CyberSecurity Media Pitch Topics
Three current topics in the cybersecurity space include the recent cybersecurity executive order signed by President Trump, the new report from 1E and Vanson Bourne regarding the state of cyber preparedness in the private sector, and US Cyber Command's new actions to protect the US and its allies from cyber interference by hostile state actors. Below, we have provided an overview of these topics, in addition to two topics, Multi-Factor Authentication (MFA) and data integrity breaches, that can be discussed in an informational and educational capacity.
President Trump's Cybersecurity Executive Order
- Last Thursday, May 2, President Trump signed a multifaceted executive order with the goal of addressing the federal government's need to bolster its cybersecurity workforce.
- One aspect of the executive order is its call to standardize "job listings to help cybersecurity workers more easily move around government" and prevent talented workers from being compartmentalized in one department.
- Similarly, the order calls for the creation of a "rotational employment program between the Department of Homeland Security and other agencies."
- Another aspect of the order is the establishment of "awards for elementary and secondary school educators who foster cybersecurity talent," seeking to grow interest in cybersecurity at the grassroots level.
- Perhaps the most notable aspect of the order, and the one that appears to be getting the most media attention, is the initiation of the "President’s Cup Cybersecurity Competition," a competition seeking to promote innovation among federal cybersecurity employees in which the winner will be awarded $25,000.
- The goal of this competition is to "identify, challenge, and reward the United States Government’s best cybersecurity practitioners and teams across offensive and defensive cybersecurity disciplines."
- With "a shortage of as many as 300,000 cybersecurity professionals across the federal government," the executive order is widely lauded and, as US Representative Jim Langevin (D-RI) said, "long overdue."
New Cybersecurity Report from 1E & Vanson Bourne
- Last week, a new report "conducted by endpoint management specialists 1E and technology market researchers Vanson Bourne" revealed surprising shortcomings in the state of the business world's cybersecurity preparedness.
- The report consists of an extensive survey of "600 senior IT decision-makers (300 from IT Operations and 300 from IT Security) across the US and UK," as well as opinions and guidance plans from multiple leading cybersecurity experts.
- Some surprising findings include the revelation that 60% of surveyed organizations had a major cyber breach in the past two years, while 31% had more than one breach in that span.
- Additionally, only 23% of surveyed representatives "believe that the IT operations and IT security teams work together extremely well to secure the business" in their companies, with 97% thinking that at least some improvement in this regard would be beneficial.
- Perhaps the most surprising finding of the report was that, despite "the vast majority of successful attacks today...using known vulnerabilities in well-known software that have been patched already by software vendors," the surveyed organizations' IT estates only had visibility of "64 percent of their organization's total software estate and only 66 percent of this software is current," on average.
- In other words, this report is perhaps most notable in that it indicates "to the CIO and CISO community was that if you’re breached or hacked, it's your own fault," given that most breaches are preventable and could be avoided simply by enhancing visibility and cooperation in addition to updating software.
US Cyber Command Builds on its election defense systems
- After the success of last year's "Synthetic Theology" mission, which defended the US midterm elections from foreign cyber interference, US Cyber Command announced that it is "hunting inside other countries’ networks for threats and to gain insights to thwart foreign interference in the 2020 [presidential] campaign."
- Cyber Command will be partnering with allied countries primarily to combat the cyber-attack efforts of Russia, particularly in democratic elections of the US and its allies.
- Cyber Command has initiated deployments in several countries, such as Ukraine, Montenegro and Macedonia, and plans to expand deployments "to impose costs on Moscow, to make Russia’s attempts to mount online operations in Europe and elsewhere more difficult and to potentially bog down Moscow’s operatives and degrade their ability to interfere in American elections."
- This policy was announced on Tuesday, May 7, one year after Cyber Command was elevated to "a full combatant command on a par with Central Command or Special Operations Command."
- This is a significant development in the ongoing saga regarding Russian interference in democratic elections in the US and elsewhere, one of the hottest topics in cybersecurity. Cyber Command says the new actions are part of its "persistent engagement" strategy to prevent future interference in the US and its allies.
Multi-Factor Authentication (MFA)
- Multi-Factor Authentication (MFA) is a common cybersecurity tactic in which multiple forms of authentication are required to access sensitive materials.
- Three common types of authentication factors are passwords, security tokens (e.g. an identification card), and biometric verification. For example, a MFA utilizing all three of these factors might include entering a password, swiping a card, and utilizing a fingerprint scanner.
- MFA is not only an important tactic to ensure "privileged user access" of sensitive data, it is often "required to comply with regulations."
- MFA is rarely the only technique used to protect sensitive data, but it is an important tool in the cybersecurity arsenal, particularly because "weak or stolen user credentials" are used in 95% of hacking incidents; MFA can prevent these incidents from occurring.
- Because "password theft is constantly evolving," with new methods developed by cyber-criminals regularly, MFA is one of the few ways to ensure that data is protected. Numerous techniques, such as dictionary attacks, brute force attacks, and rainbow table attacks, can be used by hackers to determine passwords, creating a need for additional authentication factors.
Data integrity breaches
- Data integrity is defined simply as "the accuracy and consistency (validity) of data over its lifecycle." As such, data integrity breaches are cyber attacks in which hackers seek to alter the accuracy or consistency of data, rather than (or in addition to) deleting it, stealing it, or restricting access to it.
- Some examples of how this type of attack could affect different entities in substantial ways are altering data from a FitBit or similar device to inaccurately display a fast heart rate, or changing the locations to which first responders are traveling, preventing them from arriving as quickly as possible.
- This is also the type of breach that would potentially affect driverless cars: a data integrity breach could cause driverless cars behaving erratically and potentially dangerously.
- Aside from these potential areas of impact, hackers have already targeted the data integrity of banks, public infrastructure, and others, making this type of hack one of the most significant trends in cybersecurity.
Your research team employed the following strategy:
To find topics that would be relevant for an attorney specializing in cybersecurity to discuss in a media interview, we first conducted a search of recent news articles. From this search, we selected three notable topics on which multiple outlets had reported, selecting several relevant sources to provide an overview of each topic. After this was completed, we conducted a search of organizations and companies in the cybersecurity space, allowing us to locate two topics in that space that could be discussed in an informative and educational capacity. After locating these topics, we gathered additional sources to provide a more robust overview of both of these topics.