Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

To Russia, with Tough Love. President Biden has announced retaliatory measures against Russia over election interference, the SolarWinds cyberattack and other malign activity. The Wall Street Journal describes the sanctions, diplomatic expulsions and other actions as being “the most punitive steps taken against Moscow in years.” CSO Online carries the headline “US Sanctions Russian Government, Security Firms for SolarWinds Breach, Election Interference.” CSO Online reports NATO said its allies “support and stand in solidarity with the United States” regarding the announced actions, and the European Union and its member states expressed “their solidarity with the United States on the impact of malicious cyber activities, notably the SolarWinds cyber operation which, the United States assesses, has been conducted by the Russian Federation.” Meanwhile the New York Times quotes James Nixey, Director of the Russia-Eurasia Program at Chatham House, a research institution in London, as saying: “The signs are that the Biden administration wants to make it hurt a bit more. This is just a first salvo.”

“US Pulls Back Curtain on Russian Cyber Operations.” That’s the headline from BankInfoSecurity, which focused its coverage of the recent Biden administration’s sanctions against Russia on some of the technical details released by different U.S. government agencies. Their account reads in part: “The NSA, along with the FBI and the Cybersecurity and Infrastructure Security Agency, issued a joint advisory Thursday that described the five top vulnerabilities the Russian intelligence agency is currently exploiting. The article quotes Darren Hayes, Associate Professor at the Seidenberg School of Computer Science and Information Systems at Pace University in New York, as saying “The SolarWinds compromise has potentially cost U.S. businesses billions in damages, and consequently, many will view these latest sanctions as long overdue.” Threatpost carries a detailed look at the top five vulnerabilities. BankInfoSecurity provides a bit of optimism, with Greg Touhill, a retired U.S. Air Force brigadier general who served as the country’s first federal CISO, who notes that the Biden administration is building a coalition with the U.K., Australia and Canada to help enforce sanctions. Touhill says: “By building the coalition, the threat to one is a threat to all, so we’re clearly moving toward setting cyber norms and expectations in the global cyber ecosystem.”

“Facebook Tops the Data Loss Roll of Shame.” That’s the headline for a recent BetaNews article covering a report Intact carried out analyzing publicly available data to see which companies have suffered the most large-scale data breaches (involving more than 30,000 records or more) over the last 16 years. BetaNews reports: “Facebook tops the list with both the most breaches and the greatest number of records lost. The social network suffered five breaches and 864,500,000 lost records over the period covered.” The article reports the worst year for large-scale breaches was 2011, followed by 2013 and 2019, while the most common reasons for breaches, unsurprisingly, were hacking, poor security, and lost or stolen media.

Job Growth: The World Needs More Security Specialists. I’ve frequently noted the need for more cybersecurity workers to help secure infrastructure locally, nationally, and internationally, so I enjoyed seeing a recent article in The Hacker News headlined “What are the Different Roles within Cybersecurity?” Underscoring the huge need for security specialist, the article reads: “People talk about the cybersecurity job market like it’s a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do.” The article then provides great examples: “Cybercrime Magazine came up with a list of 50 cybersecurity job titles, while CyberSN, a recruiting organization, came up with its own list of 45 cybersecurity job categories. Similarly, OnGig.com, a company that helps firms write their job ads, analyzed 150 cybersecurity job titles and came up with its own top 30 list.” Importantly, the article notes: “Organizations can use these concepts to create roles and teams to perform the tasks they need.”

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. He is a member of the Florida Police Chief’s Association, and advises law enforcement agencies on cyber security. Pownall serves on several boards and committees and has a strong affiliation with various education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He’s served as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.