Trouble viewing this email?  View in web browser ›

The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by NetscoutNetscout

Cyber Daily: After Prison, Hackers Face Tech Restrictions, Limited Job Prospects

By Kim S. Nash

 

Good day. Security leaders may confront the decision to hire or reject a postprison job candidate as cybercrime grows and more hackers move through the justice system.

In the U.S. and U.K., people convicted of cyber crimes often have to contend with tech limitations after they leave prison. In Belgium and the Netherlands, tech restrictions on released hackers are rare, with judges reasoning that they would harm the individual’s ability to work and rejoin society. WSJ Pro's Catherine Stupp talked to convicted hackers, law enforcement authorities and others for her look at the issue. Read the full story. 

What kind of traits and criteria would you look at if considering a candidate with a hacking past? Let me know. 

More news, including: 

  • What big banks spend on cyber
  • U.S. blames Iran for Albanian attacks
  • NEWSLETTER EXTRA | Navigating a 'nightmare'
  • What CISOs are paid
 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 
CONTENT FROM OUR SPONSOR: Netscout

You Can’t Manage What You Can’t See

In today’s hybrid work environment, gaps in visibility can create chaos in your network. NETSCOUT’s Smart Edge Monitoring fills those gaps, assuring performance and user experience.

Learn More

 

Cyberattacks

U.S. Officials Blame Iran for Cyberattacks in Albania

Cyber operations against the Albanian government this month and in July were likely carried out by hackers supported by Iran, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency said Wednesday in a joint statement. Wiper malware that destroys data and tools that encrypt systems hit websites and services of Albania's government, the U.S. officials said.

  • Hackers had lurked in Albanian systems for at least 14 months before setting off malware, the FBI and CISA said. 
  • Earlier in September, Albanian Prime Minister Edi Rama cut diplomatic ties with Iran over the incidents, expelling embassy staff. 
  • The FBI-CISA advisory provides details about the hackers' techniques and how to counteract them.

'Grand Theft Auto' Maker Says Hackers Contacted Customers

Take-Two Interactive Software Inc., which confirmed it had been hit with a cyberattack last week, said hackers accessed one of the company's help desks and sent malicious links to customers. Earlier in the week, hackers said to be in the Lapsus$ gang leaked footage from a forthcoming version of the "Grand Theft Auto" game. (Reuters) 

 

Defenses

PHOTO: JAKE MAY

/ASSOCIATED PRESS

Water Security Too Costly for Some Utilities

Cybersecurity recommendations from the federal government for securing the U.S. water supply are often too expensive for small municipal utilities with thin budgets and sometimes no technology staff, according to water-industry leaders who testified Wednesday in Capitol Hill.

  • David Gadis, chief executive and general manager of DC Water (pictured), said his utility, which serves Washington, D.C., has the resources to model cybersecurity on national standards but also takes tech help from the city. "Unfunded federal mandates are putting a lot of pressure on utilities," Mr. Gadis said. (NextGov)

How Much Do Big Banks Spend On Cyber Security?

Bank CEOs typically say cyber threats are their biggest concern, so how much do they spend trying to stop them? A lot. Testifying at a House hearing on Wednesday, Bank of America CEO Brian Moynihan said his bank budgets $1 billion a year directly on cybersecurity. JPMorgan’s Jamie Dimon said his bank spent about $700 million, while Citigroup’s Jane Fraser and Wells Fargo’s Charlie Scharf said they both were around $700 million to $800 million.

— David Benoit

 
Advertisement
‏‏‎ ‎
 

Newsletter Extra

Navigating a 'Nightmare:' Don't Expect Congress to Create Dedicated Cyber Committees, Lawmakers Warn

Designated Congressional cybersecurity committees are unlikely to happen, lawmakers say, mainly because colleagues are unwilling to give up their individual hold on the critical issue.

A key recommendation from a Congressionally-mandated body to examine U.S. cyber policy, the Cyberspace Solarium Commission, was to create committees in the House and the Senate to consolidate fact-finding hearings and efforts to enact cyber laws.

PHOTO: LEAH MILLIS

/REUTERS

The proposal was modeled on one that established the Senate Select Committee on Intelligence during the 1970s, after the investigation of scandals involving U.S. intelligence agencies. Yet Sen. Angus King, an Independent from Maine (pictured), doubts any cyber equivalent will come to pass. 

“In '76, they realized that intelligence was spread all over the Congress and they set up committees on intelligence in the Senate and the House to consolidate that jurisdiction. I don't know how they did it because trying to do that with cyber, we have found, is virtually impossible,” said Mr. King, a co-chair of the commission, speaking at an event hosted Wednesday by the Foundation for the Defense of Democracies think tank.

“Nobody wants to give up their little piece of the jurisdiction,” he said.

The Solarium Commission, which issued 82 proposals in March 2020, has had marked success elsewhere, including establishing a National Cyber Director position in the White House and expanding the powers of the Cybersecurity and Infrastructure Security Agency. Getting proposals through Congress involved getting almost 200 clearances from various committees and subcommittees, Mr. King said.

“You have no idea what a nightmare that is,” he said.

Rep. Mike Gallagher (R., Wisc.), another co-chair, said getting recommendations enacted would have been even more difficult without Rep. Jim Langevin (D., R.I.), who is retiring this year.

“He is the chair of the cyber subcommittee on the Armed Services Committee, and because of both that position, as well as just his indefatigable efforts in this space, we were able to get a lot passed,” Mr. Gallagher said of Mr. Langevin. “I don't think it would have been possible without his help.”

— James Rundle

 

Privacy & Surveillance

PHOTO: JEENAH MOON

/BLOOMBERG NEWS

New York to Install Security Cameras on Every Subway Car by 2025

Gov. Kathy Hochul, a Democrat, said she hoped the cameras would offer riders peace of mind, deter criminals and give law-enforcement agencies footage to solve crimes. (WSJ)

 

Careers

PHOTO: HACKERONE INC.

"Being told you can't do something that is pretty much the most joyful high you can get, it's pretty impactful." 

—Tommy DeVoss, who calls himself a “reformed black hat” and now works in cyber for software firm Braze Inc. Read more about his journey from hacking to prison to cybersecurity professional. 

$584,000

Median compensation for a CISO in the U.S. this year, up nearly 15% from $509,000 last year, according to recruiter Heidrick & Struggles International Inc. in its annual Global Chief Information Security Officer Survey. This year’s study polled 327 CISOs worldwide. The median signing bonus in 2022 was $175,000 in cash, plus $400,000 in equity.

 

Security Providers

  • Razor’s Edge Management LLC, a venture-capital firm focused on investing in national-security startups, has closed a $340 million fund. Razor’s Edge said it targets startups developing tech including autonomous systems, space tech, cybersecurity, artificial intelligence and aerospace systems. Some of the companies it backs also can apply their technology to commercial markets such as energy, telecommunications and manufacturing. (WSJ Pro Venture Capital)
  • Austin, Texas-based CrowdStrike Holdings Inc. said it plans to buy Israel's Reposify Ltd., a startup focused on protecting attack surfaces. CrowdStrike also said it will buy a chunk of Salt Security, which specializes in securing software interfaces. Financial details of the transactions weren't disclosed. (SecurityWeek)
 

About Us

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle, Catherine Stupp and David Uberti.

Follow us on Twitter: @knash99, @catstupp and @DavidUberti. 

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.

 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2022 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe