NTSC Technology Security Roundup

Weekly News Roundup: January 29, 2018

World Economic Forum Launches Global Centre for Cybersecurity

According to a press release last Wednesday, the World Economic Forum announced a new Global Centre for Cybersecurity to help build a safe and secure global cyberspace. The center will be based in Geneva, Switzerland, and will function as an autonomous organization under the auspices of the World Economic Forum. The aim of the center is to establish the first global platform for governments, businesses, experts, and law enforcement agencies to collaborate on cybersecurity challenges. The center will focus on the following aims:

  • Consolidating existing cybersecurity initiatives of the World Economic Forum
  • Establishing an independent library of cyber best practices
  • Helping partners to enhance knowledge on cybersecurity
  • Working toward an appropriate and agile regulatory framework on cybersecurity
  • Serving as a laboratory and early-warning think tank for future cybersecurity scenarios

DHS Plans to Lean More Heavily on Private Companies for Cybersecurity Needs

Because the current and projected cybersecurity talent shortage affects how DHS carries out its mission, the department plans on leaning more heavily on private companies for cybersecurity needs. According to FedScoop, “[Barry] West, the Department of Homeland Security’s senior accountable official for risk management, said that an ongoing global shortage of cyber talent could soon push agencies to more frequently pursue outsourced cybersecurity services from contractors rather than try to compete with the private sector.” In the article, West is quoted as saying, “This isn’t to say that there’s not going to be government oversight; there’s still not going to be a [chief information security officer] in charge. But I really think we are headed for a model where we are going to see security-as-a-service and you are going to see [security operations center, or SOCs] as a service.”

Three Major Cybersecurity Acquisitions Last Week

Last week, three major cybersecurity acquisitions took place that included:

  • Cisco Announcing Its Intent to Acquire Skyport Systems: Skyport is a “privately-held company providing cloud-managed, hyper-converged systems that run and protect business-critical applications.”
  • Amazon Acquires Sqrrl: According to CNBC, “Amazon's cloud business has acquired Sqrrl, a cybersecurity start-up that spun out of the National Security Agency. The deal, which Sqrrl confirmed on Tuesday, [January 23], comes as Amazon Web Services aims to pick up more business from U.S. intelligence agencies.”
  • Facebook Acquires Confirm: According to TechCrunch, “[Confirm] offered an API that let other companies quickly verify someone’s government-issued identification card, like a driver’s license, was authentic. The Boston-based startup will shut down as both its team and technology are rolled into Facebook, where it could help users who are locked out of their accounts.”

2018 Thales Data Threat Report Covers Trends in Encryption and Data Security

Some findings in the latest 2018 Thales Data Threat Report include:

  • “94% of organizations are using sensitive data in cloud, big data, IoT, containers or mobile environments – this is creating new attack surfaces and new risks for data that need to be offset by data security controls.”
  • “Data breach rates are at an all time high – 67% of organizations now report that they have been breached globally (and 71% in the US).”
  • “Cloud computing (39%) is now tied with avoiding data breach penalties (39%) and closely followed by compliance (37%) as a top motivation for IT security spending.”

The report also points out that “times have changed, security strategies have not”—with a disconnect between solutions rated effective and the spending allocated toward those solutions.

House Energy and Commerce Committee Asking Why Tech Companies Withheld Information About Spectre and Meltdown Vulnerabilities

The House Energy and Commerce Committee has asked major tech companies why they withheld information about the Spectre and Meltdown vulnerabilities. According to The Hill, “In a letter, lawmakers pressed the CEOs of Intel, Apple, Microsoft, Amazon, Google, AMD and ARM to explain the need for an ‘information embargo’ agreement between the companies to keep information on the cybersecurity vulnerabilities from the public.” The article also points out that “The companies kept Spectre and Meltdown under wraps after first discovering them over the summer in an attempt to create and issue software updates before hackers discovered and could exploit the vulnerabilities.”