Mcafee, White House, President Trump discussed on Security on The Bayou
And. Welcome to security on the by you. I'm your host Chris Adkins, and they're a recap of today's Security News. And why it matters to you? Low folks it is Friday me third twenty nineteen and here's today. Security News, first, let's start with security boulevard dot com from Michael visit title is McAfee survey finds IT at cyber security vault. Most first things first headlines terrible. I clicked it because it said MAC phen- intriguing fair what the hell he's talking about. So here it is this week MAC, if he published a survey they conducted of seven hundred professionals working in organizations with over one thousand employees entitled grand theft data to all right? If you've been in the industry long enough, you know, what these reports are going to boil down to right? They're going to try and sell you something at the end of the day. But what I wanna bring up which is interesting about. This report is something that hasn't come up before. But is probably one hundred percent spot on. The report finds fifty two percent of respondents claim IT is at fault one. Data leakage event occurs versus twenty nine percent who say business operations. So essentially what they're saying all these IT professionals is that more often than not it's the IT professional fault in. It's not the user, which is a common in this industry. It's extremely common to try and blame the user for our issues. Right. One of the reasons that this number is higher is that there's more opportunity for an IT professional to mess. Something up all takes his won miss configured server right in. There you go. You may have a back door open and boom daily great. So this, you know, this directly speaks to hear all the time people process technology, right for sort of the the people part of thing, we you know, we know what we gotta do there. It's all about training and building these people up to make sure they have the right skill sets. But if they don't have the right processes in place to help them, then you know, they're screwed. All right. So I think that's it here. You know, this article goes on to talk about caz bees in ER, tools, all of which are things that McAfee would love to sell you. So let's move on from there. Speaking of people process and technology the next one big one coming out of the White House today. This is from trip wire dot com, although you could find this probably anywhere. It's gonna be on CNN. Fox News all over the place. President Trump signs e o to bolster federal digital security workforce this one by David mint Bisson. So President Trump is Senate executive order on America's cybersecurity workforce. So. They realized that there's a skills gap within the cybersecurity workforce, whether it be in the federal government or even in the public sector. So they're doing a few things, obviously, this is more about the federal government. They are going to develop digital security rotational program within ninety days this platform for purpose in able federal eighteen digital security practitioners to receive temporary assignments in the department of homeland security in vice versa. Thereby facilitating exchange of knowledge training in experiences. So this is something that gets talked about in good practice all the time within a security organizations that you should be rotating people around nine times out of ten it never happens. So this is the White House making that happen for these folks. So this I mean this in my opinion, nothing, but good can come from this ninety days to create that program in make a sustainable program seems a bit farfetched, but you know, more power to them see if they can get it. Done if done correctly. This can do a lot of good for that the cyber federal cybersecurity workforce. And this is not just is the which is pretty interesting. I'm curious to see with where this goes is called the President's Cup cybersecurity competition, which is going to be not just for government employees. But also it sounds like they're going to let third party contractors that are the cybersecurity space compete in this as well. So. They're talking about, you know, cash prizes days off, which if you've never been in the military or federal government. That's that's the thing. They award you with the day, you know, week off or whatever I'd rather have the cash personally. And then another thing they're doing which is not listen to this article. But as you know, some mice on another one I read was that they're also going to start doing some programs where they're going to award elementary in junior high teachers for their accomplishments and cybersecurity education, which I think is great with starting young. Right. I mean, this industry is new enough now that this quote, unquote, cyber security that most of the people that are in their prime. If you will this is stuff that came about when they were late in high school or college right didn't necessarily exist at that time in those that have been around for quite a while they started out as folks they were not cyber security, quote, unquote, people. So I think this is good stuff. I I really hope this works. I'm rooting for. It should be good. We'll see. What happens next? This is a long article on give you a quick recap of it some things I pull that. I thought were interesting, but go read this as a sort of an expose this is from wired dot com. And mysterious hacker group is on supply is on a supply chain hacking hijacking spree by Andy Greenberg, the I guess they're mysterious, but you're going to know the name either known as bearing him shadow hammer shadow Pat pad or wicked panda. So that right there wicked panda should give you an idea of where these folks were based. So these are the folks that will be blamed for hijacking. This offer date stuff from a Seuss. And then also the CC cleaner tool issue and so one of their their tax their tactic. Here is sort of a spray and pray tactic were hearkens back to the Russian submarine force back in the day where they didn't necessarily aim. They just shot. Much as they could to hope to hit something and take something else out. Right. So that's sort of what's going on here with their with their taxes. They're just spraying everywhere collecting the data. See what they have that looks interesting. And then going after that. So it's I mean, it's a tactic that has worked in the past and many different things not just sever scaredy submarine warfare as well. And then in the article, they interviewed some folks in you know, they claim to say that if they were to try and deploy ransomware sort of like not pet. Yeah. It would be even more destructive around the world. So I don't necessarily disagree at the. I'd like to dig into that will bit more before I really get into that. So. This those are the three articles for the day one last thing quick update. The other day we talked about the the ICS security stuff with Californian Utah will apparently some more information has come out. It's still a little little fuzzy here, but there was a denial of service attack. But no service was disrupted. No service or production was disrupted. So why that report was filed? We're still kind of unsure I guess within the organizations in these states. Everybody's pointing fingers say, hey, we didn't do it. Did you guys do who filed this thing where did it come from? So there's some question as to what happened here. But it appears that it was a denial service in there was no disruption to service or production. So I think all all's well that ends well in that one. There's clearly some process and procedure issue that they've gotta figure out there. All right, folks. Thank you is Friday may third in this security on the bayou. Everybody have a wonderful weekend. We'll talk again on Monday.