Cyber Connections News Roundup: July 13
Get the latest cybersecurity news from leading companies, news outlets and blogs.
Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.
Cybersecurity Training Is in Need of an Upgrade
Traditional cybersecurity training generally relies on a 30- to 60-minute session of basic training once a year, enhanced with email reminders and other reminders. According to a recent article on www.securitymagazine.com, this form of static training doesn’t work, mainly because it lacks agility and relevancy. What’s needed is a shift to mobile devices, a daily or weekly cadence, team and department interactions, specific industry relevant content, and, most notably, microlearning -- training that is remembered. Just like one doesn’t go to the gym once a year to keep muscles fit, the mind is a muscle. Just like exercise, training daily and in small doses optimally helps maintain and improve performance. Read more.
With a Return to a Hybrid Work Model Comes an Increased Threat to Cloud Security
A growing body of research indicates that a shift to a hybrid working models isn’t set to end as the pandemic recedes, according to a recent article on www.techerati.com. Cloud-based technologies will play a central role in enabling this hybrid future. But cyber attackers also see the growing usage of cloud technologies as an opportunity, according to a recent report from Netskope, a security cloud provider, that found as cloud activity increased, so too has the threat from cyberattacks. Read more.
Shared Responsibility is Key to Medical Device Cybersecurity
Medical device connectivity has helped patient care at healthcare facilities and in the home, according to a recent report on www.healthcareitnews.com. At the same time, these devices represent network vulnerabilities. Dr. Suzanne B. Schwartz, director of the Office of Strategic Partnerships and Technology Innovation at the U.S. Food and Drug Administration, says it will take collective action to address such vulnerabilities. "It has to be through partnership through collaboration, through recognition that we all have different roles to play, different types of expertise, different responsibilities,” she said. For its part, the FDA has a public-private partnership under its critical infrastructure protection program, which in turn houses the Healthcare Sector Cybersecurity Council. Read more.
A Cybersecurity Audit – Explained
Cybersecurity audits, according to a recent article on https://fedtechmagazine.com, are about assessing compliance. They allow organizations to assess whether or not they have the proper security mechanisms in place while also making sure they are in compliance with relevant regulations. It should be noted that cybersecurity audits differ from cybersecurity risk assessments, which explore an organization’s IT security protections and its ability to remediate vulnerabilities. Cybersecurity audits, rather, act as a checklist that organizations can use to validate their security policies and procedures. Moreover, cybersecurity audits should be conducted by a third-party vendor to eliminate any conflicts of interest. Read more.
Biden Administration Tackles Ransomware, Considers Banning Secret Payments
According to a recent report on www.cyberscoop.com, Anne Neuberger, the deputy national security adviser, said that that a joint FBI, U.S. Cyber Command and private sector effort like the one used to cripple the Trickbot botnet hacking tool used to disrupt the 2020 election, is the type of operation needed to tackle ransomware gangs in the future. Speaking at an event hosted by the Silverado Policy Accelerator, a nonprofit think tank, Neuberger said that before law enforcement can go fully target ransomware gangs, the U.S. government needs more “visibility” into their activity. That includes considering whether to prohibit companies from keeping ransomware payments secret. Read more.