By Convergent AV

Forbes: The Current State Of Cybersecurity Shows Now Is The Time For Zero Trust (10/14)

We have finally reached the age of zero trust. The numbers:

  • 41% of total breaches in 2017 targeted the healthcare industry, making it the most popular target for breach attempts.
  • Personally Identifiable Information (PII) combined with user credentials tops the percentage of breaches with 29% according to Wipro’s report.
  • 88 records were lost or stolen every second in 2017 according to Wipro’s analysis.
  • Machine learning & AI are the second highest ranking security competencies for the future.

Wipro’s State of Cybersecurity Report 2018 underscores how all industries are facing a security crisis today.

Read more on Forbes here.

The Washington Post: The Cybersecurity 202: The U.S. needs a law that requires companies to disclose data breaches quickly, cybersecurity experts say (10/15)

The article begins: A slight majority of digital security experts surveyed by The Cybersecurity 202 say the United States should follow in the European Union’s footsteps and pass a law that requires companies to disclose data breaches quickly.

Europe’s General Data Protection Regulation requires companies with customers in the E.U. to notify regulators of a breach within 72 hours or face a severe penalty. Reference the Facebook breach here (the day after the breach was reported):

Ireland’s Data Protection Commission, Facebook’s lead regulator in Europe, in step with a strict new regulation that went into force in May, said on Saturday that it demanded more information about the nature and scope of the hack which may have violated the EU’s new privacy law called the General Data Protection Regulation. Under the law, companies that don’t sufficiently protect user data face maximum fines of $23 million, or 4% of the company’s global annual revenue from the prior year, depending on which sum is larger. Read more here

Read more on The Washington Post here.

CSO: Improving cybersecurity culture requires clarity, commitment (10/15)

Header statement: Only a third of employees have a sound understanding of their role in their organizations’ security culture.

The writer imparts: “cybersecurity is everybody’s business.” I maintain this is, in fact, the case. However, it’s clear that, for many of us, our responsibilities related to cybersecurity are, well, not clear. 

A call here for investing in efforts in making this a more widespread movement to combat cybersecurity threats.

Read more on CSO here.

ZDNet: IBM brings artificial intelligence to the heart of cybersecurity strategies (10/15)

IBM has launched IBM Security Connect, a new platform designed to bring vendors, developers, AI, and data together to improve cyber incident response and abilities.

IBM unveiled the open platform, which the company says “is the first security cloud platform built on open technologies, with AI at its core, to analyze federated security data across previously unconnected tools and environments.”

Read more on ZDNet here.

The Washington Post: The Cybersecurity 202: Google puts privacy over business incentives with new developer restrictions (10/16)

Google is clamping down on how third-party developers can use data they collect from its popular email service Gmail. The company will no longer allow app developers to scan its customers’ emails for personal data and use it for ad targeting.

Heightened awareness in terms of data analytics and privacy, along with regulatory scrutiny, is pushing Silicon Valley giants to prioritize privacy, even over other business incentives.

Read more on The Washington Post here.

government technology: Tech Upgrades, Cybersecurity Emerge as Top Issues in Local Illinois Race (10/16)

Header comment: Candidates vying for Will County clerk are focused on aging computer systems and election security.

Two things that are first and foremost in security conversation now. Aging computer systems, and old network infrastructure essentially neglected – these become empty statements.

Republican Laurie McPhillips and Democrat Lauren Staley-Ferry want to fill the seat being vacated by the retiring Nancy Schultz Voots.

“We have to be aware that people are trying to hack into computer systems. There has to be checks and balances,” said McPhillips, who attended a recent conference on cybersecurity.

Has to be…

Read more on government technology.

Health Data Management: Feds boost cooperation on medical device cybersecurity (10/17)

The Food and Drug Administration and Department of Homeland Security will work more closely to address threats to medical device cybersecurity, as the federal agencies have signed a memorandum of agreement to increase coordination and cooperation in terms of potential or confirmed vulnerabilities and threats.

