|
|
|
|
|
Cyber Daily: Recession, Whistleblowers, Russian Hacks on Business Agenda at WSJ Pro Cyber Forum
|
|
|
|
|
|
Good day. Cyber chiefs are unlikely to feel an economic downturn in the same way peer executives might, but cuts to adjacent divisions such as technology could be a cause for concern.
That was the sentiment from risk and security experts at Wednesday’s virtual WSJ Pro Cybersecurity Forum. More below.
Also today: More coverage from our conference and the day's news.
Correction: South Dakota banned TikTok from government-owned devices. An item in Wednesday’s newsletter said South Carolina had issued the ban.
|
|
|
CONTENT FROM OUR SPONSOR: Netscout
|
|
5 Reasons to Protect Your Pharmaceutical Business
Without proactive measures, daily operations for pharma leaders may be jeopardized due to network outages and cyberattacks. Prevent visibility gaps by protecting the performance and security of your network.
Learn More
|
|
|
|
|
|
|
Reporting From WSJ Pro Cybersecurity Forum
|
|
|
Navigating a Turbulent Economy
Renee Guttmann, a former CISO for Campbell Soup Co., Coca-Cola Co. and Royal Caribbean Group, said that while security may be relatively insulated from broader budget or headcount reductions, changes in other areas might impact the work of the corporate cyber team.
|
|
“Generally, the infrastructure teams are responsible for the servers, the endpoints. And so if they start seeing cuts, or if marketing starts seeing cuts and they start taking their work to agencies, there will be an indirect impact back on the cyber team,” said Ms. Guttman, who now runs the consulting firm Cisohive LLC.
|
|
|
Emilian Papadopoulos, president of consulting firm Good Harbor Security Risk Management LLC, said CISOs could face a stark choice in the coming months; do things leaner, or later.
|
|
That requires clearly communicating trade-offs to the board, he said. Directors might accept that risk will increase for a short period. “Or they might say, we really, really can't afford to put off mitigating that particular risk so actually we're going to cut your budget by a bit less than we thought,” Mr. Papadopoulos said.
|
|
|
|
Whistleblower Reports of Lax Cybersecurity Expected to Rise
Companies should do a better job of handling internal cybersecurity complaints before they escalate to whistleblowing, which is becoming more common in the cyber field, lawyers and industry veterans said.
Security chiefs are now more aware of the personal risks they face over cybersecurity deficiencies after high-profile allegations of weak protections at companies including Twitter Inc. and Uber Technologies Inc.
Plus, federal regulators are considering new rules on minimum cyber safeguards that could place a greater compliance burden on individuals, another factor that could lead to more cyber whistleblowing, forum participants said. Get the full story.
|
|
Warnings From a Reformed Russian Hacker
|
|
Dmitry Smilyanets cost U.S. companies hundreds of millions of dollars when he was a hacker living in Russia in the 2000s. He said a selfie from a trip to Amsterdam in 2012 tipped off U.S. authorities to his whereabouts, ultimately landing him in prison.
|
|
|
Mr. Smilyanets now helps companies protect themselves against cyberattacks and studies the activity of Russian ransomware gangs as principal product manager for identity intelligence at the cybersecurity company Recorded Future Inc.
The relationship between ransomware groups and the Russian government:
“If we talk about financially motivated hackers, what happens is directly or indirectly, they know someone from the government and they pass information or help in this or other cases. It doesn’t mean they’re employed [or] it doesn’t mean they’re on a paycheck with the state but there is a connection.”
How the war in Ukraine has changed Russian hackers:
What I see, a lot of groups who made some money with ransomware, they decided to be loyal to the state and create hacktivism. Instead of making money, they create destruction.”
Read the interview.
|
|
|
|
|
PHOTO: BRYAN VAN DER BEEK/BLOOMBERG NEWS
|
|
|
TikTok chief touts customer data-privacy initiatives. TikTok Chief Executive Shou Chew said the video-sharing platform is taking greater steps to keep user data secure and that it needs to invest more in protecting young people from getting exposed to harmful content.
|
|
|
-
“We have very rigorous data-access protocols,” he said at the New York Times’s Dealbook Summit in New York on Wednesday, adding that TikTok, a unit of Beijing-based ByteDance Ltd., chose Oracle Corp. as its cloud-infrastructure provider because the company has strong security controls. Read the full story.
|
|
Twitter becomes stage for China protests despite ban by Beijing. “It’s definitely a test for Elon Musk and Twitter on how it will protect its users from hacking by authoritarian regimes,” one human-rights activist said. (WSJ)
|
|
|
Crypto crime allegations: Twenty-one people were charged in a transnational money-laundering cryptocurrency scheme. Fraud plots included business email compromise among other scams, according to an indictment unsealed Wednesday by U.S. authorities in the Eastern District of Texas.
Price hike: Denial-of-service protection provider Cloudflare Inc. plans to raise subscription prices Jan. 15. Cloudflare's Business Plan service, which is aimed at companies, will be $250 per month, up from $200 per month. (Bleeping Computer)
It's not like flipping a switch: Removing banned equipment made by Chinese tech companies from U.S. networks will likely take years and cost billions, telecom professionals say. (CyberScoop)
|
|
|
87%
|
Percentage of 300 U.S. defense contractors that don't fully meet federal cybersecurity requirements, according to a survey from managed service provider CyberSheath Services International LLC. (InfoSecurity Magazine)
|
|
|
|
|
|
|
|
|