By Colby Proffitt
1.) Forever 21 Confirms Security Breach Exposed Customer Credit Card Details (January 1, 2018)
https://thehackernews.com/2018/01/credit-card-data-breach.html
Summary: First notified in November of a data breach incident, popular clothing retailer Forever 21 has now confirmed that hackers stole credit card information from its stores throughout the country for several months during 2017.
Why it matters: Just in time for holiday shopping spikes, hackers were able to successfully infiltrate a number of Forever 21’s point of sale terminals and collect valuable credit card information. While Forever 21 implemented encryption technology in 2015 to protect customer data, this incident highlights how important it is to not only invest in the right protection, but make sure you are using it appropriately and effectively. We can expect that for 2018, cybersecurity companies will likely focus on products that are both secure and user friendly.
2.) The Disconnect Between Cybersecurity & the C-Suite (December 28, 2017)
Summary: Most corporate boards are not taking tangible actions to shape their companies’ security strategies or investment plans, a PwC study shows.
Why it matters: This article offers some insightful and somewhat frightening statistics about the state of cybersecurity, based on the 2018 GSISS report from PWC – only about half of those surveyed reported a CISO on payroll, less than half of those surveyed have a Security Officer, and less than half of respondents reported that they recruit a dedicated security staff for internal operations. Many businesses have failed to pay due attention to cybersecurity or have overlooked it altogether. Despite the fact that many of those same companies have paid the price – due to ransomware attacks, data breaches, or other cyber attacks – this report indicates that many businesses have yet to appropriately invest in an organization-wide cybersecurity strategy and plan. Those responsible for maintaining the mission and sustaining profitability also have to take responsibility for the security risks associated with business decisions.
3.) Dear DHS, Our Federal Cybersecurity Measures Are Not Enough (December 28, 2017)
Summary: Agencies need to aim for the gold-standard in encryption. DHS has ordered federal agencies to implement web and email encryption practices to boost cybersecurity protections. Within just 90 days, the decision requires all federal agencies to deploy the designated email security protocol DMARC (Domain-based Message Authentication, Reporting & Conformance) and within 120 days, the HTTPS (Hypertext Transfer Protocol Secure) for all websites.
Why it matters: While DMARC and HTTPS are a step in the right direction, the federal government really needs to take a rather large leap in terms of encryption. Keeping pace with the speed of technological advancement is a challenge for any organization – federal or otherwise – but failing to at least keep up with security best practices can have dire consequences. This article breaks down encryption options and explains why end-to-end is the way to go, at least until the next breakthrough in encryption.
4.) DHS plans to step up cyber agreements with private companies (December 21, 2017)
https://fcw.com/articles/2017/12/21/section9-dhs-cyber-johnson.aspx
Summary: The Department of Homeland Security is looking to step up its engagement with private sector entities in the wake of the May 2017 WannaCry attack.
Why it matters: According to Jeanette Manfra, the DHS assistant secretary for the office of cybersecurity and communications, DHS is planning to become the world leader in cyber risk analysis. That’s an aggressive goal, but a good one. While it shows a shift towards a more proactive cyber response stance, that goal and other recent policies, such as Trump’s Executive Order 13800, also indicate that DHS and other agencies realize the increased likelihood of an attack on critical infrastructure.
5.) Six Cyber Threats to Really Worry About in 2018 (January 2, 2018)
https://www.technologyreview.com/s/609641/six-cyber-threats-to-really-worry-about-in-2018/
Summary: From AI-powered hacking to tampering with voting systems, here are some of the big risks on our radar screen.
Why it matters: From AI weaponization to ransomware attacks on cloud providers, this article highlights some of the dominant cyber threats for 2018. As hackers continue to evolve and leverage the latest technology for financial gain and to inflict political or socioeconomic damage, federal organizations and industry alike must collaborate to grow at the speed of cyber and maintain the best cyber stance possible.