Cyber Weekly Roundup – January 12, 2018

Weekly Roundup

Cyber Weekly Roundup – January 12, 2018

By Colby Proffitt and Mesay Degefu

1.) AI’s Biggest Impact in the Data Center is Cybersecurity (January 11, 2018)

http://www.datacenterknowledge.com/machine-learning/ai-s-biggest-impact-data-center-cybersecurity

Summary: AI tools can handle more data than human security pros ever can and find anomalies that are invisible to humans.

Why it matters: When it comes to pattern recognition and computational capacity, AI and machine learning are providing much deeper, faster, and more accurate solutions by using algorithms to identify anomalies and predict possible threats based on behavior. Immediate (and in some cases preemptive) recognition of a threat can lead to more rapid threat mitigation. The applications of AI and machine learning are growing rapidly and we can expect that will continue for the foreseeable future.

2.) The Role of Blockchain in Cybersecurity (January 8, 2018)

https://www.infosecurity-magazine.com/next-gen-infosec/blockchain-cybersecurity/

Summary: The high level of dependency on the internet and technology today has resulted in new revenue streams and business models for organizations, but with this arises new gaps and opportunities for hackers to exploit.

Why it matters: It’s not uncommon to see a split opinion amongst cyber professionals when it comes to new technology – some will see the new tech as the latest and greatest cyber advance, while others will see it as a new threat vector that offers a false sense of security. This article offers a good breakdown of blockchain implications – from DDoS and traceability, to decentralized storage and authentication. At the end of the day, blockchain technology is no different from any other new tech in that it all depends on how it’s implemented and used across any given organization. To do it right, you first need to understand what it does and how it works.

3.) Congress requires mobile-friendly websites (January 3, 2018)

https://fcw.com/articles/2018/01/03/mobile-friendly-websites-congress.aspx?s=fcwdaily_040118&mkt_tok=eyJpIjoiWlRoalpURm1aVFUzWkRCbSIsInQiOiJMUjAwSHJ5SEVXbkZrTFFveU1cL2FRSXF4NlwvRE5uRkVTN2EwSkFucnVOS05rQWtOWlRYb2doUkRaZHNDS1dGVEZxUmpPUmxDaEVFZllmMituZnY1NUVlZVpJMDlWOXVCMkxidGhNQ0Z4V3ZCcExBYUFCNlVsRmNZTHFMeklGU1lhIn0%3D

Summary: With federal government websites often a generation behind commercial sites, Congress in late December passed the Connected Government Act, which requires all federal agencies that create or redesign websites for public use ensure to the “greatest extent possible” that their websites are mobile friendly.

Why it matters: Mobile friendly websites may be a better way for federal agencies to reach customers and engage with them, but it’s critical that federal agencies not only understand what their customers are seeking and how they can provide it, but also ensure that the experience they are providing is fully functional and as secure as possible. Simply from a usability standpoint, many would argue that it’s harder to secure a mobile device than a computer, largely because of user behavior. Mobile devices are convenient, and convenience often comes at the expense of security. All that is to say, this new act may be well intentioned and forward thinking, but agencies need to consider the risks as they move forward with mobile apps.

4.) House passes Homeland Security cybersecurity oversight bill (January 9, 2018)

http://thehill.com/policy/cybersecurity/368130-house-passes-bill-requiring-homeland-security-to-report-on-vulnerability

Summary: House lawmakers on Tuesday approved legislation aimed at boosting oversight of the way that the U.S. government discloses cyber vulnerabilities to the private sector.

Why it matters: This is likely going to be a very controversial bill and one to watch in the coming months. On the one hand, yes, disclosure and transparency make sense, but with certain assumptions and parameters (e.g., developing a patch before disclosure). It’s going to be interesting to see how things progress and what exactly is disclosed after the next zero day.

5.) Russian hackers: Cybersecurity firm warns of effort to penetrate Senate email system (January 12, 2018)

https://www.usatoday.com/story/news/2018/01/12/russian-hackers-cybersecurity-firm-warns-effort-penetrate-senate-email-system/1027710001/

Summary: Pawn Storm, the hacking group aligned to the Russian government that penetrated the Democratic National Committee, has mounted additional “brazen  attacks” over the past eight months, including persistent targeting of the U.S. Senate internal email system, according to a cybersecurity firm that has tracked their progress.

Why it matters: No matter how secure you might think you are, your organization is only as secure as your weakest link: your people. This article highlights the fact that while there is a certain amount of technical skill involved in hacking, there’s also a huge degree of social engineering required to pull off an effective campaign. As this article points out, hackers rely on common user experiences as the basis for some of their techniques. Moving forward, we’ll likely see more attacks designed to influence media publications and politics.