Stay in the know with “The week in cybersecurity news,” a weekly report on all the industry headlines released every Friday. Sign up to get the report in your inbox every week.
Threat Alert: Old Malware Repurposed To Steal Cryptocurrency
An old form of malware known as Jigsaw, which first appeared in April 2016, has been repurposed to steal bitcoin.
According to the article from ZDNet, the malware known as “BitcoinStealer” alters the addresses of wallets so that cryptocurrency payments land in accounts owned by the hacker.
Much of the malware’s code is the same as Jigsaw, so most security software should detect it. The malware gets its name from the antagonist of a horror film.
Report: A New Model For Cyber Risk Management in Government
A new model for improving cybersecurity outcomes in government has been developed. The implementation model known as PRISM is laid out in a new report from The IBM Center for The Business of Government called “Managing Cybersecurity Risk in Government.”
PRISM provides five steps for understanding and responding to cyber risks in a way that complies with existing laws and policy. Through the model, “an agency leader continuously Prioritizes, evaluates and allocates adequate Resources, Implements, Standardizes, and Monitors an agency’s cybersecurity posture, preparedness and responsiveness.”
Prioritize
-
Leveraging cyber analytics from historical data to identify specific threat areas, factors, and vectors for calculating risk prioritization.
Resource
-
Allocating support from a financial, personnel, and technology standpoint for resolving prioritized risks, as well as standardization and monitoring processes that mitigate similar risks in the future.
Implement
-
Rapid detection and destruction of viruses and other forms of malware that may enter the organization’s ecosystem.
Standardize
-
Sharing knowledge and tactics within the organization and across agencies in the federal government, and implementing these strategies into Standard Operating Procedures (SOPs) with the aim of avoiding repeat security incidents.
Monitor
-
Continuous monitoring (in the federal government through the Continuous Diagnostics and Mitigation (CDM) program) to detect unusual behavior and protect systems, networks, and data from attacks.
GAO Report: 1,000 Cyberdefense Recommendations Remain Unimplemented in Government
According to a report released Wednesday from the US Government Accountability Office, government agencies have failed to implement 1,000 of 3,000 cyberdefense recommendations from 2010.
The report names four major cybersecurity challenges and recommends that entities in the federal government take 10 critical actions to resolve them.
Challenge 1: Establish a cybersecurity strategy and perform oversight
-
Develop and execute a more comprehensive federal strategy for national cybersecurity and global cyberspace
-
Mitigate global supply chain risks
-
Address cybersecurity workforce management challenges
-
Ensure the security of emerging technologies
Challenge 2: Secure federal systems and information
-
Improve implementation of government-wide cybersecurity initiatives
-
Address weaknesses in federal agency information security programs
-
Enhance federal response to cyber incidents
Challenge 3: Protect critical cyber infrastructure
-
Strengthen the federal role in protecting the cybersecurity of critical infrastructure
Challenge 4: Protect privacy and sensitive data
-
Improve federal efforts to protect privacy and sensitive data
-
Limit the collection and use of personal data and ensure data is collected with consent
5 Benefits of Outsourced Cybersecurity For Cloud-Based Organizations
Cloud-based organizations with a mobile and remote workforce face a unique set of security challenges. This week’s article from Stratus Cyber looks at the pros of using an outsourced cybersecurity firm to solve these challenges.
Benefits of outsourced cybersecurity include significant cost savings, and access to superior expertise and technology.
Read all the benefits of outsourced cybersecurity here.
A Look At Equifax’s Security Overhaul One Year After Its Breach
A year ago this week Equifax discovered that personal and financial data of more than 147 million people had been stolen from its servers.
An article in Wired magazine takes a look at Equifax’s cybersecurity transformation in the wake of what the company’s CISO Jamil Farshchi called “one the most impactful breaches of all time.”
The article interviews Farshchi and details how Equifax has spent $200 million on data security infrastructure, and focused on improving vulnerability management and patching, as well as certificate management, access control protections, and identity management.
Farshchi acknowledged that no cybersecurity budget can offer a 100% hack-proof guarantee in today’s environment, saying: “No matter how much you invest, how great your people are, any organization nowadays can be breached.”
Google’s Solution For Avoiding Phishing is a Security Key
Google revealed this week that its 85,000 employees have gone over an entire year without a single phishing incident. The success is thanks to a company mandate that its employees use security devices for two-factor authentication when signing in to accounts.
The story coincides with the company’s release of its Titan security key for 2-factor authentication. The key will be available as a USB or Bluetooth stick.
Using a physical device for two-factor authentication is considered safer than using a phone as sophisticated hackers can often hijack text message codes.
Thinking about implementing security keys in your organization? Yubico and Feitian are other popular manufacturers of security keys for two-factor authentication.