Cyber News Roundup: Cybersecurity best practices from the trenches

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

As cybersecurity headlines continue, it’s nice to know that McAfee’s cybersecurity advanced threat research team is hard at work tracking the latest cyberthreats. The team of computer experts, based in Hillsboro, Oregon, spend their days breaking into various systems. Oregon Business’ Cyber crime busters: An inside look explains how security experts examine vulnerabilities that go beyond laptops and computer networks, including electric cars and hospital bedside monitoring equipment.

“A few lines of code can cause false patient vitals to appear on a doctor’s screen, misdirecting decisions about medications and treatment. In another hack, programmers input code through a dialog on the Microsoft Windows lock screen with the voice assistant Cortana. The code changes the user’s password to 1234,” said Steve Povolny, head of the advanced threat research division. Povolny noted that Microsoft has fixed that vulnerability.

The team was created to work with security experts at Microsoft and other companies. When the McAfee team finds a weakness, it alerts the vendor who then has 120 days to fix the problem before it is publicly released. The goal, said Povolny, is to “protect customers and reduce the global footprint of cybercrime.”

Cybersecurity is a companywide effort

Deploying new forms of technology to prevent cybersecurity breaches is only part of the solution. What’s needed is for companies to establish a cybersecurity culture. Information Age’s Cyber security best practice: Definition, diversity, training, responsibility and technology details how this “culture should focus on the employee, because the human understanding of cyber security is lacking. And, this lack of understanding is, by far, the biggest contributor to data breaches.”

One of the recommendations is about increasing diversity in the field of cybersecurity. Having men and women from different backgrounds with different areas of expertise that go beyond technical knowledge will help experts better understand how hackers use deception to break into computer systems.

Another key issue is training. Cybersecurity isn’t just about the IT teams within a company and who they hire. It’s about training employees to be aware of phishing attacks and other scams that allow hackers to infiltrate companies. While advances in AI and machine-learning appear to be positive, employees need to know that hackers have access to these cutting-edge technologies as well.

Security tips from Forbes Technology Council

Whether trying to protect your company or yourself from cybersecurity breaches, there are many resources available to protect against attacks. Forbes asked members of its Technology Council to share cybersecurity tips to help minimize the threat of attacks on companies:

  1. Adopt A Zero Trust Model
  2. Get Employees Educated And Involved
  3. Get Clear Visibility Into Your IT Infrastructure
  4. Trust Your Employees And Processes
  5. Prioritize Identity Security
  6. Automate And Orchestrate Your Workflow
  7. Understand Your Top Threats
  8. Store Copies Of Your Backups Offsite
  9. Get Involved With Industry-Leading Organizations
  10. Go Back To Basics
  11. Invest In Blockchain
  12. Keep As Many Separate Modules As Possible
  13. Never Allow Employees To Reuse Passwords

Cyber Oregon partner blog post of interest