Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.
Game-changing cyberattacks of the decade
TechRepublic recounts the top cyberattacks of the past decade, not ranked by their size, but by their importance and impact. In his article, Jonathan Greig interviews Etay Maor, chief security officer at IntSights, who sums up the list, “For me, the largest hacks of the decade are not just the ones that were the biggest, but the ones that were game-changers in how we approach security. If we had this talk 10 years ago, we would be blown away by the numbers, but now, the numbers don’t really affect us that much.” Here’s the list – read the article for a complete breakdown:
- Yahoo, 2013
- Equifax, 2017
- Sony Pictures, 2014
- Marriott Hotels, 2018
- Ashley Madison, 2015
- Target, 2013
- Capital One, 2019
- The United States Office of Personnel Management, 2015
- First American Financial, 2019
- Stuxnet, 2010
“All of a sudden, we’re in the age of career-ending or career-altering hack. Honestly in 2011, if you had a hack with over a million credentials, everyone would lose their mind,” Maor said. “Today, you probably won’t even read about hacks that happen with a couple million credentials stolen.”
Your newest TV is a threat
The FBI has warned that your newly-purchased TV could be a window into your home by crooks. According to Independent, the FBI says hackers can take control of your TV’s cameras and microphones. The Portland, Oregon-based FBI issued a statement cautioning consumers that stalkers could use your TV for bad and stalk consumers. Here are tips the FBI recommends to protect your family:
- Know exactly what features your TV has and how to control those features. Do a basic Internet search with your model number and the words “microphone,” “camera,” and “privacy.”
- Don’t depend on the default security settings. Change passwords if you can – and know how to turn off the microphones, cameras, and collection of personal information if possible. If you can’t turn them off, consider whether you are willing to take the risk of buying that model or using that service.
- If you can’t turn off a camera but want to, a simple piece of black tape over the camera eye is a back-to-basics option.
- Check the manufacturer’s ability to update your device with security patches. Can they do this? Have they done it in the past?
BYOD continues to pose security risks and privacy challenges for organizations
Organizations need a mobile threat defense strategy, according to an article in IT Web, that contends that mobile defense solutions are an essential component of cybersecurity strategies. “It is imperative for organizations to safeguard sensitive enterprise data from cyber threats that exploit mobile users, apps, and devices,” urges author MJ Strydom. He contends that bringing your own device presents potential leakage or disclosure of enterprise data. Gartner is also an advocate of mobile threat defense solutions and strategies. Gartner emphasizes that organizations’ focus should be on improving overall security hygiene, rather than countering malicious threats.
Employee privacy and data protection in a mobile world
In the Dark Reading article, “Employee Privacy in a Mobile Workplace,” there is discussion about the way businesses handle the personal data of their own people. It discusses the use of personal smartphones in the workplace, and how this presents a challenge to both safeguard information, while also protecting employees’ privacy. BOYO is certainly nothing new. The article states the challenge that there is bound to be some crossover between personal and business data. “When businesses collect and monitor employee data, how can they approach this crossover in a responsible way that does not infringe on personal privacy or compromise any security measures,” writes author Michael J. Covington, Ph.D. He suggests that organizations use a four-pillar framework to implement best practices for how they should collect store and use their employees’ personal information. The pillars are: user identity, user activity, policy, and transparency.
Partner blog of interest: Splunk: A Look at 2020: Where Data Packs Its Biggest Punch