NTSC Technology Security Roundup

Weekly News Roundup: October 9, 2017

2017 BDO Cyber Governance Survey Shows More Boards Engaged with Cybersecurity

With 2017’s severe data breaches and ransomware attacks ravaging the globe, it’s not surprising that corporate boards are taking cybersecurity more seriously. BDO recently released its 2017 Cyber Governance Survey which points to an uptick in corporate board involvement with cybersecurity. Some of the survey results include:

  • “…more than three-quarters (79%) of public company directors report their board is more involved with cybersecurity than it was 12 months ago.”
  • “A similar percentage (78%) say they have increased company investments during the past year to defend against cyber-attacks, with an average budget expansion of 19 percent.”
  • “…the percentage of directors reporting no cybersecurity briefings has dropped consistently [from 29% in 2014 to only 9% this year].”

Dimensional Research Survey Indicates US Lagging in GDPR Preparedness

While many companies are getting ready for GDPR when it takes effect in May 2018, too many still lag in preparedness. A research survey conducted by Dimensional Research (and reported in Help Net Security) indicated that:

  • 61% of US companies “have not begun GDPR implementation.”
  • 98% of US companies “require additional investments to comply with GDPR.”
  • Only 55% of US companies are “investing in technology and tools to automate and operationalize data privacy.”

Interestingly, “US companies report a higher need to use technology to manage privacy (95%) compared to UK companies (87%).”

Hack Department of Homeland Security (DHS) Act Passed by Senate Committee

On Wednesday, the U.S. Senate Homeland Security and Governmental Affairs Committee passed the bipartisan Hack Department of Homeland Security (DHS) Act, which was introduced by Senators Maggie Hassan (D-NH) and Rob Portman (R-OH). The bill, which is also cosponsored by Senators Claire McCaskill (D-MO) and Kamala Harris (D-CA), would establish a bug bounty pilot program—modeled off of similar programs at the Department of Defense and major tech companies—in order to strengthen cyber defenses at DHS by utilizing “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and information technology.

Justice Department Encourages Private Sector to Work with FBI in the Wake of a Data Breach

At the U.S. Chamber of Commerce’s Sixth Annual Cybersecurity Summit, Acting Assistant Attorney General Dana Boente urged private companies to cooperate more with the FBI after they discover a data breach. According to Cyberscoop, Boente pointed out that faster reporting will help shift the public narrative about the private sector from negative to positive, allow for a wider investigative context, and give private companies access to a federal resource with more authority to take law enforcement action. The article points out that “Over the past year, federal law enforcement officials have joined the Chamber on a nationwide cybersecurity awareness roadshow pushing the message that it’s in a business’ best interest to bring in the feds when they get hacked. But it doesn’t seem to be working.”

Federal Government Contemplates the End of Social Security Numbers

While some security professionals have tossed around the idea of eliminating social security numbers for years, that idea has now reached another level of seriousness as the White House’s Cybersecurity Coordinator now agrees. At a recent Washington Post Cybersecurity Summit, Rob Joyce said that social security numbers don’t serve us well after a data breach because they can never change. According to Bloomberg Politics, “Joyce said officials are looking into ‘what would be a better system’ that utilizes the latest technologies, including a ‘modern cryptographic identifier,’ such as public and private keys.”