Editor’s Note: Weekly Cybersecurity is a weekly version of POLITICO Pro’s daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the day’s biggest stories. Act on the news with POLITICO Pro.
Quick Fix
— As the Delta Covid-19 variant extends remote work, companies’ exhausted security workers are stuck figuring out how to keep vulnerable systems intact.
— It’s not just Congress in recess: Ransomware criminals are also taking a break from attacking the government this summer, according to new data.
— In a recent interview, CISA Director Jen Easterly shared the clearest plan yet for how the agency is thinking about fighting 2022 election interference.
IT’S MONDAY. Welcome back to Morning Cybersecurity! I’m your host, Sam Sabin. Like most of you, I’m having a hard time thinking about anything except what’s happening in Afghanistan right now. But if you’re still catching up, I highly recommend starting with this account from an Afghan journalist published Sunday.
Send thoughts, feedback and — especially — story tips to [email protected]. Follow @POLITICOPro and @MorningCybersec. Full team contact info below.
RUNNING ON EMPTY — The growth of the Delta variant has companies pushing back return-to-work dates, and that’s threatening to further burn out company cybersecurity teams that had hoped to return to something akin to normal after more than a year of troubleshooting VPNs, policing personal wifi networks and rolling out password management systems.
Among IT talent, “burnout is mostly associated with a lack of planning,” said Nicholas Avila, chief technology officer at cybersecurity consulting firm Globant. “Companies will have a burnout issue among their IT and cyber talent unless they embed a ‘digital-first’ mentality across their business.”
It isn’t just a matter of maintaining cyber plans put in place months ago, Avila said. When companies switched to remote work, some just implemented short-term solutions. Now, as companies take on longer work-from-home plans, they’re faced with re-evaluating their security approaches so they’re more sustainable — meaning more work for security workers.
Security teams were already burned out from keeping up with a deluge of attacks in the last year: Employees have created an average of 15 new online accounts during the pandemic, according to an IBM Security survey released in June, prompting more opportunities for hackers to steal their credentials and gain access to company files. Research and advisory company Forrester also estimates that employee mistakes like reusing passwords or clicking on malicious emailed links will be behind 33 percent of data breaches this year, up from 25 percent a year earlier.
“Most organizations were not ready for the pandemic, and deep down, most would prefer to go back to the pre-pandemic state so they can use their usual methods to build teams and ensure progress on projects,” Avila told MC.
The most well-situated companies are the ones that have already invested in overhauling their strategies to permanently accommodate work-from-home, CrowdStrike told MC in an emailed statement. “It’s less about protecting in-office or remote-work environments, and more about enabling employees to work-from-anywhere with the same level of security protection,” the company said.
— Battling burnout: CrowdStrike said it’s up to cybersecurity providers to make “workers' jobs as easy and streamlined as possible” by using cloud technology and machine learning algorithms to monitor threats (techniques that require little effort to implement) instead of manually securing and observing each server or network. And Avila said it’s also about instituting long-term solutions. “Technical cyber and IT talent can no longer be brought in at the last moment to solve immediate problems with a patch,” he said.
Ransomware
OH, THE SUMMER NIGHTS — Much like Washington officials in August, ransomware criminals have been taking a break this summer. The number of attacks targeting U.S. local governments have dropped from 15 in June to just one in July and two so far in August, according to data shared with MC by Emsisoft threat analyst Brett Callow.
In the first six months of the year, local governments were hit by 43 ransomware attacks, or about eight per month.
It’s long been the belief that ransomware actors slow their activity in the summer (everyone needs a vacation, right?). For instance, when criminal gang REvil went dark in July, one of the theories for their disappearance was that they just went on a well-timed summer vacation.
The data show the seasonal shift isn’t limited to just this year. Last year also brought one ransomware attack in July and two in August. And that’s after an average of 11 attacks a month for the first half of 2020.
— Of course, there are exceptions: Last week, ransomware took down systems behind the parish of St. Vincent de Paul in Missouri. The FBI is now investigating the extent of the attack’s damage.
