Cyber Weekly Roundup – March 2, 2018

Written March 2nd, 2018

Post Tags: Cyber, cyber news, cyber news roundup, cyber weekly roundup, cybersecurity

By Colby Proffitt

1.) FTC warning users to do homework before using VPN apps (February 23, 2018)


Summary: The FTC is warning users to read the fine print and do their homework before purchasing a VPN app as users could be opening themselves up to the very exploits they are looking to avoid.

Why it matters: In this case, the agency recommendation is that users research the app before using it. On the one hand, yes, users should always research and understand any app before downloading it, but the majority of today’s users simply want the tech to work and won’t take the time to research available apps before choosing one. Cyber adversaries develop their attacks based on user behavior – and because so many users rely on mobile devices and apps to access everything, including personal financial data, many of those adversaries design their attacks to capitalize on user behaviors and impatience. As long as the onus of security is on the users, those users are responsible for reading the fine print, and making informed, cautious cyber decisions.

2.) Russian spies hacked the Olympics and tried to make it look like North Korea did it, U.S. officials say (February 24, 2018)


Summary: Russian military spies hacked several hundred computers used by authorities at the 2018 Winter Olympic Games in South Korea, according to U.S. intelligence.

Why it matters: This article highlights the challenge of attribution – knowing who is responsible for a cyber attack – as well as the challenge of understanding why the attack was launched. Understanding cyber defense can be difficult – in some cases there’s an entity with something of value, yet in other cases attackers are seemingly blindly targeting victims. Sometimes the attacks can be tracked back to a country, but no further. Other times, the attack causes user frustration, but no significant disruption or financial loss. Understanding the attacker and the specific intent of the attacker are critical, yet incredibly challenging. Amplify that frustration by the number of cyber attacks (The FBI reports more than 4K ransomware attacks alone on a daily basis) and one can quickly understand the magnitude of the problem.

3.) U.S. SEC calls for ‘clearer’ cyber risk disclosure from companies (February 21, 2018)


Summary: The U.S. Securities and Exchange Commission on Wednesday updated guidance to public companies on how and when they should disclose cyber security risks and breaches, including potential weaknesses that have not yet been targeted by hackers.

Why it matters: Time will tell whether the new guidance makes a difference. Although an initial glance at the new policy renders a recreation of previous guidance, it’s important to realize that setting guidance for cyber disclosure is difficult – release information too soon and you run the risk of giving hackers the upper hand, release too late and you give insiders the opportunity to capitalize on selling opportunities.

4.) Cybercrime ‘pandemic’ may have cost the world $600 billion last year (February 22, 2018)


Summary: The global cost of cybercrime has now reached as much as $600 billion — about 0.8 percent of global GDP — according to a new report.

Why it matters: We always hear that cybercrime is on the rise, but this article offers some of the reasons why – lower cost of entry and advances in IT. Attackers don’t need to be tech savvy – they just need to be strategic and motivated.

5.) Why the Energy Department needs a cyber program (March 2, 2018)


Summary: Lawmakers got some reassurance that the Energy Department’s new cyber unit was a good organizational move.

Why it matters: Although some would argue more regulation is needed to improve the cyber stance of the US, this article suggests that common sense and cooperation may be what’s really needed. It will be interesting to see if the department gets the requested $96 million, and if so, what it does with the funds.

6.) Does IoT cause more problems than it solves?


Summary: Last year was forecast to be the point at which IoT devices would outnumber humans, and more recent research suggests that there will be four devices for every human on earth by 2020. Such rampant growth might at first appear to be a good thing, but is it possible that the increase in IoT devices is causing more harm than good and could threaten federal security?

Why it matters: The number of IoT devices has exploded in recent years largely because of the convenience they offer; however, many of those devices lack basic security features. This article offers some specific scenarios that explain how IoT devices can be leveraged by hackers, and also suggests what we can hope for in terms of IoT security in 2018 and beyond.