Risk News

5/13/2019
America is Still a Killing Field
"In October of 2017, the title of this column was “America as a Killing Field,” after the Las Vegas mass shootings."
Annie's take:

So little has changed!
5/8/2019
Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak
"Hacking tools allegedly developed by the National Security Agency (NSA) were being used in the wild by at least one APT long before the Shadow Brokers released the now-infamous trove of U.S. cyberweapons, new analysis suggests."
Annie's take:

There are so many suspects these days that it should come as no surprise that the Chinese have also been draining information from the NSA.
4/23/2019
Getting More Women into Cyber Roles
"Women are making significant strides in cyber security, a noteworthy development in an industry that for too long was composed of a primarily male workforce."
Annie's take:

The surveys on this topic are various, and certainly the 25% of women in the cyber workforce identified here represented the highest level of employment of women that I've seen. The article is well-reasoned and worth a read -- or perhaps worth tucking into the board of directors materials next month?
3/28/2019
Microsoft says it has found Iranian hackers targeting U.S. agencies, companies and Middle East advocates
"In the latest of a string of security actions, Microsoft has seized 99 websites it says were used by Iranian hackers to launch cyberattacks against government agencies, businesses and users in Washington, according to a company blog post and court records unsealed Wednesday."
Annie's take:

Microsoft went to court to take down these sites.
3/27/2019
Death by a Thousand Clicks: Where Electronic Health Records Went Wrong
"The pain radiated from the top of Annette Monachelli’s head, and it got worse when she changed positions."
Annie's take:

Here's the sad story of interoperability and medical records.
3/6/2019
The Marriott Breach Shows Just How Inadequate Cyber Risk Disclosures Are
"Another year and another hack and what seems like a very long wait to learn that it happened. Recently, Marriott waited 11 weeks to reveal that 383 million customer records had been compromised, exposing at least 25 million passport numbers and 8 million payment cards. Can you imagine a company like Marriott waiting for 11 weeks to disclose its quarterly earnings numbers? That wouldn’t be acceptable; why is waiting that long to disclose this type of incident?"
Annie's take:

A good article, with some sobering questions.
2/19/2019
Organizations Challenged By Insufficient IT Visibility, Staffing, Ponemon Findings Reveal
"Among key findings from this week’s Ponemon Institute report “Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture” are: 68% of respondents feel that staffing is not adequate for a strong cybersecurity posture; 60% are challenged by insufficient visibility across IT asset types and esp. unmanaged assets, and 61% report inadequate context on the business impact if a vulnerable asset got breached."
Annie's take:

Another indicator of just how far we need to go in cybersecurity, especially on the operational side.
1/31/2019
Major Report: Unsecure Medical Devices Need A Fix
"Healthcare organizations are vulnerable to network intrusions through unsecured devices on their networks. There’s no unified solution yet, as Joseph Marks at the Washington Post reports."
Annie's take:

Mike Simon breaks a long report down into four recommendations.
1/30/2019
'We Want IoT Security Regulation,' Say 95% of IT Decision-Makers
"IT professionals often see government regulation as a last resort or even a hindrance to solving their problems. Yet when it comes to Internet of Things (IoT) security, 96% of IT decision-makers say government regulation is necessary – even though some wouldn't actually want it."
Annie's take:

We're going to spend a whole week on IoT in my cyber course. Our guest speaker is MSIM alumni Andy Herman, now at Microsoft.
1/29/2019
En garde! 'Cyber-war has begun' – and France will hack first, its defence sec declares
"FIC2019 France’s defence secretary Florence Parly today declared: “Cyber war has begun.” And she said the Euro nation's military will use its “cyber arms as all other traditional weapons… to respond and attack,” as well as setting up a military bug bounty program."
Annie's take:

One wonders how long this new program will last.
1/17/2019
Climate and Cyber Risks Top Concerns Facing the World in 2019
"The failure to tackle climate change and extreme weather events are the most threatening global risks this year, according to the World Economic Forum."
Annie's take:

More on the topic we covered here yesterday.
1/16/2019
Why Cyberattacks Are the No. 1 Risk
"With the world going digital, the dependence on the availability of IT infrastructure keeps exponentially growing, and many people don't comprehend the true scope of the implications."
Annie's take:

" The World Economic Forum (WEF) says business leaders in advanced economies see cyberattacks as their single biggest threat, even more so than terrorist attacks (No. 2), an asset bubble (No. 3), a new financial crisis (No. 4), or failure to adapt to climate change (No. 5)."
1/10/2019
The Cybersecurity 202: How the shutdown could make it harder for the government to retain cybersecurity talent
"The partial government shutdown that's now in its 18th day is putting key cyber policy priorities on hold and leaving vital operations to a bare bones staff. But the far greater long-term danger may be the blow to government cyber defenders' morale, former officials warn."
Annie's take:

This is exactly what I have been worried about: such poor practices from a government that cannot match private sector salaries is sure to be on everyone's mind in this, the third week of the shutdown -- and the week normally employees would be paid.
1/9/2019
Shutdown sets back U.S. cyber defenders
"A popular cyber technology showcase is the latest casualty of a partial government shutdown that's taking a toll on U.S. cybersecurity."
Annie's take:

Just one of the many examples of government employees who provide critical services and who are not being paid.
1/8/2019
As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants
"For years, Facebook gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules, according to internal records and interviews."
Annie's take:

There is so much more to be said on this topic.
1/8/2019
Uber CEO Says Market Turmoil Won’t Derail IPO Plans
"Uber Technologies Inc. Chief Executive Dara Khosrowshahi said market turbulence in the U.S. would be unlikely to affect the ride-hailing titan’s plans for a public listing."
Annie's take:

Keeping a close eye on Uber in two areas as they move toward an IPO: culture and marketplace.