Heading 1

Cyber In security News


May 2019
The Cybersecurity Dance on the Hill
The challenges cybersecurity poses can give rise to strange scenarios. We depend on government agencies to encourage companies to secure their data, and to penalize them when they’re negligent. But we frequently learn that some government agencies are negligent themselves.  
     It was particularly troubling to learn that one of them is the U.S. Department of Health and Human Services, since health care data contains so much sensitive information. But an Office of Inspector General report seems to leave little doubt that HHS has serious deficiencies.
     The other part of the story is that we know that many of our aging politicians are far from knowledgeable about, and comfortable with, technology. But they are frequently the ones who must call to account entities with poor security.
     And so it was that in April, Senate Finance Committee Chairman Chuck Grassley (R-Iowa) sent a letter to HHS Secretary Alex Azar demanding that he provide information about the department’s cybersecurity policies, and asking him to explain the lapses.
     Read more from Health IT Security.
Chuck Grassley
IBM Study Reveals Widespread Cybersecurity Deficiencies
In April, IBM Security announced the results of a global study of cybersecurity preparedness, and the news was not encouraging. IBM hired the Ponemon Institute to conduct the research, and it found that 77 percent of the respondents do not have an incident response plan that is consistently applied across the company.
     That wasn’t all. More than half said they don’t test their plans regularly.
      “Failing to have a plan is a plan to fail,” said Ted Julian, VP of product management and co-founder of IBM Resilient.
     Read more from CISOMAG.
KKR’s Phishing Experiment
Private Equity giant KKR has been investing in cybersecurity companies for a while. And doing quite well. But in an April story in Fortune, there was an interesting revelation about its own vulnerability.
     In a Q&A that was part of the article, KKR Managing Director Vini Letteri was talking about the high percentage of breaches that result from human error.  Then he said this:

"I think I can share this; as part of our diligence, we worked with our [chief security officer] to actually launch a phishing attack on a subset of KKR employees. We think this place is full of high-integrity, intelligent people—and even then, over a third of the employees that we sent it out to went ahead and clicked on the malicious email. We brought that up in the investment committee meeting, and it became so obvious that if, in a place like this, people still need to go through that sort of training, then it’s got to be broadly applicable out in the marketplace."

Read more from Fortune.
Vini Letteri
The Big Problem with Cybersecurity Research
How do companies defend themselves against cyberattacks? And what seems to be most effective?
     Great research topics, right? But there’s a very big problem with cybersecurity research. Companies are not providing enough raw data to researchers. They claim they have concerns about privacy.
     And to make matters worse, researchers who do manage to get ahold of data rarely share it with other researchers when they’re done—which is not the norm, scientists say.
     The dearth of quality research may explain in part why the state of cybersecurity has shown few signs of improvement in recent years, and may be getting worse.
     Read more from The Washington Post.