NTSC Technology Security Roundup

Weekly News Roundup: July 16, 2018

Senate Energy & Natural Resources Committee Holds Hearing Touching on Critical Infrastructure Cybersecurity

Last Thursday, the Senate Energy & Natural Resources Committee held a hearing about examining interstate delivery networks for natural gas and electricity that touched on cybersecurity. According to Forbes, “The hearing comes on the heels of a draft memo leaked last month from Department of Energy suggesting that ‘growing threats, including cyber-attacks’ to ‘the energy sector’ were possible.” James J. Hoecker, Executive Director and Counsel of WIRES, testified about the transmission sector’s cybersecurity efforts related to information sharing and national simulations.

Executive Order on Market Integrity and Consumer Fraud Includes Concerns About Digital Currency Fraud

Last Wednesday, the White House released an “Executive Order Regarding the Establishment of the Task Force on Market Integrity and Consumer Fraud” that mentions “digital currency fraud.” Bloomberg expands on this point by noting “The inclusion of virtual tokens -- along with traditional crimes like money laundering and investment schemes targeting the elderly -- as a focus of a panel announced Wednesday is the latest sign of Washington’s concern over digital currencies. The Justice Department, the Securities and Exchange Commission and the Commodity Futures Trading Commission are increasingly focusing their resources on scams tied to Bitcoin and other tokens, and government officials have frequently warned investors about potential dangers.”

IBM Security Study: Hidden Costs of Data Breaches Increase Expenses for Businesses

Last Wednesday, IBM Security announced the results of a global study examining the full financial impact of a data breach on a company's bottom line. Overall, the study found that hidden costs in data breaches – such as lost business, negative impact on reputation and employee time spent on recovery – are difficult and expensive to manage. For example, the study found that one-third of the cost of "mega breaches" (over 1 million lost records) were derived from lost business. Sponsored by IBM Security and conducted by Ponemon Institute, the 2018 Cost of a Data Breach Study found that the average cost of a data breach globally is $3.86 million, a 6.4 percent increase from the 2017 report.

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

  • Juniper Research says IoT security spend to reach $6 billion by 2023: Reported in Help Net Security, “A new study from Juniper Research found that spending on IoT cybersecurity solutions is set to reach over $6 billion globally by 2023. It highlighted rapid growth, with spending by product and service providers (in consumer markets) and end-customers (in industrial and public services markets) to rise nearly 300% over the forecast period.”
  • Threats financial organizations will face in 2019: Reported in Help Net Security, IntSights Cyber Intelligence says that financial services and banking organizations will face “breaches effected through compromise of established vendor software or SaaS products, and vulnerable third-party, open source software implemented in the applications they use,” extortion attempts, and “more attacks mounted by lowly criminals, who are taking advantage of Cyber-Attacks-as-a-Service offerings that are getting increasingly affordable.”
  • ThreatConnect Research Finds Majority of Cybersecurity Leaders Say Threat Intelligence Programs Successfully Blocked Attacks and Prevented Breaches Last Year: According to ThreatConnect, “More than half of all organizations with threat intelligence programs surveyed say their organizations’ programs have prevented phishing attacks (67 percent), ransomware attacks (58 percent), breach of customer data (60 percent), insider threats (57 percent), business email compromise (55 percent), and supply chain attacks (49 percent).”
  • CISOs Have Limited Corporate Influence, Accenture Reports: Reported in eWEEK, “ ‘The biggest surprise in our survey was the fact that fewer than one-third of CISOs and business leaders collaborate on a cyber-security plan and budget,’ Ryan LaSalle, managing director, North America Lead, at Accenture Security, told eWEEK.”
  • Organizations Leave Backdoors Open to Cheap Remote Desktop Protocol Attacks: According to McAfee, “While researching underground hacker marketplaces, the McAfee Advanced Threat Research team has discovered that access linked to security and building automation systems of a major international airport could be bought for only US$10.”
  • Stronger and more frequent brute force attacks are now the norm: Reported in IT Security Guru, “[An] analysis of data from more than 500 websites globally show that, apart from a dip in February, large-scale attacks have followed an upward trend over the first half of the year. May and June registered four attacks daily while the previous three months never recorded more than one attack a day.”
  • CFO survey: firms being hacked, taking action to protect data: According to The Conversation, “US companies lead the world in preventive cybersecurity policies, followed in order of preventive activity by companies in Europe, Africa, Asia, and Latin America. The proportion of firms indicating they are having difficulty hiring and retaining qualified employees remains near a two-decade high in several regions of the world.”

Three Major Cybersecurity Acquisitions Last Week

Last Wednesday, L3 Technologies announced they were acquiring Azimuth Security and Linchpin Labs. According to a press release, “Based in Australia, Canada, the United Kingdom and the United States, Azimuth and Linchpin operate in the strategic fields of computer network operations and vulnerability research for intelligence partners and other government, defense and security agencies around the world.” On the same day, AT&T Communications announced the acquisition of AlienVault, a unified security management and threat intelligence company. According to a press release, “With AlienVault's threat intelligence expertise, the telecommunications giant will be able to improve its ability to help organizations detect and respond to cybersecurity attacks.”