January 2023 – Double down on your existing relationships!
Welcome to the January edition of Intercast’s monthly newsletter for cybersecurity professionals. As always, we’ll bring you the latest news and views to make you a better-informed consultant.
In this edition:
- Client Insights
- AI: Friend or Foe?
- Changing The Culture
- The Game Is On
- Deterrence Down Under
- Best of the rest
Each month we ask our clients what’s on their minds and what it means for candidates.
Recently we’ve heard a lot of talk about turbulence in both cybersecurity and the wider economy. Several clients are reverting to their comfort zones and working with the people they know and trust more than ever.
That doesn’t mean nobody’s taking on new cybersecurity talent: the global skill shortage makes sure of that. But it does mean it’s worth your while checking in and catching up with those people with whom you have an existing business relationship. Trust and reliability is a key asset, so you need to make the most of it. Intercast advice: Double down on your existing relationships!
AI: Friend or Foe?
Artificial Intelligence is back in the news with the public launch of ChatGPT. It’s a tool that can follow prompts to “write” surprisingly coherent text, albeit not always providing much interest or insight. Two separate stories from VentureBeat suggest such tools could have an effect on the cybersecurity world, both positive and negative.
Cybersecurity instructor Steve Sims notes that with the correct prompts, ChatGPT can both write efficient code and spot vulnerabilities in existing code. However, writer Tim Keary notes this could also aid malware writers.
It also seems the tool can write credible phishing emails in a matter of seconds. That could make it easy to adjust the topic of emails to fit cultural trends, or quickly generate a host of messages for a malicious take on A/B testing.
Changing The Culture
The human element is often just as important as technology when it comes to security, and one cyber chief says cutting employees some slack may pay dividends. Nina Paine of Standard Chartered says concentrating too much on malicious activity may mean some vulnerabilities remain undiscovered for longer.
Paine points to estimates that between 82 and 95 percent of breaches involve some form of human error. However, many businesses put much of their effort into detecting intentional activity. That can lead to staff keeping quiet about mistakes for fear of being suspected as acting maliciously.
Paine goes further by arguing businesses need to think more about why staff make security errors and fail to follow protocol. She says that too often stressed staff feel pressured to meet performance targets or deadlines, effectively incentivising them to cut corners when it comes to cybersecurity.
The Game Is On
The Paris Olympics are still 18 months away but the team tasked with preventing cyberattacks on the event is already in action. Inside The Games has reported on the security program, which took on extra importance after a successful malware attack on the opening ceremony of the Pyeongchang 2018 Winter Games.
As you’d expect, the program involves plenty of simulated attacks, with the sheer range of tested tactics showing the imagination of the dedicated threat analysis unit. Top priority goes to anything that could endanger spectator safety such as insecure ticketing that could lead to overcrowding. Personal data is also a big concern.
The team have even beefed up security on the timing system and photo finish tech. After all, while it might not put anyone in physical danger or cause direct financial loss, not being able to identify the winner of the 100 meters would certainly be classed as disastrous by many.
While those involved naturally aren’t naming any likely attackers, there’s a good chance Russia could be formally banned from the games over doping allegations or the invasion of Ukraine. That could certainly create an incentive for the country to disrupt the event.
Deterrence Down Under
Australia is considering extreme measures to counter a wave of ransomware attacks. Politicians are united on the need to act but differ on what to do.
The opposition party has proposed tougher laws, with a maximum of 10 years in prison for using ransomware and 25 years for intentionally targeting critical infrastructure.
The government argues that the deterrent effect could be limited given how many of the offenders are based overseas. It’s looking at tackling the problem from a different perspective. For example, compromised businesses might need government permission to pay a ransom. There’s even talk of an outright ban on any ransomware payments.
Whatever the political response, there’s an increased demand for cybersecurity staff in the country. A government report suggests there’ll be a shortfall of 3,000 workers by 2026, with analysts suggesting salaries in the sector will have to rise to attract new talent.
Best Of The Rest
Here’s our round-up of some of the other stories you need to know about:
- 80 top YouTube Cybersecurity channels: https://securityboulevard.com/2022/12/the-80-best-cyber-security-youtube-channels/
- 80% of ransomware attacks now include threats to leak data:https://www.newstatesman.com/spotlight/cybersecurity/2022/12/data-leak-cybersecurity-ransomware-stolen-information
- A password manager service ditches passwords:https://www.techradar.com/news/another-top-password-manager-is-doing-away-with-passwords
- How will recession affect cybersecurity?:https://venturebeat.com/security/recession-cybersecurity-landscape/