This post was originally published here by (ISC)² Management .
It’s rare to have a day go by without some security news making headlines. This week saw #KRACK trending on social media, which raised lots of questions about the security of cybersecurity. Here’s a look at what went on this week in passwords, automation, and more.
The big flaw. Undoubtedly, the most notable news in security this week was the Krack attack, which impacted millions of Wi-Fi users. Around the world, businesses and homes were vulnerable because of flaws in Wi-Fi networks that use the (WPA)2 protocol. The good news, according to Anthony Lim, member of the (ISC)2 Asian Advisory Council, is that companies that have strong security measures in place are less at risk. Additionally, hacking into the myriad devices that connect to Wi-Fi networks is a tall order, said Lim, as it requires hackers be within a certain proximity to launch this type of attack.
Automation: filling the jobs gap or creating jobs? Automation has the potential to solve the problem of the looming cybersecurity jobs gap, but the ease of malware creation via automation will continue to make the job of cybercriminals easier. With more cybercrime, the industry will need more security experts to defend against threats.
An Oasis of exploits. The hacker group known as BlackOasis used the latest version of FinFisher to exploit an advanced persistent threat (APT). Kaspersky identified an Adobe Flash zero-day exploit that they said is likely delivered via email using an ActiveX object embedded within an Office document.
Mobile security matters. Enterprises have opened the door to BYOD, and there is no turning back. As we move forward with the expanding IoT, it’s critical that companies develop mobile security policies. Toward that end, developers are designing mobile platforms with security solutions. In addition, the U.S. Department of Homeland Security has awarded $8.6 million in funding to five research and development projects in hopes of strengthening mobile security.
Proactive security that pays. Recognizing the expanding threat landscape, security practitioners and business decision makers are warming up to the idea of building relationships with researchers. HackerOne talks about its global community of hackers and how they can help enterprises find their weaknesses.
Fight the law. When laws are broken, they need to be fixed. In order to change the “hack back” law so that security practitioners can do more to defend against threats, the mindset needs to change. The DOJ is starting to engage in the important conversation of active defense, and introduced a new bill to legalize some controversial security strategies.