Cyber News Roundup: Employees heal thyself

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

As if we don’t have enough cybersecurity issues to deal with on a daily basis, a recent study by OpenVPN, titled “Cyber Hygiene Study 2018, notes that nearly 25 percent of employees reuse the same password for all of their accounts. According to Security Intelligence, “81 percent of employees who reuse the same credentials don’t bother to protect their smartphone or desktop with a password. The survey also found that 23 percent of employees frequently click on potentially malicious links before verifying them in any way.”

Despite years of being told by IT experts that employees need to update their passwords regularly and create passwords that can’t be easily guessed, a majority of employees just don’t seem to get it. A similar research report from Clutch found that 67 percent of users regularly receive reminders to update their passwords. While 82 percent of respondents said they do frequently update their credentials, just 41 percent said they use 2FA and even fewer (20 percent) use a password manager.

While employees may be tone deaf to new password policies, at least there are signs that employees are taking steps to make changes. In the report from Clutch, “60 percent of employees said they report cybersecurity incidents to their organization while 59 percent have gone through security or compliance training. 

New threat of Mac malware
Even though Mac’s are less likely to be hit by nasty malware than PCs, Okta said that its seen tools on whitelisting services that could allow bad code to be used. As reported by c/net, the biggest issue is that the tools are made by third-party experts, not by Apple, which means that users think that the tools have been approved by Apple.

“The impact is that I can take malicious code and make it look like it’s signed by Apple itself,” said Josh Pitts, Okta’s senior penetration testing engineer.

The tools come from such major tech vendors as Yelp, Google and Facebook and cybersecurity companies like Chronicle, F-Secure, and Carbon Black. During the testing, Okta didn’t find malicious files but the company found that Apple’s guidance for running whitelisting services was misunderstood by software developers. Apple said it’s updating its guidelines for the process of updating whitelisting tools for software developers.

Despite increased awareness, network security remains vulnerable
With all of the scary headlines we see about cybersecurity and breaches of personal data, it’s pretty frightening that CIOs are more concerned than ever about network security. In Security Intelligence’s recent article, “Despite Growing Awareness, CIOs Struggle With Cybersecurity Risk Management, Survey Reveals”, the concern level among CIOs about network security has risen by 71 percent in the past year, yet only 22 percent of those who participated in the survey felt prepared for a cyberattack.

Part of the problem is the endless list of cybersecurity threats that continue to grow. The report, “KPMG/Harvey Nash CIO Survey 2018”, describes the evolution of cybercrime from basic attacks to more advanced types of malware and DDoS attacks.

Partner blog posts of interest