The RE: View for September and October 2016

Nov 7, 2016 4:17am

Sept. 3

How Ransomware Became a Billion-Dollar Nightmare for Businesses
The Atlantic
In recent months, the proliferation of ransomware attacks – in which data is “kidnapped” and encrypted and victims are asked to pay fees to get it back – has impacted individuals and organizations of varying industries and sizes alike. This new “business model for cybercrime” has individual consumers, businesses and organizations like hospitals and police departments “footing the bill, not retailers and banks,” according to Josephine Wolff of the Atlantic. A recent Datto survey of more than 1,000 IT professionals found that nearly 92 percent of respondents had seen clients suffer ransomware attacks in the last year. The Atlantic’s Adam Chandler discusses the growing ransomware threat, the time-consuming process of dealing with these attacks at a business, the ransom payment process and the expanding geographic areas from which these attacks have originated in recent years.

Sept. 16

Big Tech Companies Unite to Vet Vendor Cybersecurity
A group of some of the largest technology companies, including Uber, Airbnb, Square and Twitter, recently united to launch the Vendor Security Alliance, which will “streamline and standardize [the] vetting process for vendors’ cybersecurity risks.” Companies must not only maintain the security of their own information and their customers’ information, but also ensure they work with vendors that have secure practices. The new alliance will require companies to fill in a questionnaire about their security practices before doing business with members of the alliance. FedScoop’s Shaun Waterman highlights member company representatives’ perspectives on the new initiative and how it will work.

Sept. 19

The Biggest Cybersecurity Threats Are Inside Your Company
Harvard Business Review (HBR)
According to IBM’s 2016 Cyber Security Intelligence Index, 60 percent of all attacks were attributed to insiders within organizations, with a quarter of these being inadvertent actors and three-quarters involving “malicious intent.” HBR’s Marc van Zadelhoff discusses the growing insider threat to companies’ cybersecurity and the primary types of insider risks (human error, password leaks and hijacking identities) and shares tips for managers on what to look for and how to focus security efforts to get the best protection. 

Sept. 21

4 Effective Cybersecurity Strategies When You ‘Think Like a Hacker’
The Next Web (TNW)
TNW’s William Watterson points out that online banking data is one of the most critical types of information to protect from cybercriminals “because so much is to be gained through a successful breach.” ABN AMRO, a top Netherlands bank has launched a cybersecurity program that aims to secure the bank through a variety of techniques. Watterson shares the lessons learned from ABN AMRO’s pilot program, including that you can’t “fix” the weakest link (humans – consumers and employees), focusing not on building a vulnerability-free system but instead on “building an application that is both secure and highly usable,” hiring hackers to test the application and using artificial intelligence to better detect fraud. 

 Oct. 25

Good Cybersecurity Doesn’t Try to Prevent Every Attack
According to Greg Bell, KPMG’s U.S. cybersecurity practice leader, “companies typically waste time and money on futile attempts to build an impenetrable wall of systems.” It’s impossible to build a completely secure system, and there is a “rapidly growing amount of sensitive data…outside the firewall through devices and systems beyond the company’s direct control.” Bell instead recommends focusing on identifying and protecting an organization’s important cyber assets and determining how to recover from attacks and “mitigate damage in advance.” He outlines this approach in detail, including how to decide which areas to protect and how to prepare for a breach.