Editor’s Note: This is your weekly cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive weekly updates here.
A common theme you’ll see repeated often on the Cyber Oregon blog is the high-cost of data breaches. It’s also fair to say that covering up a data breach is likely to make a bad situation worse. Such is the case for ride-hailing company Uber, which finally got around to disclosing a 2016 data breach impacting some 57 million users on Nov. 21, 2017.
Uber’s response (or lack of response) to this breach has not been well-received by officials around the country, and a number of states are preparing class action lawsuits against Uber. Now comes a report by Oregonian/OregonLive reporter Elliot Njus that Portland officials want Uber to reveal more information about the breach.
According to Njus’ article, Portland Commissioner Dan Saltzman believes Uber has violated the city’s code by withholding information on the breach, and has demanded more information on how many Uber drivers and customers have been affected in the city. While it may not be possible to prevent every data breach, closer attention to cybersecurity could have helped Uber from suffering this type of negative impact to its business.
Another theme you’ll see often here is the importance of the human in enabling cyber crime. The latest example of humans behaving badly is Nghia Hoang Pho, 67, of Ellicott City, Maryland, who pleaded guilty today to “willful retention of national defense information.”
According to the popular cybersecurity blog Krebs on Security, Pho pleaded guilty to taking classified data to his home computer, where officials believe the data was then stolen from his computer by hackers working for the Russian government. How the Russian hacked his computer is revealing. Pho had installed on his home computer antivirus software made by Russian security firm Kaspersky Lab, and the hackers are believed to have exploited the software to steal the classified documents.
Based on this discovery, officials are now taking the unusual step of banning Kaspersky Lab software. As Krebs on Security reports, the U.S. Department of Homeland Security (DHS) issued a binding directive in September ordering all federal agencies to cease using Kaspersky software by Dec. 12. Pho, for his part in this scam, is looking at up to 10 years in a federal penitentiary.
Switching gears, let’s look at how you can better protect yourself online. Venture Beat’s Paul Sawyer just published a news article on how ProtonMail is making it easier to protect email communications. Founded out of CERN in 2013, ProtonMail uses client-side encryption to ensure that all data is encrypted before it arrives on the company’s servers. Now, the Swiss company is making its core service available in desktop email clients that support IMAP and SMTP, including Microsoft Outlook, Mozilla Thunderbird, and Apple Mail. This looks like a powerful, easy to use way to significantly improve the security of your email correspondence.
The risk inherent in email, albeit more focused on the email that makes its way into your inbox, came to light in this piece in Tech Republic by Brandon Vigliarolo about the latest Email Security Risk Assessment report from data security company Mimecast.
The most noteworthy aspect of the report was that impersonation attacks are on the rise. As email filtering software has improved, email users are now seven times more likely to hit by an impersonation or phishing type of attack than by email-borne malware. This is a big deal because the average successful impersonation attack results in a dollar loss of around $139,000. This number could be a major problem for small businesses and non-profits, especially if the attack involves the loss of confidential data.
Thinking about a cybersecurity career or perhaps looking to take that next step? If so, be sure to head over to our Jobs page to see what we have on tap. Check back often as cybersecurity is a fast-growing field and plenty of Oregon-based organizations are looking for new team members.