This summer we’ve rounded up some interesting cybersecurity stories that in some cases are creating news headlines and making waves in the industry. We thought some of these should make your summer reading list.
There are many interesting cyber sleuth stories in the past 10 years, and the stories run in May by Wired magazine and in April, 2021 by NPR on the Solar Winds attack, are among the most extensive and in-depth reporting of that attack, first reported in December 2020. These articles examine how the Justice Department and the FBI more than likely stumbled upon the attack six months prior to the initial discovery and announcement of the attack and how attackers were likely in the system long before that December announcement.
Steven Adair wasn’t too rattled at first. It was late 2019, and Adair, the president of the security firm Volexity, was investigating a digital security breach at an American think tank. The intrusion was nothing special. Adair figured he and his team would rout the attackers quickly and be done with the case—until they noticed something strange. A second group of hackers was active in the think tank’s network. They were going after email, making copies, and sending them to an outside server. These intruders were much more skilled, and they were returning to the network several times a week to siphon correspondence from specific executives, policy wonks, and IT staff.
Perhaps no country has been impacted by cyberattacks like Ukraine. Since 2014, they have witnessed some of the world's most significant cyber-attacks, including a novel and catastrophic attack, the first of its kind, when a power station was switched off remotely in the dead of winter, putting thousands of people at life-threatening risk. Despite many analysts’ predictions at the start of the war, Russia has largely failed in taking down the Ukrainian computer networks.
“In early December of 2021, a small US military team led by a young major arrived in Ukraine on a reconnaissance trip ahead of a larger deployment;” the major quickly realized that the situation was urgent and severe, and reported that she needed to stay. The team had detected the presence of Russians online; “their Ukrainian partners made it clear that the work needed to start straight away” before anything even more catastrophic occurred. In usual BBC style, this piece features first rate reporting, detailing how US agents were deeply rooted in Ukraine’s security services as the impending threats from Russia crept ever closer.
Last year at this time, U.S. Cyber Command indicated that it would train and add more teams. More recently, some groups have been calling for a revamp of how the military is looking at cyber security. The Military Cyber Professionals Association, a non-profit dedicated to advocating for military cyber issues, sent a memo in March to both congressional Armed Services Committees urging the creation of a United States Cyber Force in this year’s annual defense policy bill.
While the idea has been kicked around for more than a decade, discussions for an independent cyber service—akin to the Army, Navy, Marine Corps, Air Force and Space Force—have intensified in the last few months. Lawmakers have taken time during congressional hearings to ask top Department of Defense cyber officials about the prospect of a cyber force and, increasingly, there are more questions from attendees at conferences for military officials.
As it currently stands, each of the military services is responsible for providing personnel for a set number of teams to U.S. Cyber Command, which then employs those forces in operations for the other geographic combatant commands.
Last month Defense Scoop took an in-depth look at the issue. A great read for insight into Cyber Command and questions about not only should there be an independent service, but what it might look like.
Notable on this list:
Hacking: The Art of Exploitation by Jon Erickson shows readers how to think like a trained hacker in order to defend against them, aka “it takes one to stop one.”
Social Engineering: The Science of Human Hacking by Christopher Hadnagy makes the strong case that “humans are the weakest link” when it comes to cybersecurity – which is true in many instances of cyber security breaches this year and in previous years. This book addresses the end user and offers useful tips and information for both cybersecurity hackers and the layperson concerned with cybersecurity in general.
Possibly the most compelling read on this list is The Cuckoo’s Egg by Clifford Stoll, described by a reviewer as “both a gripping spy thriller and an intriguing introduction to the futuristic world of international computer networking. It presents a rare view from inside the global village that has been created by the new technologies of data communication. Most improbable of all, this is a true story, subverting our expectations in ways too surprising to be fictitious.”
“The available potential workforce isn’t keeping pace with demand, and experts blame a lack of interest from young people entering the job market.” We’ve frequently reported on the chronic shortage of cybersecurity professionals, as have other outlets. This rapidly growing field has struggled to recruit, train, and retain professionals to manage the security needs of this dynamic industry. According to this article, there are a number of reasons for the shortfall and the lack of interest from young people. While many organizations have begun to look from within to train and promote current employees to take on cybersecurity roles, colleges will have to address the larger talent gap. “The problem is that cybersecurity is a relatively new field and higher education is slow to evolve when it comes to new curricula.” However, keep reading, as there is hope on the horizon as both universities and corporations are looking to collaborate to help tackle the problem.
Along with getting new hires is the problem of keeping people who are already working in the field. One very large problem is that cybersecurity is clearly a very stressful job and career and burnout is an issue. Clearly this is an issue to keep an eye on as the cyberworld develops, expands, diversifies, and becomes increasingly complicated. We’ve reported before how crucial it is to have trained and dedicated cybersecurity employees. This includes paying attention to employee satisfaction and strategies to combat burnout. According to a survey from Proofpoint, “CISOs also reported that their jobs are getting increasingly unsustainable, as they feel security pressures mounting.”
As more consumers turn to podcasts for news and information, here’s a round-up of ten of the most entertaining and well-researched cybersecurity podcasts.
Some top standouts from this list include:
So, enjoy your summer and the reading and listening. While you’re at it, we realize that many of you have extra time during the summer and it’s a good time to make plans for the upcoming year. Don’t forget to include CYRIN in those plans. Now is a good time to get a quick demonstration, some access to the system and a real understanding of what CYRIN training can do for you.
Our tools and our virtual environment are perfect for a mobile, remote workforce. People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!