Our use of the internet has skyrocketed! When considering our daily activities, it is difficult to imagine a day without access to news, banking, programs and apps that enhance our day. The topic of Cybersecurity has been a topic of interest for individuals and businesses. Technology throughout the US and the world is a backbone of commerce and in life.
We’ve seen hackers expand their “creative” skills. We read “news” and wonder if it is based upon fact or not. Data “breaches” are reported and we may or may not have been impacted. Our information is sold on the black market and we attempt to protect ourselves with monitoring services. How do we protect ourselves while allowing access to those we authorize? What laws exist to help us understand the governance and oversight enforced within the US?
In the US, states are adopting policies individually, as federal laws have been under review as to how states interpret and enforce data privacy. California has taken a proactive approach to Cybersecurity. In 2016, California has been at the forefront of the development of state data privacy laws which clarify what is protected and expected for businesses.
In this respect, a significant development is California AG Kamala Harris’s release of a comprehensive data breach report in early 2016, to significant fanfare. The report included guidance on minimum privacy and security standards — which the report deemed a compliance “floor” — for custody of personal information by any entity in California collecting such information. The Attorney General’s first recommendation was drawn from the Center for Internet Security’s (“CIS”) Critical Security Controls. AG Harris’s report determined that the 20 CIS controls “define a minimum level of information security that all organizations that collect or maintain personal information should meet.” As understood by AG Harris and the industry at large, CIS Critical Security Controls are a concise, prioritized set of cyber practices created to stop today’s most pervasive and dangerous cyber attacks. CIS itself touts the baseline effectiveness of its standards. According to CIS, organizations that apply just the first 5 CIS controls can reduce their risk of cyberattack by around 85%; and implementing all 20 controls increases the risk reduction to approximately 94%.
At a recent gathering of Intel Security Thought Leaders were asked to forecast threat areas for businesses in 2017.
The 2017 threat predictions run the gamut, including threats around ransomware, sophisticated hardware and firmware attacks, attacks on “smart home” IoT devices, the use of machine learning to enhance social engineering attacks, and an increase in cooperation between industry and law enforcement. 14 Threats to watch in 2017 are:
1. Ransomware attacks will decrease in volume and effectiveness in the second half of 2017
2. Windows vulnerability exploits will continue to decline, while those targeting infrastructure software and virtualization software will increase
3. Hardware and firmware will be increasingly targeted by sophisticated attackers
4. Hackers using software running on laptops will attempt “dronejackings” for a variety of criminal or hacktivist purposes
5. Mobile attacks will combine mobile device locks with credential theft, allowing cyber thieves to access such things as banks accounts and credit cards
6. IoT malware will open back-doors into the connected home that could go undetected for years
7. Machine learning will accelerate the proliferation of and increase the sophistication of social engineering attacks
8. Fake ads and purchased “likes” will continue to proliferate and erode trust
9. Ad wars will escalate and new techniques used by advertisers to deliver ads will be copied by attackers to boost malware delivery capabilities
10. Hacktivists will play an important role in exposing privacy issues
11. Leveraging increased cooperation between law enforcement and industry, law enforcement take-down operations will put a dent in cyber crime
12. Threat intelligence sharing will make great developmental strides in 2017
13. Cyber espionage will become as common in the private sector and criminal underworld as it is among nation-states
14. Physical and cyber security industry players will collaborate to harden products against digital threats
Security leaders are working to change the defender-attacker dynamics in six key areas: information asymmetry, making attacks more expensive, improving visibility, better identifying exploitation of legitimacy, improving protection for decentralized data, and detecting and protecting in agent-less environments. Sophisticated defense is an important component to protect our businesses and personal information. Be vigilant, be alert, be proactive!
Contingency planning at home and work benefits people in measurable and profound ways. The Living Planner supports proactive resources and comprehensive business and individual/family contingency planning.
Contact us to learn more about how we work with individuals, business owners and employees via Email or online @ The Living Planner #CareForPeopleCareForBusiness
–Lynn