By Colby Proffitt
1.) Is it time to stop blaming organisations for being breached? (October 23, 3017)
Summary: Another week, another data breach. It seems to be so common now that organization after organization is getting breached in one way or another. With that comes a myriad of security “experts” jumping on the media bandwagon and offering their insights.
Why it matters: This article offers an interesting commentary on the state of security in industry that can also be applied to the federal space. The author highlights some of the most common security mistakes, such as a fundamental lack of policies and procedures, completely flat architectures, loose firewalls, a lack of access controls, poor or no monitoring, and a lack of incident response capabilities, and explains that many of them are a result of a high-level view and a significant lack of security education at all levels within an organization. There’s a lot of ‘noise’ when it comes to cyber; the media is quick to put out a story on the latest hack, but the amount of cyber education and training is sadly disproportional. It would be nice to see more stories on solutions, and the advantages of some solutions such as IaaS and SECaaS.
The role of the cyber professional is changing, partly on account of the sheer speed of cyber (e.g., advances in automation) and the cyber teacher is a role that should (and hopefully will) grow moving forward. American men and women have stepped up to the plate in years past when duty called, risking their lives on the battlefield. Today, we are in the midst of a cyber war and we need men and women to step up once more to serve, protect, and educate our nation.
2.) Report: 1 in 4 Emails that Appear to Be Dot-Gov Addresses are Phishing Attempts (October 20, 2017)
Summary: About one-fourth of emails that purport to be from federal agencies are malicious phishing emails spoofing federal addresses, according to a Thursday report from the cybersecurity company Agari.
Why it matters: This is yet another clever and convincing way that cyber criminals are launching attacks and collecting personal data. When it comes to email, it’s best to only open emails if you are expecting them from the sender. Do you know the person who sent the email? Even if you do, were you expecting them to send you an email with an attachment? Think before you click, and if anything seems suspect, call the sender to verify that they sent it to you before you open it. Microsoft users can send suspected phishing emails to email@example.com and most organizations have an email address users can send suspicious emails to (e.g., firstname.lastname@example.org). It’s important not to open suspicious emails, but it’s also important to notify the appropriate authorities so they can take action to mitigate the risks and potential negative impact to other users and the organization as a whole
3.) Is it time for a Cyber Peace Corps? (October 25, 2017)
Summary: Hackers around the world are attacking targets as diverse as North Dakota’s state government, the Ukrainian postal service and a hospital in Jakarta, Indonesia. Unfortunately, many governments – in the developing world, and even cash-strapped states and local communities in the United States – lack the skills to effectively protect themselves.
Why it matters: There’s no debating the lack of skilled, trained, experienced, and qualified cyber personnel. And with the demand so high, we can expect that cyber programs will grow in popularity at colleges, universities, and technical colleges across the country. But, many would argue that education isn’t enough, and it’s not fast enough.
The federal government can’t recruit cyber experts fast enough, and they struggle to compete with the private sector to retain them. Some, such as the Homeland Security Advisor to the President, Tom Bossert, would argue that industry and government need to collaborate to allow cyber experts to shift between government and industry – taking what they learn from one and sharing with the other, and vice versa.
A cyber peace corps may or may not be the solution, but it’s clear that regardless of one’s position on the federal or private side of the fence, collaboration is critical.
4.) Bad Rabbit malware raises fears of third global ransomware attack (October 25, 2017)
Summary: Five months after the WannaCry and four months after the NotPetya global attacks, a new variant dubbed Bad Rabbit has reportedly hit almost 200 targets, including media organizations, an airport and an underground railway.
Why it matters: The sheer volume of vulnerabilities, threats, and malicious cyber attacks continues to rise, to the point that many users are desensitized to the severity and long-term implications of attacks. Bad Rabbit is headline news today, and many will fall victim to it, but it will soon become old news, replaced by another attack. Sadly, many consider such cyber costs a part of life or another cost of doing business. Bad Rabbit is a reminder to remain vigilant and make security your personal responsibility. At the end of the day, you and only you are invested in and responsible for the security of your personal data.
This report does include specific steps users should take to mitigate the risk of infection by Bad Rabbit.
5.) Rewrite the rules to win cyber arms race, says McAfee (October 27, 2017)
Summary: Cyber defence cannot be effective unless it becomes more automated and proactive, says Raja Patel, vice-president general manager of corporate security products at McAfee.
Why it matters: Keeping up with cyber criminals isn’t easy. From criminal advancement, to our own advances in defense tools and technology, it’s just not easy to keep up with the speed of cyber. This article, however, highlights a few advances that will hopefully help in the cyber arms race – automation, artificial intelligence, and machine learning. The right mixture of these technologies create a stronger cyber posture with things like faster scanning, continuous monitoring, and fewer errors, but one of the biggest benefits is the scalability. The idea is that one qualified senior cyber SME can leverage the new technologies to not only do more, but do it faster, and see a greater operational perspective. And in doing so, that SME can also train multiple junior cyber professionals.