[ad_1]
In the last issue of Fortune, which presents our Global 500 list, I wrote an essay on whether US companies are able to defend themselves in cyberspace. Perhaps surprisingly, the answer to this question seems to be more and more: "Yes". At least, that's according to the experts I've consulted. Instead of an information bulletin column today, you will find below an excerpt from this article.
Attend any conference on cybersecurity and you will encounter a version of the following chorus. "There are two types of companies in this world: those who have been hacked and those who do not know yet that they have been hacked."
Dmitri Alperovitch, a Moscow-born entrepreneur and one of the world's biggest detective hackers, has launched this sentence. In 2011, as Senior Threat Researcher at McAfee, an anti-virus pioneer, he created the clbadification while investigating – and publicly revealing – nearly 50 (probably Chinese) cyberattacks on more than 70 organizations, including including defense subcontractors, technology companies and the United Nations. .
Now, the rumor of the resignation is due for an update. "I've changed that sentence since," says Alperovitch Fortune. "The first two companies still exist, but there is now a third type that can effectively defend against intrusions." Ah, hope again!
Alperovitch's additive could be considered a wise selling point. Cofounder and chief technology officer of CrowdStrike, a cybersecurity company that surprised investors during its IPO in June, it was no wonder he was enjoying himself a bit.
But there is something about Alperovitch's revision. Richard A. Clarke, former White House security advisor to Bushes and Clinton, agrees with the new tripartite framework. He says the same in his book just published, co-written with Robert K. Knake, the cyber-responsible Obama, The fifth domain– a reference to cyber as a new theater of war, after land, sea, air and space.
Consider NotPetya. The devastating global attack against computers, which Russia has released on the world in 2017, has caused billions of dollars in damage to companies such as FedEx, Maersk and Merck.
But not all companies have succumbed. "What you do not hear about, is the list of US companies doing business in Ukraine" – zero for the attack – "which was not damaged", explains Clarke. Companies like Boeing, DowDuPont and Johnson & Johnson "were dogs that did not bark, and in our book we tried to understand why."
So, what separates hacks from hack-not? On a technical level, the healthy companies corrected their machines against the vulnerability exploited by NotPetya. But a more fundamental question is: why did some companies patch, while others did not?
In a word: prioritization. The most resilient organizations have the participation of all board members. Any leader who blocks an information security officer has good reason to do so. Otherwise, the CEO will surely hear about it.
You can read the rest of the story here.
Robert Hackett | @rhhackett | [email protected]
THREATS
From Russia with love. In 2016, Russia targeted electoral systems in all 50 states, the Senate Intelligence Committee said in a new report. Despite this and the recent warnings of special advocate Robert Mueller about the attempt to interfere in the next race for the presidency, Senate Majority Leader Mitch McConnell has blocked two bills. on electoral security that would provide $ 775 million in grants to states to secure their voting systems. Newsweek reports that McConnell received campaign donations from leading voting machine lobbyists, while Washington Post went so far as to qualify McConnell as a "Russian badet" to block greater protections.
An apple a day. A whistleblower working for Apple said to the guardian Subcontractors responsible for controlling the quality of Siri's control, the company's voice badistant, regularly hear people's sensitive information. "There have been countless cases of registrations involving private discussions between doctors and patients, commercial agreements, seemingly criminal relationships, badual encounters, etc.," the source said, noting that records also indicated the location, coordinates and data of the applications. The whistleblower is of the opinion that Apple should offer consumers clearer information about the privacy policy.
By the bar. US Attorney General William Barr delivered a keynote address on the threat of "warrantless" encrypted communications at the International Conference on Cybersecurity held at Fordham University this week . "We must be careful to preserve society's ability to obtain legal access to data and communications when needed to deal with criminal activity," he said. Cybersecurity experts warn that hackers and spies will inevitably abuse any backdoor required by law.
Off hook. Marcus Hutchins, better known by his online pseudonym "MalwareTech", is a so-called accidental hero who has stopped the spread in 2017 of a ransomware infection called WannaCry. He was sentenced to one year of supervised release for the development and sale of banking malware. When I wrote about his case in April, I argued that Hutchins should be given a lighter sentence, which should be further reduced through the public service. I am pleased to see that the court system recognizes the unusual talents of Huthins. As the judge said, per TechCrunchIt will take people like Hutchins "to eliminate all this topic from totally inadequate security protocols."
Share today's cyber today with a friend: http://fortune.com/newsletter/cybersaturday/
Looking for previous data sheets? Click here
AUTHORIZED ACCESS
Set the score. Equifax pays at least $ 650 million in a data breach regulation in 2017 affecting nearly 150 million people. Of this amount, $ 425 million is for consumers. here is Slate with an exhortation urging the victims of the violation to go and claim what belongs to them. And here are step by step instructions to do it.
Go claim your $ 125 at Equifax. Now. Even if $ 125 is not a sum of money that matters to you, even if you do not feel really affected by the breach. Even if the ability to fill out a relatively short online form scares you more than stealing all your personal data.
Consider this as part of your civic duty: to increase the costs of data breaches for businesses, so that they have an interest in investing more in security. Payments to individuals are part of the $ 575 to $ 700 million settlement that Equifax has with the Federal Trade Commission, the Consumer Financial Protection Bureau and 48 states. (Indiana and Mbadachusetts are still pursuing their own lawsuits against Equifax.)
FORTUNE RECON
FaceApp's Russia Link is the latest alarm in digital red fear by Alyssa Newcomb
Fight Deepfakes becomes real by Bernhard Warner
Study finds 160 million government documents exposed to data breaches since 2014 by Natasha Bach
The FBI is still so white by Ellen McGirt
The Senate confirms the appointment of a veteran of the military, Mark Esper, to the position of Secretary of Defense by Robert Burns
Confidentiality of financial data? Consumers 'could worry less' by Jen Wieczner
Brexit jeopardizes UK cyber security and feeds the rise of the "Splinternet" by Jeremy Kahn
Apple Card: Are the limited rewards worth the privacy? by Xavier Harding
Another thing
Starting over. Let's not forget how data breaches affect lives. A couple who adopted a child had to move and change their name after the accidental disclosure of their personal information to the biological parents. Hackney Gazette, a local British newspaper. The family received £ 106,000 for his problems.
[ad_2]
Source link
