Cyber Security News Update 6/01/2018

The Federal Government is in desperate need of a cyber security overhaul and upgrade according to a new report by the Office of Management and Budget. The OMB’s report shows that of the 96 agencies investigated less than a quarter of them had the ability to detect a data breach and determine what had been affected. Less than 40% of agencies were able to determine what the attack vector was, meaning that the majority of agenices are unable to determine what vulnerability allowed them to be attacked. Most agencies are unaware of what software or hardware makes of their network, which is a major vulnerability. It’s impossible to determine what’s been hacked if you don’t know what there is to be hacked. The Federal Government has reported dismal cyber security for a while; the Secret Service is using computers that are so ancient that they’re data can’t be easily transferred to something more modern. An issue raised by the report is the general lack of awareness about cyber security that is present in most Federal agencies; correcting this deficit would be an important first step in rectifying the security issues. A comprehensive audit of systems would be another good step, as well as designing, adopting, and enforcing cyber security policies in such an effective manner. Cyber security needs to be pervasive for it to work because the chain is only as strong as the weakest link when it comes to cyber security.

Cloud computing and storage are becoming major parts of any industry because of the variety of benefits they offer over their traditional forms. Cloud services allow anyone to work anywhere with the same processing power and resources they would enjoy in their office, however these cloud services come with their own vulnerabilities. While cloud service companies have good security on their own, their users don’t always conform with best practices. This has led to user created vulnerabilities that difficult for the cloud service companies to patch or remove. The rise of cryptojacking has led to increased attacks on cloud service providers and their users, as cloud computing can provide more muscle for illicit crpytomining. The Intel and AMD processor bugs have also opened gaps in the walls for malicious actors to slip through and again, there is little cloud service companies can do to protect themselves. Companies that use cloud services may fall prey to the bystander effect, where they assume that they’re secure because someone else is managing security. This leads to best practices not being followed or blatantly ignored. The better model for cloud security is that everyone must ensure they follow security policies because anyone being lax will cause everyone else to become vulnerable.
Source: The Cloud’s Hazy Security