Cyber News Roundup: Holiday Cyber Threats; Human Factor; Challenges Ahead

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Organizations are managing cybersecurity in a COVID-19 world and continue to face new cyber threats daily. To top that off, we are on the cusp of the biggest shopping season of the year, with scammers lurking. Because of the pandemic and social distancing protocols, retailers are turning Black Friday into Cyber November. Experts are anticipating more online shopping in 2020 — in fact, 75% of Americans will be shopping online, according to RetailMeNot.

“As online retailers prepare for the upcoming holiday shopping season, security researchers are warning that cybercriminals will be on the prowl this year,” writes Threatpost. Chris Eng, chief research officer with Veracode, states that online retailers are not prepared for implementing the correct security measures.

Human factor: root cause of cybersecurity vulnerabilities

A new report finds that 80% of companies say that an increased cybersecurity risk caused by human factors has posed a challenge during the pandemic. Security Magazine covers the report, citing these key points:

• Cybercrime has increased by 63% since the COVID-19 lockdown was introduced
• Human error has been the biggest cybersecurity challenge during the COVID-19 pandemic

“Cybersecurity has long been thought of as the responsibility of IT departments alone, but in order to build a holistic cybersecurity strategy that accounts for the human factor, IT and HR departments must work together. Using psychometric testing and self-awareness tools, HR can help to identify the makeup of teams and pinpoint potential vulnerabilities. IT teams can use this insight to create comprehensive security protocols and a proactive cyber strategy to stay one step ahead of potential threats,” John Hackston, head of thought leadership at The Myers-Briggs Company, the issuer of the report.”

New cyber threats daily

“New threat alerts continue to pop up every day. Especially in these unprecedented times, our adversaries exploit current events to disrupt organizations and governments. Since the pandemic began, over 30,000 COVID-19 themed typo-squatting domains were registered within a few months, with the potential for many of these sites to be used for phishing and malware campaigns. In more recent months following a massive work-from-home trend for offices, we began seeing malware like Emotet being sent via phishing emails with return-to-work themed lures,” reports Cyber Oregon sponsor, Fidelis Security, in its recent blog post, Prioritize your Threat Alerts with our Actionable Threat Intelligence.

CISOs face challenges ahead

Are we ready to start thinking about cybersecurity in a post-COVID-19 world? Just as RSAC 2021 announced that it will be a virtual event, RSAC outlines, in a blog post, how “CISOs will need to adjust and be prepared to ‘do more with less.’” Author Ashwin Pal outlines the challenges ahead:

• Challenge 1: Disaster Recovery Planning (DRP) and Business Continuity Planning (BCP) to be an Ongoing Focus. COVID-19 revealed some gaps in preparedness. For example, many organizations were prepared to move operations to an alternative site, but they were not prepared to move their entire workforce to work from home. As we recover from COVID-19, expect more focus on DRP/BCP activities to manage this critical area of risk.

CISOs will need to divert attention and funds to manage this critical area of risk. Robust DRPs/BCPs must cover a wider range of scenarios, and these plans will need to be well tested and maintained over time.

• Challenge 2: Do More with Less. As budgets shrink, CISOs will be required to do more with what they already have or with less than what they already have. Leveraging existing investments and “sweating the asset” will become the mantra for at least the next three years.

CISOs can respond to this challenge effectively by leveraging what they already have, including consolidating and better using existing investments. Simplifying existing infrastructure and using it better also adds the advantage of simplifying management efforts. This in turn will allow an organization to reduce their OPEX expenditure in the cybersecurity space.

• Challenge 3: Need to Prioritize Projects. As budgets shrink, the need to prioritize projects will become paramount. CISOs will need to justify the projects they want funding for as boards and executives will perform greater scrutiny over any funding requests.

The easiest and most logical way to justify a cybersecurity project is by taking a risk-based approach. Understand the risk your organization is exposed to. Ensure that this takes into account vulnerabilities and threats. Be prepared to discuss this with boards and executives on a regular basis.

• Challenge 4: Compliance Burden Remains. Compliance requirements such as privacy laws, payment card industry data security standard (PCI DSS), and general data protection regulation (GDPR) will not go away. With shrinking budgets, the challenge to CISOs will be to continue to address this and broader cybersecurity initiatives.

Understand the requirements and focus on tools and technology that can address more than one control. Invest in technologies that allow you to do more with less.

Partner blog of interest: Zscaler: 2020: The State of Encrypted Attacks