Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive regular updates here.
The latest 2022 Verizon Data Breach Investigations Report (DBIR) has been published. The findings indicate that ransomware is on the rise, with a 13% increase, and so are employee errors. In fact, 82% of data breaches involved the human element, according to the report. While both seem like vastly different ways of exposing sensitive information, both can lead to security incidents and data breaches causing significant damage and loss.
“Criminals prefer human fallibility to code flaws,” writes CPO Magazine. This makes a lot of sense: cyber thieves always look for the easiest way in. Washington Post’s Joseph Marks contends that “the vast majority of companies are still compromised by hackers because of simple and preventable lapses, such as using shoddy passwords, not updating commercial software, and employees getting conned by phishing scams that they should be wise to.
Cyber-Smart Tips for Employees at SMBs
Here is a refresher of some easy-to-implement cyber-smart tips from the Cybersecurity & Infrastructure Security Agency (CISA), to educate (and re-educate) your employees to improve cyber hygiene across organizations of all sizes, in order to help minimize risks and threats to data:
- Implement multi-factor authentication on your accounts and make it 99% less likely you’ll get hacked.
- Update your software. In fact, turn on automatic updates.
- Think before you click. More than 90% of successful cyber-attacks start with a phishing email.
- Use strong passwords, and ideally a password manager to generate and store unique passwords.
In her latest article for Jewish Press, Bracha Halperin reinforces this advice and recommends that organizations advise their employees to use unique passwords and change them often. Halperin also recommends employee training “to avoid risky clicks, refrain from opening emails or attachments from unfamiliar addresses, and of course, to use common sense before responding to a request that seems odd or unusual can prevent security headaches.”
Things Will Get Worse Before They Get Better
Unfortunately, in cybersecurity land, “cybersecurity’s bad and it’s getting worse,” sums up many viewpoints and experts, including Marks. Based on his eight years of reporting on security, he takes a look back and forecasts what’s ahead, “The cyber future is especially treacherous because of a number of powerful new technologies that will integrate the internet ever more deeply into the fabric of daily life — including 5G wireless networks, artificial intelligence and connected technologies such as smart thermostats. That will give hackers significantly more power to cause damage. Then there are the unknown threats. Given the pace of technology development, it’s likely the nation will be hit within the decade by forms of cyberattacks that are hardly conceivable today.”
Government Makes Extensive Cloud Security Investments
The federal government is investing in security; the latest news is that it will invest close to $100 million to modernize cybersecurity operations at three agencies and that it will “pay for security upgrades to the U.S. Department of Agriculture’s primary IT network, stand up a multi-cloud security operations center at the Federal Trade Commission, and modernize the Department of Homeland Security’s information sharing network,” SC Magazine reports.
“These investments will implement robust multifactor authentication, encrypt government data, quickly detect and contain adversary activity, and continuously identify and remediate vulnerabilities,” federal chief information officer Clare Martorana stated.
Throughout the Summer: Technology Association of Oregon’s 2022 Small Business Cybersecurity Series
Don’t forget to attend the Technology Association of Oregon’s 2022 Small Business Cybersecurity Series, taking place through September Together with the Oregon Small Business Development Center and Mount Hood Community College, the series continues all summer. This is a free, virtual opportunity to learn the fundamentals of cybercrime and cybersecurity to better protect your business via one-hour sessions held each month. The next session, Disaster Recovery, takes place Tuesday, June 28 at 11:00 a.m. PT.
Cyber Oregon sponsor blog post of interest: Splunk: Data-Centric Security for Comprehensive Protection and Cybersecurity Resilience