Cyber News Roundup: Cybersecurity is the Biggest Threat to the Global Economy

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

“CEOs see cybersecurity as the number one threat to the global economy over the next five to 10 years,” according to the latest EY report, the 2019 CEO Imperative Study, that surveyed global CEOs among Forbes Global 2000 and Forbes Largest Private Companies. Top global concerns among CEOs are climate change, geopolitical instability and conflict, youth unemployment, lack of education, digitalization, and inequality, according to the report. Yet, despite these big issues, cybersecurity is the biggest threat to the global economy.

“Future corporate growth depends on trust, whether between corporations and customers, people and technology, or management and employees. The increasing risk of cyberattacks and the failure to find the right balance of digital and human in the workplace damages trust in all these critical dimensions,” explains Gil Forer, EY Global Markets’ digital and business disruption lead partner.

Cyber Incidents at All Levels

Whether you’re facing a business email compromise (BEC) or you’re using a photo editing app on your Android phone, cyber incidents occur at all levels with criminals constantly finding new ways to infiltrate your data. More than two million cyber incidents occurred in 2018, resulting in over $45 billion in losses, according to the Internet Society’s Online Trust Alliance’s (OTA) 2018 Cyber Incident & Breach Trends Report. The report finds that the financial impact of ransomware rose by 60%, while losses from BEC attacks doubled. Meanwhile, cryptojacking attacks more than tripled over the past year. According to a TechRepublic article, the actual financial impact of cyberattacks is likely higher than $45 billion, as many incidents go unreported. 

OTA believes that a whopping 95% of these breaches could have been avoided through simple approaches. OTA offers these 12 actions for organizations to improve their cybersecurity practices:

1. Complete risk assessments for executive review, operational process and third-party vendors
2. Review security best practices and validate your organization’s adoption or rationale for not adopting
3. Audit your data and review your data stewardship practices, including data lifecycle management
4. Complete a review of insurance needs including exclusions and pre-approval of coverage for any third-party services (such as cyber forensics, remediation provider, PR firm, etc.)
5. Establish and regularly test an end-to-end incident response plan including empowering 24/7 first responders
6. Establish/confirm relationships with data protection authorities, law enforcement and incident service providers
7. Review and establish forensic capabilities, procedures and resources (internal and third-party providers)
8. Develop communication strategies and tactics tailored by audience (e.g., messages to employees vs. messaging to media vs. notifications to customers)
9. Review remediation programs, alternatives and service providers
10. Implement ongoing employee training for incident response
11. Establish employee data security awareness and ongoing education on privacy, incident avoidance (password practices, how to recognize social engineering, etc.) and incident response
12. Understand the regulatory requirements, including relevant international requirements

Latest malware to hit Android

Have you heard of “Agent Smith” malware? If you’re one of the 25 million people with an infected device, you have. It’s a new string of Android malware that replaces portions of applications with its own code. The malware is called Agent Smith — named by the researchers at Check Point who discovered it – because of the methods it uses to attack a device and avoid detection. The way it works, according to an article in The Verge, is it hacks apps and forces them to display more ads so the malware’s operator can profit from the fraudulent views. According to Check Point, the malware has made its way to the U.S., where more than 300,000 devices have been affected. Article author Jacob Kastrenakes writes that the “malware would be hidden inside ‘barely functioning photo utility, games, or sex-related apps.”

Oregon Taking Action

Next week, two events are taking place that are a step forward in building the cybersecurity workforce. NW Cyber Camp 2019 kicks off Monday, July 15 through Friday, July 19, 2019 in three locations throughout Oregon (Wilsonville, Gresham, Corvallis). NW Cyber Camp is a week-long intensive summer camp for high school students that offers hands-on cybersecurity training. Students will learn how to defend computer systems and networks from cyberattacks, breaches, and malware.

In addition, the Cyber Oregon Cybersecurity Summit: The Cyber Workforce, takes place on Thursday, July 18, from 3:00 p.m. to 5:00 p.m., focusing on how to train the next generation workforce. Local cybersecurity experts will present, including:

Teresa Hess, Senior Director, Global Benefits & People First Office, McAfee

• Teresa Hess, Senior Director, Global Benefits & People First Office, McAfee

• Mark B. Cooper, President and Founder, PKI Solutions

• Luke Goble, Chief Innovation Officer, sourceU

• John Jacobs, Vice President, Systems Engineering, Fortinet

• Rakesh Bobba, Assistant Professor, Oregon State University

Cyber Oregon partner blog of interest

• PKI Solutions: Putting an End to Robocalls: FCC’s Robocall Summit Discusses Next Steps