Welcome to the second news update of the year, and the US government is still shut down over a physical barrier. This fight over the wall has already caused a wealth of problems for the United States in the real world, and now it’s starting to invade cyberspace as well with the United State’s cybersecurity readiness steadily slipping as the shutdown drags on. Key cybersecurity personnel at the Department of Homeland Security have been furloughed as part of the ongoing shutdown, and this includes the specialists whose job it is to monitor for threats and analyze them. This in itself represents a problem for the security of the United States, but the long-term consequences may be direr. Cybersecurity personnel are already in short supply, with numerous institutes and organizations pointing to the growing disparity between the supply of trained cyber professionals and the amount actually available.
The shutdown may scare away potential hires who were considering a job in the federal government may no longer do so as the prospect of being temporarily laid off or compelled to work without pay is an unattractive one. This shutdown is exacerbating an already existing issue where government agencies already lack the qualified personnel and are struggling to fill the seats. In a world where an attack could literally come at any time, from any number of known or unknown threat actors prolonged periods of silence is a terrible security risk to take. It’s only a matter of time before one of the various APT groups takes advantage, or maybe they already have, of the United State’s exposure.
Source: The Shutdown Is Hurting Cybersecurity
A Facebook cybersecurity executive was the victim of a swatting call, which could have ended in violence if the police had been a little jumpier. That no one was injured is a good sign, as the police were supposedly called by the exec who claimed he had shot his wife and planted pipe bombs around his house. Swatting calls are spoofed phone calls that are placed through untraceable phones to the police where the caller convinces the police that a terrible crime has happened or is about to happen. The fictional crime is serious enough to get a SWAT team sent in, hence the name. These calls have resulted in deaths and injuries over the years and are highly illegal. Most of the time the caller goes undetected and escapes, but sometimes the authorities are able to trace the call back to its source.
Source: Facebook cybersecurity exec victim of swatting call
Attacks against Internet of Things (IoT) devices is on the rise as their nature makes them exceptionally vulnerable to attack. IoT devices are frequently unpatched and their connections are only secure so long as no part of the chain is compromised. Unfortunately, IoT devices are usually the weakest link and find themselves under study for potential use by attackers. Industries have accepted the cyberization of their workplace and workforce as smart devices enter mass use and while these devices promote increased efficiency and safety, they come with an increased risk that requires proper controls.
Source: Study Says Manufacturers Struggle with IoT and Finding Skilled Cybersecurity Staff