Category Archives: Op-Ed

Why aren’t presidential candidates talking about cybercrime?

Posted on by

At the start of the last Democratic primary debate, the candidates were asked what makes them best prepared to be commander-in-chief. Sen. Elizabeth Warren, D-Mass., and former South Bend Indiana Mayor Pete Buttigieg highlighted tackling cyber threats. And that is where the extent of the subject ended. As of the last debate, all eight events have been held without any substantive discussion about a national security threat that arguably impacts more Americans than any other. If candidates want to connect with more voters about the issues that are actually affecting their daily lives, they should talk about their plans for grappling with cyber threats—particularly cybercrime. Cybercrime is hitting millions of Americans—no matter their location or political affiliation. A shocking one-in-four Americans now say that they or someone in their household has been a victim of cybercrime. The U.S. Conference of Mayors estimates 170 local and state governments have been hit […]

The post Why aren’t presidential candidates talking about cybercrime? appeared first on CyberScoop.

Continue reading Why aren’t presidential candidates talking about cybercrime?

Weak encryption means putting our military at risk

Posted on by

Last month, a brigade of U.S. soldiers deployed to the Middle East received instructions from their superiors to use two commercial encrypted messaging applications, Signal and Wickr, on their government issued cell phones. These leadership cues trickled down from the Department of Defense’s (DoD) position that strong encryption is critical to national security. While U.S. Attorney General William Barr continues to push for a broad mandate for backdoors for law enforcement, those on the front lines of protecting America have notably decided on a different approach. Simply put, weakening encryption means putting our military service members at risk. In a recent letter to Rep. Ro Khanna, D-Calif., DoD Chief Information Officer Dana Deasy made clear that the use of encryption to protect the mobile devices of our service members and their stored data is an “imperative.” Deasy makes clear that the use of commercial encryption and virtual private networks (VPNs) […]

The post Weak encryption means putting our military at risk appeared first on CyberScoop.

Continue reading Weak encryption means putting our military at risk

Cybersecurity’s warranty challenge

Posted on by

Making the best decision about risk sometimes means forgoing cybersecurity’s best practices. That can be the unfortunate reality for companies with equipment that is under warranty. Security leaders sometimes have to make the tough choice of forgoing a patch because in some cases, it would void the manufacturer warranty on the product if applied, and leave them on the hook for any potential costs if the equipment were to break. This dilemma highlights the complicated nature of security decision-making. Even in today’s world – where security threats cost businesses $45 billion in 2018 – making the right decision to manage a company’s risk can mean juggling competing priorities, like limiting the risk of a cyberattack with the financial risk of repairing costly equipment without a warranty. Patching is one of cybersecurity’s most commonly accepted best practices. By patching systems, companies are closing up known vulnerabilities in their infrastructure, devices or […]

The post Cybersecurity’s warranty challenge appeared first on CyberScoop.

Continue reading Cybersecurity’s warranty challenge

The Cyber speaks: What will actually happen in 2020

Posted on by

Editor’s Note: It seems like the entire cybersecurity sector has something to say about what the future holds for 2020. But what do the computers themselves think? Kelly Shortridge, VP of product security at Capsule8, forced a bot to read more than 1,000 cyber security predictions for 2020 and then asked it to write predictions of its own. Here is the result. The article is all generated through Markov chains and is only super lightly edited for clarity. Intro The year 2020 indicates more years. The year 2020 expects to showcase more budgets and detecting weird things and anomalies. 2020 will very likely bring a greater risk. There is a lot of skepticism that has existed for years, but in 2020 we will have to consider that top security conferences could lead to even disasters based on the activities of ‘undesirable’ individuals. Looking forward, 2020 promises to be the easiest […]

The post The Cyber speaks: What will actually happen in 2020 appeared first on CyberScoop.

Continue reading The Cyber speaks: What will actually happen in 2020

States are at a crossroads when it comes to cybersecurity

Posted on by

A few weeks ago, I participated in a cybersecurity panel at the National Association of State Technology Directors Annual Conference. The theme of the event, “The Crossroads of Technology,” was very fitting from my perspective because it was clear that state and local government organizations are, in fact, at a major crossroads when it comes to cybersecurity. These enterprises are clearly feeling the wear-and-tear of phishing, malware, and ransomware attacks that must feel like a daily occurrence. In fact, during the conference, news broke about the state of Texas being hit with a coordinated ransomware attack that disrupted systems of 22 local governments. Our panel – filled with cybersecurity leadership from South Carolina and Florida — Here is what I learned: Give Up or Fight Harder? When standing at a cybersecurity crossroads, which path do you take? Often, the unrelenting nature of cyberattacks makes people feel like throwing in the […]

The post States are at a crossroads when it comes to cybersecurity appeared first on CyberScoop.

