Connect with us

Cybersecurity

Despite Increasing Risk, Companies Are Still Not Prioritizing Cybersecurity

Published

on

March 10, 2021 – Experts said Tuesday that cybersecurity should be one of the top priorities for every business, but many businesses still don’t consider it as such.

“I was not that surprised to see 50 percent of executives count it as a high priority,” said Chad Kliewer, the information security officer of Pioneer Telephone Cooperative, at a Tuesday webinar hosted by the Center for Strategic and International Studies.

“Let’s be honest, its not a moneymaker for most people,” he added.

Rep. James Langevin, D-R.I., who is chairman of the House Cyber, Innovative Technologies and Information Systems Subcommittee, was joined by several members of both the public and private sectors discussing cybersecurity for small and medium-sized businesses in the critical infrastructure industry. They used US Telecom’s recent 2021 Cybersecurity Survey as a backdrop for that discussion.

According to the survey, 26 percent of employees, versus 50 percent of executives, consider cybersecurity a high priority. Kliewer expressed disappointment about that gap, saying that for his company, he spends a lot of time focusing on employees and ensuring that they’re all informed on cybersecurity.

One challenge to be addressed to get businesses up to speed on cybersecurity is education and awareness.

Jeff Goldthorp of the Federal Communications Commission suggested on the webinar the possibility of federal agencies to providing “fairly robust and rich and large set of guidance and practices” to a smaller segment of the industry that “has a different set of needs or where the scale is smaller,” he said.

Ola Sage, CEO of CyberRx, expressed similar concern. There could be several reasons why employees don’t make cybersecurity as high a priority as executives, she said, including lack of mechanisms to communicate that message across the company, or employees believing that cybersecurity isn’t their personal responsibility. It comes back to the question of education and awareness, she said.

Langevin said cyber criminals often go after a broad range of targets, hoping to hit the easiest victims. “These criminals go after entities really with the weakest cybersecurity hygiene, which often unfortunately means small businesses,” he said. “Ransomware is rampant right now, and its hitting a lot of small businesses in addition to hospitals or school systems,” he said.

Langevin said cybersecurity monitoring is about “risk management,” which is an ongoing process.

The influence of foreign nation-state adversaries

The webinar came in the wake of other cybersecurity panels and congressional hearings on the recent SolarWinds cyberattack that infiltrated thousands of American companies and federal agencies. The hack is currently being blamed on Russia.

Langevin touched on the influence of foreign nation-state adversaries. “I want to make something perfectly clear: countries like Russia actively aid and abet cyber criminals,” he said.

“We’re really living in a golden age of cyber crime because there are countries, again, that allow and encourage criminals to operate within their borders,” he said. “While some of the talk of norms and the need for stronger cyber diplomacy may seem esoteric, I can really assure you that it is increasingly relevant to stopping the constant stream of intrusions targeting small businesses around the country,” he said.

Eric Goldstein, executive assistant director for cybersecurity at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said “adversaries of all types are targeting American businesses now.

“It is not just the case that if you are a company that has highly sensitive [intellectual property] or provides critical infrastructure that you are the only type of company at risk. We are now seeing adversaries, including criminal groups, that will launch what I call indiscriminate attacks targeting anybody in this country with a vulnerability,” he said.

“Every company in America is at risk,” he said, adding they need to “take urgent steps to manage vulnerabilities in their IT infrastructure.”

Cybersecurity

Remote Work an Opportunity for Service Providers to Build Trust on Cybersecurity: Research Director

A study by Futurum Research found organizations expect more remote work long-term.

Published

on

Photo of Ron Westfall, research director at Futurum Research

July 6, 2022 – An increase in remote work post-pandemic provides internet service providers with an opportunity to build trust by prioritizing cybersecurity, according to a new study discussed Wednesday.

The Futurum Research study of over 500 respondents – many of which are influential decision makers – concluded that post-pandemic, organizations are expecting their workforce to become more remote long-term.

“This, I believe, provides an opportunity for service providers to, for example, prioritize higher security as a way for these organizations to have more confidence and have more satisfaction in how the work-from-home coordination and limitations are optimized,” Ron Westfall, research director and senior analyst at Futurum Research, said at Fiber for Breakfast event on Wednesday

Cybersecurity is a huge concern for companies as employees work from home on various networks and with less supervision and “there is still a lot of work to be done,” continued Westfall. Security remains a hot topic in the industry as cyberattack threats increase.

Organizations that have already adopted a single, holistic approach to remote working are showing greater satisfaction with the outcomes of their collaboration platforms, Westfall said. Westfall indicated that executive leaders need to take action to produce an organization-wide work-from-home collaboration policy.

Video surveillance and artificial intelligence technologies are allowing key decision makers to maintain a remote work presence. However, over two-thirds of companies are still improvising how they will approach the remote or hybrid workforce, said Westfall.

Continue Reading

Cybersecurity

Cyber Notification Bill Critical, But Won’t Stop Bad Actors Entirely, Says Senator

Congress recently passed legislation including a requirement for critical infrastructure entities to notify government on cyber attacks.

Published

on

Photo of Senator Mark Warner, D-Virginia

WASHINGTON, March 15, 2022 – Mandatory cyber attack reporting is critical to keeping up cyber defenses against potential Russian attacks, a U.S. senator said, following the passing by Congress of legislation that would require certain companies to report such attacks within 72 hours.

But Senator Mark Warner, D-Virginia, and a former State Department cyber expert, said the bill will not stop bad actors entirely.

“We probably cannot be 100 percent effective on keeping the bad guys out,” Warner said Monday during a Center for Strategic and International Studies event discussing the Russian invasion of Ukraine. “We shouldn’t aim for 100 percent perfection on defense, but what we should aim for is this information sharing, so that we could then share with the private sector.”

The Cyber Incident Reporting for Critical Infrastructure Act of 2022, part of a larger budget bill, requires certain critical infrastructure owners, including in the communications, energy and healthcare sector, and operators to notify the Cybersecurity and Infrastructure Security Agency of cybersecurity on attack incidents in certain circumstances. It was passed by both chambers and President Joe Biden is expected to sign the bill into law soon.

The bill’s passing comes after a year of high-profile cyber attacks that targeted software companies, a meat producer and an oil transport firm. Following those attacks, lawmakers and cyber officials urged Congress to push the bill forward. Late last year, Secretary of State Antony Blinken announced the department intends to create a new cyber bureau to help tackle the growing challenge of cyber warfare.

It also comes as Russia continues its war in Ukraine, which some have suspected will ramp up global cyber attacks.

‘Shields up’

Chris Painter, president of the Global Forum on Cyber Expertise Foundation and former coordinator for cyber issues at the State Department, agreed with Warner on Monday, saying that he thinks “that we will see that [cybersecurity attack capability] is being held in reserve, so I think shields up is really the right approach for the U.S.

“With a dedicated adversary like Russia,” Painter said “you could be very good at defense, [but] they’re still going to get in.”

Warner, who said the notification requirement is a “giant step forward,” said the bill doesn’t “want to hold the company accountable, [but] we do want to go after malware actors.” He added this is about being resilient in the face of incoming attacks.

But in a January congressional hearing about cybersecurity, Ross Nodurft of the Alliance for Digital Innovation, warned Congress against an “overly prescriptive definition of a [cybersecurity] incident” to avoid running the risk of “receiving so many notifications that the incidents which are truly severe are missed or effectively drowned out due to the frequency of reporting.”

Continue Reading

Cybersecurity

Justin Reilly: Rising Ransomware Threats on Schools Require Better Approach to Cybersecurity

Ransomeware attacks are a costly lesson for educators.

Published

on

The author of this Expert Opinion is Justin Reilly, CEO of Impero Software

Since the advent of the pandemic, education has been in a state of vulnerable flux. The rapid embrace of technology, sparked by the need to introduce remote learning, has given many educators whiplash. They need time to normalize, but recent trends threaten their ability to do so.

Against the backdrop of technological chaos, opportunistic hackers have been targeting schools with heightened fervor, causing harmful delays and disruptions on both a systemic and financial level. It’s time for schools to start getting proactive about cybersecurity, or they risk paying a hefty tuition to learn why they should have acted sooner.

Education technology use is surging across the nation. A recent study showed ed-tech up 52 percent over pre-pandemic levels, with U.S. school districts using nearly 1,500 different digital tools on average each month. While these digital tools possess the power to ultimately streamline and transform classroom management for the better, teachers are still feeling overwhelmed by the number of technology solutions they’re being asked to implement.

This issue is being exacerbated by many tech-resistant districts and teachers being forced to catch up all at once. When the pandemic hit, using devices and technology in the classroom was no longer an option – learning quickly needed to be online and accessible. By now, the dam has fully broken on tech adoption and we’re only likely to see these trends accelerate. Of course, as other sectors have seen firsthand over the last two years, these unchecked developments often cast unsavory shadows.

An appealing target for hackers

School districts were already an appealing target for hackers ahead of the pandemic, but the rapid adoption of technology – often outstripping security measures equal to these digital strides – has effectively chummed the waters for malicious elements looking for a “soft” target.

Cyberattacks against school districts went up by 18 percent in 2020, the height of the pandemic. The trend has continued since and isn’t expected to slow down in 2022. Among attacks against school districts, ransomware – an attack that locks users out of files on their own systems and then demands ransom money to return their rightful access – is by far the most common variety.

Just a few weeks into 2022, there were already multiple major headlines involving ransomware targeting school districts. The biggest story was the hacking of education website service provider FinalSite, which shut down the websites of 5,000 schools and colleges. Another story involved the cancellation of classes for 75,000 students after the Albuquerque Public Schools district fell victim to a ransomware attack it had been fending off for several weeks.

Yet another case, also in New Mexico, affected the town of Truth & Consequences. The town suffered a cyberattack just after Christmas and, as of mid-January, had still not regained control of its computer systems.

There’s no time left for district leaders to drag their feet on cybersecurity. It can be tough, especially given budget challenges, but the gap between digital advancement and lacking cybersecurity presents too great of a risk for schools.

Make cybersecurity a priority in hiring 

So what can school districts do to prepare? The first step is to make cybersecurity a proper priority – and that includes budgeting and hiring. Many schools still don’t have dedicated cybersecurity officers, instead relying on – in many cases at best – a CIO who happens to be tech-savvy.

This is starting to turn around in light of recent events, with more and more schools hiring chief cybersecurity officers and point-persons. Keeping up with this trend will be critical for setting a strong foundation.

Budgeting will always be a challenge, of course, seeing as many school districts still don’t have any budget at all dedicated to cybersecurity. This needs to change, but some schools have started getting creative on this front in the meantime. One possibility is to fold cybersecurity efforts into operating budgets. Another timely approach is to capitalize on new and improved “cyber grants” being offered by federal and local governments to meet this increasing need.

The most important thing is simply not to be ad hoc about cybersecurity. School districts can proactively gather data to find out where their needs are, what the wants are from teachers, and how they can properly address them. It’s far better to start gathering this data early rather than wait until it’s too late.

Consider this: schools can either make the investment now or pay much more a short way down the road. Should a school or district become the victim of ransomware, they’ll have to pay both to resolve the immediate crisis and for cybersecurity upgrades, all of which will have been unbudgeted and leave them reeling long after the attack. The norms of education are changing, and priorities need to change with them.

Justin Reilly is the CEO of Impero Software, which offers a virtual private network solution for schools and also serves more than half of the Fortune 100. This Expert Opinion is exclusive to Broadband Breakfast.

Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to commentary@breakfast.media. The views reflected in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.

Continue Reading

Recent

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Trending