• Retailers spend less on cybersecurity than other industries, and it shows

    Cybersecurity analysts say that retailers are spending less on cybersecuirty measures than banks and healthcare providers. Retailers spend 4 percent of their IT budgets on cybersecuirty, while financial services and healthcare providers spend 5.5 percent and 5.6 percent, respectively. On cybersecurity spending per employee, the banking and finance industries spend roughly $2,500 per employee, while retailers invest about $400 per employee. On Tuesday, Home Depot became the latest retailer to investigate a potential major breach of customer credit or debit card data.

  • Virginia welcomes cybersecurity start-ups to a state-backed business accelerator

    Earlier this week, MACH37, a business accelerator for cybersecurity start-ups in Virginia, welcomed a new group of companies one year after it was launched to help establish the state as a hub for cybersecurity firms. The three-month program, funded with state money, offers a $50,000 investment and access to a network of mentors to companies that can turn their ideas into viable businesses.

  • Who is to blame when iCloud is "hacked" – you or Apple?

    By Grant Bollmer

    A hacker’s release of personal photos of actress Jennifer Lawrence and other female celebrities on the Internet on the weekend has again drawn our attention to the security of our personal information online. Apple may wish to absolve itself of responsibility when individuals lose control of their personal data, yet understanding the control of data as a personal matter disregards how iCloud and similar services actually operate. If Apple and other cloud-based services want our trust, then they have to acknowledge the role their products play in perpetuating anxieties of data-out-of-control.

  • Deterring cyberattacks requires building a public-private partnership

    Cyberattacks loom as an increasingly dire threat to privacy, national security, and the global economy, and the best way to blunt their impact may be a public-private partnership between government and business, researchers say. The time to act is now, however, rather than in the wake of a crisis, says an expert in law and technology. The expert says that an information-sharing framework is necessary to combat cybersecurity threats.

    • view counter

  • Major weakness discovered in Android, Windows, and iOS

    Researchers have identified a weakness believed to exist in Android, Windows, and iOS mobile operating systems that could be used to obtain personal information from unsuspecting users. They demonstrated the hack in an Android phone. The researchers tested the method and found it was successful between 82 percent and 92 percent of the time on six of the seven popular apps they tested.

  • Maryland creates fund to support cybersecurity startups

    The Maryland Technology Development Corporation, (TEDCO) an independent public organization founded by the Maryland General Assemblyand funded by the state, has created a $1 million fund to invest in startups developing new cybersecurity technologies.

    • view counter

  • New framework facilitates use of new Android security modules

    Computer security researchers have developed a modification to the core Android operating system that allows developers and users to plug in new security enhancements. The new Android Security Modules (ASM) framework aims to eliminate the bottleneck that prevents developers and users from taking advantage of new security tools.

  • Winners announced in U.S. Cyber Challenge Western regional competition

    Angela Rey, Lee Christensen, and Vincent Venem were on the winning team for the 2014 U.S. Cyber Challenge (USCC) Western Regional “Capture the Flag” competition. The seventy participants were selected based in part on their scores from Cyber Quests, an online competition offered through the USCC in April that drew more than 1,600 participants from almost 700 schools nationwide.

  • Energy companies slow to buy cyberdamage insurance

    The U.S. oil industry will spend $1.87 billion on cybersecurity defense systems by 2018, but less than 20 percent of U.S. companies overall are covered for cyberdamages. “Imagine what could happen if a large refinery or petrochemical facility’s safety monitoring systems were hijacked near an urban area, or a subsea control module was no longer able to be controlled by the people who should be controlling it,” says one expert. “As we’ve all seen from Deepwater Horizon [the 2010 BP Gulf oil spill] those risks and damages can be astronomical. It requires an immediate response.”

  • Financial firms go beyond NIST's cybersecurity framework

    The National Institute of Standards and Technology(NIST) released its Framework for Improving Critical Infrastructure Cybersecurityin February 2014. Utilities, banks, and other critical industries welcomed the guidelines, but many considered the framework to be a baseline for what was needed to continuously protect their networks from cyberattacks. Some financial firms have developed industry-based cyber policies through association such as the Financial Services Information Sharing and Analysis Center’s (FS-ISAC) Third Party Software Security Working Group. The group has been reviewing cyber policies since 2012, before the NIST guidelines were finalized.

  • All-industry cybersecurity association needed: Experts

    A new report is calling for a professional association committed to serving the cybersecurity industry. Theacknowledged the shortage of qualified cybersecurity professionals, as well as the difficulty of recruiting, training, and hiring potential candidates.Experts say that a cybersecurity association could help assess the needs of employers seeking cybersecurity professionals, establish ongoing training and development programs, and also help develop cybersecurity standards across all industries.

  • Program aiming to facilitate cyberthreat information sharing is slow to take off

    President Barack Obama’s 2013 executive orderto improve critical infrastructure cybersecurity allows DHS to expand an information-sharing program, once restricted to Pentagoncontractors, to sixteencritical infrastructure industries. The Enhanced Cybersecurity Servicesprogram transmits cyber threat indicators to selected companies so they may prepare their network protection systems to scan for those indicators. A DHS inspector general (IG) reportreleased on Monday has found that just about forty companies from three of the sixteen industries — energy, communications services, and defense — are part of the program. Moreover, only two ISPs are authorized to receive the indicators.

  • Two major security vulnerabilities found in majority of world’s smartphones

    Researchers have uncovered two major vulnerabilities in smart phones from manufacturers including Apple, Google Android, and Blackberry, among others. These flaws could put up to 90 percent of the world’s two billion smartphones at risk for stolen data, password theft, and the potential for hackers even to take control of the device.

  • Utilities increasingly aware of grid vulnerability

    An analysis by the federal government shows that if only nine of the country’s 55,000 electrical substations were shut down due to mechanical failure or malicious attack, the nation would experience coast-to-coast blackout. Another report finds cybersecurity as one of the top five concerns for U.S. electric utilities in 2014. The report also found that 32 percent of the surveyed electric utilities had deployed security systems with the “proper segmentation, monitoring and redundancies” needed for adequate cyber protection.

  • SATCOMS vulnerable to hacking

    Satellite communications systems (SATCOMS) used by soldiers on the front lines, airplanes, and ships are vulnerable to hacking, according to analyst Ruben Santamarta’s presentation at the recent Black Hatcybersecurity conference.While none of the vulnerabilities discovered could directly cause a plane to crash, or override pilot commands, they could delay or intercept communications, exposing security and classified information to bad actors.