Continue reading States are at a crossroads when it comes to cybersecurity

Windows 7 end-of-life is coming. How much should you worry?

Posted on by

Every few years, Microsoft causes some panic across industry sectors by announcing the end-of-life of one of its older Windows operating systems. In this case, Windows 7 is going “end of life” on Jan. 14, meaning Microsoft will no longer be regularly updating the system with fixes when a security vulnerability is found. The company is urging users – both consumer and enterprise – to update their systems to the latest operating system: Windows 10. As the weeks tick down until the deadline, the question becomes: how big of a security threat is this? We’ve seen the real-world attacks that can come from unpatched vulnerabilities in an out-of-date operating system. There are also valid reasons an organization could choose to hedge its bets and not upgrade. Ultimately, it is a conversation about risk, and more specifically, how much risk is an organization willing to assume in the face of a […]

The post Windows 7 end-of-life is coming. How much should you worry? appeared first on CyberScoop.

Continue reading Windows 7 end-of-life is coming. How much should you worry?

Your company should manage your cyber risk like any other risk

Posted on by

The best thing company boards can do is manage cybersecurity risk is to approach it like any other business risk. To be effective, there must be a working relationship between the boards and the CISO, where goals are aligned, strategy drives protection options, and the business plan gives leadership clear risk appetite choices. A CISO should center their protection goals around high-value business assets and initiatives aligned to the business’s strategic and operational objectives. This person should understand the business at a broad operational level, from the priorities of legal, finance, IT, HR, and R&D to revenue streams, regulatory requirements, and core operations and assets that drive competitive advantage and customer experience. All of those disparate parts of the company have threat exposure across many operational surfaces. As we’ve learned from breaches, attackers will leverage any operational exposure to get a foothold, including facilities, personnel, and a company’s supply chain. […]

The post Your company should manage your cyber risk like any other risk appeared first on CyberScoop.

Continue reading Your company should manage your cyber risk like any other risk

When it comes to cybersecurity, the federal government is nowhere to be found

Posted on by

To no one’s surprise, lots of big challenges chronically plague the cybersecurity world. But the biggest headache of all may be the relative inaction of the federal government, which unlike some other advanced nations simply isn’t doing its part. For years, the U.S. has been periodically promulgating feckless mandates, including some issues from the White House, that accomplish virtually nothing. The half-hearted attempts at actionable measures contribute to weaknesses and help open the door to breaches. Consider, for example, just a few instances: Last month, tens of thousands of images of travelers and license plates stored by the Customs and Border Protection agency were stolen in a digital breach. A federal contractor had transferred copies of the images to its network in violation of the contract. Then the subcontractor’s network was hacked – likely by a foreign government interested in tracking Americans or in the agency’s procedures. Tensions between the […]

The post When it comes to cybersecurity, the federal government is nowhere to be found appeared first on CyberScoop.

Continue reading When it comes to cybersecurity, the federal government is nowhere to be found

Why the revised NIST mobile security framework looks better from a distance

Posted on by

Mobile security vulnerabilities have been no stranger to national headlines lately. With examples ranging from WhatsApp reportedly allowing hackers to gain access to your smartphone’s sensors, to malicious apps making their way into the Google Play store, it’s no surprise the National Institute of Standards and Technology (NIST) saw the need for an update to its guidelines for vetting mobile applications. A Theoretical Approach From an academic perspective, the update to the NIST framework offers a solid theoretical approach to vetting applications for your enterprise; a process for managing risk and assuring compliance with security requirements. But, what sounds good theoretically can be near impractical to implement. While the guidelines laid out by NIST highlight an ideal, very few organizations have the resources to implement them across the board. This isn’t to say that these new guidelines don’t make sense. In fact, presenting the state of applications and offering suggestions […]

The post Why the revised NIST mobile security framework looks better from a distance appeared first on CyberScoop.

Continue reading Why the revised NIST mobile security framework looks better from a distance

Is offense really your best defense?

Posted on by

In June, the House Appropriations Committee approved a spending bill that, among other things, included a reintroduction of Rep. Tom Graves Active Cyber Defense Certainty Act (ACDC). According to Rep. Graves’ website, the ACDC “makes targeted changes to the Computer Fraud and Abuse Act (CFAA) to allow use of limited defensive measures that exceed the boundaries of one’s network in order to monitor, identify and stop attackers.” Specifically, the bill gives authorized individuals and companies the legal authority to leave their network to: establish attribution of an attack disrupt cyberattacks without damaging other computers retrieve and destroy stolen files monitor the behavior of an attacker and utilize beaconing technology Cybersecurity is a challenging issue for those who don’t have the luxury of spending every waking minute keeping up with the latest exploits, vulnerabilities and innovations. It is not a partisan issue, but an opportunity for us to show a united […]

The post Is offense really your best defense? appeared first on CyberScoop.

Continue reading Is offense really your best defense?