Tag: Opinion

Why is ‘Attribution’ Still the Focus Following Cyber Attacks?

WannaCry, last year’s cyber-attack which caused significant disruption for the NHS and numerous other organizations worldwide, hit global headlines when everyone was trying to figure out who was behind it.

Following every large-scale cyber-attack and data breach, the immediate focus is generally on attribution. Yet, why is there a wide-spread interest (not just within businesses) in talking about the ‘who’ when we should really be focused on fixing the problem?

Read more about why the current focus on attribution is problematic according to Chris O’Brien of EclecticIQ, on Infosecurity Magazine.

Defense, security and the real enemies

The three nations that are the largest cyber threats to the United States are, in no particular order, North Korea, Russia and China. They have been reverse-engineering our technology for a number of years, dating back to the beginning of the Cold War. The originators of some of the most devastating cyber-attacks have been based in these three countries, such as WannaCry and mass cryptocurrency theft (North Korea), Petya/NotPetya (Russia), and multiple data breaches (China).

The end of the Cold War meant that the countries that threatened American democracy didn’t go away. They adapted to use technology to attack us instead. Now that the extent of these attacks is being made known, we have two choices, according to CSO’s Mitchell Parker. Either we can continue to do little, or own and accept what’s happened and improve our situation.

Read more about Mitchell Parker’s insights on CSO.

A Lack Of Cybersecurity Funding And Expertise Threatens U.S. Infrastructure

Read why Ellis Talton and Remington Tonar say that lack of funding and expertise can threaten U.S. infrastructure from cyber attacks on Forbes :

As our physical infrastructure becomes increasingly digitalized, it also becomes increasingly vulnerable to cyber attack. Russian hackers, for example, have been trying to compromise U.S. electrical infrastructure for years, and successfully cut off power to hundreds of thousands of people throughout Ukraine in 2015 and again in 2016. Beyond our energy infrastructure, traffic signals are also susceptible to being hijacked, as numerous demonstrations have proven.

Read their full article here.

The Cambridge Analytica saga is a scandal of Facebook’s own making

Read why John Harris says that Facebook mess was inevitable as Facebook has worked tirelessly to gather as much data on users as it could – and to profit from it on The Guardian :

Big corporate scandals tend not to come completely out of the blue. As with politicians, accident-prone companies rarely become that way by accident, and a spectacular crisis can often arrive at the end of a long spell of bad decisions and confidence curdling into hubris. So it is with the tale of Facebook and Cambridge Analytica, and a saga that vividly highlights the awful mess that the biggest player in billions of online lives has turned into.

Read his full article here.

Selling Cloud-Based Cybersecurity to a Skeptic

Nearly five years ago, a study conducted by the MIT Sloan Management Review found that the vast majority of business managers surveyed believed that “achieving digital transformation” – the process of virtualizing operations and migrating toward the cloud – was critical to their organizations. Yet the same report showed that 63% of respondents believed their organization was too slow to embrace technological change, primarily due to a lack of communication about the strategic benefits of cloud adoption.

While in recent years the adoption of cloud-based communication and productivity tools has picked up among businesses — hybrid cloud adoption increased from 19% to 57% of organizations surveyed in a recent McAfee cloud trends report — many companies are still skeptical about embracing cloud-based cybersecurity solutions, even as the benefits of cloud services are becoming more widely acknowledged. Still, misconceptions remain.

Read about three key objections to cloud-based cybersecurity solutions , and how Paul Martini, the CEO, co-founder and chief architect of ibossto, dispels them, on DarkReading.

How to adopt a DevSecOps methodology: Start by taking a look at culture

Read Mike D. Kail explain how companies can successfully transition to a DevSecOps methodology for better cyber security culture on Jaxenter :

Thousands of data breaches occur each year, largely a result of source code and application-level vulnerabilities. This past year, we witnessed the massive Equifax data breach, which occurred due to a vulnerability in Apache Struts that the company failed to patch, along with the WannaCry ransomware that relied on a flaw in Windows code to infect computers.

Read his full article here.

IoT security needs a white knight

Read why Internet of Things connected devices need a white knight for cyber security according Jon Gold to on Network World :

Thanks to the Mirai botnet attacks, few people in the world of tech need a reminder that IoT devices remain a serious threat to enterprise networks. Still, more than a year after the botnet made headlines worldwide, IoT security remains mostly an idea, rather than a reality.

Read the full article here.

Automation Could Be Widening the Cybersecurity Skills Gap

According to Cybersecurity Ventures, the cybersecurity skills shortage is now expected to hit 3.5 million positions by 2021 — a huge jump from current estimates of 1 million job openings.

To help compensate for the growing shortage of talent, the cybersecurity industry is embracing artificial intelligence and automation to fill the gap.

Read why Gary Golomb, Co-Founder & Chief Research Officer at Awake Security, thinks that while automation can actually make the skills gap even greater, security can still find a balance on DarkReading.