Analysis & Commentary on the Week’s Cyber Security Issues
The “so what” factor feeds and aggregators don’t give you.
Cybercrime Inc.: How Hacking Gangs Are Modeling Themselves on Big Business
The stereotype of cyber criminals as lone hackers huddled over a computer in their parent’s basement couldn’t be further from the truth. Now more than ever, cybercrime is carried out by gangs running sophisticated operations. The most organized criminal groups are operating like legitimate businesses, with departmentalized teamwork, collaboration tools, training, and even service agreements between malicious software providers and their hacker customers. Like the legitimate software market, cybercrime is now a huge economy in its own right, with people with a range of skill sets working together towards one goal: making money with illicit hacking schemes, malware, ransomware, and more. (ZDNet)
Courts Raising Bar For Data Breach Class Actions
The U.S. District Court for the District of Columbia in early August declined to grant standing to a class action filed in the wake of a data breach at CareFirst BlueCross BlueShield. In dismissing the class action, Judge Christopher Cooper concluded that the plaintiffs failed to show that the private personal data allegedly obtained by hackers had caused any injury to plaintiffs or was sufficient in and of itself to do so. Merely establishing that private personal information had been illegally acquired via a data breach is no longer sufficient to warrant standing in a class action. (Legal NewsLine)
Three Quarters of Firms Believe Tech Skills Gap Could Be Solved By Apprenticeships
Just under 75% of businesses believe the technology skills gap could be solved by taking on digital and technology apprentices. Research by employer network firm Tech Partnership found 56% of apprentice employers have difficulty finding the right people to fill jobs. (ComputerWeekly)
Apropos given that the most important work in security is that of the Journeyman. Chatter around this idea continues to grow, but an actual program and report on its effectiveness remains elusive. One serious drawback that I can envision: a skeleton staff that cannot keep up with day-to-day activities is hardly going to have time to deliver OJT to novices. Having said that, the ability to apply knowledge in a practical fashion in a real-world environment can be exceedingly valuable, arguably more so than exposure to concepts and tools in a boot-camp lab. An apprenticeship may require greater effort, but employers know they will have people who can do the job, not paper tigers.
Employee Security Hygiene is on a (Steep) Decline
In a new report entitled “The Widening Gap Between End Users and IT,” just above a third of over 3,000 employees believe they take all the appropriate measures to protect company data, down from 56% two years ago. More than half of respondents believe data security policies are being enforced and followed, yet 35% said their companies are enforcing them. While 61% of IT security pros said defending critical data has highest priority, just 38% of end users think the same way. More than a third of IT security pros, and almost half of end users said their company is willing to accept more risk to keep productivity high. (ITProPortal)