Sign up for my newsletter to see interviews with the biggest names in cybersecurity.
No interviews this week but I’ve got a bunch of exciting ones lined up that I can’t wait to share. I decided to try sending these out via MailChimp because of some Gmail formatting issues. Hope you enjoy!
Trending: Information Sharing
Information sharing is one of the biggest trends in cybersecurity right now. Obama signed an executive order last month addressing the need for public-private threat sharing, PWC found that 82% of companies with “high-performing” security practices engage in information sharing and collaboration, and well-funded startups such as ThreatStream are emerging to facilitate such information sharing. Tech companies remain resistant to sharing threat information from the government but recent concessions from the government, such as a provision exempting companies that share cyber threat information from related lawsuits, may be helping to turn the tide.
Highlights from PWC’s 2014 “State of Cybercrime Survey”
- 7% of organizations surveyed in 2013 lost more than $1mm due to cybercrime.
- 51% of organizations have no plan for responding to insider threats; a major issue given that 73% of breaches in the past 12 months can be attributed to insiders.
- Because the insider threat is so high, employee security education is crucial. 42% of respondents said security education played a role in deterring criminals. Furthermore, companies without security training reported average annual financial losses of $683,000 per cybersecurity incident, while those do have training said their average financial losses totaled just $162,000!
- “Results show that things such as SE Linux (SE Android), Verify Apps and Safety Net have cut down on successful attacks against the Android operating system, significantly lowered the number of potentially harmful apps allowed onto mobile devices, and reduced the opportunity for network-level attacks leveraging Android devices.”
- Jeevankumar lauds Obama for opening the discussion about the importance of sharing threat information. He argues that only trust can reconcile the two opposing forces in the cybersecurity debate–security and privacy–and he discusses how to create it.
- The order declares “significant malicious cyber-enabled activities” a “national emergency” and permits the Treasury to seize the assets of perpetrators.
- Some argue that the order won’t affect the two biggest players–China and Russia–because they have too much to gain from cybercrime.
- Speaking of which, China supposedly conducted a massive DDoS attack on GitHub this week.
- 28% of security professionals said that cyber criminals have attempted or have successfully extorted their data for money.
- There are mixed feelings towards the governments role in cyber extortion cases (see graph)
- Hackers were able to access emails, passwords, and user profile information but nothing financial. In response, Slack has added two factor authentication and a “password kill switch.”
- ISIS gained recognition as a cyber terror organization after hacking the U.S. Central Command Twitter page in January and have hacked several other organizations’ social media pages since. Cyber experts however, call the attacks “unsophisticated” and “crude.”