Editor’s Note: This is your weekly cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive weekly updates here.
The lead item for this week’s news round up is the announcement that endpoint security firm Carbon Black has opened a research outpost in Hillsboro, Ore. The office will serve as a center for research and development, with a focus on bringing new products to market that will continue to help anticipate and prevent future and unknown cyberattacks. Chief product officer Ryan Polk noted that the Oregon technology community provides a strong pool of talent to draw from.
“The explosion of cloud and a mobile workforce has made endpoints and people the new perimeter. Signature-based security is no longer an adequate defense against threats,” said Polk. “Security today requires innovative thinking and qualified cybersecurity experts, both of which the Oregon tech community promises. Our new office will help us recruit and retain the great engineering talent in Oregon, so we can stay ahead of the curve and continue to keep our customers safe.”
According to the Oregonian, “Carbon Black said it wanted a West Coast hub and “realized there is a strong network of top cybersecurity talent” near Hillsboro. The company already has a site in Silicon Valley but says that’s not an “official office.” Carbon Black is privately held and has raised roughly $120 million in funding and it is reported to be preparing for an IPO in the first half of 2018.
Millennials, let’s play password
Every day we see new reports of cybersecurity breaches and many are a result of the growth of hacking tools. The days of using names and dates of birth for passwords has come and gone, but even with stronger passwords, data leaks continue to rise. What’s interesting is that millennials, who have grown up in an online world, appear to put little effort into creating stronger passwords.
According to a recent study from IBM, “security professionals have long believed passwords to be insufficient and obsolete. But what do consumers think about the new authentication modalities they’re beginning to see more often in their daily lives? As digital services continue to expand virtually every avenue of life, are users finally password-fatigued enough to embrace new ways to log-on?”
The study found 75 percent of millennials are comfortable using biometrics today compared to 58 percent of those over age 55. Millennials were also more likely to enable two-factor authentication in the wake of a breach (32 percent), and move their accounts elsewhere once a provider has lost their data. Based on this data, SC Magazine provided tips to help organizations address the issue of millennials taking little interest in password protection:
- Employ multiple layers of authentication.
- Leverage a combination of risk-based authentication methods that factor in contextual information.
- Take advantage of identity platforms that provide users with choices between multiple authentication options.
- Allow for increased use of mobile devices as the primary authentication factor.
- Keep identity access and management simple.
Smart money: protect your company from cyber attacks
It’s safe to say that 2017 was not a good year when it came to cyber theft. According to CSO Magazine, cyberattacks in 2017 are “expected to cause $5 billion worth of damages. That’s a staggering fifteen-fold increase over just two years ago.” The biggest cyberattacks over the last year include: WannaCry, NotPetya, Ethereum, Equifax, Yahoo, and GitHub. And the future doesn’t look any brighter.
Based on the potential risk to your company, smart money protect your company, author Josh Fruhlinger suggests the following resources.
- How small businesses can fend off cyberattacks and data breaches
- If you do suffer a cyberattack, here are some tips for responding and working with law enforcement
- Point-of-sale terminals are a vector for malware and data theft — be sure yours are secure
- The government and businesses can work together to fight cyber attacks
Cost of cybercrime on the rise
According to Dark Reading, “The Center for Strategic and International Studies (CSIS) and McAfee just teamed up to try to peg a number that shows just how much cybercrime is costing the global economy. Accounting for intellectual property losses, online fraud and financial crimes, financial manipulation, opportunity costs, post-breach mitigation, cyber insurance, and reputational damage, the overall estimate adds up to as much as $600 billion. That’s a $150 billion increase over 2014, which was the last time CSIS drew up similar estimates.”
Whether it’s malware, ransomeware or cryptomining, the avalanche of cybercrime continues to rise. The article highlights interesting statistics about what the cybersecurity saw in 2017. For predictions on what to expect in 2018, be sure to check out this recent post with insights from local experts including members of the Oregon Cybersecurity Advisory Council.