Somehow we already find ourselves on the precipice of February. Time continues to march on, and the days are getting longer. Soon May will be upon us, and cybersecurity professionals the world over will come together for RSA Conference 2021. As we prepare for that virtual experience, our day-to-day endeavors remind us of the obstacles we have overcome, as well as the challenges we will continue to face.
A story from Dark Reading reported on a survey published by Cyberbit, which found, “Half of cybersecurity professionals do not believe they are prepared to respond to a cyberattack, with both lack of skills and training at fault.” Whether from a lack of competency or innovation, Microsoft’s CEO Satya Nadella told Yahoo! Finance, “there is a big crisis right now.”
Is it just me, or does this January 28 headline, “Talent and capital are shifting cybersecurity investors’ focus away from Silicon Valley,” have you singing John Denver’s hit, “Leaving on a Jet Plane”?
According to TechCrunch’s William Kilmer, “Cybersecurity expertise is now budding in new regions where there is talent and a hands-on recognition of the need for innovative solutions.” Kilmer indicated that a new breed of startups is fueling innovation along the East Coast and in Europe. The folks driving this innovation are in large part cybersecurity professionals coming from government and financial services. Perhaps it might do us all a little good to follow John Denver’s suggestion and, “dream about the days to come.”
With that nod to optimism and hope for the industry’s future, let’s take a look at other cybersecurity news headlines from this week.
Jan. 29: More vulnerable to scams because of financial hardships exacerbated by the global pandemic, many people from India are increasingly falling victim to scams from Chinese operators, ZDNet reported.
Jan. 29: Infosecurity magazine reported, “A popular south Asian delivery company exposed 400 million records containing customers’ personal information after misconfiguring an Elasticsearch server, according to researchers.”
Jan. 28: Apple CEO Tim Cook expressed concerns about online privacy at the virtual International Conference on Computers, Privacy & Data Protection, admonishing, “Too many are still asking the question ‘how much can we get away with?’ when we should be asking ‘what are the consequences?’ ”
Jan. 28: In its final hours, the Trump Administration had created a Bureau of Cyberspace Security and Emerging Technologies. After a review, the Government Accountability Office is now saying the State Department, “has not demonstrated that it used data and evidence to support its proposal, particularly for the bureau’s focus and organizational placement,” according to CyberScoop.
Jan. 27: Nextgov reported, “The Cybersecurity Maturity Model Certification, or CMMC, will replace a current system of Defense Department contractors simply pledging their adherence to cybersecurity standards issued by the National Institute of Standards and Technology.”
Jan. 27: A collaborative effort of international law enforcement agencies from the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine successfully coordinated the dismantling of a widespread EMOTET botnet.
Jan. 26: BBC News reported that while the Association of British Insurers do not consider insurance an alternative to proactively mitigating risks, it defended having ransomware payments as part of a first-party cyber-insurance policy. (For more on cyber-insurance, penalties and sanctions related to ransomware, check out the on demand session, Understanding Response Risk Relative to Ransomware and DoT Guidelines from the RSAC 365 Virtual Summit).
Jan. 25: Google’s Threat Analysis Group identified, “an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations. The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers.”