Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.
The past year may go down as one of the most concerning yet from a cybersecurity standpoint. So, one might logically conclude that companies are ramping up their cybersecurity defenses in a major way. But a recent survey by AlienVault, a leading provider of cyber threat detection solutions, indicates that the widespread and costly cyber attacks of 2017 including WannaCry and NotPetya have barely registered in boardrooms and, more importantly, have not resulted in increased funding for cybersecurity teams.
In fact, according to AlienVault’s research, just 16 percent of IT security professionals believe that their bosses and company boards have taken a greater interest in their roles as a result the latest attacks. The research also found that just 14 percent have had their budgets for cyber security increased, and only a fifth (20 percent) have been able to implement changes or projects that were previously put on hold.
In announcing the research, Javvad Malik, a security advocate at AlienVault, was quoted as saying:
“WannaCry and NotPetya are generally believed to have marked a turning point in cyber awareness, but the reality on the ground paints a different picture. Destructive malware poses existential threats to companies across all industries and can no longer be ignored. To improve our cyber resilience, corporate strategy needs to be developed that covers how to plan for, detect, mitigate and recover from such destructive attacks.”
If high-profile attacks won’t change executive attitudes toward cybersecurity, perhaps this report on the growing risk presented by the Internet of Things publishing in the Harvard Business Review will drive some change. Author Yevgeny Dibrov, CEO and Co-founder of Armis, writes:
“Attacks are coming at businesses from all angles and through all channels, with IoT creating a significantly larger attack surface. Executives are accountable for the performance, or rather, the lack of performance of security, and businesses will face a range of consequences, from brand damage to recovery costs and loss of customers in the face of breaches. The stakes are higher than ever to secure your systems and networks — and the new IoT reality complicates matters further.”
Dibrov explains that the use of connected devices in enterprises is proliferating at a pace far beyond what IT departments and corporate cybersecurity experts can accommodate. In the rush to embrace the productivity value of wireless, internet-connected devices, companies are often overlooking and discounting what could be very real security risks.
Cyber trends watch 2018
CSO Magazine contributor Michelle Drolet just published a solid list of 8 cybersecurity trends to watch for in 2018. The summary is below, and as you might expect she sees plenty challenges and threats facing IT departments in the year ahead, but also identifies some powerful new ways to fight back.
- Ready for Europe’s General Data Protection Regulation (GDPR)?
- AI and machine learning can boost cyber defenses
- Be proactive about ransomware
- Handling data breaches gracefully
- The IoT is a weak link
- There’s still a skills shortage
- Developing a common language
- Patching and application testing
One of the more important resources highlighted on the Cyber Oregon Government page is the MS-ISAC (Multi-State Information Sharing & Analysis Center) which serves as a focal point for cyber threat prevention and response. As part of its mission, each year the MS-ISAC hosts the Kids Safe Online Poster Contest for K-12 students nationwide (a winning poster is the artwork for this post). This represents a great opportunity for Oregon educators to teach their students about cybersecurity. Please encourage students who are interested in cybersecurity to download the contest guide and registration form here.