Risk News

Cyber Threat Intelligence Leader Warns of Changing Nature of Attacks
"As billions more Internet of Things (IoT)-related devices come online, the barrage of cyber threats will not only continue but will target users in new ways."
Annie's take:

Recent Congressional testimony.
Chinese hackers lead attacks on IoT devices
"New research from F5 Labs has shed light on the fact that Telnet brute force attacks against IoT devices have risen a staggering 249% year over year (2016-2017) and dominated by traffic originating from China."
Annie's take:

Interesting new research from F5's threat lab.
“This is now the new normal”: an expert explains why cybersecurity risks aren’t going away
"The crazy Trump-centric news cycle has become the new normal in the United States. So has the scenario of constant cybersecurity risks, where it seems like there’s a new worrisome development every week, if not daily."
Annie's take:

As more incursions are spotted and blocked/dropped, we face even more of them going into November.
Corporate Cybersecurity Is Becoming Geopolitical. Are U.S. Tech Companies Ready?
"This week’s news that Microsoft, Facebook, FireEye, and Google disrupted ongoing Russian and Iranian influence campaigns should garner significant attention in corporate boardrooms."
Annie's take:

Traditional protection measures for corporate data won't be sufficient anymore. The cyber team is going to have to be examining its social media platforms as well.
Our politicians have no idea how the Internet works
"Here’s the bad news: We can’t trust Silicon Valley to police itself."
Annie's take:

Her reporting is not exactly news. One way or another, we do understand that many in Congress and in the White House have no clue how technology works.
Just 65% of Companies Have a Cybersecurity Expert on Staff, Survey Says
"When it comes to cybersecurity, many businesses aren’t as prepared as they should be. A survey conducted by Gartner (NYSE: IT) revealed although 95% of CIOs expect cyber threats to increase in the coming years, only 65% have a cybersecurity expert on staff."
Annie's take:

Especially in light of all the hacking going on, this is not good news. The survey did not focus on small business. Rather over 3,000 CIOs from 98 countries were surveyed.
One thousand GAO recommendations to remedy cybersecurity shortcomings remain unaddressed
"With one click of a mouse, could an enemy of the United States black out major parts of the country or shut down the nation’s electronic communications? Could a hacker access a major bank and gain your personal information, and then clean out your accounts or steal your identity? Or send the stock markets into a tailspin, disrupting the economy?"
Annie's take:

Of the 3,000 cyber recommendations that the Government Accountability Office (GAO)has made since 2010, one thousand remain as open audit items.
Security’s bane: The false positive
"Nothing makes security look worse than the false negative – when we miss an attack and damage is suffered. As security professionals, it’s something we all obsess a lot about. However, the number two thing that makes us look bad is the false positive."
Annie's take:

A good read.
Sizing up the FBI’s new cyber leadership
"FBI CYBER PICKS WIN PRAISE — The FBI made an excellent choice in tapping Amy Hess to lead the Criminal, Cyber, Response and Services Branch, which oversees the bureau’s Cyber Division, according to former FBI officials and agents who spoke to MC on Tuesday after the bureau filled two of its key vacant cyber positions."
Annie's take:

A big win for cybersecurity, and for women.
Why US elections remain 'dangerously vulnerable' to cyber-attacks
"Sixteen months ago, Marilyn Marks was just another political junkie watching a high-profile congressional election on her laptop when she saw something she found abnormal and alarming."
Annie's take:

Hoping to hear more from the feds in the coming weeks about how they are partnering with local election machinery to overcome these vulnerabilities.
Now Available on Amazon -- Annie Searle's "Risk Reconsidered"
"The field of operational risk management is relatively new."
Annie's take:

I'm so happy to announce the new book!
Black Hat USA 2018: IBM researchers developed AI powered malware to demonstrate future threat models
"IBM researchers at Black Hat USA 2018 announced their development of DeepLocker, described as a highly targeted and evasive attack tool powered by AI."
Annie's take:

Another point to keep in mind with AI. Concealing the malware in a video training app, undetectable, shows just what we are up against.
Cyber Incident Risk: From IT Headache to Business Threat
"Cyber incident risk is one of the most consequential areas of risk management organizations face today."
Annie's take:

Excellent article!
The Security Industry's Talent Shortage is a Crisis of Diversity
"If you think everything’s gone cyber now, just wait. “Digital transformation” is shifting all aspects of modern life — think automated grocery stores, driverless cars and trucks, even our social lives — and it all brings new forms of risk."
Annie's take:

A clarion call to the industry.
Amid cybersecurity fears, tech firms are offering to help secure the U.S. elections for free or at a discount
"American democracy is under attack, with foreign spies and trolls throwing wrenches into the workings of U.S. elections—be it attempts to hack candidate websites, scramble voter rolls, or spread fake news on social media platforms."
Annie's take:

I'm glad that tech firms are stepping up to help. We've all got a role to play -- including voting!
How AI Could Become the Firewall of 2003
"One of the shortcomings of the cybersecurity industry is a preoccupation with methodologies as solutions, rather than thinking about how they can be most useful. This scenario is happening right now with artificial intelligence (AI) and machine learning (ML) and reminds me of discussions I heard about firewalls back in 2003."
Annie's take:

An interesting take on what AI represents.