Exploring the Cybersphere: October

This week in our blog, we offer a snapshot of cybersecurity, privacy and data security news of interest to the executive suite.  Periodically, we’ll recap insights from the growing cadre of voices in this space as well as lend our own views on the issues that impact executive governance of cyber risk and response.

Many takeaways this month from articles that further our understanding of cybersecurity concerns and issues starting with:

You can never get your fill of Chinese.

Obama should hold Xi accountable on cyber security
The Hill
National Security Advisor Susan Rice said Monday that “cyberespionage for economic gain by China is putting enormous strain on U.S.-China relations and needs to stop.” So often, the focus of cybersecurity and intelligence experts is on military and government security, and rightfully so.

Will the US-China Cybersecurity Pact Work?
Voice of America
The new cybersecurity agreement signed by U. S. President Barack Obama and his Chinese counterpart Xi Jinping last week marks a significant first step for both governments to join forces in clamping down on commercial espionage in the cyberspace, analysts say. But many remain skeptical if concrete actions will follow.

Top spy says skeptical about U.S.-China agreement
Reuters
The top U.S. intelligence official said he was skeptical that a new U.S.-China cyber agreement would slow a growing torrent of cyber attacks on U.S. computer networks, adding that his approach will be to “trust but verify.”

To hack, or not to hack?
Brookings
Has President Barack Obama secured relief from Chinese hacking? That is the question on the minds of many following the announcement by the American leader and his counterpart, Chinese President Xi Jinping, on September 25, 2015. On balance, the agreement is a step in the right direction.

US, China Have Dueling Definitions of Cybersecurity
Voice of America
One of the most-anticipated outcomes of the president of China’s recent state visit to the United States was an agreement between the two countries on beefing up cybersecurity and putting a halt to economic espionage. But analysts question whether the deal actually can deliver.

Security Firm: Chinese Hacking on US Companies Persists
ABC News
Chinese hacking attempts on American corporate intellectual property have occurred with regularity over the past three weeks, suggesting that China almost immediately began violating its newly minted cyberagreement with the United States, according to a newly published analysis by a cybersecurity company with close ties to the U.S. government.

That legislative fix is coming right up.

Lawmakers push to protect trade secrets from Chinese hackers
The Hill
Lawmakers are pushing for legislation that would give companies the right to take legal action in federal court against cyber thieves who steal trade secrets, citing the threat of light-fingered Chinese competitors.

Congressional action on cybersecurity would send strong message to China
The Hill
Pope Francis’ visit to America garnered wall-to-wall media coverage but the second most popular news story has the greater consequence for businesses, consumers and our national security.

Major tech group comes out against cyber bill
The Hill
A prominent tech trade group representing major players in Silicon Valley, telecom and e-commerce has come out against a cybersecurity bill that is set to soon hit the Senate floor.

Opinion: Advice for Congress, the weakest link in cybersecurity
Christian Science Monitor
As soon as Congress realizes that good security and privacy practices are paramount to cultivating a thriving tech economy, it can begin working with Silicon Valley to forge a more prosperous digital future.

Cyber bill to sail in Senate
The Hill
The Senate is on the cusp of passing its biggest cybersecurity bill to date, following years of debate and countless revisions to the contentious legislation.

Here’s the “thing.”

4 loT Cybersecurity Issues You Never Thought About
Dark Reading
Call it a physical and cybersecurity challenge. Innovators and industry experts in Boston Tuesday for the IoT Security 2015 conference brainstormed about some of the Internet of Thing’s most daunting security challenges — authentication, patching, smart grids, and smart homes – and how to address them.

The Unintended Attack Surface Of The Internet Of Things
Dark Reading
Researchers at Vectra Threat Labs recently performed a detailed analysis of vulnerabilities found in a common Belkin wireless repeater. And while a consumer WiFi product may seem like an odd choice for intensive threat research, vulnerabilities in consumer and Internet of Things gear can end up having a much larger impact on enterprise security than you might think.

As the Internet of Things Grows Exponentially, National Cyber Security Awareness Month Focuses on Securing our Connected Devices and Networks
Market Watch
National Cyber Security Awareness Month (NCSAM), the pre-eminent cybersecurity awareness campaign co-founded and led by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS), enters its fourth week by focusing on the Internet of Things (IoT) and properly securing our rapidly expanding universe of connected devices.

Take our advice.

NYIT Cybersecurity Conference: Know Your Adversary, Increase Resiliency
PR Newswire
Experts from industry, government, and academia gathered at NYIT’s annual cybersecurity conference last week sounded an alarm. “Think like your adversaries,” warned Gregory Conti, Ph.D., director, Army Cyber Institute, U.S. Military Academy. Salvatore Stolfo, Ph.D., professor of Computer Sciences at Columbia, escalated that by urging attendees, “Be the adversary!”

Blog: U.S. Defense Department Agrees to Educate Small Businesses on Cybersecurity
SIGNAL
The U.S. Defense Department’s Office of Small Business Programs (OSBP) has explored some options, such as online training videos, to integrate cybersecurity into its existing efforts, but as of July had not yet identified and disseminated cybersecurity resources in its outreach and education efforts to defense small businesses, according to a recent report by the U.S. Government Accountability Office (GAO).

Krebs: Most Firms Fail to Take Simple Cybersecurity Measures
Forward Thinking
Talking to a group of CIOs and other IT executives, the author of the Krebs on Security website and the book Spam Nation said there is a big “PR gap” between the perception and reality of cybercrime. “The light at the end of the tunnel isn’t a way out,” he said. “It’s an oncoming train.”

How Small Businesses Can Create a Culture of Cyber Security
ACA International
Threats of cyber-attacks and data breaches are on the rise,  especially for small businesses. According to the National Small Business Administration 2013 Small Business Technology Survey, 44 percent of small businesses report they experienced a cyber-attack, and the average cost is about $9,000 per incident.

SBA Unveils Small Business Cybersecurity Tools
Business News Daily
In honor of October’s designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses.

Four things you should be doing to protect yourself from cyberattack
Phys.org
It is easy to get lost in a sea of information when looking at cybersecurity issues. And hearing about hacks and cyberattacks as they happen is a surefire way to feel helpless and totally disempowered.

 

——————————————————————————–

By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

October 27, 2015

active