Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

The Department of Homeland Security Watched the Super Bowl … Closely. While people around the world watched Sunday’s Super Bowl, the U.S. Department of Homeland Security (DHS) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) were also tuned in, as they had been for some weeks before. Prior to the game, David Pekoske, Senior Official Performing the Duties of the Deputy Secretary of Homeland Security, said “While the football teams are on the field, we will be all around it. In addition to the outstanding efforts of the Tampa Police Department, the Hillsborough County Sheriff’s Office, the FBI, and the NFL Security Team, more than 500 DHS personnel will be working to secure the Super Bowl on Sunday.” As reported in Homeland Security Today, “Dozens of federal agencies and components, including DHS, are contributing to security measures seen and unseen in connection with the Super Bowl.”

“We Love What You Do for Us! What’s Your Name Again?” A new survey of more than 7,000 business leaders, employees, and consumers from across the world shows the role of Chief Information Security Officers (CISOs) has hugely expanded in its scope and responsibilities, according to a study from BT Security. Yet the same study, according to an article in BetaNews, found that “Fewer than half of executives and employees could put a name to their CISO. This is despite the fact that 84 percent of executives also say that their organization had suffered from data loss or a security incident in the last two years.” The report also found the worrisome report that 45 percent of employees said they had suffered a security incident at work and not reported it. So, what’s a CISO to do? Kevin Brown, managing director of BT Security, advises: “CISOs must ensure that they have the visibility that not only makes them the first port of call for security incidents, but also ensures they’re placed at the heart of strategic decision making and planning.”

Protecting Robo Taxis from Hackers. Self-driving robo taxis are heading our way, and the hackers won’t be far behind. That’s the essence of a recent article in Help Net Security, which calls for a standards-driven, industry-wide approach to cybersecurity for the rapidly developing Connected, Autonomous, Shared, Electrified (CASE) technology that will be used for self-driving vehicles of all sorts. The article notes that with major players such as Lyft and Zoox (recently acquired by Amazon) entering the market “Robo taxis will most likely be the first AVs [autonomous vehicles] to hit the roads, and they are coming sooner than most consumers think.” The problems foreseen involve the vehicle-to-everything (V2X) communication, based on 5G, that will be required as autonomous vehicles will need to interact with so many objects, from traffic lights to other vehicles. All of this creates enormous opportunities for potential hacking and the need for extensive cybersecurity.

“Oops! My Bad.” Hackers Accidentally Destroying Ransomed Data (But Backups rule). Bleeping Computer recently carried this headline: “Ransomware attacks increasingly destroy victims’ data by mistake.” We’ve often mentioned that a wide array of criminal hacking tools are available for purchase from the dark web, and the article, based on data from Coveware, suggests that newbies entering the field might be to blame, reporting: “These incidents could be a consequence of less-skilled attackers flooding the ransomware business scene and botching things up. Coveware does not exclude the possibility of this being a trend that could continue this year.” The good news? “More and more ransomware victims are resisting the extortionists and refuse to pay when they can recover from backups, despite hackers’ threats to leak the data stolen before encryption.” Robust backup strategies can save the day—but they must be comprehensive, to avoid ransomware encrypting backups as well.

The Joy of Bug Hunting. “Google’s payout to bug hunters hits new high,” according to a report in Dark Reading. “Over 660 researchers from 62 countries collected rewards for reporting bugs in Chrome, Android, and other Google technologies,” according to the article. This is part of Google’s Vulnerability Research Program (VRP) that was launched in2010. The article makes this important point: “Security experts like the fact that bug bounty programs such as Google’s VRP offer a legitimate avenue for bug hunters to monetize their efforts. They believe the sizeable rewards that are sometimes available under these programs is incentive enough for bug hunters to responsibly report bug discoveries rather than attempting to sell the information to third parties.”

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. Pownall serves on several boards and committees and has a strong affiliation with various education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He serves as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.