By Colby Proffitt
1.) Are security operations centers doing enough? (November 10, 2017)
Summary: SOCs are maturing, but organizations facing the increased threat landscape understand that improving their effectiveness must be a priority in the year ahead.
Why it matters: This article offers a pretty technical and detailed look at what SOCs do – or should be doing – but it’s also a reminder of just how complex cyber is. Not only is the landscape perpetually evolving, along with the tools and tactics, but so are the networks that cyber professionals are trying to defend. It’s easy to think of cyber singularly, but the reality is that real cyber defense is a very complex, multi-faceted, relentless struggle against cyber adversaries that requires a myriad of people with a wide variety of skills from various parts of an organization.
2.) NDAA pushes more oversight of cyber (November 13, 2017)
Summary: The National Defense Authorization Act appears to be in the home stretch. The conferenced House-Senate compromise has will force the military’s cyber leaders to define offensive strategies, develop and manage cyber weapons and lay a foundation for a stronger cyber workforce.
Why it matters: There’s been a lot of focus on the MGT Act, which is certainly an important aspect, but this article does a nice job of highlighting the implications of the greater NDAA as a whole. From the Kaspersky ban and cyber weapons, to presidential cyber responsibilities – there’s a lot of cyber change on the horizon.
3.) IT Modernization Bill Heads to President (November 16, 2017)
Summary: What began as an attempt by one Texas congressman to provide federal agencies new means to modernize their old and outdated systems will head to President Donald Trump’s desk for a signature.
Why it matters: Federal IT isn’t just old, in some cases, it’s more than 40 years old. That age doesn’t just mean those systems and applications are slow and inefficient, it also means they aren’t as secure as most modern IT. The MGT Act creates a central fund of $500 million that agencies can borrow against to update aging, unsecure systems. It also creates working IT capital funds that agencies can stash savings from other modernization projects—like migrating to cloud computing—to use for future projects. Now that the MGT Act is one step closer to the finish line, here’s a look at five things federal agencies need to consider: https://fcw.com/articles/2017/11/14/proffitt-netcentric-mgt-comment.aspx.
4.) Meet Russian Twitter troll Jenna Abrams and her 2,752 friends (November 6, 2017)
Summary: As the US Congress continues to investigate Russia’s meddling in the 2016 presidential election, it’s made some findings public. One such finding is a 65-page list (PDF) of 2,752 now-deactivated Twitter accounts, released last week, that Twitter identified as being tied to Russia’s troll farm.
Why it matters: Some would argue that the goal of the internet is to enable communication and sharing of information. And in many ways, it accomplishes that goal. But, unfortunately, it’s also the medium for misinformation, deceit, manipulation, as well as social and political influence and disruption. This article highlights the thousands of fake Twitter accounts – some with as many as 70K followers – that were used by Russia to impact the 2016 election. This article highlights just how easy it is to mask your real identity, and sham an entire audience with provocative commentary on social media. Should social media companies like Facebook and Twitter go a step or two further in their account creation and validation procedures? Will the importance of a social presence – from the President to major companies – continue to grow, or will it diminish? Will there eventually be more bots and fake accounts that real ones? The bottom line – be careful who you follow and engage with on social media. Social media has become a source of news for many. Although convenient, maybe that’s not such a good idea.
5.) Smart behaviors that can improve your cybersecurity (November 16, 2017)
Summary: Some of the cybersecurity best practices for advisors are smart moves for consumers, too. “Don’t make the mistake of thinking of [cybersecurity] as a technology thing. It’s not,” Adam Moseley, managing director of Schwab Business Consulting and Education at Charles Schwab, told advisors Tuesday at Schwab IMPACT 2017 in Chicago.
Why it matters: There was a time when it was easy to hear about a cyber attack or identity theft and think, “Oh that’ll never happen to me.” That time has passed. Everyone is a target and sadly, it’s only a matter of time before your identity is stolen or your accounts are compromised. This article highlights some basic cyber hygiene that users and organizations alike should follow to maximize their defenses and minimize the likelihood of becoming a target. Cyber isn’t always about having the best, most expensive and elaborate defenses; sometimes, it’s just about being more secure and harder to infiltrate than the next guy.