A new year means new developments in the world of information security news. We’ve already started to see some of Evan’s 2018 Information Security Predictions come true. The NSA is dealing with a shrinking talent pool as many employees jump to the private sector. Ransomware was one of the fastest-growing forms of cyberattacks from 2016 to 2017 and that trend shows no sign of slowing down. Equifax was in the news again. The 2018 Winter Olympics are fast approaching and as the anticipation grows, so do concerns over the Olympics’ potential as a target for hackers.  All of that, and more, in our Information Security News Roundup for the month of January.

Evan’s 2018 Information Security Predictions Are Coming True

  • The high profile downfalls of executives at Equifax and Uber have opened the eyes of executives to the dangers that data breaches pose to their own job security. In response to the highly public nature of recent data breaches, many companies are trying to improve their own information security departments. Corporate leaders now see cybersecurity threats and the stiff competition for top-tier cybersecurity talent as one of the most pressing issues in 2018. Great news if you’re looking for a job in cybersecurity, not so good if you’re looking to hire one of us.
    • Reflection: Exhibiting Due Care is expected if you’re in a leadership role, especially so if part of your responsibilities include managing your organization’s information security program. Negligence in this area can leave the door wide open for litigation in the event something bad happens. FRSecure’s information security risk assessment, Penetration Testing, and vCISO offerings are great ways to comprehensively assess your organization’s security program and establish an effective baseline that considers modern threats.
  • One industry that has increased its emphasis on cybersecurity is electricity and other utilities. Xcel Energy now employs more than 100 security analysts. That is a huge jump from the relatively low numbers just a few years ago. Cyber attacks on energy grids in countries such as Ukraine have caused a revelation in the thinking of energy companies. As cyberattacks evolve, so too must the cyber defenses of utilities. That means employing top talent to foil top-level hackers.
  • As companies in the private sector ramp up their search for top talent, public entities like the National Security Agency have had to deal with their top talent jumping ship. Some of the most highly skilled employees of the NSA have become less confident in the spy organization’s leadership and more attracted to the flexible nature and higher pay of private-sector jobs. Relatively junior cyber professionals can make up to $200,000 or more per year in the private sector. That’s more than top officials at the NSA. It’s hard to pass that kind of pay raise up. Even if it means you don’t get to tell people you’re a spy anymore.
    • Reflection: Organizations need to emphasize training. Many CTOs and IT Directors have great technical responsibilities but have zero technical skillset- this creates a huge risk to your organization. FRSecure’s training workshops are a great way to upgrade your team’s skills and knowledge in security without breaking the bank!
  • The number of ransomware attacks on healthcare institutions increased by 89% from 2016 to 2017. The top six hacks against healthcare organizations were all attributed to ransomware in 2017.  As organizations have gotten better at defending themselves from ransomware, hackers have advanced their ransomware tools in lockstep. Expect more nasty and complex ransomware in 2018.
    • Reflection: Vulnerability scanning and architecture reviews are excellent ways to establish better security controls that will help your organization be more resilient, especially to automated attacks like ransomware. If you already have a solid foundation, Penetration Testing will test it, and help you take your security infrastructure to the next level.
  • Inga Beale, chief executive of Lloyd’s of London, acknowledged that there are many cyber risks that are not covered by insurance. The insurance industry is rapidly trying to come up with contingency measures for cyber attacks. Beale added that covering cyberattacks should be one of the insurance industry’s top priorities.
    • Reflection: Most organizations are unprepared for a computer security incident because they lack the planning and technical skills to handle it. This ends up costing them dearly in their public reputation, associated liability, and costs incurred by responding to an incident. FRSecure’s experts can help you establish an Incident Response program that will efficiently detect, contain, and remediate incidents by better preparing your organization, testing your plan annually, and keeping your staff trained on modern investigation techniques.

Information Security News - Equifax

Equifax returns to our Information Security News Roundup

  • Consumers across the country filed the most complaints to the Consumer Financial Protection Burea about Equifax. The heavily covered data breach at Equifax in 2017 affected millions of Americans. The massive disclosure of private information likely inspired the thousands of complaints that the CFPB received regarding the reporting agency.
  • While Equifax took a beating from Americans in 2018, Equifax Canada assured its account holders that their info hadn’t been linked to any fraud. Chief privacy officer John Russo said “sorry” to all affected Canadians before pointing out that no signs of identity theft had been reported since the breach. A good sign for a company trying to regain public trust.
  • Many people predicted that the massive nature of the Equifax breach would inspire the sweeping reform of data security laws. Many people were wrong. Congress prioritized other issues such as tax reform and preventing a government shutdown. We here at FRSecure know a bill will soon be written that empowers U.S citizens to protect their identities. Our very own security expert, Brad Nigh, is writing one.

Information Security News - Cryptocurrency

Cryptocurrency News

  • In our November Information Security News Roundup, we mentioned the rising popularity of “cryptojacking.” “Cryptojacking” is the process of hijacking devices and forcing them to mine for digital currencies. You might not even know your devices have been jacked until you see your electricity bill skyrocket. Hijacked smart home devices will use substantially more energy than normal. Mining for digital currency requires a lot of processing power and that means lots of energy. Some affected homes have seen their electricity bills triple in size.
  • One of Japan’s largest cryptocurrency exchanges, Coincheck, revealed it lost nearly $400 million in a security breach. The exchange suspended most trading and withdrawals and compensate those who were affected. As cryptocurrencies become more popular, cryptocurrency exchanges are becoming a juicier target for hackers.

Information Security News - Winter Olympics

The Winter Olympics (of hacking)

Information Security News - Government

Information Security in Government

That is all for the Information Security News Roundup for the month of January. Want to get more information security news or share news that you’ve found with us? Check out FRSecure’s Twitter or LinkedIn feeds for updates on what’s going on in the world of information security.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *