Last night a few of the neighborhood kids were riding bikes, and one little boy was sporting an Anonymous mask. He shouted and tried to scare the other kids, then declared, “I’m a hacker!” Sure, the boy is only in second grade, but it’s an image our industry is trying to shatter. News that the Supreme Court is scheduled to hear a case on the US hacking law in November has heightened concerns, and many in our industry are working hard to change this perception that hackers are bad and scary people. Still, headlines report, “A New Hacking Group Hitting Russian Companies With Ransomware,” “Dark Overlord Hacker Pleads Guilty” or “CISA Says a Hacker Breached a Federal Agency.”
At the end of the day, changing perceptions is difficult but not impossible. Take the perception of the human as an example. For many years the cybersecurity industry has proclaimed that humans are the weakest link in the security chain, but according to research from BlueVoyant, the supply chain has now trumped the human. In its coverage of the report, ZDNet wrote, “organizations have an average of 1,013 vendors in their supplier ecosystem—and that 82% of organizations have suffered a data breach in the past 12 months due to cybersecurity weakness in the supply chain.”
Alas, our industry is far vaster than hackers and supply chains, so let’s look at what else made headlines this week.
Sept. 25: Nation state actors have been leveraging different cloud services to host their tools, and this week, Microsoft’s threat intelligence researchers suspended 18 Active Directory apps believed to be part of an extensive command-and-control network.
Sept. 25: AT&T is reportedly working with Microsoft on an integrated IoT solution that will enable businesses to transform operations by deploying IoT at scale.
Sept. 24: “Facebook on Thursday announced it has removed three networks consisting of hundreds of accounts, pages and groups tied to Russian malign influence efforts, including accounts with ties to past efforts by the Russian government to target U.S. elections,” The Hill reported.
Sept. 24: In an effort to help small businesses secure their supply chain and vendors, the Global Cyber Alliance released its latest version of the Cybersecurity Toolkit for Small Business, according to Help Net Security.
Sept. 23: The Government Accountability Office determined the State Department was remiss in its failure to consult with other agencies in developing plans for a new bureau of cyberspace security and emerging technologies.
Sept. 22: Shopify claimed that two malicious insiders on the company’s support team had stolen customer data. “We immediately launched an investigation to identify the issue—and impact—so we could take action and notify the affected merchants,” the company said in its incident update.Sept. 21: Infosecurity magazine reported, “Hundreds of thousands of Minnesotans are receiving letters warning them that their data may have been exposed in the second-largest healthcare data breach in state history.”