The agencies have previously worked together on medical device cybersecurity.

“The FDA has been proactive in developing a robust program to address medical device cybersecurity concerns,” says Scott Gottlieb, MD, the FDA’s commissioner. “But we also know that securing medical devices from cybersecurity threats cannot be achieved by one government agency alone. Every stakeholder has a unique role to play in addressing these modern challenges.

A statement: The agreement seeks to boost information sharing between the two agencies to “enhance mutual awareness of potential or known threats, thereby heightening coordination when vulnerabilities are identified.”

I believe it should just read: We’re at critical mass, and awareness along with potential and known threats must be approached in the most serious of ways.

We are talking about the federal government though…

Read more on Health Data Management here.

Forbes: Cybersecurity Needs Women: Here’s Why

For those who are not yet in the know, October is Cybersecurity Awareness Month.  According to the article, there’s no better time for women to start gaining and leveraging that awareness. Due to a massive shortage of cybersecurity professionals today (with up to 3.5 million job openings by 2021), it’s more critical than ever for historically underrepresented demographics to help fill the need.

Currently, women make up only 20% of the cybersecurity workforce. While that’s up from only 11% in 2013, there’s still a lot of opportunity to be had for women who want a career in this ever-growing, well-paying technology field.

“The argument in favor of greater gender equality in cybersecurity is really not one of right vs. wrong or men vs. women,” says Priscilla Moriuchi, Director of Strategic Threat Development at Recorded Future. “Rather, it’s that having more women in the workplace is good for business. Diversity in perspectives, leadership, and experience is good for business.”

Read more on Forbes here.

Breaking Defense: Know Your Enemy: Lockheed Touts ‘Intelligence-Driven’ Cybersecurity

If you know the enemy and know yourself, you need not fear the outcome of one hundred battles — Sun Tzu

The article begins:

In a bland office building 30 minutes from the Pentagon, a wall-mounted screen shows, in real time, every suspicious email and LinkedIn request sent to employees of Lockheed Martin, the world’s largest defense contractor. With 98,000 people worldwide working on some 8,500 programs, the company’s network interacts with the internet 20 billion times a day. That’s more than 230,00 events per second.

99 percent of those events — emails, pings, logs, etcetera ad nauseam — are “mostly meaningless,” Lockheed’s cyber intelligence director, Mike Gordon, told me and a fellow journalist this morning. But buried in that gigantic haystack are a handful of poison-tipped needles. 

Lockheed protects itself (and paying clients) by looking for the characteristic behaviors of particular attackers, a strategy it calls “intelligence-driven defense” – as hundreds of Advanced Persistent Threat (APT) attacks are attempted on the company every year.

Find out more on Breaking Defense here.

betanews: Creating the next generation of cybersecurity leaders

We in the AV tech industry continue to discuss developing the next generation of leaders, and the focus that needs to be given by the generations who bring years of experience.

In cybersecurity today, what is more valuable than the tools are the people behind them. The amount of open cybersecurity positions worldwide, however, is growing year over year. Currently, there are more than 300,000 open cybersecurity roles in the U.S. alone, but by 2021, Cybersecurity Ventures expects that number will reach 3.5 million.

recent study found that more than 70 percent of the cybersecurity decision makers agree that their organizations do not have the staff or necessary resources to monitor all cybersecurity threats that their organizations face. With this increasing growth of cybersecurity openings, along with the escalating sophistication and frequency of cyberattacks, business leaders must turn their attention to things that they can control: investing in the right solutions and their staff.

This added staff being younger people, who not only bring that level of intelligence with degrees in cybersecurity, computer science and more – they’ll potentially come with new approaches (along with newer tools) to replace old, outdated ones. And mentorship certainly adds to this development.

Read more on betanews here.

Listen to AV Talk+ Episode 15: Jazz Networks and Cybersecurity – AV & UC’ers Bring the Jazz Platform with Behavior Analytics, Machine Learning and More 

More to come next week.