NTSC Technology Security Roundup

Weekly News Roundup: February 19, 2018

Federal Cybersecurity News Roundup

Here’s a roundup of some important federal cybersecurity news from last week:

  • White House Releases “The Cost of Malicious Cyber Activity to the U.S. Economy” Report: The White House’s Council of Economic Advisers released this report which “examines the substantial economic costs that malicious cyber activity imposes on the U.S. economy.” For example, they “estimate that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.”
  • President Trump Nominates Lt. Gen. Paul Nakasone as Head of NSA: According to Politico, “President Donald Trump on Tuesday [February 13] nominated Lt. Gen. Paul Nakasone, the leader of the Army's digital warfighting arm, to helm the National Security Agency.”
  • Secretary of Energy Rick Perry Forms New Office of Cybersecurity, Energy Security, and Emergency Response: According to a press release, “The CESER office will be led by an Assistant Secretary that will focus on energy infrastructure security, support the expanded national security responsibilities assigned to the Department and report to the Under Secretary of Energy.”

Industry Cybersecurity News Roundup

Here are a few cybersecurity news items that relate to specific industries:

  • New York State Department of Financial Services Filing Regulation Arrives for Historic Regulation: According to Dark Reading, “Banks, insurers, and other financial services organizations in New York state [had until last Thursday] to file for their first annual certification of compliance with 23 NYCRR 500, the New York State Department of Financial Services' historic cybersecurity regulation.”
  • R-CISC Forms Gaming and Hospitality Cybersecurity Alliance (GHCA): According to a press release, “Housed within the R-CISC, the [GHCA’s] mission is to foster a secure, collaborative forum for gaming, hospitality, and entertainment organizations to share threat intelligence.”
  • Industry Groups Comment on “Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats” Report: NextGov summarized comments from industry groups about this joint Department of Commerce and Department of Homeland Security report that included U.S. Telecom, BSA | The Software Alliance, and the Coalition for Cybersecurity Policy and Law.

EastWest Institute and the National Academies of Science Offer Ideas about Encryption Policy

USA Today reported that the EastWest Institute and the National Academies of Science are offering ideas about encryption policies that meet the needs of both law enforcement and privacy advocates. The EastWest Institute’s report, “Encryption Policy in Democratic Regimes: Finding Convergent Paths and Balanced Solutions,” says they “[advocate] for policies that would better equip law enforcement to investigate and prevent serious crime and terrorism, while leaving in impediments to that capability in the interest of managing risk to other important societal interests. Rather than generally banning or weakening encryption, government must work more closely with the private sector. And the private sector, to reduce the risk of costly regulation, needs to understand and address law enforcement concerns.”

And in a press release, the National Academies of Science said “One of the fundamental trade-offs underlying the debate, according to the report [Decrypting the Encryption Debate], is that adding capabilities for government to access encryption schemes would weaken the security of an encrypted product or service to some degree, while the absence of such an access hampers government investigations.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

  • Proofpoint 2017 Email Fraud Threat Report: “On average, companies were targeted by 18.5 fraudulent emails per quarter, up 17% over the previous year.”
  • FS-ISAC Unveils 2018 Cybersecurity Trends According to Top Financial CISOs: “CISOs surveyed were split on their top priorities for securing their organizations against cyberattacks. Most (35 percent) of CISOs surveyed said that employee training is a top priority for improving security posture in the financial sector. Infrastructure upgrades and network defense are also prioritized by (25 percent) CISOs; and breach prevention by 17 percent.”
  • Advanced Threat Analytics Survey Report: Reported in Infosecurity Magazine, “a full 44% of respondents report a 50% or higher false-positive rate: About a fifth (22%) experience a 50-75% false-positive rate, while the rest report a rate of 75-99%.”
  • Skybox Security Vulnerability and Threat Trends Report: Key findings in the report include a 100% increase in vulnerability identification, lessened but still dangerous exploit kits, and 76 percent of all exploits affecting server-side applications.
  • Two Billion Files Leaked in US Data Breaches in 2017: Referencing several research reports, Infosecurity Magazine said, “Nearly 2 billion files containing the personal data of US citizens were leaked last year—and that number could be significantly underreported.”

Two Major Cybersecurity Acquisitions Last Week

Last Tuesday, Carbonite announced they were acquiring Mozy—an online backup service—from a subsidiary of Dell Technologies. According to Mohamad Ali, President and CEO of Carbonite, “This deal provides Mozy customers scalable options for the future and gives Carbonite a broader base to which we offer our solutions.” And on Thursday, Oracle announced it had signed an agreement to acquire Zenedge, which helps secure critical IT systems deployed via cloud, on-premise, or hybrid hosting environments. According to a press release, “Zenedge expands Oracle Cloud Infrastructure and Oracle's Domain Name System (DNS) capabilities, adding innovative application and network protection that augments existing Oracle security services and partnerships.”