Editor’s Note: This is your weekly cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive weekly updates here.
It’s easy to become numb to the news about data breaches, especially as the sheer number of accounts and dollars involved is staggering. Security researcher Troy Hunt recently posted a blog about a breach he named Collection #1. Hunt states that “Collection #1 is a set of email addresses and passwords totaling 2,692,818,238 rows. It’s made up of many different individual data breaches from literally thousands of different sources.” The post highlights an astonishing 773 million breaches including emails and passwords.
Hunt researched a group of files on a well-known cloud service named MEGA. The folder included in excess of 12,000 separate files and more than 87GB of data. While the data has been removed, it’s too little, too late.
It may surprise some people that many security breaches are the result of human error, not from cyber crooks. In ZDNet’s Want to help stop cyber security breaches? Focus on human error, author Bob Violino discusses the importance of having security training programs in place for new hires. Violino offers five suggestions:
- Focus on content instead of topic: “Effective training includes content that addresses the threat’s psychological, behavioral, and economic aspects, with practical advice on how to spot scams and protect data.”
- Link the risks to employees’ lives in the real world: Design programs that focus on the impact a breach can have on employees based on their lives. While employees might not comprehend the impact of losing a million dollars, they can understand what it’s like to have their bank account hacked.
- Work with marketing to make training stick: Develop “bit-sized training modules” that engage employees, not put them to sleep with technical talk.
- Follow-up with testing: If you tell employees there will be testing at the end of the presentation to see how much they’ve learned about cybersecurity, you’ll have a better chance of making the training stick.
- Recruit organizational influencers to drive acceptance: Identify a handful of influential employees to serve as role models for your team. This can help make security a core part of a company’s culture.
There are positive signs that show there are ways to protect yourself and your company including training programs and skills development workshops that are designed to educate people about how to increase protection. The recent World Economic Forum Annual Meeting discussed ways to reduce the skills gap when it comes to cybersecurity.
In Here’s how we can tackle the growing cybersecurity skills gap, Ken Xie, founder, CEO and Chairman of the Board at Fortinet, stated that “According to a recent workforce development survey, 59% of organizations have unfilled cybersecurity positions, with Frost & Sullivan forecasting a shortfall of 1.5 million by 2020.”
Xie recommends four ways to develop more effective security professionals:
- Hands-on training for people currently working in IT.
- Update formal educational processes and encourage more diversity among candidates.
- Leverage military veterans transitioning to civilian life.
- Accelerate our adoption of automation and machine learning.
Cyber Oregon partner blog post of interest