Intercast June Newsletter 2022
Welcome to the Intercast newsletter for June 2022. As always we’ll bring you all the latest industry news and views to help you be a better candidate.
In this edition:
?
???
Client Insights
We’re always talking to our clients to find out what they are looking for in candidates and what advice they have. This month the big theme is thinking about how you communicate with clients. Some of the points raised include:
?
?
India Makes Time Of The Essence
Tough new rules in India mean the clock starts ticking as soon as organisations become aware of a data breach. They’ll have just six hours to tell the government’s Computer Emergency Response Team (CERT-In).
?
The?legislation ?covers a wide range of cyber threats from unauthorised access to IT systems and DDoS attacks to unauthorised social media access and even targeted scanning or probing of systems.
?
Organisations will also need to have a single point of contact for CERT-In and keep secure system logs for 180 days.
?
It’s one of the shortest such deadlines in the world. As a comparison, the SEC recently announced plans to make publicly traded companies report breaches within four days.?
?
Such rules mean that the notification deadline needs to be a key part of breach detection and response plans. A six-hour deadline could mean waiting to get a clearer picture of the situation is no longer possible.
?
?
?
Passwords Under Threat?
Tech giants have taken a small step towards the much-hyped but rarely-seen “death of the password.” Apple, Google and Microsoft are all working to boost passwordless sign-ins through the?FIDO Alliance standards .
?
They’ve announced cross-platform support that would mean a phone app was all that was necessary to sign-in to a website. It uses Bluetooth, not to transfer data, but rather to confirm the phone is near to the computer.
?
The logic is that even without a password, the set-up still has two-factor authentication by requiring both physical possession of the phone and then either biometric identity or knowledge of a passcode to unlock the phone.
?
Whether it makes much difference remains to be seen, meaning cybersecurity professionals could continue to get both a source of work and a source of frustration from password breaches and phishing. The problem is that the password doesn’t necessarily survive for its technical benefits – it rarely offers the right balance of convenience and security – but rather for its familiarity. There’s also an argument that ditching passwords doesn’t solve the problem: it just changes the target for cybercriminals.
?
?
领英推荐
?
Survey Says…
A government survey in the UK suggests cyberattacks are more frequent than some might assume. Of those businesses that reported having been attacked in the previous year, 31 percent said they were attacked at least once a week. Sadly the figure wasn’t much lower for charities at 26 percent.
?
The survey also revealed IT and cybersecurity outsourcing is now the norm, regardless of business size. Small, medium and large businesses outsourced in 58, 55 and 60 percent of cases respectively. It wasn’t just a cost issue either: they cited access to greater expertise and resources as the main benefits.
?
Perhaps worryingly, this may lead to complacency in-house. Only 13 percent of businesses say they assess whether immediate suppliers and their operations may pose a security risk. Meanwhile just 19 percent of businesses have a formal incident response plan, while only 39 percent even have assigned roles for dealing with an incident.
?
It also looks like ransomware could be a key subject for cybersecurity service providers. While the proportion of businesses who’d actually suffered a ransomware attack was lower, many considered it a “major threat”. With 56 percent of businesses saying they had a policy of not paying ransoms, reliable and practical back-up systems will remain a vital part of any cybersecurity service.
?
?
Best Of The Rest?
Here’s what else you need to know this month:
?
Singapore is introducing mandatory licensing for cyber security professionals, starting with those offering penetration testing and managed security operations centre services:?
?
?
The UK’s National Cyber Security Centre has launched a free tool for businesses to check if there email domain has the recommended anti-spoofing measures and that they are correctly configured:
?
?
Start-up company Sunday Security is launching specialist protection not for an organization or a network, but rather for a specific high-risk individual such as a senior executive:?
?
https://techcrunch.com/2022/05/11/sunday-security-launches-a-cybersecurity-service-for-senior-execs/
?
George Platsis has a thought-provoking piece at the Security Intelligence site addressing the risks of unintended consequences of enforcing a strict cybersecurity policy:
?
?
Heather Gantt-Evans of SailPoint writes at VentureBeat about some of the most frustrating myths that may deter women from entering the cybersecurity field:
?