagers. Read more.

Cino Launches Cybersecurity Program for Hotel Guests

The Marriott International data breach of 2018 highlighted just how vulnerable hotels are to cyber attacks. In response, Cino, a full-service risk management, cybersecurity and training company, has launched a new product designed to protect hotel guests’ personal data from cyber criminals, according to an article on www.hotelmanagement.net. The product, Cyber Safe Travel, is powered by StrikeForce Technology’s military-grade technology. It provides protection for hotel guests’ mobile devices using keystroke encryption, advanced login breach protection and sophisticated screen scraper technologies. In addition, Cyber Safe Travel has a click-jacking attack-warning feature to help mitigate cyber threats. The product was first introduced at the October meeting of the Hotel Financial and Technology Professionals, New York Chapter. Read more.

Cybersecurity for Rural Communities Is Often Neglected

An article on www.arcweb.com points out that while attacks on large U.S. cities have had significant financial and operational impact, these same kinds of attacks, on a much smaller scale, can have a much more significant impact on smaller, more rural communities.  The August 2019 malware attack on 22 Texas communities is a recent example of this. Rural communities often lack the proactive planning and infrastructure to mitigate the damage caused by these threats. In the case of the Texas attacks, many business and financial functions of the communities affected were paralyzed. The article takes an in-depth look at how these communities responded and what must be done in the future to prevent these attacks. Read more.

 

Cyber Connections News Roundup: December 17

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 17, 2019

Recent Cyber Attack in New Orleans Highlights Vulnerability of State and Local Governments

According to a report on www.forbes.com and elsewhere, the City of New Orleans  suffered a cybersecurity attack serious enough for Mayor LaToya Cantrell to declare a state of emergency. A cybersecurity incident was detected around 11 a.m on Friday, December 13. As a precautionary measure, the city’s IT department gave the order for all employees to power down computers and disconnect from wi-fi. All city servers were also powered down, and employees were told to unplug any of their devices. This attack follows another that targeted the state of Louisiana in November, at which time school district computers were taken offline, and a state of emergency declared. Read more.

New Strategy Game from Circadence Aims to Stem Rise in Cyber Attacks During the Holiday Season

A recent article on www.10news.com warns of a rise in cybersecurity attacks during the holiday season. Predictably, a spike in online shopping will lead to a larger field of targets and, likely, more opportunities for stolen data, particularly credit card information. “If you’re saying ‘save my credit card information’, that is a risk that you’re taking for that convenience and it might not be worth it,” said Bradley Hayes, chief technology officer of Circadence, a cybersecurity education and training company. To help educate consumers, Circadence has rolled out InCyt, a web-based battle strategy game that allows users to experience the cyber world from both an offensive and defensive point of view. Read more.

Many Businesses Are Using NDAs to Hide Data Breaches

According to recent article on www.techhq.com, European companies are covering data breaches and possibly avoiding multi-dollar fines under the guise of non-disclosure agreements (NDAs). Citing a recent report on www.businessinsider.com, the article said that Europe’s GDPR (General Data Protection Regulation) legislation came into effect in May 2018 and has since then already led to landmark fines, such as that of British Airways— close to US$230 million— while Marriott was handed a US$123 million fine. NDAs, however, allow companies employing the services of cybersecurity firms to keep breaches confidential, as it is not a requirement for cybersecurity firms to report any incidents of data breaches on behalf of their clients. Read more.

Is Privacy Overshadowing Cybersecurity in Our National Debate?

A recent article on www.slate.com asks if cybersecurity has taken a backseat to privacy in our current national debate, mainly as a result of policy makers conflating the two issues and claiming to be addressing both. The article notes that privacy and cybersecurity are distinct. Privacy provides users with control over how businesses collect, use, and share their information. Cybersecurity prevents unauthorized parties from accessing, altering, or rendering unavailable their data, information systems, or connected devices. While congress focuses on passing a national privacy law, the U.S. lacks a comprehensive set of laws to protect information and critical systems from hackers. Read more.