Election Security
HERE’S THE GAME PLAN— One month into the job, CISA Director Jen Easterly is providing a vision for how the agency will fight false election news and interference in the 2022 midterms.
In an interview with The Associated Press published Saturday, CISA Director Jen Easterly said she’s focusing on making sure her agency builds “collaborative partnerships with all state and local election officials so that they know, regardless of what party they are, we are here to provide resources.” She also made similar comments during the National Association of Secretaries of State’s summer conference the same day.
While under former director Chris Krebs’ leadership, the relatively young agency famously played a role in debunking false election information (leading to Krebs’ firing by tweet). And Easterly said in the interview she plans to keep election fact-checking hub Rumor Control up and running for the next election.
— Easterly isn’t the only one with 2022 on the brain: President Joe Biden said during his remarks at the Office of the Director of National Intelligence late last month that Russian actors are already launching disinformation campaigns to influence the 2022 elections.
Last week also presented the latest example of how election lies are manifesting ahead of 2022: MyPillow Chief Executive Mike Lindell’s “cyber symposium,” which was filled to the brim with lies about the 2020 presidential election’s validity. Cyber Ninjas, the company running a partisan “audit” of 2020 election results in Arizona’s Maricopa County, will also release its findings in the next few weeks — which will provide ample fodder for future disinformation campaigns.
Surveillance
QUICK CHANGE OF PLANS — Apple is making tweaks to how it will scan devices and evaluate any found child sex abuse materials, more than a week after the company announced the tools and following growing scrutiny of the new tools.
— In the latest moves, Apple clarified during a media briefing Friday that it will only flag devices for human review if a phone or computer has at least 30 images that match known child abuse cases.
— Apple also said the known cases its scans are searching for would have to be flagged by more than one organization in multiple countries, not just the National Center for Missing and Exploited Children as originally announced.
The latest changes come as scrutiny of the program has grown louder. Last week, the company’s own employees expressed concern about the tools in internal communications. Apple also acknowledged during the same media briefing Friday that the company didn’t handle its announcement well.
Vulnerabilities
ANOTHER REASON TO AVOID THE GYM — A cybersecurity researcher has found several vulnerabilities in Wodify’s gym management platform, which more than 5,000 gyms worldwide use to manage class schedules and payment information. If successful, researcher Dardan Prebreza, senior security consultant at Bishop Fox, warned Friday that hackers could gain access to modify payment settings, read and modify users’ workout data and extract personally identifiable information. Not helping matters: Wodify had not confirmed as of Friday if it had a security patch to fix the vulnerabilities yet.
Tweet of the Day
This advice sounds about right from computer engineer Casey, who runs the InfoSec blog Caseyis: “How to secure a network: Take inventory of all assets. Unplug everything. Move to a farm and forget that the internet exists.”
Quick Bytes
— T-Mobile is investigating a potential data breach that could include more than 100 million people’s sensitive information, including Social Security numbers and physical addresses. (Vice)
— Ransomware criminals are starting to exploit Windows’ several PrintNightmare vulnerabilities, researchers warn. (ZDNet)
— The Department of Homeland Security is studying whether to create a contractor cyber compliance program similar to the Pentagon’s Cybersecurity Maturity Model Certification. (FedScoop)
— The Congressional Budget Office estimates it will cost $63 million over the next five years to fund the Civilian Cybersecurity Reserve Act.
— A software bug allowed researchers to see Ford Motor Co.’s confidential company records, databases and perform account takeovers. (Bleeping Computer)
Chat soon.
Stay in touch with the whole team: Eric Geller ([email protected]); Bob King ([email protected]); Sam Sabin ([email protected]); and Heidi Vogt ([email protected]).
"work" - Google News
August 16, 2021 at 09:00PM
https://ift.tt/2W1qg3y
Extending remote work strains companies' security teams - Politico
"work" - Google News
https://ift.tt/3bUEaYA
Bagikan Berita Ini
0 Response to "Extending remote work strains companies' security teams - Politico"
Post a Comment