Risk News

U.S. treads water on cyber policy as destructive attacks mount
"The Trump administration's refusal to publicly accuse Russia and others in a wave of politically motivated hacking attacks is creating a policy vacuum that security experts fear will encourage more cyber warfare."
Annie's take:

This is part of the material I'll cover when I speak on November 8 at SecureWorld Seattle, in a presentation titled "Cyber Policy That Crosses Borders."
Cybersecurity skills shortage hurts security analytics, operations
"I’ve written a lot about the cybersecurity skills shortage over the past five years. For example, ESG research indicates that 45 percent of organizations claim to have a problematic shortage of cybersecurity skills."
Annie's take:

Good article with a couple of excellent external references.
Senator calls for review of energy infrastructure cybersecurity policy
"The top Democrat on the Senate Energy and Natural Resources Committee is calling on two government agencies to review current policies that guide how America’s power grids and pipelines defend against cyberattacks."
Annie's take:

Go Senator Cantwell!!
Privacy and The Digital World
"Privacy is considered synonymous with trust and security."
Annie's take:

A surprisingly practical and useful article.
Cisco predicts a major increase in cyberattacks designed to destroy systems
"Cisco researchers are predicting more and larger cyberattacks that have the goal of destroying their targets systems, instead of financial gain or stealing information."
Annie's take:

Frightening. I plan to read the entire report.
White House gives thumbs up to overturning net neutrality rules
"The Trump administration supports the Federal Communications Commission effort to overturn net neutrality rules passed during the Obama years, a White House spokesperson said yesterday."
Annie's take:

Well, this is no surprise, but certainly should provide grounds for more than one day of protest.
China Disrupts WhatsApp Service in Online Clampdown
"The last of Facebook’s major products that still worked in China was disrupted by the government on Tuesday, as Beijing broadly tightened its controls over the internet."
Annie's take:

See the last paragraph of the article for a full list of American websites banned in China now.
Getting ready for SEC cyber-security tests
"Governments will eventually regulate industry to solve ongoing problems, and the investment industry is no exception."
Annie's take:

The cyber advice offered in this article applies to most firms, not just investment firms.
Research: businesses over confident about ability to fend off hackers
"Combining the prioritisation of perimeter security and lack of knowledge in data security, according to Gemalto, is brewing an environment where businesses will soon lack the ability to fend off complex cyber-attacks."
Annie's take:

Why are we not surprised at these findings?
Think Twice Before Ignoring FDA Cybersecurity Guidance
"FDA late last year published new guidance documenting postmarket management of cybersecurity in medical devices."
Annie's take:

This is a big problem in the medical device market, likely to get larger. Will the FDA guidance help?
Feds Suspect Russians Behind Cyber-Attacks on Power Plants
"Russia is suspected to be behind recent hacker intrusions at American power plants, including at least one nuclear facility, two U.S. officials told NBC News."
Annie's take:

What part of this intelligence does our president not believe? How could he possibly propose partnering with Russia on cyber issues? #Sad
Germany Says Risks From Recent Cyber Attacks Greater Than Expected
"Germany's BSI federal cyber agency said on Friday that the threat posed to German firms by recent cyber attacks launched via a Ukrainian auditing software was greater than expected, and some German firms had seen production halted for over a week."
Annie's take:

Still adding up the costs and the players.
Guide to the top college and university cyber security degree programs
"The shortage of cyber security professionals is well documented, and this lack of expertise can keep organizations from bolstering their security programs."
Annie's take:

A rather East Coast look at cyber programs in major universities. How about a look at the West Coast?
Publishing ASA's 100th Research Note
"Here’s my journal entry for July 5, 2009, concerning the timeline for ASA Risk Consultants..."
Annie's take:

It is a pleasure to be able to thank so many contributors to ASA's success. Now on to our ninth year!!
Banking task force issues best practices for banks to mitigate cyber threats
:The United States Secret Service and the Bankers Electronic Task Force, a group of state bank regulators, recently issued a series of industry best practices for managing risks related to cyber threats."
Annie's take:

Once again, the banking industry is head and shoulders above other critical infrastructure sectors.
Cybersecurity: The cold war online
"The Internet is under attack, and not just by hackers, thieves and spies."
Annie's take:

Aftergood reviews an important new book, The Darkening Web.
U.S. hospitals have been hit by the global ransomware attack
"Major corporations across the world have been hit by a wave of ransomware attacks that encrypt computers and then demand that users pay $300 to a bitcoin address to restore access."
Annie's take:

The attacks are spreading now in the United States.
A cyberattack swept across the globe last week. We should be ready for more.
"ONE FALLACY about cyberattacks is that they hurt pixels, not people."
Annie's take:

I'm not sure exactly what will wake up businesses and people alike. Here's a good argument for action.