New Cybersecurity Requirements from DoD Aim to Secure Supply Chain

According to the Department of Defense (www.defense.gov), by June 2020, industry will see cybersecurity requirements included as part of new requests for information, which typically serve as one of the first steps in the awarding of new defense contracts. According to Ellen Lord, the undersecretary of defense for acquisition and sustainment, a new cybersecurity maturity model certification (CMMC) program will help ensure that companies doing business with the department meet important cybersecurity requirements. The goal is a unified standard to secure the entire DoD supply chain. Read more.

 

Cyber Connections News Roundup: December 3

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 3, 2019

Cybersecurity Among Top Challenges for U.S. Postal Service

Cybersecurity ranks among the top critical management challenges of the United States Post Office (USPS), according to a recent article on www.meritalk.com. The USPS’s Semiannual Report to Congress, released on Nov. 25, warns that IT modernization leaves the agency vulnerable to cyber threats. “As information technology and the cyber threat landscape evolves, security continues to be an ongoing challenge,” according to the report. Read more.

New China Cryptography Law Raises Concerns Over Data Protection

A recent report on www.gatestoneinstitute.org has enumerated several concerns about China’s Cryptography Law, which becomes effective on January 1, 2020. The new law demonstrates Beijing’s “determination to seize from foreign companies all their communications, data, and other information stored in electronic form in China.” Under the new law, Chinese officials will be permitted to share seized information with state enterprises, which has given rise to questions about how these enterprises will be able to use that information against their foreign competitors. Read more.

Healthcare Data Breaches Cost Industry $4 Billion, 2020 Will Be Worse

According to a new survey by Black Book Market Research LLC, 96% of IT professionals agree that data attackers are outpacing their medical enterprises, holding providers at a disadvantage in responding to vulnerabilities. The company surveyed more than 2,876 security professionals from 733 provider organizations to identify gaps, vulnerabilities and deficiencies that persist in keeping hospitals and physicians vulnerable to cyber attacks. Thus far in 2019, healthcare providers continued to be the most targeted organizations for industry cybersecurity breaches with nearly 4 out of 5 breaches, whereas successful attacks on health insurers and plans maintained with more sophisticated information security solutions with little change year to year. Read more.

New Bipartisan Cybersecurity Bill Aims to Improve Coordination Between States and DHS

On November 21, the Senate unanimously passed the State and Local Government Cybersecurity Act, a bill that directs the Department of Homeland Security to assist state and local governments with cybersecurity. According to an article on www.fifthdomain.com, the bill, introduced by Sens. Gary Peters, D-Mich, and Rob Portman, R-Ohio, aims to improve cybersecurity coordination between states and DHS through the department’s National Cybersecurity and Communications Integration Center (NCCIC). It allows the NCCIC to provide state and local officials with access to security tools and procedures, as well as participation in joint cybersecurity exercises. Read more.

Misaligned Market Incentives Are Main Roadblock to Satellite Cybersecurity

The satellite sector is under constant cyber attack, according to a recent article on www.satellitetoday.com covering a panel at the recent CyberSat 2019 conference. Panelists at a session on “emerging threats to the satellite sector” claim that Nation-state hackers aim to degrade U.S. space capabilities in order to cripple its economy or defeat its military when they need to. But the panelists agreed that the hardest thing to combat is misaligned market incentives in the sector. “Cybersecurity is costly and the incentive structure in the industry often doesn’t reward investments in it,” said Andrew D’Uva, president of the Providence Access Company, a communication satellite services firm. Read more.

 

Cyber Connections News Roundup: November 19

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 19, 2019

Retail Industry Is Under Cyber Attack According to New Report

The retail industry is experiencing more breaches than any other industry in 2019, according to a new report by threat intelligence company IntSights, titled Cyber(attack) Monday: Hackers Target the Retail Industry as E-Commerce Thrives. High employee turnover, online and in-store locations, and increasing regulations guiding the sector toward protecting consumers are contributing factors for a high –pressure state, according to the report. Some of the top challenges to the retail industry in 2019 include: emerging dark web underground communities targeting retailers; and point-of-sale (POS) malware, web apps, and ransom ware. Read more.

