According to the 2020 Verizon DBIR, (Data Breach Investigations Report) there were 3,950 confirmed breaches in 2020. The onset of the COVID pandemic resulted in a drastic increase in exploitable vulnerabilities, phishing attempts, ransomware campaigns, and remote compromise attempts.
Crises and disasters are unavoidable; especially, from the perspective of information security professionals, whose adage is to "assume you've already been hacked." It would be naïve to assume that any network was impervious to adversarial campaigns. The difference between a cybersecurity novice and a leader isn't whether they can infallibly prevent incidents; rather, the distinction lies in how they respond to crises, mitigate impacts, remediate compromises, and incorporate lessons into their risk assessment, policies, and response plans.
An organization's personnel can be the strongest or weakest element of any security strategy. In times of national crisis, such as the COVID-19 pandemic, tensions can run high, and conventionally manageable stresses can accumulate and degrade focus, performance, and mental bandwidth.
“The best virtual experience in cybersecurity” is fast approaching. On October 14-15, the Institute for Critical Infrastructure (ICIT) – the only think tank dedicated exclusively to cybersecurity – hosts its 2020 fall virtual briefing. Co-chaired by DLT, this year’s theme is: “A Secure Roadmap for the Future.”
DLT Solutions recently sat down for an interview with Joyce Hunter, executive director for strategy and process at the Institute for Critical Infrastructure and Technology (ICIT), the nation’s leading cybersecurity think tank. On the table for discussion was how ICIT is cultivating a “cybersecurity renaissance” – including promoting the role of women in cybersecurity. We also talked to Hunter about how government agencies can compete more effectively for cybersecurity talent and nurture the next generation of cyber warriors.
The Cyber Shield Act, commissioned by Senator Ed Markey, recommends the establishment of a voluntary program to institute uniform cybersecurity and data benchmarks for consumer devices. The goal of the bill is to improve consumer decision making from the point of purchase, standardized by industry and maintained by manufacturers – similar to an EPA energy rating on appliances, or NHTSA safety rating on automobiles.
The theme of the recent ICIT Forum was “Rise of the Machines”, a call to recognize the vulnerability of an infrastructure increasingly under control of computers. The steady increase in connected systems mandates a broad range of strategies – managing supply-chain risk, analysis of huge amounts of data through machine learning, dealing with the insider-threat problem, sealing up holes in applications. I had the privilege of discussing threat intelligence sharing on a panel with Todd Helfrich of Anomali, John Kupcinsky of KPMG, and Ana Besk
Our very own Chief Cybersecurity Technologist and Institute for Critical Infrastructure Technology (ICIT) fellow, Don Maclean, recently joined fellow fellows Robert Lord (Protenus), John Menkahart (Securonix), Dr. Ron Ross (NIST) and ICIT co-founder and senior fellow, Parham Eftekhari on Capitol Hill to discuss the risks and threats associated with cyber attacks on healthcare facilities.