Editor’s Note: This is your weekly cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive weekly updates here.
Earthquakes, hurricanes, raging fires, tsunamis—these extreme weather events are typically the natural disasters we think of that can be devastating, causing extensive damage. Yet, data fraud/theft and large-scale cyberattacks were identified among the top five global threats in the latest World Economic Forum’s Global Risk Report. The report offers a unique perspective on the threats with the biggest impact that are facing our world. “Of all risks, it is in relation to the environment that the world is most clearly sleepwalking into catastrophe,” the report warns.
“Massive incident of data fraud/theft” was ranked as number 4 in the top 10 risks by likelihood. “Large-scale cyberattacks” was ranked as number 7 in the top 10 risks by impact. With data breaches on the rise, affecting both public and private institutions, businesses, and organizations, it is not a stretch that eighty-two percent of respondents expect the risk of cyberattacks leading to theft of money and data to increase in 2019. According to the World Economic Forum, this “reflects how new instabilities are being caused by the deepening integration of digital technologies into every aspect of life.”
Action at the state level to establish privacy and cybersecurity standards
Cyber mitigation continues to move forward at the state level, as Oregon’s legislators are pushing for fines for online privacy violators with the “Do Not Track” bill. In his article in The Oregonian, Mike Rogoway outlines Oregon’s Sen. Ron Wyden’s proposed bill, “a bill that would give the Federal Trade Commission the authority to establish privacy and cybersecurity standards. The bill would impose levy steep fines—even jail time—for companies and executives who misrepresent their compliance.”
According to the article, the bill’s provisions would:
- Establish a “do not track” option for people using online services. In lieu of allowing their search history, social media favorites and online activity to be sold to advertisers, people could opt to pay an unspecified fee to preserve their privacy.
- Authorize the FTC to establish privacy and cybersecurity standards and require big companies to report annually on their privacy practices.
- Penalize large companies that submit false information in their annual privacy report. Penalties could amount to 4 percent of annual revenue – a number that could run in the billions of dollars for the biggest social media companies. Executives could face jail time up to 20 years.
- Require companies to assess their algorithms for accuracy, fairness, bias and discrimination.
Wyden says, “I am trying to recreate this agency for the digital era…what we are essentially advocating is what the big financial services firms have to do under Sarbanes-Oxley.”
Closer to home: even your car might be at risk
The latest thing to be hacked could be your car. CNBC’s story, Auto engineers warn your car might be easier to hack than you think, states that as automakers are increasingly loading new cars for infotainment systems, self-driving features, Wi-Fi, the cellular connections are putting drivers and companies at risk. According to the recent survey from Ponemon Institute, “As more connected vehicles hit the roads, software vulnerabilities are becoming accessible to malicious hackers using cellular networks, Wi-Fi, and physical connections to exploit them. Failure to address these risks might be a costly mistake, including the impact they may have on consumer confidence, personal privacy, and brand reputation.”
Eighty-four percent of security professionals and auto engineers surveyed worry that automakers aren’t keeping pace with the rapidly changing security threats. Even more surprising, 63 percent of respondents said they test less than half of hardware, software and other technologies for vulnerabilities. This leaves the rest untested and exposed.
“Unauthorized remote access to the vehicle network and the potential for attackers to pivot to safety-critical systems puts at risk not just drivers’ personal information but their physical safety as well,” the study found.
And in other news affecting consumers, there’s a new Google tool that tells you if your password is unsafe, letting you know when your login information is exposed. CNN writes about the newest Password Checkup extension, which will monitor a user’s various website logins. According to the article, “when someone logs in with a username and password that Google knows has been compromised, it triggers a warning that prompts the user to change the password.” How it works is it cross-checks the login credentials against a regularly updated database of more than four billion username and password entries.
Cyber Oregon partner blog post of interest
- Zscaler: A sneak peek into recent IoT attacks