FDA Works with Patients and Experts to Strengthen Device Cybersecurity

In a recent article on www.fda.gov, Amy Abernethy, principal deputy commissioner and acting chief information officer and Suzanne B. Schwartz, deputy director, Office of Strategic Partnerships and Technology Innovation, Center for Devices and Radiological Health, discuss how the U.S. Food and Drug Administration is working to address the cybersecurity risks associated with medical devices that are increasingly more advanced and interconnected. Over the past six years, the FDA has strengthened its relationships with cybersecurity experts, manufacturers and other federal government agencies to ensure security. More recently, the FDA has been engaging with patients and patient advocacy groups in order to balance patient needs with cybersecurity concerns. Read more.

DHS Offers Cybersecurity Recommendations for Small Healthcare Providers

The Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA) has released best-practice cybersecurity recommendations to help small healthcare provider organizations bolster their security programs, according to a recent article on www.healthitsecurity.com. The guidelines are aimed at helping small- and medium-sized provider organizations with basic security mechanisms, given their limited resources. CISA developed the recommendations in partnership with small businesses and smaller government agencies. Read more.

AT&T Poll on 5G Cybersecurity Challenges Points to Shared Security Model

Software-defined networking, authentication and a shared security model were the key takeaways from a new report from AT&T Cybersecurity on 5G. The ninth annual Cybersecurity Insights Report was based on interviews with 704 cybersecurity professionals across various markets (from North America, India, Australia, and the United Kingdom), all from companies with over 500 employees and all interviewed in August and September 2019. According to the survey, 72.5% of the respondents said their level of concern about 5G security was high or medium-high. According to an article on www.multichannel.com, a big reason for a shared security model for 5G is the number of IoT devices–billions–that will be connected. Read more.

TikTok Under Increasing Cybersecurity Scrutiny

TikTok, the Chinese-owned social media platform, has experienced a meteoric rise in popularity over the past two years, but now competitors and lawmakers are calling the app a potential threat to national security. According to a recent report on www.businessinsider.com, Kiersten Todt, a former cybersecurity advisor to President Obama, said she believes those concerns are warranted. Todt attributes the risk to the near-unilateral control the Chinese government holds over local companies and its demonstrated interest in collecting peoples’ data. Read more.

 

Cyber Connections News Roundup: November 5

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 5, 2019

Chinese APT Group Hacked State Institutions in Six Countries

A Chinese-speaking advanced persistent threat (APT) group, Calypso, has actively been targeting state institutions in six countries, hacking network perimeters and injecting a program to gain access to internal networks, according to a report from researchers at Positive Technologies Expert Security Center. According to an article on www.scmagazine.com, in one attack, the malfeasants, who are believed to have originated in Asia, used PlugX malware, a signature of APT groups from China and some of the attackers inadvertently revealed their IP addresses from Chinese providers. Institutions in India were hit the hardest, followed by Brazil and Kazakhstan, Russia and Thailand and Turkey. Read more.

Military Cybersecurity Market Expected to Grow to $16 Billion by 2023

According to a new Frost & Sullivan study titled “Global Military Cybersecurity Market, Forecast to 2023,” that market is projected to increase at a compound annual growth rate (CAGR) of 3.6% to reach $16.01 billion by 2023. This growth, according to the report, will be the result of global defense industry investment in disruptive technologies and platforms that are driving changes in military cybersecurity requirements. “Militaries across the globe are budgeting for and pursuing the development of new enabling, next-generation technologies for cybersecurity,” said Ryan Pinto, Research Analyst, Frost & Sullivan. Read more.

R Street Offers Free Resource for Measuring Cybersecurity

Cybersecurity experts often complain about the lack of a well-defined system for measuring cybersecurity in an objective, quantifiable, and comparative manner. R Street, a non-profit, nonpartisan, public policy research organization, has published a compendium (a downloadable PDF) of sources to fill this gap. R Street’s Institute National Security and Cybersecurity Program has developed a partial bibliography that compiles a baseline of existing disparate measurement efforts. The goal of the document is to provide a systematic overview of the field that is both technically literate and of use to decision-makers in the public and private sectors. Read more.

Will the EU Seize the Global Lead On Cybersecurity?

The European Union (EU) has undertaken cybersecurity activities over the past six years that make the case that it is about to usurp the U.S.’s presumed role as the global leader on cybersecurity, according to a recent article on www.forbes.com. Notably, it has already established cybersecurity requirements for Operators of Essential Services (OES – essentially critical infrastructure companies) and digital service providers (DSPs), and it has launched a certification framework for digital products, services, and processes. Read more.

The Construction Industry Must Pay Attention to Cybersecurity Risks

A recent article on www.bizjournals.com points out that while technology, energy, and healthcare industries seem to regularly make headlines relating to massive, nationwide cyber breaches, construction companies are exposed to the same risks. Temporary workspaces where employees and contractors commonly use project management software to track job status and collaborate with external vendors maybe at risk. In these workspaces, highly confidential plans, blueprints, bids, financial information, and even personally identifiable information (PII) – like full names and social security numbers – are vulnerable. Read more.

 

 

 

Five Ways You Can Win in Today’s Cybersecurity Job Market

We hear a lot about a skills gap, but quite often qualified candidates are not getting noticed in today’s cybersecurity job market. Mansur Hasib, DSC, program chair, Cybersecurity Technology, University of Maryland Global Campus, shares some practical tips for cutting through the noise. In this video, you’ll learn more about what you can do and the things you should focus on to land a job in cybersecurity.

Cyber Connections News Roundup: October 22

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

October 22, 2019

It’s National Cybersecurity Awareness Month: UMGC Students, Alumni and Faculty Experts Share Their Tips for Staying Safe

Check out our University of Maryland Global Campus three-part video series offering tips and insights to help you understand and secure your digital profile at home and at work. Read more.

Making the Case for a Risk-Based Approach to Cybersecurity in the Financial Services Industry

We have no definable network perimeter to protect, according to a recent article on www.securityboulevard.com. With thousands of mobile devices connecting to networks through cloud-based applications that access critical and sensitive data from a variety of hybrid cloud environments, the article supports the argument that it’s time to adopt a truly risk-based approach to cybersecurity to enable us to focus on protecting data itself, rather than on endpoints, networks, and identity. Read more.

Supply Chain Hacks Are On the Rise for Phishing Scams

According to Verizon’s latest Data Breach Investigations Report, email is the channel used in 94% of attacks where hackers target executives for phishing schemes. A recent article on https://netlibsecurity.com describes how hackers are now employing creative approaches to what are known as “supply chain” attacks, which use an organization’s associates, like outsourcing companies, to spread their attacks across that entity’s network of partners and vendors. Read more.

Is Insurance a Viable Solution to Growing Cybersecurity Challenges?

A recent article on www.insurancejournal.com makes the case. Given the increasing frequency of cyber breaches, along with the presence of more varied and evolving threats, how do we address the perpetual uncertainty about whether the cybersecurity industry can protect us? The article argues that since cybersecurity providers can’t guarantee the effectiveness of a cyber solution, and since it is difficult to accurately quantify the cost/benefit of a cyber strategy, then cybersecurity insurance may provide the path toward a way to reduce risk and incentivize clients to take preventative measures. Read more.

Open Cybersecurity Alliance Aims to Unite a Fragmented Landscape with Common, Open Source Code and Practices

On October 8, 2019, the OASIS international consortium announced the Open Cybersecurity Alliance (OCA), an industry initiative to bring interoperability and data sharing across cybersecurity products. IBM and McAfee have contributed the initial open source content and code. Formed under the auspices of OASIS, OCA brings together organizations and individuals from around the world to develop open source security technologies, which can freely exchange information, insights, analytics, and orchestrated responses. Read more.